asymptotically faster quantum algorithms to solve
play

Asymptotically faster quantum algorithms to solve multivariate - PowerPoint PPT Presentation

Apr 12, 2023 •246 likes •702 views

Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang https://eprint.iacr.org/2017/1206.pdf Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel

  1. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang https://eprint.iacr.org/2017/1206.pdf Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  2. Conjectured asymptotic random MQ How quickly can we solve a system of m quadratic equations in n variables over F q ? Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  3. Conjectured asymptotic random MQ How quickly can we solve a system of m quadratic equations in n variables over F q ? Focus on random systems: each coefficient in equations is chosen randomly. Solving this problem for m ≈ n conjecturally breaks, e.g., HFE v − signatures. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  4. Conjectured asymptotic random MQ How quickly can we solve a system of m quadratic equations in n variables over F q ? Focus on random systems: each coefficient in equations is chosen randomly. Solving this problem for m ≈ n conjecturally breaks, e.g., HFE v − signatures. Focus on asymptotic cost exponents: scalability as n → ∞ with m / n → µ . Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  5. Conjectured asymptotic random MQ How quickly can we solve a system of m quadratic equations in n variables over F q ? Focus on random systems: each coefficient in equations is chosen randomly. Solving this problem for m ≈ n conjecturally breaks, e.g., HFE v − signatures. Focus on asymptotic cost exponents: scalability as n → ∞ with m / n → µ . Focus on best conjectured speeds. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  6. Previous exponents for q = 2 and µ = 1 2 ( e + o (1)) n operations as n → ∞ : ◮ e = 1 proven: Brute force. ◮ e = 0 . 8765 proven: 2017 Lokshtanov–Paturi–Tamaki–Williams–Yu. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  7. Previous exponents for q = 2 and µ = 1 2 ( e + o (1)) n operations as n → ∞ : ◮ e = 1 proven: Brute force. ◮ e = 0 . 8765 proven: 2017 Lokshtanov–Paturi–Tamaki–Williams–Yu. ◮ e = 0 . 87280 . . . : “XL”. Algorithm from 1981 Lazard. Analysis and optimization from 2004 Yang–Chen–Courtois. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  8. Previous exponents for q = 2 and µ = 1 2 ( e + o (1)) n operations as n → ∞ : ◮ e = 1 proven: Brute force. ◮ e = 0 . 8765 proven: 2017 Lokshtanov–Paturi–Tamaki–Williams–Yu. ◮ e = 0 . 87280 . . . : “XL”. Algorithm from 1981 Lazard. Analysis and optimization from 2004 Yang–Chen–Courtois. ◮ e = 0 . 79106 . . . : “FXL”. Algorithm from 2000 Courtois–Klimov–Patarin–Shamir. Analysis and optimization from 2004 Yang–Chen–Courtois. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  9. Previous exponents for q = 2 and µ = 1 2 ( e + o (1)) n operations as n → ∞ : ◮ e = 1 proven: Brute force. ◮ e = 0 . 8765 proven: 2017 Lokshtanov–Paturi–Tamaki–Williams–Yu. ◮ e = 0 . 87280 . . . : “XL”. Algorithm from 1981 Lazard. Analysis and optimization from 2004 Yang–Chen–Courtois. ◮ e = 0 . 79106 . . . : “FXL”. Algorithm from 2000 Courtois–Klimov–Patarin–Shamir. Analysis and optimization from 2004 Yang–Chen–Courtois. ◮ e = 0 . 5 proven: Grover’s quantum algorithm. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  10. New exponents e = 0 . 46240 . . . : “GroverXL”, 2017.12.15 Bernstein–Yang. Independently “QuantumBooleanSolve”, 2017.12.19 Faug` ere–Horan–Kahrobaei–Kaplan–Kashefi–Perret. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  11. New exponents e = 0 . 46240 . . . : “GroverXL”, 2017.12.15 Bernstein–Yang. Independently “QuantumBooleanSolve”, 2017.12.19 Faug` ere–Horan–Kahrobaei–Kaplan–Kashefi–Perret. More results in 2017.12.15 (not 2017.12.19) paper: ◮ Area-time product on mesh: 0 . 47210 . . . . ◮ Area under specified time limits. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  12. New exponents e = 0 . 46240 . . . : “GroverXL”, 2017.12.15 Bernstein–Yang. Independently “QuantumBooleanSolve”, 2017.12.19 Faug` ere–Horan–Kahrobaei–Kaplan–Kashefi–Perret. More results in 2017.12.15 (not 2017.12.19) paper: ◮ Area-time product on mesh: 0 . 47210 . . . . ◮ Area under specified time limits. ◮ q > 2: e.g., 0 . 72468 . . . (base 2) for q = 3. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  13. New exponents e = 0 . 46240 . . . : “GroverXL”, 2017.12.15 Bernstein–Yang. Independently “QuantumBooleanSolve”, 2017.12.19 Faug` ere–Horan–Kahrobaei–Kaplan–Kashefi–Perret. More results in 2017.12.15 (not 2017.12.19) paper: ◮ Area-time product on mesh: 0 . 47210 . . . . ◮ Area under specified time limits. ◮ q > 2: e.g., 0 . 72468 . . . (base 2) for q = 3. ◮ µ > 1: e.g., 0 . 65688 . . . for µ = 2, q = 3. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  14. New exponents e = 0 . 46240 . . . : “GroverXL”, 2017.12.15 Bernstein–Yang. Independently “QuantumBooleanSolve”, 2017.12.19 Faug` ere–Horan–Kahrobaei–Kaplan–Kashefi–Perret. More results in 2017.12.15 (not 2017.12.19) paper: ◮ Area-time product on mesh: 0 . 47210 . . . . ◮ Area under specified time limits. ◮ q > 2: e.g., 0 . 72468 . . . (base 2) for q = 3. ◮ µ > 1: e.g., 0 . 65688 . . . for µ = 2, q = 3. ◮ Sage script to automate all these analyses. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  15. A small example of XL Goal: Find ( x , y , z ) ∈ F 3 2 with xy + x + yz + z = 0; xz + x + y + 1 = 0; xz + yz + y + z = 0. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  16. A small example of XL Goal: Find ( x , y , z ) ∈ F 3 2 with xy + x + yz + z = 0; xz + x + y + 1 = 0; xz + yz + y + z = 0. Degree- d XL multiplies each quadratic equation by each monomial of degree ≤ d − 2. e.g.: Degree-3 XL multiplies each quadratic equation by each monomial of degree ≤ 1: i.e., by x , y , z , 1. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  17. A small example of XL: products xyz + xy + xz + x = 0 ( x · first equation) 0 = 0 ( y · first equation) xyz + xz + yz + z = 0 ( z · first equation) xy + x + yz + z = 0 (1 · first equation) xy + xz = 0 ( x · second equation) xyz + xy = 0 ( y · second equation) yz + z = 0 ( z · second equation) xz + x + y + 1 = 0 (1 · second equation) xyz + xy = 0 ( x · third equation) xyz + y = 0 ( y · third equation) xz + z = 0 ( z · third equation) xz + yz + y + z = 0 (1 · third equation) Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  18. A small example of XL: Macaulay matrix   1 1 1 1 0 0 0 0   0 0 0 0 0 0 0 0      1 0 1 0 1 0 1 0   xyz      0 1 0 1 1 0 1 0 xy             0 1 1 0 0 0 0 0 xz             1 1 0 0 0 0 0 0 x     = 0         0 0 0 0 1 0 1 0 yz          0 0 1 1 0 1 0 1    y         1 1 0 0 0 0 0 0    z          1 0 0 0 0 1 0 0 1       0 0 1 0 0 0 1 0       0 0 1 0 1 1 1 0 Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  19. A small example of XL: row-echelon form   1 1 1 1 0 0 0 0   0 1 0 1 1 0 1 0      0 0 1 1 1 0 1 0   xyz      0 0 0 1 0 1 0 0 xy             0 0 0 0 1 0 1 0 xz             0 0 0 0 0 1 0 1 x     = 0         0 0 0 0 0 0 1 1 yz          0 0 0 0 0 0 0 0    y         0 0 0 0 0 0 0 0    z          0 0 0 0 0 0 0 0 1       0 0 0 0 0 0 0 0       0 0 0 0 0 0 0 0 Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

Recommend

Quantum Algorithms for Topological Invariants Stephen Jordan Wed Feb. 3, 2010 What is a quantum

Quantum Algorithms for Topological Invariants Stephen Jordan Wed Feb. 3, 2010 What is a quantum

Quantum Algorithms for Topological Invariants Stephen Jordan Wed Feb. 3, 2010 What is a quantum algorithm? Classical Quantum 0101101 the rules: solve problem using sequence of local quantum gates the goal: use fewer gates than

1.11k views • 37 slides
Testing asymptotically safe quantum gravity through coupling to dynamical matter Astrid Eichhorn

Testing asymptotically safe quantum gravity through coupling to dynamical matter Astrid Eichhorn

Testing asymptotically safe quantum gravity through coupling to dynamical matter Astrid Eichhorn Perimeter Institute for Theoretical Physics Experimental search for quantum gravity 2014, SISSA, Trieste How to test quantum gravity

1.07k views • 69 slides
Big- Big -O O Analyzing Algorithms Asymptotically Analyzing Algorithms Asymptotically P1 P2

Big- Big -O O Analyzing Algorithms Asymptotically Analyzing Algorithms Asymptotically P1 P2

Comparing Algorithms Comparing Algorithms Big- Big -O O Analyzing Algorithms Asymptotically Analyzing Algorithms Asymptotically P1 P2 CS 226 CS 226 5 February 2002 5 February 2002 Noah Smith ( nasmith@cs Noah Smith ( nasmith@cs ) )

108 views • 6 slides
Quantum Algorithms for Quantum Algorithms for Evaluating M IN Evaluating M IN -M -M AX AX Trees

Quantum Algorithms for Quantum Algorithms for Evaluating M IN Evaluating M IN -M -M AX AX Trees

Quantum Algorithms for Quantum Algorithms for Evaluating M IN Evaluating M IN -M -M AX AX Trees Trees Richard Cleve Dmitry Gavinsky D. L. Yonge-Mallo Institute for Quantum Computing, University of Waterloo January 30, 2008 TQC Tokyo,

842 views • 34 slides
Quantum Computation (Lecture QC-3: Quantum Algorithms) Lu s Soares Barbosa MFES -

Quantum Computation (Lecture QC-3: Quantum Algorithms) Lu s Soares Barbosa MFES -

Quantum Computation (Lecture QC-3: Quantum Algorithms) Lu s Soares Barbosa MFES - Arquitectura e C alculo May 2019 Quantum Algorithms The Deutsch-Jozsa Algorithm Quantum Search: Grover A quantum machine Structure of a quantum

1.08k views • 29 slides
SIDH on ARM: Faster Modular Multiplications for Faster Post-Quantum Supersingular Isogeny Key

SIDH on ARM: Faster Modular Multiplications for Faster Post-Quantum Supersingular Isogeny Key

SIDH on ARM: Faster Modular Multiplications for Faster Post-Quantum Supersingular Isogeny Key Exchange. Hwajeong Seo (Hansung University), Zhe Liu (Nanjing University of Aeronautics and Astronautics), Patrick Longa (Microsoft Research), Zhi

593 views • 36 slides
Asymptotically Exact TTL-Approximations of the Cache Replacement Algorithms LRU(m) and h-LRU

Asymptotically Exact TTL-Approximations of the Cache Replacement Algorithms LRU(m) and h-LRU

Asymptotically Exact TTL-Approximations of the Cache Replacement Algorithms LRU(m) and h-LRU Nicolas Gast 1 , Benny Van Houdt 2 ITC 2016 September 13-15, W urzburg, Germany 1 Inria 2 University of Antwerp Nicolas Gast 1 / 24 Caches are

692 views • 50 slides
Approximation Algorithms Q. Suppose I need to solve an NP-hard problem. What should I do? A.

Approximation Algorithms Q. Suppose I need to solve an NP-hard problem. What should I do? A.

Approximation Algorithms Q. Suppose I need to solve an NP-hard problem. What should I do? A. Theory says you're unlikely to find a poly-time algorithm. Must sacrifice one of three desired features. Solve problem to optimality. Solve

247 views • 20 slides
Quantum Computing, At First Glance, This . . . Here We Come! Making Lemonade . . . Fast Search

Quantum Computing, At First Glance, This . . . Here We Come! Making Lemonade . . . Fast Search

Faster, Faster, Faster: . . . Blame It on Einsteins . . . Honey, I Shrunk the . . . Why Is Micro-World . . . Quantum Computing, At First Glance, This . . . Here We Come! Making Lemonade . . . Fast Search Vladik Kreinovich End of

566 views • 25 slides
New Algorithms for Quantum (Symmetric) Cryptanalysis Mara Naya-Plasencia 2 , Andr

New Algorithms for Quantum (Symmetric) Cryptanalysis Mara Naya-Plasencia 2 , Andr

Quantum-safe (Symmetric) Cryptography Quantum Collision Search Quantum k-xor Algorithms New Algorithms for Quantum (Symmetric) Cryptanalysis Mara Naya-Plasencia 2 , Andr Schrottenloher 2 Joint work with Andr Chailloux 2 and Lorenzo Grassi

1.63k views • 65 slides
Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers can break public-key cryptography that is based on assuming hardness of factoring, discrete logs, and a few other problems I Post-quantum

2.98k views • 37 slides
Algorithms COSC 1010 Algorithms Algorithm - A clear specification of how to solve a problem

Algorithms COSC 1010 Algorithms Algorithm - A clear specification of how to solve a problem

Algorithms COSC 1010 Algorithms Algorithm - A clear specification of how to solve a problem E ff ective method: Measured in the resources solved in dependence of the size of the problem Time Memory Algorithms

477 views • 16 slides
Distributed Quantum Computing Using the most precise description of our world to solve some of

Distributed Quantum Computing Using the most precise description of our world to solve some of

Distributed Quantum Computing Using the most precise description of our world to solve some of the hardest problems by Matthias Egli Based on the paper Distributed Quantum Computing by Harry Buhrman and Hein Rhrig These slides are just

969 views • 31 slides
Defini3ons Programming Working out algorithms that solve

Defini3ons Programming Working out algorithms that solve

2013-10-10 Defini3ons Programming Working out algorithms that solve problems. Coding Lecture OO Implemen3ng algorithms in some language.

401 views • 4 slides
From quantum hardware to quantum AI School of Electrical and Electronic Engineering University

From quantum hardware to quantum AI School of Electrical and Electronic Engineering University

CLASSICAL BIT vs QUBIT Computation as physical process Concept of programmable matter Classical neural network Distance between quantum states Quantum algorithms Quantum Neural Networks From quantum hardware to quantum AI School of

322 views • 31 slides
Quantum Quantum Computing Sensing Algorithms Hybrid computing Compilers

Quantum Quantum Computing Sensing Algorithms Hybrid computing Compilers

QIS Workshop: Welcome Argonne PSE/CELS QIS Working Group Salman Habib CPS/HEP Divisions September 23, 2019 Quantum Quantum Computing Sensing Algorithms Hybrid computing Compilers Error correction Precision metrology

285 views • 6 slides
Quantum algorithms Daniel J. Bernstein University of Illinois at Chicago Quantum algorithm

Quantum algorithms Daniel J. Bernstein University of Illinois at Chicago Quantum algorithm

1 Quantum algorithms Daniel J. Bernstein University of Illinois at Chicago Quantum algorithm means an algorithm that a quantum computer can run. i.e. a sequence of instructions, where each instruction is in a quantum computers

1.42k views • 138 slides
Search Algorithms Mohamad Alsabbagh Department of Electrical Engineering and Computer Science

Search Algorithms Mohamad Alsabbagh Department of Electrical Engineering and Computer Science

Concurrent Depth-First Search Algorithms Mohamad Alsabbagh Department of Electrical Engineering and Computer Science York University, Toronto October 8, 2015 Problems Tarjans algorithms solve Tarjan's Algorithms solve three related

521 views • 13 slides
Quantum algorithms based on quantum walks . J er emie Roland Universit e Libre de

Quantum algorithms based on quantum walks . J er emie Roland Universit e Libre de

. Quantum algorithms based on quantum walks . J er emie Roland Universit e Libre de Bruxelles Quantum Information & Communication J er emie Roland (ULB - QuIC) Quantum walks Grenoble, Novembre 2012 1 / 39 Outline

564 views • 29 slides
Quantum Algorithms for Quantum Field Theories Stephen Jordan Joint work with Keith Lee John

Quantum Algorithms for Quantum Field Theories Stephen Jordan Joint work with Keith Lee John

Quantum Algorithms for Quantum Field Theories Stephen Jordan Joint work with Keith Lee John Preskill [arXiv:1111.3633 and 1112.4833] Feb 21, 2012 Quantum Mechanics Each state of the system is a basis vector. | dead i | alive i A general

672 views • 36 slides
Quantum algorithms Daniel J. Bernstein Quantum algorithm means an algorithm that a

Quantum algorithms Daniel J. Bernstein Quantum algorithm means an algorithm that a

1 Quantum algorithms Daniel J. Bernstein Quantum algorithm means an algorithm that a quantum computer can run. i.e. a sequence of instructions, where each instruction is in a quantum computers supported instruction set. How do we

1.53k views • 135 slides
Summary: * Why quantum for computers? * Logic gates and algorithms * Manipulating quantum

Summary: * Why quantum for computers? * Logic gates and algorithms * Manipulating quantum

Elements of quantum information processing and quantum computers (with trapped ion examples) D. J. Wineland, Dept. of Physics, U Oregon, Eugene, OR; & Research Associate, NIST, Boulder, CO Summary: * Why quantum for computers? *

742 views • 42 slides
The Quantum Program in One Dimension - So Far Solve the Schroedinger equation to get

The Quantum Program in One Dimension - So Far Solve the Schroedinger equation to get

The Quantum Program in One Dimension - So Far Solve the Schroedinger equation to get eigenfunctions and eigenvalues. 1 2 2 ( x ) + V ( x ) = E ( x ) x 2 2 m For an initial wave packet ( x ) use the completeness of the

339 views • 16 slides
Trapdoor simulation Algorithms in CS courses of quantum algorithms WHAT is your algorithm?

Trapdoor simulation Algorithms in CS courses of quantum algorithms WHAT is your algorithm?

Trapdoor simulation Algorithms in CS courses of quantum algorithms WHAT is your algorithm? Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Joint work with: Tung Chou Technische

922 views • 70 slides

More recommend