optimal merging in quantum k xor and k sum algorithms
play

Optimal Merging in Quantum k -xor and k -sum Algorithms Mara - PowerPoint PPT Presentation

Jun 02, 2023 •371 likes •727 views

Optimal Merging in Quantum k -xor and k -sum Algorithms Mara Naya-Plasencia, Andr Schrottenloher Inria, France Merging with many Solutions Quantum Merging With a Single Solution Outline Merging with many Solutions 1 Quantum Merging 2

  1. Optimal Merging in Quantum k -xor and k -sum Algorithms María Naya-Plasencia, André Schrottenloher Inria, France

  2. Merging with many Solutions Quantum Merging With a Single Solution Outline Merging with many Solutions 1 Quantum Merging 2 With a Single Solution 3 María N.-P., André S. Quantum Merging Algorithms 2/28

  3. Merging with many Solutions Quantum Merging With a Single Solution Generalized Birthday Problem(s) In this talk ( ⊕ can be replaced by + ): Problem 1: “oracle” Given oracle access to a random n -bit to n -bit function H , find x 1 , . . . x k such that H ( x 1 ) ⊕ . . . ⊕ H ( x k ) = 0. Problem 2: “unique solution” Given oracle access to a random n / k -bit to n -bit function H , find the single k -tuple x 1 , . . . x k such that H ( x 1 ) ⊕ . . . ⊕ H ( x k ) = 0. María N.-P., André S. Quantum Merging Algorithms 3/28

  4. Merging with many Solutions Quantum Merging With a Single Solution Applications Subset-sum: given n integers a 0 , . . . a n − 1 on poly ( n ) bits, find a binary ¯ e such that a · ¯ ¯ e = 0 = ⇒ reduces to k -sum Parity check problem: given P ( X ) of degree n , find a low-weight multiple of P = ⇒ reduces to k -sum LPN: given samples a , a · s + e with n -bit uniform random a and Bernoulli noise e , find s = ⇒ reduces to k -sum Multiple-encryption: given a few plaintext-ciphertext pairs ( x , E k 1 ◦ . . . ◦ E k r ( x )) , find the independent keys k 1 , . . . k r = ⇒ similar algorithms applicable María N.-P., André S. Quantum Merging Algorithms 4/28

  5. Merging with many Solutions Quantum Merging With a Single Solution Merging with many Solutions María N.-P., André S. Quantum Merging Algorithms 5/28

  6. Merging with many Solutions Quantum Merging With a Single Solution Known classical complexities To get a k -xor on n bits (with oracle access to H : { 0 , 1 } n → { 0 , 1 } n ): The optimal query complexity is Θ( 2 n / k ) � 2 n / ( 1 + ⌊ log 2 ( k ) ⌋ ) � The time complexity is O * Logarithmic improvements in time (but we focus on exponents ) * Wagner, “A Generalized Birthday Problem” , CRYPTO 02 María N.-P., André S. Quantum Merging Algorithms 6/28

  7. Merging with many Solutions Quantum Merging With a Single Solution Wagner’s algorithm in a single slide Merging From two lists L 1 , L 2 of outputs of H , compute the join L 1 ⊲ ⊳ u L 2 : the pairs x 1 , x 2 ∈ L 1 × L 2 with x 1 ⊕ x 2 | u = 0 (partial collision on u bits). All lists are presumed sorted, the time is: MAX ( | L 1 ⊲ ⊳ u L 2 | , MIN ( | L 1 | , | L 2 | )) Wagner’s algorithm is a sequence of pairwise joins The strategy (optimal u ) depends on ⌊ log 2 ( k ) ⌋ ; we merge 2 ⌊ log 2 ( k ) ⌋ lists Wagner, “A Generalized Birthday Problem” , CRYPTO 02 María N.-P., André S. Quantum Merging Algorithms 7/28

  8. Merging with many Solutions Quantum Merging With a Single Solution An example with k = 4 Query 2 n / 3 elements for each list 1 L 1 of size L 2 of size L 3 of size L 4 of size 2 n / 3 2 n / 3 2 n / 3 2 n / 3 María N.-P., André S. Quantum Merging Algorithms 8/28

  9. Merging with many Solutions Quantum Merging With a Single Solution An example with k = 4 Query 2 n / 3 elements for each list 1 Compute the joins L 1 ⊲ ⊳ n / 3 L 2 and L 3 ⊲ ⊳ n / 3 L 4 2 L 1 of size L 2 of size L 3 of size L 4 of size 2 n / 3 2 n / 3 2 n / 3 2 n / 3 L 1 ⊲ ⊳ n / 3 L 2 L 3 ⊲ ⊳ n / 3 L 4 of size 2 n / 3 of size 2 n / 3 María N.-P., André S. Quantum Merging Algorithms 8/28

  10. Merging with many Solutions Quantum Merging With a Single Solution An example with k = 4 1. Query 4 lists of x , H ( x ) : L 1 , L 2 , L 3 , L 4 of size 2 n / 3 ⊳ n / 3 L 4 of size 2 n / 3 2. Compute the joins L 1 ⊲ ⊳ n / 3 L 2 and L 3 ⊲ 3. Compute the join ( L 1 ⊲ ⊳ n / 3 L 2 ) ⊲ ⊳ 2 n / 3 ( L 3 ⊲ ⊳ n / 3 L 4 ) of size 1 L 1 of size L 2 of size L 3 of size L 4 of size 2 n / 3 2 n / 3 2 n / 3 2 n / 3 L 1 ⊲ ⊳ n / 3 L 2 L 3 ⊲ ⊳ n / 3 L 4 of size 2 n / 3 of size 2 n / 3 Single 4-xor to 0 on n bits María N.-P., André S. Quantum Merging Algorithms 8/28

  11. Merging with many Solutions Quantum Merging With a Single Solution Known quantum complexities To get a k -xor on n bits (with quantum oracle access to H ): � 2 n / ( k + 1 ) � The optimal query complexity is Θ * � 2 n / 3 � � 2 n / 3 � For k = 2 (collisions), the time is � O using O classical memory with quantum access (QACM) 1 For any k , exponent α k = 2 + ⌊ log 2 ( k ) ⌋ ) using quantum memory with quantum access (QAQM) * Belovs and Spalek, “Adversary lower bound for the k -sum problem” , ACM 13 Brassard, Høyer, and Tapp, “Quantum Cryptanalysis of Hash and Claw-Free Functions” , LATIN Grassi, Naya-Plasencia, and S., “Quantum Algorithms for the k -xor Problem” , AC 18 María N.-P., André S. Quantum Merging Algorithms 9/28

  12. Merging with many Solutions Quantum Merging With a Single Solution Previous exponents (with QAQM) Classical time 0 . 5 Quantum time [AC 18] time = � 0 . 4 O ( 2 α k n ) α k 0 . 3 0 . 2 0 . 1 5 10 15 20 k María N.-P., André S. Quantum Merging Algorithms 10/28

  13. Merging with many Solutions Quantum Merging With a Single Solution Our results (with QACM) Classical 0 . 5 [AC 18] New 0 . 4 time = � O ( 2 α k n ) α k 0 . 3 0 . 2 0 . 1 5 10 15 20 k María N.-P., André S. Quantum Merging Algorithms 11/28

  14. Merging with many Solutions Quantum Merging With a Single Solution Quantum Merging María N.-P., André S. Quantum Merging Algorithms 12/28

  15. Merging with many Solutions Quantum Merging With a Single Solution Classical search Let X = G ∪ B ���� ���� ���� Search space, Good ones, Bad ones, size N − T size N size T Let Sample and Test be functions to sample x from X and test if x ∈ G , in time t Sample and t Test . There exists a function Sample G that samples from G in time: � � N t Sample + t Test T ⇒ we transform a sampling procedure for the “search space” into a sampling procedure for the “solution space”. María N.-P., André S. Quantum Merging Algorithms 13/28

  16. Merging with many Solutions Quantum Merging With a Single Solution Quantum search X = G ∪ B ���� ���� ���� Search space, Good ones, Bad ones, size N − T size N size T Let QSample and QTest be quantum algorithms to sample X and test if x ∈ G , in time t Sample and t Test . There exists an algorithm QSample G that samples G in time: � � � N t QSample + t QTest T Grover, “A Fast Quantum Mechanical Algorithm for Database Search” , STOC 96 Brassard et al., “Quantum amplitude amplification and estimation” , Contemp. Math. 02 María N.-P., André S. Quantum Merging Algorithms 14/28

  17. Merging with many Solutions Quantum Merging With a Single Solution Classical merging as a sampling procedure Sampling from L List L 1 List L 2 We sample from list L 1 u -bit prefix u -bit prefix We try to match against list L 2 � 2 c � List L = L 1 ⊲ ⊳ c L 2 t Sample ( L ) = max | L 2 | , 1 t Sample ( L 1 ) size | L | = | L 1 || L 2 | / 2 c prefix u + c Computing the full “join” ⊲ ⊳ means sampling from L repeatedly. María N.-P., André S. Quantum Merging Algorithms 15/28

  18. Merging with many Solutions Quantum Merging With a Single Solution Depth-first traversal of Wagner’s tree We sample from L 0 (the solution) once. L 1 of size L 2 of size L 3 of size L 4 of size 2 n / 3 2 n / 3 2 n / 3 2 n / 3 L 1 ⊲ ⊳ n / 3 L 2 L 3 ⊲ ⊳ n / 3 L 4 of size 2 n / 3 of size 2 n / 3 L 0 of size 1 María N.-P., André S. Quantum Merging Algorithms 16/28

  19. Merging with many Solutions Quantum Merging With a Single Solution Depth-first traversal of Wagner’s tree We sample from L 0 (the solution) once. ⊳ L 2 2 n / 3 times. = ⇒ we sample from L 1 ⊲ L 1 of size L 2 of size L 3 of size L 4 of size 2 n / 3 2 n / 3 2 n / 3 2 n / 3 L 1 ⊲ ⊳ n / 3 L 2 L 3 ⊲ ⊳ n / 3 L 4 of size 2 n / 3 of size 2 n / 3 L 0 of size 1 María N.-P., André S. Quantum Merging Algorithms 16/28

  20. Merging with many Solutions Quantum Merging With a Single Solution Depth-first traversal of Wagner’s tree We sample from L 0 (the solution). ⊳ L 2 2 n / 3 times. = ⇒ we sample from L 1 ⊲ ⇒ we sample from L 1 2 n / 3 times. = L 1 of size L 2 of size L 3 of size L 4 of size 2 n / 3 2 n / 3 2 n / 3 2 n / 3 L 1 ⊲ ⊳ n / 3 L 2 L 3 ⊲ ⊳ n / 3 L 4 of size 2 n / 3 of size 2 n / 3 L 0 of size 1 María N.-P., André S. Quantum Merging Algorithms 16/28

  21. Merging with many Solutions Quantum Merging With a Single Solution Quantum merging Sampling from L List L 1 List L 2 We sample from list L 1 u -bit prefix u -bit prefix We try to match against list L 2 We have a square-root speedup List L = L 1 ⊲ ⊳ c L 2 size | L | = | L 1 || L 2 | / 2 c � � 2 c � prefix u + c t QSample ( L ) = max | L 2 | , 1 t QSample ( L 1 ) María N.-P., André S. Quantum Merging Algorithms 17/28

  22. Merging with many Solutions Quantum Merging With a Single Solution 4-xor example “The time of the red branch is reduced to a square-root.” (Quantum) sampling from L 1 : time 1 Sampling from L 1 ⊲ ⊳ n / 3 L 2 : time 1 again Sampling from L 0 : 2 n / 6 instead of 2 n / 3 L 1 of size L 2 of size L 3 of size L 4 of size 2 n / 3 2 n / 3 2 n / 3 2 n / 3 L 1 ⊲ ⊳ n / 3 L 2 L 3 ⊲ ⊳ n / 3 L 4 of size 2 n / 3 of size 2 n / 3 L 0 of size 1 María N.-P., André S. Quantum Merging Algorithms 18/28

Recommend

Quantum Merging Algorithms Mara Naya-Plasencia 2 , Andr Schrottenloher 2 Joint work with Andr

Quantum Merging Algorithms Mara Naya-Plasencia 2 , Andr Schrottenloher 2 Joint work with Andr

Quantum (Generalized) Collisions Quantum Merging Extended Quantum Merging Quantum Merging Algorithms Mara Naya-Plasencia 2 , Andr Schrottenloher 2 Joint work with Andr Chailloux 2 and Lorenzo Grassi 1 1 IAIK, Graz University of Technology,

727 views • 50 slides
Quantum Algorithms for Quantum Algorithms for Evaluating M IN Evaluating M IN -M -M AX AX Trees

Quantum Algorithms for Quantum Algorithms for Evaluating M IN Evaluating M IN -M -M AX AX Trees

Quantum Algorithms for Quantum Algorithms for Evaluating M IN Evaluating M IN -M -M AX AX Trees Trees Richard Cleve Dmitry Gavinsky D. L. Yonge-Mallo Institute for Quantum Computing, University of Waterloo January 30, 2008 TQC Tokyo,

842 views • 34 slides
Quantum Computation (Lecture QC-3: Quantum Algorithms) Lu s Soares Barbosa MFES -

Quantum Computation (Lecture QC-3: Quantum Algorithms) Lu s Soares Barbosa MFES -

Quantum Computation (Lecture QC-3: Quantum Algorithms) Lu s Soares Barbosa MFES - Arquitectura e C alculo May 2019 Quantum Algorithms The Deutsch-Jozsa Algorithm Quantum Search: Grover A quantum machine Structure of a quantum

1.08k views • 29 slides
Towards Optimal Constructions of Towards Optimal Constructions of Dynamically Corrected Quantum

Towards Optimal Constructions of Towards Optimal Constructions of Dynamically Corrected Quantum

Second International Conference on Quantum Error Correction University of Southern California, Dec. 5-9 2011 Towards Optimal Constructions of Towards Optimal Constructions of Dynamically Corrected Quantum Gates Dynamically Corrected Quantum

700 views • 25 slides
Optimal Quantum Sample Complexity of Learning Algorithms Srinivasan Arunachalam (Joint work with

Optimal Quantum Sample Complexity of Learning Algorithms Srinivasan Arunachalam (Joint work with

Optimal Quantum Sample Complexity of Learning Algorithms Srinivasan Arunachalam (Joint work with Ronald de Wolf) 1/ 23 Machine learning Classical machine learning 2/ 23 Machine learning Classical machine learning Grand goal: enable AI

1.07k views • 103 slides
Quantum Algorithms for Topological Invariants Stephen Jordan Wed Feb. 3, 2010 What is a quantum

Quantum Algorithms for Topological Invariants Stephen Jordan Wed Feb. 3, 2010 What is a quantum

Quantum Algorithms for Topological Invariants Stephen Jordan Wed Feb. 3, 2010 What is a quantum algorithm? Classical Quantum 0101101 the rules: solve problem using sequence of local quantum gates the goal: use fewer gates than

1.11k views • 37 slides
New Algorithms for Quantum (Symmetric) Cryptanalysis Mara Naya-Plasencia 2 , Andr

New Algorithms for Quantum (Symmetric) Cryptanalysis Mara Naya-Plasencia 2 , Andr

Quantum-safe (Symmetric) Cryptography Quantum Collision Search Quantum k-xor Algorithms New Algorithms for Quantum (Symmetric) Cryptanalysis Mara Naya-Plasencia 2 , Andr Schrottenloher 2 Joint work with Andr Chailloux 2 and Lorenzo Grassi

1.63k views • 65 slides
Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers can break public-key cryptography that is based on assuming hardness of factoring, discrete logs, and a few other problems I Post-quantum

2.98k views • 37 slides
From quantum hardware to quantum AI School of Electrical and Electronic Engineering University

From quantum hardware to quantum AI School of Electrical and Electronic Engineering University

CLASSICAL BIT vs QUBIT Computation as physical process Concept of programmable matter Classical neural network Distance between quantum states Quantum algorithms Quantum Neural Networks From quantum hardware to quantum AI School of

322 views • 31 slides
Optimal Control of Josephson qubits What can quantum control do for quantum computing? .K. Wilhelm

Optimal Control of Josephson qubits What can quantum control do for quantum computing? .K. Wilhelm

Finding and optimizing gates Application to Josephson qubits Summary Optimal Control of Josephson qubits What can quantum control do for quantum computing? .K. Wilhelm 1 2 M.J. Storcz 2 J. Ferber 2 A. Sprl 3 F T. Schulte-Herbrggen 3 S.J.

731 views • 40 slides
Quantum Quantum Computing Sensing Algorithms Hybrid computing Compilers

Quantum Quantum Computing Sensing Algorithms Hybrid computing Compilers

QIS Workshop: Welcome Argonne PSE/CELS QIS Working Group Salman Habib CPS/HEP Divisions September 23, 2019 Quantum Quantum Computing Sensing Algorithms Hybrid computing Compilers Error correction Precision metrology

285 views • 6 slides
Optimal quantum driving of a thermal machine Andrea Mari Vasco Cavina Vittorio Giovannetti

Optimal quantum driving of a thermal machine Andrea Mari Vasco Cavina Vittorio Giovannetti

Optimal quantum driving of a thermal machine Andrea Mari Vasco Cavina Vittorio Giovannetti Alberto Carlini Workshop on Quantum Science and Quantum Technologies ICTP, Trieste, 12-09-2017 Outline 1. Slow driving of quantum thermal

952 views • 31 slides
Quantum algorithms Daniel J. Bernstein University of Illinois at Chicago Quantum algorithm

Quantum algorithms Daniel J. Bernstein University of Illinois at Chicago Quantum algorithm

1 Quantum algorithms Daniel J. Bernstein University of Illinois at Chicago Quantum algorithm means an algorithm that a quantum computer can run. i.e. a sequence of instructions, where each instruction is in a quantum computers

1.42k views • 138 slides
Optimal Algorithms for Learning Bayesian Optimal Algorithms for Learning Bayesian Network

Optimal Algorithms for Learning Bayesian Optimal Algorithms for Learning Bayesian Network

Optimal Algorithms for Learning Bayesian Optimal Algorithms for Learning Bayesian Network Structures: Network Structures: Introduction and Heuristic Search Introduction and Heuristic Search Changhe Yuan UAI 2015 Tutorial Sunday, July 12 th ,

858 views • 56 slides
Quantum algorithms based on quantum walks . J er emie Roland Universit e Libre de

Quantum algorithms based on quantum walks . J er emie Roland Universit e Libre de

. Quantum algorithms based on quantum walks . J er emie Roland Universit e Libre de Bruxelles Quantum Information & Communication J er emie Roland (ULB - QuIC) Quantum walks Grenoble, Novembre 2012 1 / 39 Outline

564 views • 29 slides
Quantum Algorithms for Quantum Field Theories Stephen Jordan Joint work with Keith Lee John

Quantum Algorithms for Quantum Field Theories Stephen Jordan Joint work with Keith Lee John

Quantum Algorithms for Quantum Field Theories Stephen Jordan Joint work with Keith Lee John Preskill [arXiv:1111.3633 and 1112.4833] Feb 21, 2012 Quantum Mechanics Each state of the system is a basis vector. | dead i | alive i A general

672 views • 36 slides
Quantum algorithms Daniel J. Bernstein Quantum algorithm means an algorithm that a

Quantum algorithms Daniel J. Bernstein Quantum algorithm means an algorithm that a

1 Quantum algorithms Daniel J. Bernstein Quantum algorithm means an algorithm that a quantum computer can run. i.e. a sequence of instructions, where each instruction is in a quantum computers supported instruction set. How do we

1.53k views • 135 slides
Summary: * Why quantum for computers? * Logic gates and algorithms * Manipulating quantum

Summary: * Why quantum for computers? * Logic gates and algorithms * Manipulating quantum

Elements of quantum information processing and quantum computers (with trapped ion examples) D. J. Wineland, Dept. of Physics, U Oregon, Eugene, OR; & Research Associate, NIST, Boulder, CO Summary: * Why quantum for computers? *

742 views • 42 slides
Algorithms Theory Algorithms Theory 14 Dynamic Programming (3) Programming (3) Optimal

Algorithms Theory Algorithms Theory 14 Dynamic Programming (3) Programming (3) Optimal

Algorithms Theory Algorithms Theory 14 Dynamic Programming (3) Programming (3) Optimal binary search trees P.D. Dr. Alexander Souza Winter term 11/12 Method of dynamic programming Recursive approach: Solve a problem by solving several

486 views • 16 slides
Current Quantum Measurements in . . . Cryptography Algorithm Main Idea of Quantum . . . A

Current Quantum Measurements in . . . Cryptography Algorithm Main Idea of Quantum . . . A

Why Quantum . . . Quantum . . . Remaining Problems . . . Quantum Physics: . . . Current Quantum Measurements in . . . Cryptography Algorithm Main Idea of Quantum . . . A General Family of . . . Is Optimal: A Proof What Do We Want to . . .

818 views • 40 slides
Trapdoor simulation Algorithms in CS courses of quantum algorithms WHAT is your algorithm?

Trapdoor simulation Algorithms in CS courses of quantum algorithms WHAT is your algorithm?

Trapdoor simulation Algorithms in CS courses of quantum algorithms WHAT is your algorithm? Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Joint work with: Tung Chou Technische

922 views • 70 slides
Parton Showers and Matching/Merging Lecture 2 of 2: Matching/Merging & Non-Perturbative

Parton Showers and Matching/Merging Lecture 2 of 2: Matching/Merging & Non-Perturbative

Parton Showers and Matching/Merging Lecture 2 of 2: Matching/Merging & Non-Perturbative Corrections (Hadron Decays) Hadronisation Parton Shower Matching & Merging Hard process Peter Skands (Monash University) Feynrules/Madgraph

698 views • 27 slides
Optimal Join Algorithms meet Top- Nikolaos Tziavelis, Wolfgang Gatterbauer, Mirek Riedewald

Optimal Join Algorithms meet Top- Nikolaos Tziavelis, Wolfgang Gatterbauer, Mirek Riedewald

SIGMOD 2020 tutorial Optimal Join Algorithms meet Top- Nikolaos Tziavelis, Wolfgang Gatterbauer, Mirek Riedewald Ranked results Northeastern University, Boston Part 2 : Optimal Join Algorithms Time Slides:

757 views • 65 slides
Statistical aspects of stochastic algorithms for entropic optimal transportation between

Statistical aspects of stochastic algorithms for entropic optimal transportation between

Stochastic algorithm for optimal transport Statistical aspects of stochastic algorithms for entropic optimal transportation between probability measures J er emie Bigot Institut de Math ematiques de Bordeaux Equipe Image, Optimisation

767 views • 55 slides

More recommend