Quantum algorithms for Information Set Decoding Elena Kirshanova ENS Lyon April 11, 2018 Quantum ISD | E.Kirshanova
Information Set Decoding (ISD) The ISD Problem Given H P F p n ´ k qˆ n , s P F n ´ k , find e P F n 2 s.t. He “ s 2 2 e “ H s We assume we know wt p e q “ w “ γ ¨ n , γ ă 1 { 2 Quantum ISD | E.Kirshanova
Information Set Decoding (ISD) The ISD Problem Given H P F p n ´ k qˆ n , s P F n ´ k , find e P F n 2 s.t. He “ s 2 2 e “ H s We assume we know wt p e q “ w “ γ ¨ n , γ ă 1 { 2 All known algorithms have complexity 2 c ¨ n ` o p n q . We want to improve the constant c . Quantum ISD | E.Kirshanova
Selected Algorithms for ISD (full-distance) Enumerate e [Prange’62] log T 0 . 120 n
Selected Algorithms for ISD (full-distance) Collision search btw. 2 lists Enumerate e [Stern’89, [Prange’62] Dumer’91] log T 0 . 120 0 . 116 n
Selected Algorithms for ISD (full-distance) Collision search Collision search btw. 2 lists btw. 4 lists Enumerate e [Stern’89, [MMT’11, [Prange’62] Dumer’91] BJMM’12] log T 0 . 120 0 . 116 0 . 102 n
Selected Algorithms for ISD (full-distance) Collision search Collision search btw. 2 lists btw. 4 lists Enumerate e [Stern’89, NN search [MMT’11, NN search [Both, [Prange’62] Dumer’91] [MO’15] BJMM’12] [MO’15] May’18] log T 0 . 120 0 . 116 0 . 114 0 . 102 0 . 095 0 . 088 n
Selected Algorithms for ISD (full-distance) Collision search Collision search btw. 2 lists btw. 4 lists Enumerate e [Stern’89, NN search [MMT’11, NN search [Both, [Prange’62] Dumer’91] [MO’15] BJMM’12] [MO’15] May’18] log T 0 . 120 0 . 116 0 . 114 0 . 102 0 . 095 0 . 088 n Grover e [Ber’10] log T n 0 . 0603
Selected Algorithms for ISD (full-distance) Collision search Collision search btw. 2 lists btw. 4 lists Enumerate e [Stern’89, NN search [MMT’11, NN search [Both, [Prange’62] Dumer’91] [MO’15] BJMM’12] [MO’15] May’18] log T 0 . 120 0 . 116 0 . 114 0 . 102 0 . 095 0 . 088 n Quantum col- Quantum col- Grover e lision search lision search [Ber’10] [KT’17] [KT’17] log T n 0 . 0603 0 . 0596 0 . 0586
Selected Algorithms for ISD (full-distance) Collision search Collision search btw. 2 lists btw. 4 lists Enumerate e [Stern’89, NN search [MMT’11, NN search [Both, [Prange’62] Dumer’91] [MO’15] BJMM’12] [MO’15] May’18] log T 0 . 120 0 . 116 0 . 114 0 . 102 0 . 095 0 . 088 n Quantum col- Quantum NN Quantum col- Grover e lision search search [This lision search [Ber’10] [KT’17] work] [KT’17] log T n ? ? 0 . 0603 0 . 0596 0 . 0594 0 . 0586 Quantum ISD | E.Kirshanova
Main results • An analysis of locality-sensitive filtering techniques for hamming metric • A quantum version of May-Ozerov ISD Quantum ISD | E.Kirshanova
Algorithms for ISD: Stern’89 e Given H , s , find e “ H s Quantum ISD | E.Kirshanova
Algorithms for ISD: Stern’89 e Given H , s , find e “ H s Step1: Bring H into the systematic form: e “ Q I n ´ k H ¨ P = ¯ s For ¯ s “ s ¨ P Quantum ISD | E.Kirshanova
Algorithms for ISD: Stern’89 Step2: Search for collisions p w ´ p wt : e 1 e 2 Qe 1 ` e 2 “ s Qe 1 « s Q I n ´ k s r Qe 1 s ℓ “ r s s ℓ “ Quantum ISD | E.Kirshanova
Algorithms for ISD: Stern’89 Step2: Search for collisions p w ´ p wt : e L e R e 2 Qe 1 ` e 2 “ s 1 1 Qe 1 « s Q I n ´ k s r Qe 1 s ℓ “ r s s ℓ “ p { 2 p { 2 L 1 “ tp e L 1 , Qe L 1 q : wt p e L 1 q “ p 2 u L 2 “ tp e R 1 , Qe R 1 ` s q : wt p e R 1 q “ p 2 u L 1 L 2 L out ℓ Quantum ISD | E.Kirshanova
Algorithms for ISD: Stern’89 Step2: Search for collisions p w ´ p wt : e L e R e 2 Qe 1 ` e 2 “ s 1 1 Qe 1 « s Q I n ´ k s r Qe 1 s ℓ “ r s s ℓ “ p { 2 p { 2 L 1 “ tp e L 1 , Qe L 1 q : wt p e L 1 q “ p 2 u L 2 “ tp e R 1 , Qe R 1 ` s q : wt p e R 1 q “ p 2 u L 1 L 2 L out “ L 1 Y L 2 : L 1 r 2 s “ L 2 r 2 s on ℓ T “ Pr r e 2 “ 0 on ℓ s ¨ max t| L i | , | L out |u L out ℓ Quantum ISD | E.Kirshanova
Quantum collision search Goal: find x i “ x j , i ‰ j - a collision in L . N L Quantum ISD | E.Kirshanova
Quantum collision search Goal: find x i “ x j , i ‰ j - a collision in L . • create a superposition over all N 2 { 3 -subsets of r N s N L ř | I y I Ăr N s | I |“ N 2 { 3 Quantum ISD | E.Kirshanova
Quantum collision search 2 N 3 Goal: find x i “ x j , i ‰ j - a collision in L . L I • create a superposition over all N 2 { 3 -subsets of r N s N • ‘upload’ L I L • preprocess L I to quickly decide whether L I contains a collision ř ř | I y | I y | L I y I Ăr N s I Ăr N s | I |“ N 2 { 3 | I |“ N 2 { 3 Quantum ISD | E.Kirshanova
Quantum collision search 2 Goal: find x i “ x j , i ‰ j - a collision in L . N L I 3 • create a superposition over all N 2 { 3 -subsets of r N s N • ‘upload’ L I L • preprocess L I to quickly decide whether L I contains a collision • perform quantum walk ř ř ř | I y | I y | L I y | I zt i u Y t j uy | L I 1 y I Ăr N s I Ăr N s I Ăr N s | I |“ N 2 { 3 | I |“ N 2 { 3 | I |“ N 2 { 3 Quantum ISD | E.Kirshanova
Quantum collision search 2 Goal: find x i “ x j , i ‰ j - a collision in L . N L I 3 • create a superposition over all N 2 { 3 -subsets of r N s N • ‘upload’ L I L • preprocess L I to quickly decide whether L I contains a collision • perform quantum walk N 1 { 3 times œ ř ř ř | I y | I y | L I y | I zt i u Y t j uy | L I 1 y I Ăr N s I Ăr N s I Ăr N s | I |“ N 2 { 3 | I |“ N 2 { 3 | I |“ N 2 { 3 N 1 { 3 times Quantum ISD | E.Kirshanova
Quantum collision search 2 Goal: find x i “ x j , i ‰ j - a collision in L . N L I 3 • create a superposition over all N 2 { 3 -subsets of r N s N • ‘upload’ L I L • preprocess L I to quickly decide whether L I contains a collision • perform quantum walk • measure after r O p N 2 { 3 q steps N 1 { 3 times œ ř ř ř | I y | I y | L I y | I zt i u Y t j uy | L I 1 y I Ăr N s I Ăr N s I Ăr N s | I |“ N 2 { 3 | I |“ N 2 { 3 | I |“ N 2 { 3 N 1 { 3 times Quantum ISD | E.Kirshanova
Algorithms for ISD: Stern’89 Step2: Search for collisions p w ´ p e L e R Qe 1 ` e 2 “ s e 2 1 1 Qe 1 « s r Qe 1 s ℓ “ r s s ℓ Q I n ´ k s “ L 1 “ tp e L 1 , Qe L 1 q : wt p e L 1 q “ p 2 u p { 2 p { 2 L 2 “ tp e R 1 , Qe R 1 ` s q : wt p e R 1 q “ p 2 u L 1 L 2 L out “ L 1 Y L 2 : L 1 r 2 s “ L 2 r 2 s on ℓ T “ Pr r e 2 “ 0 on ℓ s ¨ max t| L i | , | L out |u T Q “ Pr r e 2 “ 0 on ℓ s 1 { 2 ¨ | L i | 2 { 3 L out ℓ Quantum ISD | E.Kirshanova
Algorithms for ISD: MO’15 p Step2: Search for approximate collisions w ´ p e L e R e 2 Qe 1 ` e 2 “ s 1 1 Qe 1 « s Q I n ´ k s “ p { 2 p { 2 L 1 “ tp e L 1 , Qe L 1 q : wt p e L 1 q “ p 2 u L 2 “ tp e R 1 , Qe R 1 ` s q wt p e R 1 q “ p 2 u L 1 L 2 L out “ L 1 Y L 2 s.t. L 1 r 2 s « L 2 r 2 s T “ T NN p| L i | , w q L out Quantum ISD | E.Kirshanova
Locality sensitive filtering over F 2 γ -Near Neighbour Given L Ă F n 2 , preprocess L s.t. upon receiving a query vector q P F n 2 , we can efficiently find all v P L s.t. dist p v , q q ď γ ¨ n for γ ă 1 { 2 .
Locality sensitive filtering over F 2 γ -Near Neighbour Given L Ă F n 2 , preprocess L s.t. upon receiving a query vector q P F n 2 , we can efficiently find all v P L s.t. dist p v , q q ď γ ¨ n for γ ă 1 { 2 . α c 5 c 1 c 2 c 7 c 6 c 4 c 3 c 10 c 8 c 9
Locality sensitive filtering over F 2 γ -Near Neighbour Given L Ă F n 2 , preprocess L s.t. upon receiving a query vector q P F n 2 , we can efficiently find all v P L s.t. dist p v , q q ď γ ¨ n for γ ă 1 { 2 . α v 3 v 7 c 5 c 1 c 2 v 14 v 4 v 2 v 5 v 8 c 7 c 6 c 4 c 3 v 1 v 6 v 11 v 9 v 12 c 10 c 8 c 9 v 13 v 10
Locality sensitive filtering over F 2 γ -Near Neighbour Given L Ă F n 2 , preprocess L s.t. upon receiving a query vector q P F n 2 , we can efficiently find all v P L s.t. dist p v , q q ď γ ¨ n for γ ă 1 { 2 . α v 3 v 7 c 5 c 1 c 2 v 14 q β v 4 v 2 v 5 v 8 c 7 c 6 c 4 c 3 v 1 v 6 v 11 v 9 v 12 c 10 c 8 c 9 v 13 v 10 Quantum ISD | E.Kirshanova
Classical LSF α c 5 c 1 c 2 c 7 c 6 c 4 c 3 c 10 c 8 c 9 Algorithms D - the LSF data structure: D “ Y c P C Bucket c Quantum ISD | E.Kirshanova
Classical LSF α v 3 v 7 c 5 c 1 c 2 v 14 v 4 v 2 v 5 v 8 c 7 c 6 c 4 c 3 v 1 v 6 v 11 v 9 v 12 c 10 c 8 c 9 v 13 v 10 Algorithms D - the LSF data structure: D “ Y c P C Bucket c D . Insert α ( v ): Add v to all the relevant buckets of D Quantum ISD | E.Kirshanova
Classical LSF α v 3 v 7 c 5 c 1 c 2 v 14 v 4 v 2 v 5 v 8 c 7 c 6 c 4 c 3 v 6 v 11 v 9 v 12 c 10 c 8 c 9 v 13 v 10 Algorithms D - the LSF data structure: D “ Y c P C Bucket c D . Insert α ( v ): Add v to all the relevant buckets of D D . Remove α ( v ): Remove v from all buckets Quantum ISD | E.Kirshanova
Classical LSF α v 3 v 7 c 5 c 1 c 2 v 14 q β v 4 v 2 v 5 v 8 c 7 c 6 c 4 c 3 v 6 v 11 v 9 v 12 c 10 c 8 c 9 v 13 v 10 Algorithms D - the LSF data structure: D “ Y c P C Bucket c D . Insert α ( v ): Add v to all the relevant buckets of D D . Remove α ( v ): Remove v from all buckets D . Query β ( q ): Find all v P D with dist p v , q q ď β We have runtimes of these algorithms. Quantum ISD | E.Kirshanova
Recommend
More recommend
