quantum algorithms for the hidden shift problem of
play

Quantum algorithms for the hidden shift problem of Boolean functions - PowerPoint PPT Presentation

Sep 09, 2023 •759 likes •1.51k views

Quantum algorithms for the hidden shift problem of Boolean functions Maris Ozols University of Waterloo, IQC and NEC Labs Joint work with: Martin R otteler (NEC Labs) (NEC Labs) J er emie Roland Andrew Childs (University of

  1. Quantum algorithms for the hidden shift problem of Boolean functions Maris Ozols University of Waterloo, IQC and NEC Labs Joint work with: Martin R¨ otteler (NEC Labs) (NEC Labs) J´ er´ emie Roland Andrew Childs (University of Waterloo, IQC) arXiv:1103.2774 Quantum rejection sampling arXiv:1103.3017 Quantum algorithm for the Boolean hidden shift problem 19/09/2011 Dagstuhl 1

  2. Motivation Hidden shift and subgroup problems Legendre symbol Factoring ❦ ◗ ✑ ✸ ◗ ✑✑✑ [van Dam et al. , 2003] ◗ [Shor, 1994] ◗ Discrete ✿ ✘ ✘✘ Hidden Hidden logarithm [Shor, 1994] shift subgroup ❳❳ ❳ ③ problem problem Pell’s equation Dihedral ❩❩ [Hallgren, 2002] group ? � Symmetric ⑦ ❩ ? � group Lattice � � ✠ ? ? problems ❄ ❄ New algorithms [Regev, 2002] Attacks on Graph cryptosystems isomorphism 19/09/2011 Dagstuhl 2

  3. Boolean hidden shift problem (BHSP) Problem ◮ Given: Complete knowledge of f : Z n 2 → Z 2 and access to a black-box oracle for f s ( x ) := f ( x + s ) x ⇒ ⇒ f s ( x ) ◮ Determine: The hidden shift s 19/09/2011 Dagstuhl 3

  4. Boolean hidden shift problem (BHSP) Problem ◮ Given: Complete knowledge of f : Z n 2 → Z 2 and access to a black-box oracle for f s ( x ) := f ( x + s ) x ⇒ ⇒ f s ( x ) ◮ Determine: The hidden shift s Delta functions are hard ◮ f ( x ) := δ x,x 0 f ( x ) 1 0 0 n x 0 1 n 19/09/2011 Dagstuhl 3

  5. Boolean hidden shift problem (BHSP) Problem ◮ Given: Complete knowledge of f : Z n 2 → Z 2 and access to a black-box oracle for f s ( x ) := f ( x + s ) x ⇒ ⇒ f s ( x ) ◮ Determine: The hidden shift s Delta functions are hard ◮ f ( x ) := δ x,x 0 f s ( x ) 1 s 0 0 n x 0 1 n x 0 + s 19/09/2011 Dagstuhl 3

  6. Boolean hidden shift problem (BHSP) Problem ◮ Given: Complete knowledge of f : Z n 2 → Z 2 and access to a black-box oracle for f s ( x ) := f ( x + s ) x ⇒ ⇒ f s ( x ) ◮ Determine: The hidden shift s Delta functions are hard ◮ f ( x ) := δ x,x 0 √ ◮ Equivalent to Grover’s search: Θ( 2 n ) f s ( x ) 1 s 0 0 n x 0 1 n x 0 + s 19/09/2011 Dagstuhl 3

  7. Fourier transform of Boolean functions The ± 1 -function (normalized) 1 2 n ( − 1) f ( x ) ◮ F ( x ) := √ 19/09/2011 Dagstuhl 4

  8. Fourier transform of Boolean functions The ± 1 -function (normalized) 1 2 n ( − 1) f ( x ) ◮ F ( x ) := √ Fourier transform � � 1 1 1 H := √ 1 − 1 2 ◮ ˆ F ( w ) := � w | H ⊗ n | F � 19/09/2011 Dagstuhl 4

  9. Fourier transform of Boolean functions The ± 1 -function (normalized) 1 2 n ( − 1) f ( x ) ◮ F ( x ) := √ Fourier transform � � 1 1 1 H := √ 1 − 1 2 ◮ ˆ F ( w ) := � w | H ⊗ n | F � = 1 2 ( − 1) w · x F ( x ) √ � x ∈ Z n 2 n 19/09/2011 Dagstuhl 4

  10. Fourier transform of Boolean functions The ± 1 -function (normalized) 1 2 n ( − 1) f ( x ) ◮ F ( x ) := √ Fourier transform � � 1 1 1 H := √ 1 − 1 2 ◮ ˆ F ( w ) := � w | H ⊗ n | F � = 1 2 ( − 1) w · x F ( x ) √ � x ∈ Z n 2 n Function f is bent if ∀ w : | ˆ 1 F ( w ) | = √ 2 n 19/09/2011 Dagstuhl 4

  11. Bent functions are easy Preparing the “phase state” ◮ Phase oracle O f s : | x � �→ ( − 1) f s ( x ) | x � 19/09/2011 Dagstuhl 5

  12. Bent functions are easy Preparing the “phase state” ◮ Phase oracle O f s : | x � �→ ( − 1) f s ( x ) | x � | 0 � ⊗ n O f s H ⊗ n H ⊗ n | Φ( s ) � 2 ( − 1) s · w ˆ ◮ | Φ( s ) � := � F ( w ) | w � w ∈ Z n 19/09/2011 Dagstuhl 5

  13. Bent functions are easy Preparing the “phase state” ◮ Phase oracle O f s : | x � �→ ( − 1) f s ( x ) | x � | 0 � ⊗ n O f s H ⊗ n H ⊗ n | Φ( s ) � 2 ( − 1) s · w ˆ ◮ | Φ( s ) � := � F ( w ) | w � w ∈ Z n Algorithm [R¨ otteler’10] ◮ Prepare | Φ( s ) � 19/09/2011 Dagstuhl 5

  14. Bent functions are easy Preparing the “phase state” ◮ Phase oracle O f s : | x � �→ ( − 1) f s ( x ) | x � | 0 � ⊗ n O f s H ⊗ n H ⊗ n | Φ( s ) � 2 ( − 1) s · w ˆ ◮ | Φ( s ) � := � F ( w ) | w � w ∈ Z n Algorithm [R¨ otteler’10] ◮ Prepare | Φ( s ) � 2 ( − 1) s · w | ˆ ◮ D | Φ( s ) � = � F ( w ) || w � w ∈ Z n � | ˆ � F ( w ) | where D := diag [Curtis & Meyer’04] ˆ F ( w ) 19/09/2011 Dagstuhl 5

  15. Bent functions are easy Preparing the “phase state” ◮ Phase oracle O f s : | x � �→ ( − 1) f s ( x ) | x � | 0 � ⊗ n O f s H ⊗ n H ⊗ n | Φ( s ) � 2 ( − 1) s · w ˆ ◮ | Φ( s ) � := � F ( w ) | w � w ∈ Z n Algorithm [R¨ otteler’10] ◮ Prepare | Φ( s ) � 2 ( − 1) s · w | ˆ ◮ D | Φ( s ) � = � F ( w ) || w � w ∈ Z n � | ˆ � F ( w ) | where D := diag [Curtis & Meyer’04] ˆ F ( w ) ◮ If f is bent then H ⊗ n D | Φ( s ) � = | s � 19/09/2011 Dagstuhl 5

  16. Bent functions are easy Preparing the “phase state” ◮ Phase oracle O f s : | x � �→ ( − 1) f s ( x ) | x � | 0 � ⊗ n O f s H ⊗ n H ⊗ n | Φ( s ) � 2 ( − 1) s · w ˆ ◮ | Φ( s ) � := � F ( w ) | w � w ∈ Z n Algorithm [R¨ otteler’10] ◮ Prepare | Φ( s ) � 2 ( − 1) s · w | ˆ ◮ D | Φ( s ) � = � F ( w ) || w � w ∈ Z n � | ˆ � F ( w ) | where D := diag [Curtis & Meyer’04] ˆ F ( w ) ◮ If f is bent then H ⊗ n D | Φ( s ) � = | s � ◮ Complexity: Θ(1) 19/09/2011 Dagstuhl 5

  17. All Boolean functions 19/09/2011 Dagstuhl 6

  18. All Boolean functions In total there are 2 2 n Boolean functions with n arguments. For n = 8 this is roughly 10 77 . 19/09/2011 Dagstuhl 6

  19. All Boolean functions In total there are 2 2 n Boolean functions with n arguments. For n = 8 this is roughly 10 77 . ◭ Easy ( bent function ) 19/09/2011 Dagstuhl 6

  20. All Boolean functions In total there are 2 2 n Boolean functions with n arguments. For n = 8 this is roughly 10 77 . ◭ Easy ( bent function ) Hard ( delta function ) ◮ 19/09/2011 Dagstuhl 6

  21. All Boolean functions In total there are 2 2 n Boolean functions with n arguments. For n = 8 this is roughly 10 77 . What about the rest? ◭ Easy ( bent function ) Hard ( delta function ) ◮ 19/09/2011 Dagstuhl 6

  22. All Boolean functions In total there are 2 2 n Boolean functions with n arguments. For n = 8 this is roughly 10 77 . What about the rest? ◭ Easy ( bent function ) Three approaches: 1. Grover-like [Grover’00] / quantum rejection sampling [ORR’11] 2. Pretty good measurement 3. Simon-like [R¨ otteler’10, GRR’11] Hard ( delta function ) ◮ 19/09/2011 Dagstuhl 6

  23. Algorithm 1 : Grover-like / quantum rejection sampling 1 ( − 1) s · w ˆ � � ( − 1) s · w F ( w ) | w � �→ √ 2 n | w � w ∈ Z n w ∈ Z n 2 2 19/09/2011 Dagstuhl 7

  24. Algorithm 1 : Grover-like / quantum rejection sampling 1 ( − 1) s · w ˆ � � ( − 1) s · w F ( w ) | w � �→ √ 2 n | w � w ∈ Z n w ∈ Z n 2 2 ◮ Pick ε ∈ R 2 n such that ∀ w : 0 ≤ ε w ≤ | ˆ F ( w ) | 19/09/2011 Dagstuhl 7

  25. Algorithm 1 : Grover-like / quantum rejection sampling 1 ( − 1) s · w ˆ � � ( − 1) s · w F ( w ) | w � �→ √ 2 n | w � w ∈ Z n w ∈ Z n 2 2 ◮ Pick ε ∈ R 2 n such that ∀ w : 0 ≤ ε w ≤ | ˆ F ( w ) | � » ˆ F ( w ) 2 − ε 2 � 1 ◮ Apply R ε : | w �| 0 � �→ | w � w | 0 � + ε w | 1 � ˆ F ( w ) 19/09/2011 Dagstuhl 7

  26. Algorithm 1 : Grover-like / quantum rejection sampling 1 ( − 1) s · w ˆ � � ( − 1) s · w F ( w ) | w � �→ √ 2 n | w � w ∈ Z n w ∈ Z n 2 2 ◮ Pick ε ∈ R 2 n such that ∀ w : 0 ≤ ε w ≤ | ˆ F ( w ) | � » ˆ F ( w ) 2 − ε 2 � 1 ◮ Apply R ε : | w �| 0 � �→ | w � w | 0 � + ε w | 1 � ˆ F ( w ) ◮ If we would measure the last qubit, we would get outcome “ 1 ” w.p. � ε � 2 2 and the post-measurement state would be 1 ( − 1) s · w ε w | w � � � ε � 2 w ∈ Z n 2 19/09/2011 Dagstuhl 7

  27. Algorithm 1 : Grover-like / quantum rejection sampling 1 ( − 1) s · w ˆ � � ( − 1) s · w F ( w ) | w � �→ √ 2 n | w � w ∈ Z n w ∈ Z n 2 2 ◮ Pick ε ∈ R 2 n such that ∀ w : 0 ≤ ε w ≤ | ˆ F ( w ) | � » ˆ F ( w ) 2 − ε 2 � 1 ◮ Apply R ε : | w �| 0 � �→ | w � w | 0 � + ε w | 1 � ˆ F ( w ) ◮ If we would measure the last qubit, we would get outcome “ 1 ” w.p. � ε � 2 2 and the post-measurement state would be 1 ( − 1) s · w ε w | w � � � ε � 2 w ∈ Z n 2 ◮ Instead of measuring, amplify the amplitude on | 1 � 19/09/2011 Dagstuhl 7

  28. Algorithm 1 : Grover-like / quantum rejection sampling 1 ( − 1) s · w ˆ � � ( − 1) s · w F ( w ) | w � �→ √ 2 n | w � w ∈ Z n w ∈ Z n 2 2 ◮ Pick ε ∈ R 2 n such that ∀ w : 0 ≤ ε w ≤ | ˆ F ( w ) | � » ˆ F ( w ) 2 − ε 2 � 1 ◮ Apply R ε : | w �| 0 � �→ | w � w | 0 � + ε w | 1 � ˆ F ( w ) ◮ If we would measure the last qubit, we would get outcome “ 1 ” w.p. � ε � 2 2 and the post-measurement state would be 1 ( − 1) s · w ε w | w � � � ε � 2 w ∈ Z n 2 ◮ Instead of measuring, amplify the amplitude on | 1 � ◮ Complexity: O (1 / � ε � 2 ) 19/09/2011 Dagstuhl 7

Recommend

On the quantum complexity of the continuous hidden subgroup problem Koen de Boer, Lo Ducas,

On the quantum complexity of the continuous hidden subgroup problem Koen de Boer, Lo Ducas,

On the quantum complexity of the continuous hidden subgroup problem Koen de Boer, Lo Ducas, Serge Fehr 1 / 20 Paper: https://eprint.iacr.org/2019/716.pdf Overview Introduction Problem statement Quantum algorithm Error analysis

855 views • 20 slides
Hidden Subgroup Hidden Subgroup Def. A Map is said to have A Map

Hidden Subgroup Hidden Subgroup Def. A Map is said to have A Map

Continuous Quantum Continuous Quantum Hidden Subgroup Hidden Subgroup Algorithms Algorithms This work is in collaboration with This work is in collaboration with Samuel J. Lomonaco, Jr. Louis H. Kauffman Louis H. Kauffman Dept. of Comp.

317 views • 12 slides
Abelian Hidden Subgroup Problem Laura Mancinska University of Waterloo, Department of C&O

Abelian Hidden Subgroup Problem Laura Mancinska University of Waterloo, Department of C&O

Abelian Hidden Subgroup Problem Laura Mancinska University of Waterloo, Department of C&O December 12, 2007 Abelian hidden subgroup problem Outline Basic concepts in quantum computing Statement of the hidden subgroup problem (HSP)

439 views • 22 slides
Weak Fourier-Schur Sampling, the Hidden Subgroup Problem & the Quantum Collision Problem

Weak Fourier-Schur Sampling, the Hidden Subgroup Problem & the Quantum Collision Problem

Weak Fourier-Schur Sampling, the Hidden Subgroup Problem & the Quantum Collision Problem Pawel M. Wocjan School of Electrical Engineering and Computer Science University of Central Florida Orlando wocjan@cs.ucf.edu Weak Fourier-Schur

264 views • 25 slides
Graph isomorphism, the hidden subgroup problem and identifying quantum states Pranab Sen NEC

Graph isomorphism, the hidden subgroup problem and identifying quantum states Pranab Sen NEC

Graph isomorphism, the hidden subgroup problem and identifying quantum states Pranab Sen NEC Laboratories America, Princeton, NJ, U.S.A. Joint work with Sean Hallgren and Martin R otteler. Quant-ph 0511148: Lower bound for graph

955 views • 56 slides
Quantum Algorithms for the k -xor Problem Lorenzo Grassi 1 , Mara Naya-Plasencia 2 , Andr

Quantum Algorithms for the k -xor Problem Lorenzo Grassi 1 , Mara Naya-Plasencia 2 , Andr

Context Low-qubits k -xor algorithms k -xor algorithms with qRAM Quantum Algorithms for the k -xor Problem Lorenzo Grassi 1 , Mara Naya-Plasencia 2 , Andr Schrottenloher 2 1 IAIK, Graz University of Technology, Austria 2 Inria, France December

428 views • 24 slides
Quantum Algorithms for Topological Invariants Stephen Jordan Wed Feb. 3, 2010 What is a quantum

Quantum Algorithms for Topological Invariants Stephen Jordan Wed Feb. 3, 2010 What is a quantum

Quantum Algorithms for Topological Invariants Stephen Jordan Wed Feb. 3, 2010 What is a quantum algorithm? Classical Quantum 0101101 the rules: solve problem using sequence of local quantum gates the goal: use fewer gates than

1.11k views • 37 slides
Quantum algorithms Subset-sum example: for the subset-sum problem Is there a subsequence of (499

Quantum algorithms Subset-sum example: for the subset-sum problem Is there a subsequence of (499

Quantum algorithms Subset-sum example: for the subset-sum problem Is there a subsequence of (499 852 1927 2535 3596 3608 D. J. Bernstein 4688 5989 6385 7353 7650 9413) University of Illinois at

2.02k views • 163 slides
Quantum Algorithms for Quantum Algorithms for Evaluating M IN Evaluating M IN -M -M AX AX Trees

Quantum Algorithms for Quantum Algorithms for Evaluating M IN Evaluating M IN -M -M AX AX Trees

Quantum Algorithms for Quantum Algorithms for Evaluating M IN Evaluating M IN -M -M AX AX Trees Trees Richard Cleve Dmitry Gavinsky D. L. Yonge-Mallo Institute for Quantum Computing, University of Waterloo January 30, 2008 TQC Tokyo,

842 views • 34 slides
Quantum Computation (Lecture QC-3: Quantum Algorithms) Lu s Soares Barbosa MFES -

Quantum Computation (Lecture QC-3: Quantum Algorithms) Lu s Soares Barbosa MFES -

Quantum Computation (Lecture QC-3: Quantum Algorithms) Lu s Soares Barbosa MFES - Arquitectura e C alculo May 2019 Quantum Algorithms The Deutsch-Jozsa Algorithm Quantum Search: Grover A quantum machine Structure of a quantum

1.08k views • 29 slides
A Simple and Efficient Solution of the Identifiability Problem for Hidden Markov Models and

A Simple and Efficient Solution of the Identifiability Problem for Hidden Markov Models and

Guideline Introduction String Functions Solution of the Identifiability Problem A Simple and Efficient Solution of the Identifiability Problem for Hidden Markov Models and Quantum Random Walks Alexander Schnhuth Pacific Institute for the

648 views • 37 slides
Quantum Versions of k-CSP The Need for . . . k -CSP problems Algorithms: a First Step Known

Quantum Versions of k-CSP The Need for . . . k -CSP problems Algorithms: a First Step Known

Outline General Problem of . . . Probabilistic and . . . Interval . . . Additional Problem: . . . Quantum Versions of k-CSP The Need for . . . k -CSP problems Algorithms: a First Step Known Algorithm for . . . Sch onings Algorithm . .

622 views • 15 slides
Quantum algorithms for the subset-sum problem D. J. Bernstein University of Illinois at Chicago

Quantum algorithms for the subset-sum problem D. J. Bernstein University of Illinois at Chicago

Quantum algorithms for the subset-sum problem D. J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven cr.yp.to/qsubsetsum.html Joint work with: Stacey Jeffery University of Waterloo Tanja Lange Technische

1.2k views • 98 slides
New Algorithms for Quantum (Symmetric) Cryptanalysis Mara Naya-Plasencia 2 , Andr

New Algorithms for Quantum (Symmetric) Cryptanalysis Mara Naya-Plasencia 2 , Andr

Quantum-safe (Symmetric) Cryptography Quantum Collision Search Quantum k-xor Algorithms New Algorithms for Quantum (Symmetric) Cryptanalysis Mara Naya-Plasencia 2 , Andr Schrottenloher 2 Joint work with Andr Chailloux 2 and Lorenzo Grassi

1.63k views • 65 slides
Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers can break public-key cryptography that is based on assuming hardness of factoring, discrete logs, and a few other problems I Post-quantum

2.98k views • 37 slides
Quantum algorithms for the subset-sum problem D. J. Bernstein University of Illinois at Chicago

Quantum algorithms for the subset-sum problem D. J. Bernstein University of Illinois at Chicago

Quantum algorithms for the subset-sum problem D. J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Joint work with: Stacey Jeffery University of Waterloo Tanja Lange Technische Universiteit Eindhoven

1.2k views • 89 slides
Playing Hide-and-Seek in Finite Fields: Hidden Number Problem and Its Applications Igor

Playing Hide-and-Seek in Finite Fields: Hidden Number Problem and Its Applications Igor

Playing Hide-and-Seek in Finite Fields: Hidden Number Problem and Its Applications Igor E. Shparlinski Centre for Advanced Computing: Algorithms and Cryptography Macquarie University igor@comp.mq.edu.au Introduction We describe a

423 views • 26 slides
From quantum hardware to quantum AI School of Electrical and Electronic Engineering University

From quantum hardware to quantum AI School of Electrical and Electronic Engineering University

CLASSICAL BIT vs QUBIT Computation as physical process Concept of programmable matter Classical neural network Distance between quantum states Quantum algorithms Quantum Neural Networks From quantum hardware to quantum AI School of

322 views • 31 slides
Visibility Determination AKA, hidden surface elimination Visibility Algorithms Roger Crawfis

Visibility Determination AKA, hidden surface elimination Visibility Algorithms Roger Crawfis

Visibility Determination AKA, hidden surface elimination Visibility Algorithms Roger Crawfis CIS 781 This set of slides reference slides used at Ohio State for instruction by Prof. Machiraju and Prof. Han-Wei Shen. Hidden Lines Hidden

384 views • 22 slides
Quantum Quantum Computing Sensing Algorithms Hybrid computing Compilers

Quantum Quantum Computing Sensing Algorithms Hybrid computing Compilers

QIS Workshop: Welcome Argonne PSE/CELS QIS Working Group Salman Habib CPS/HEP Divisions September 23, 2019 Quantum Quantum Computing Sensing Algorithms Hybrid computing Compilers Error correction Precision metrology

285 views • 6 slides
Quantum algorithms Daniel J. Bernstein University of Illinois at Chicago Quantum algorithm

Quantum algorithms Daniel J. Bernstein University of Illinois at Chicago Quantum algorithm

1 Quantum algorithms Daniel J. Bernstein University of Illinois at Chicago Quantum algorithm means an algorithm that a quantum computer can run. i.e. a sequence of instructions, where each instruction is in a quantum computers

1.42k views • 138 slides
Probabilistic Modelling with Tensor Networks: From Hidden Markov Models to Quantum Circuits Ryan

Probabilistic Modelling with Tensor Networks: From Hidden Markov Models to Quantum Circuits Ryan

Probabilistic Modelling with Tensor Networks: From Hidden Markov Models to Quantum Circuits Ryan Sweke Freie Universitt Berlin The Big Picture Machine Learning Classical ML Quantum ML Heuristics Statistical Learning Theory

576 views • 29 slides
Quantum algorithms based on quantum walks . J er emie Roland Universit e Libre de

Quantum algorithms based on quantum walks . J er emie Roland Universit e Libre de

. Quantum algorithms based on quantum walks . J er emie Roland Universit e Libre de Bruxelles Quantum Information & Communication J er emie Roland (ULB - QuIC) Quantum walks Grenoble, Novembre 2012 1 / 39 Outline

564 views • 29 slides
Quantum Algorithms for Quantum Field Theories Stephen Jordan Joint work with Keith Lee John

Quantum Algorithms for Quantum Field Theories Stephen Jordan Joint work with Keith Lee John

Quantum Algorithms for Quantum Field Theories Stephen Jordan Joint work with Keith Lee John Preskill [arXiv:1111.3633 and 1112.4833] Feb 21, 2012 Quantum Mechanics Each state of the system is a basis vector. | dead i | alive i A general

672 views • 36 slides

More recommend