quantum circuits for the csidh optimizing quantum
play

Quantum circuits for the CSIDH: optimizing quantum evaluation of - PowerPoint PPT Presentation

Feb 16, 2024 •232 likes •412 views

Quantum circuits for the CSIDH: optimizing quantum evaluation of isogenies Daniel J. Bernstein Tanja Lange Chloe Martindale Lorenz Panny quantum.isogeny.org Key bits where all known attacks take 2 operations (naive serial attack metric,

  1. Quantum circuits for the CSIDH: optimizing quantum evaluation of isogenies Daniel J. Bernstein Tanja Lange Chloe Martindale Lorenz Panny quantum.isogeny.org

  2. Key bits where all known attacks take 2 λ operations (naive serial attack metric, ignoring memory cost): pre-quantum post-quantum SIDH, SIKE (24 + o (1)) λ (36 + o (1)) λ compressed (14 + o (1)) λ (21 + o (1)) λ CRS, CSIDH (4 + o (1)) λ superlinear

  3. Key bits where all known attacks take 2 λ operations (naive serial attack metric, ignoring memory cost): pre-quantum post-quantum SIDH, SIKE (24 + o (1)) λ (36 + o (1)) λ compressed (14 + o (1)) λ (21 + o (1)) λ CRS, CSIDH (4 + o (1)) λ superlinear For which λ does this cross (21 + o (1)) λ ?

  4. Key bits where all known attacks take 2 λ operations (naive serial attack metric, ignoring memory cost): pre-quantum post-quantum SIDH, SIKE (24 + o (1)) λ (36 + o (1)) λ compressed (14 + o (1)) λ (21 + o (1)) λ CRS, CSIDH (4 + o (1)) λ superlinear For which λ does this cross (21 + o (1)) λ ? Subexp 2010 Childs–Jao–Soukharev attack, using 2003 Kuperberg or 2004 Regev or 2011 Kuperberg.

  5. Key bits where all known attacks take 2 λ operations (naive serial attack metric, ignoring memory cost): pre-quantum post-quantum SIDH, SIKE (24 + o (1)) λ (36 + o (1)) λ compressed (14 + o (1)) λ (21 + o (1)) λ CRS, CSIDH (4 + o (1)) λ superlinear For which λ does this cross (21 + o (1)) λ ? Subexp 2010 Childs–Jao–Soukharev attack, using 2003 Kuperberg or 2004 Regev or 2011 Kuperberg. • How many queries do these attacks perform?

  6. Key bits where all known attacks take 2 λ operations (naive serial attack metric, ignoring memory cost): pre-quantum post-quantum SIDH, SIKE (24 + o (1)) λ (36 + o (1)) λ compressed (14 + o (1)) λ (21 + o (1)) λ CRS, CSIDH (4 + o (1)) λ superlinear For which λ does this cross (21 + o (1)) λ ? Subexp 2010 Childs–Jao–Soukharev attack, using 2003 Kuperberg or 2004 Regev or 2011 Kuperberg. • How many queries do these attacks perform? • How expensive is each CSIDH query?

  7. Key bits where all known attacks take 2 λ operations (naive serial attack metric, ignoring memory cost): pre-quantum post-quantum SIDH, SIKE (24 + o (1)) λ (36 + o (1)) λ compressed (14 + o (1)) λ (21 + o (1)) λ CRS, CSIDH (4 + o (1)) λ superlinear For which λ does this cross (21 + o (1)) λ ? Subexp 2010 Childs–Jao–Soukharev attack, using 2003 Kuperberg or 2004 Regev or 2011 Kuperberg. • How many queries do these attacks perform? • How expensive is each CSIDH query? Our 56-page paper: see quantum.isogeny.org .

  8. Key bits where all known attacks take 2 λ operations (naive serial attack metric, ignoring memory cost): pre-quantum post-quantum SIDH, SIKE (24 + o (1)) λ (36 + o (1)) λ compressed (14 + o (1)) λ (21 + o (1)) λ CRS, CSIDH (4 + o (1)) λ superlinear For which λ does this cross (21 + o (1)) λ ? Subexp 2010 Childs–Jao–Soukharev attack, using 2003 Kuperberg or 2004 Regev or 2011 Kuperberg. • How many queries do these attacks perform? • How expensive is each CSIDH query? Our 56-page paper: see quantum.isogeny.org . • What about memory, using parallel AT metric?

  9. Case study: attacking CSIDH-512 CSIDH-512 query, uniform over {− 5 , . . . , 5 } 74 , failure chance < 2 − 32 (maybe ok), nonlinear bit ops: ≈ 2 51 by 2018 Jao–LeGrow–Leonardi–Ruiz-Lopez.

  10. Case study: attacking CSIDH-512 CSIDH-512 query, uniform over {− 5 , . . . , 5 } 74 , failure chance < 2 − 32 (maybe ok), nonlinear bit ops: ≈ 2 51 by 2018 Jao–LeGrow–Leonardi–Ruiz-Lopez. 1118827416420 ≈ 2 40 by our Algorithm 7.1.

  11. Case study: attacking CSIDH-512 CSIDH-512 query, uniform over {− 5 , . . . , 5 } 74 , failure chance < 2 − 32 (maybe ok), nonlinear bit ops: ≈ 2 51 by 2018 Jao–LeGrow–Leonardi–Ruiz-Lopez. 1118827416420 ≈ 2 40 by our Algorithm 7.1. 765325228976 ≈ 0 . 7 · 2 40 by our Algorithm 8.1. Generic conversion to quantum computation: ≈ 2 43 . 3 T -gates using ≈ 2 40 qubits.

  12. Case study: attacking CSIDH-512 CSIDH-512 query, uniform over {− 5 , . . . , 5 } 74 , failure chance < 2 − 32 (maybe ok), nonlinear bit ops: ≈ 2 51 by 2018 Jao–LeGrow–Leonardi–Ruiz-Lopez. 1118827416420 ≈ 2 40 by our Algorithm 7.1. 765325228976 ≈ 0 . 7 · 2 40 by our Algorithm 8.1. Generic conversion to quantum computation: ≈ 2 43 . 3 T -gates using ≈ 2 40 qubits. Can do ≈ 2 45 . 3 T -gates using ≈ 2 20 qubits.

  13. Case study: attacking CSIDH-512 CSIDH-512 query, uniform over {− 5 , . . . , 5 } 74 , failure chance < 2 − 32 (maybe ok), nonlinear bit ops: ≈ 2 51 by 2018 Jao–LeGrow–Leonardi–Ruiz-Lopez. 1118827416420 ≈ 2 40 by our Algorithm 7.1. 765325228976 ≈ 0 . 7 · 2 40 by our Algorithm 8.1. Generic conversion to quantum computation: ≈ 2 43 . 3 T -gates using ≈ 2 40 qubits. Can do ≈ 2 45 . 3 T -gates using ≈ 2 20 qubits. Total gates ( T +Clifford): ≈ 2 46 . 9 .

  14. Case study: attacking CSIDH-512 CSIDH-512 query, uniform over {− 5 , . . . , 5 } 74 , failure chance < 2 − 32 (maybe ok), nonlinear bit ops: ≈ 2 51 by 2018 Jao–LeGrow–Leonardi–Ruiz-Lopez. 1118827416420 ≈ 2 40 by our Algorithm 7.1. 765325228976 ≈ 0 . 7 · 2 40 by our Algorithm 8.1. Generic conversion to quantum computation: ≈ 2 43 . 3 T -gates using ≈ 2 40 qubits. Can do ≈ 2 45 . 3 T -gates using ≈ 2 20 qubits. Total gates ( T +Clifford): ≈ 2 46 . 9 . BS18 claim only ≈ 2 2 lattice overhead per query. BS18 claim only ≈ 2 32 . 5 queries using ≈ 2 31 qubits.

  15. Case study: attacking CSIDH-512 CSIDH-512 query, uniform over {− 5 , . . . , 5 } 74 , failure chance < 2 − 32 (maybe ok), nonlinear bit ops: ≈ 2 51 by 2018 Jao–LeGrow–Leonardi–Ruiz-Lopez. 1118827416420 ≈ 2 40 by our Algorithm 7.1. 765325228976 ≈ 0 . 7 · 2 40 by our Algorithm 8.1. Generic conversion to quantum computation: ≈ 2 43 . 3 T -gates using ≈ 2 40 qubits. Can do ≈ 2 45 . 3 T -gates using ≈ 2 20 qubits. Total gates ( T +Clifford): ≈ 2 46 . 9 . BS18 claim only ≈ 2 2 lattice overhead per query. BS18 claim only ≈ 2 32 . 5 queries using ≈ 2 31 qubits. If these claims are correct: ≈ 2 81 . 4 total gates.

  16. Case study: attacking CSIDH-512 CSIDH-512 query, uniform over {− 5 , . . . , 5 } 74 , failure chance < 2 − 32 (maybe ok), nonlinear bit ops: ≈ 2 51 by 2018 Jao–LeGrow–Leonardi–Ruiz-Lopez. 1118827416420 ≈ 2 40 by our Algorithm 7.1. 765325228976 ≈ 0 . 7 · 2 40 by our Algorithm 8.1. Generic conversion to quantum computation: ≈ 2 43 . 3 T -gates using ≈ 2 40 qubits. Can do ≈ 2 45 . 3 T -gates using ≈ 2 20 qubits. Total gates ( T +Clifford): ≈ 2 46 . 9 . BS18 claim only ≈ 2 2 lattice overhead per query. BS18 claim only ≈ 2 32 . 5 queries using ≈ 2 31 qubits. If these claims are correct: ≈ 2 81 . 4 total gates. BS18 claim 2 71 total gates. We explain gap.

Recommend

Quantum circuits for the CSIDH: optimizing quantum evaluation of isogenies Daniel J. Bernstein

Quantum circuits for the CSIDH: optimizing quantum evaluation of isogenies Daniel J. Bernstein

Quantum circuits for the CSIDH: optimizing quantum evaluation of isogenies Daniel J. Bernstein Tanja Lange Chloe Martindale Lorenz Panny quantum.isogeny.org Non-interactive key exchange Alice: secret a , public aG . Bob: secret b , public bG

499 views • 28 slides
Optimizing quantum circuits with classical thinking Craig Gidney Google Quantum AI QPL/MFPS

Optimizing quantum circuits with classical thinking Craig Gidney Google Quantum AI QPL/MFPS

Optimizing quantum circuits with classical thinking Craig Gidney Google Quantum AI QPL/MFPS 2018 Goal: explain section 3-D of arXiv:1805.03662 [...] [...] Key ideas we'll cover 1. Cost of error corrected quantum computation 2. Preparing

993 views • 45 slides
[&quot;si:saId] Why CSIDH? Drop-in post-quantum replacement for (EC)DH.

[&quot;si:saId] Why CSIDH? Drop-in post-quantum replacement for (EC)DH.

CSIDH : An Efficient Post-Quantum Commutative Group Action Wouter Castryck 1 Tanja Lange 2 Chloe Martindale 2 Lorenz Panny 2 Joost Renes 3 1 KU Leuven 2 TU Eindhoven 3 Radboud Universiteit Brisbane, 6 December 2018 [&quot;si:saId] Why CSIDH?

934 views • 57 slides
Kuperbergs Collimation Sieve vs. CSIDH Chris Peikert University of Michigan Quantum

Kuperbergs Collimation Sieve vs. CSIDH Chris Peikert University of Michigan Quantum

Kuperbergs Collimation Sieve vs. CSIDH Chris Peikert University of Michigan Quantum Cryptanalysis of Post-Quantum Cryptography Simons Institute 24 February 2020 1 / 16 He Gives C-Sieves on the CSIDH Chris Peikert University of Michigan

1.61k views • 85 slides
Sparse Quantum Codes from Quantum Circuits Steve Flammia QEC 2014 15 December 2014 ETH Zrich

Sparse Quantum Codes from Quantum Circuits Steve Flammia QEC 2014 15 December 2014 ETH Zrich

Sparse Quantum Codes from Quantum Circuits Steve Flammia QEC 2014 15 December 2014 ETH Zrich Joint work with D Bacon, A W Harrow, and J Shi arxiv:1411.3334 Quantum Error Correction Quantum error correction allows us to deal with the

641 views • 28 slides
Quantum circuits: From Structure to Software Aleks Kissinger Quantum Natural Language Processing,

Quantum circuits: From Structure to Software Aleks Kissinger Quantum Natural Language Processing,

Quantum circuits: From Structure to Software Aleks Kissinger Quantum Natural Language Processing, Oxford 2020 Aleks Kissinger QNLP 2020 1 / 34 Quantum software 1. := the code the runs on a quantum computer factoring search physical

1.09k views • 73 slides
Classical simulations of quantum circuits Resource-theoretic approach to quantum computing Kamil

Classical simulations of quantum circuits Resource-theoretic approach to quantum computing Kamil

Classical simulations of quantum circuits Resource-theoretic approach to quantum computing Kamil Korzekwa Faculty of Physics, Astronomy and Applied Computer Science, Jagiellonian University, Poland Outline 1. Motivation 2. Background 3.

492 views • 18 slides
Quantum Computation and Quantum Circuits Robert Spalek, CWI September 18, 2003 1 Classical

Quantum Computation and Quantum Circuits Robert Spalek, CWI September 18, 2003 1 Classical

Quantum Computation and Quantum Circuits Robert Spalek, CWI September 18, 2003 1 Classical computation deterministic computer in 1 state at each moment parallel computation modelled by circuits: &amp; &amp; x 1 x 2 x 3 x 4

307 views • 14 slides
Leonardo DiCarlo Leonardo DiCarlo Superconducting quantum circuits: Superconducting quantum

Leonardo DiCarlo Leonardo DiCarlo Superconducting quantum circuits: Superconducting quantum

Leonardo DiCarlo Leonardo DiCarlo Superconducting quantum circuits: Superconducting quantum circuits: Circuit QED Circuit QED Circuit QED: Cavity QED with wires Josephson-junction qubits Transmission-line resonators mediate

435 views • 12 slides
Optimizing the fundamental limits for quantum communication Xin Wang Baidu Research TQC 2020

Optimizing the fundamental limits for quantum communication Xin Wang Baidu Research TQC 2020

Optimizing the fundamental limits for quantum communication Xin Wang Baidu Research TQC 2020 arXiv:1912.00931 Quantum capacity of a quantum channel l The quantum capacity of a channel N is the number of qubits, on average, that can be

697 views • 14 slides
Q UANTUM G ROUP Introduction Quantum circuits Spiders ZX-calculus MBQC Survey Picturing

Q UANTUM G ROUP Introduction Quantum circuits Spiders ZX-calculus MBQC Survey Picturing

Introduction Quantum circuits Spiders ZX-calculus MBQC Survey Diagrammatic Reasoning and Quantum Computation Aleks Kissinger ACA, Kalamata November 4, 2015 Q UANTUM G ROUP Introduction Quantum circuits Spiders ZX-calculus MBQC

1.19k views • 101 slides
Leonardo DiCarlo Leonardo DiCarlo Superconducting quantum circuits: Superconducting quantum

Leonardo DiCarlo Leonardo DiCarlo Superconducting quantum circuits: Superconducting quantum

Leonardo DiCarlo Leonardo DiCarlo Superconducting quantum circuits: Superconducting quantum circuits: The transmon qubit The transmon qubit Natures quantum bits true qubits effective qubits energy = 1 e = 1 = 0 E 01 g = 0

396 views • 10 slides
Simulation of quantum circuits by ZX-diagram contraction John van de Wetering

Simulation of quantum circuits by ZX-diagram contraction John van de Wetering

Simulation of quantum circuits by ZX-diagram contraction John van de Wetering john@vdwetering.name Institute for Computing and Information Sciences Radboud University Nijmegen September 6, 2019 Holy Trinity of quantum circuits Holy Trinity

794 views • 64 slides
Optimisation and verification of quantum circuits with string diagrams Aleks Kissinger STRING 3;

Optimisation and verification of quantum circuits with string diagrams Aleks Kissinger STRING 3;

Optimisation and verification of quantum circuits with string diagrams Aleks Kissinger STRING 3; Birmingham 2019 Aleks Kissinger STRING 3, 2019 1 / 43 Quantum software 1. := the code the runs on a quantum computer factoring search quantum

1.16k views • 91 slides
Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information

1.95k views • 154 slides
Simulating Quantum Field Theories on a Quantum Computer Stephen Jordan C a n q u a n t u m c o m

Simulating Quantum Field Theories on a Quantum Computer Stephen Jordan C a n q u a n t u m c o m

Simulating Quantum Field Theories on a Quantum Computer Stephen Jordan C a n q u a n t u m c o m p u t e r s s i m u l a t e a l l p h y s i c a l processes efficiently? Universality Conjecture: Quantum circuits can simulate all physical

334 views • 30 slides
Quantum++ A modern C++ quantum computing library arXiv:1412.4704 Vlad Gheorghiu

Quantum++ A modern C++ quantum computing library arXiv:1412.4704 Vlad Gheorghiu

Quantum++ A modern C++ quantum computing library arXiv:1412.4704 Vlad Gheorghiu vgheorgh@gmail.com Institute for Quantum Computing University of Waterloo Waterloo, ON, N2L 3G1, Canada Quantum Programming and Circuits Workshop June 8, 2015

464 views • 23 slides
From quantum hardware to quantum AI School of Electrical and Electronic Engineering University

From quantum hardware to quantum AI School of Electrical and Electronic Engineering University

CLASSICAL BIT vs QUBIT Computation as physical process Concept of programmable matter Classical neural network Distance between quantum states Quantum algorithms Quantum Neural Networks From quantum hardware to quantum AI School of

322 views • 31 slides
Quantum Weirdness Part 6 Quantum Weirdness in Materials Quantum Cryptography Quantum

Quantum Weirdness Part 6 Quantum Weirdness in Materials Quantum Cryptography Quantum

Quantum Weirdness Part 6 Quantum Weirdness in Materials Quantum Cryptography Quantum Teleportation Quantum Snake Oil Quantum Weirdness in Materials Why Materials Behave as they do Combining Atoms Into Molecules Molecular Orbital Theory

1.17k views • 72 slides
Unitary designs from statistical mechanics in random quantum circuits Nick Hunter-Jones

Unitary designs from statistical mechanics in random quantum circuits Nick Hunter-Jones

Unitary designs from statistical mechanics in random quantum circuits Nick Hunter-Jones Perimeter Institute June 10, 2019 Yukawa Institute for Theoretical Physics Based on: NHJ, 1905.12053 Random quantum circuits are efficient implementations

708 views • 40 slides
Quantum Circuit Synthesis Roel Van Beeumen rvanbeeumen@lbl.gov www.roelvanbeeumen.be CSSS Talk

Quantum Circuit Synthesis Roel Van Beeumen rvanbeeumen@lbl.gov www.roelvanbeeumen.be CSSS Talk

Quantum Circuit Synthesis Roel Van Beeumen rvanbeeumen@lbl.gov www.roelvanbeeumen.be CSSS Talk June 16, 2020 Outline 1 From Eigenvalues to Quantum Computing 2 Qubits and Quantum Circuits 3 Quantum Fourier Transform R. Van Beeumen (CRD)

405 views • 37 slides
Cryptography for the quantum internet Elements of a quantum TLS Christian Majenz

Cryptography for the quantum internet Elements of a quantum TLS Christian Majenz

Cryptography for the quantum internet Elements of a quantum TLS Christian Majenz Colloquium Informatics Institute, University of Amsterdam Quantum computers Quantum computers Accelerating effort to build a quantum computer Quantum

1.74k views • 115 slides
Quantum Cryptography 1. Fake Quantum Theory. 2. Simple Quantum Protocols. 3. More Fake Quantum

Quantum Cryptography 1. Fake Quantum Theory. 2. Simple Quantum Protocols. 3. More Fake Quantum

Contents: Quantum Cryptography 1. Fake Quantum Theory. 2. Simple Quantum Protocols. 3. More Fake Quantum Theory: Fake Tensor Products, Entanglement. 4. A Glance at Genuine Quantum Theory. 5. Quantum Computing, Shors

559 views • 8 slides
Quantum Computation (Lecture QC-3: Quantum Algorithms) Lu s Soares Barbosa MFES -

Quantum Computation (Lecture QC-3: Quantum Algorithms) Lu s Soares Barbosa MFES -

Quantum Computation (Lecture QC-3: Quantum Algorithms) Lu s Soares Barbosa MFES - Arquitectura e C alculo May 2019 Quantum Algorithms The Deutsch-Jozsa Algorithm Quantum Search: Grover A quantum machine Structure of a quantum

1.08k views • 29 slides

More recommend