asymptotically faster quantum algorithms to solve
play

Asymptotically faster quantum algorithms to solve multivariate - PowerPoint PPT Presentation

Apr 12, 2023 •246 likes •702 views

Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang https://eprint.iacr.org/2017/1206.pdf Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel

  1. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang https://eprint.iacr.org/2017/1206.pdf Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  2. Conjectured asymptotic random MQ How quickly can we solve a system of m quadratic equations in n variables over F q ? Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  3. Conjectured asymptotic random MQ How quickly can we solve a system of m quadratic equations in n variables over F q ? Focus on random systems: each coefficient in equations is chosen randomly. Solving this problem for m ≈ n conjecturally breaks, e.g., HFE v − signatures. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  4. Conjectured asymptotic random MQ How quickly can we solve a system of m quadratic equations in n variables over F q ? Focus on random systems: each coefficient in equations is chosen randomly. Solving this problem for m ≈ n conjecturally breaks, e.g., HFE v − signatures. Focus on asymptotic cost exponents: scalability as n → ∞ with m / n → µ . Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  5. Conjectured asymptotic random MQ How quickly can we solve a system of m quadratic equations in n variables over F q ? Focus on random systems: each coefficient in equations is chosen randomly. Solving this problem for m ≈ n conjecturally breaks, e.g., HFE v − signatures. Focus on asymptotic cost exponents: scalability as n → ∞ with m / n → µ . Focus on best conjectured speeds. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  6. Previous exponents for q = 2 and µ = 1 2 ( e + o (1)) n operations as n → ∞ : ◮ e = 1 proven: Brute force. ◮ e = 0 . 8765 proven: 2017 Lokshtanov–Paturi–Tamaki–Williams–Yu. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  7. Previous exponents for q = 2 and µ = 1 2 ( e + o (1)) n operations as n → ∞ : ◮ e = 1 proven: Brute force. ◮ e = 0 . 8765 proven: 2017 Lokshtanov–Paturi–Tamaki–Williams–Yu. ◮ e = 0 . 87280 . . . : “XL”. Algorithm from 1981 Lazard. Analysis and optimization from 2004 Yang–Chen–Courtois. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  8. Previous exponents for q = 2 and µ = 1 2 ( e + o (1)) n operations as n → ∞ : ◮ e = 1 proven: Brute force. ◮ e = 0 . 8765 proven: 2017 Lokshtanov–Paturi–Tamaki–Williams–Yu. ◮ e = 0 . 87280 . . . : “XL”. Algorithm from 1981 Lazard. Analysis and optimization from 2004 Yang–Chen–Courtois. ◮ e = 0 . 79106 . . . : “FXL”. Algorithm from 2000 Courtois–Klimov–Patarin–Shamir. Analysis and optimization from 2004 Yang–Chen–Courtois. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  9. Previous exponents for q = 2 and µ = 1 2 ( e + o (1)) n operations as n → ∞ : ◮ e = 1 proven: Brute force. ◮ e = 0 . 8765 proven: 2017 Lokshtanov–Paturi–Tamaki–Williams–Yu. ◮ e = 0 . 87280 . . . : “XL”. Algorithm from 1981 Lazard. Analysis and optimization from 2004 Yang–Chen–Courtois. ◮ e = 0 . 79106 . . . : “FXL”. Algorithm from 2000 Courtois–Klimov–Patarin–Shamir. Analysis and optimization from 2004 Yang–Chen–Courtois. ◮ e = 0 . 5 proven: Grover’s quantum algorithm. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  10. New exponents e = 0 . 46240 . . . : “GroverXL”, 2017.12.15 Bernstein–Yang. Independently “QuantumBooleanSolve”, 2017.12.19 Faug` ere–Horan–Kahrobaei–Kaplan–Kashefi–Perret. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  11. New exponents e = 0 . 46240 . . . : “GroverXL”, 2017.12.15 Bernstein–Yang. Independently “QuantumBooleanSolve”, 2017.12.19 Faug` ere–Horan–Kahrobaei–Kaplan–Kashefi–Perret. More results in 2017.12.15 (not 2017.12.19) paper: ◮ Area-time product on mesh: 0 . 47210 . . . . ◮ Area under specified time limits. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  12. New exponents e = 0 . 46240 . . . : “GroverXL”, 2017.12.15 Bernstein–Yang. Independently “QuantumBooleanSolve”, 2017.12.19 Faug` ere–Horan–Kahrobaei–Kaplan–Kashefi–Perret. More results in 2017.12.15 (not 2017.12.19) paper: ◮ Area-time product on mesh: 0 . 47210 . . . . ◮ Area under specified time limits. ◮ q > 2: e.g., 0 . 72468 . . . (base 2) for q = 3. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  13. New exponents e = 0 . 46240 . . . : “GroverXL”, 2017.12.15 Bernstein–Yang. Independently “QuantumBooleanSolve”, 2017.12.19 Faug` ere–Horan–Kahrobaei–Kaplan–Kashefi–Perret. More results in 2017.12.15 (not 2017.12.19) paper: ◮ Area-time product on mesh: 0 . 47210 . . . . ◮ Area under specified time limits. ◮ q > 2: e.g., 0 . 72468 . . . (base 2) for q = 3. ◮ µ > 1: e.g., 0 . 65688 . . . for µ = 2, q = 3. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  14. New exponents e = 0 . 46240 . . . : “GroverXL”, 2017.12.15 Bernstein–Yang. Independently “QuantumBooleanSolve”, 2017.12.19 Faug` ere–Horan–Kahrobaei–Kaplan–Kashefi–Perret. More results in 2017.12.15 (not 2017.12.19) paper: ◮ Area-time product on mesh: 0 . 47210 . . . . ◮ Area under specified time limits. ◮ q > 2: e.g., 0 . 72468 . . . (base 2) for q = 3. ◮ µ > 1: e.g., 0 . 65688 . . . for µ = 2, q = 3. ◮ Sage script to automate all these analyses. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  15. A small example of XL Goal: Find ( x , y , z ) ∈ F 3 2 with xy + x + yz + z = 0; xz + x + y + 1 = 0; xz + yz + y + z = 0. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  16. A small example of XL Goal: Find ( x , y , z ) ∈ F 3 2 with xy + x + yz + z = 0; xz + x + y + 1 = 0; xz + yz + y + z = 0. Degree- d XL multiplies each quadratic equation by each monomial of degree ≤ d − 2. e.g.: Degree-3 XL multiplies each quadratic equation by each monomial of degree ≤ 1: i.e., by x , y , z , 1. Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  17. A small example of XL: products xyz + xy + xz + x = 0 ( x · first equation) 0 = 0 ( y · first equation) xyz + xz + yz + z = 0 ( z · first equation) xy + x + yz + z = 0 (1 · first equation) xy + xz = 0 ( x · second equation) xyz + xy = 0 ( y · second equation) yz + z = 0 ( z · second equation) xz + x + y + 1 = 0 (1 · second equation) xyz + xy = 0 ( x · third equation) xyz + y = 0 ( y · third equation) xz + z = 0 ( z · third equation) xz + yz + y + z = 0 (1 · third equation) Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  18. A small example of XL: Macaulay matrix   1 1 1 1 0 0 0 0   0 0 0 0 0 0 0 0      1 0 1 0 1 0 1 0   xyz      0 1 0 1 1 0 1 0 xy             0 1 1 0 0 0 0 0 xz             1 1 0 0 0 0 0 0 x     = 0         0 0 0 0 1 0 1 0 yz          0 0 1 1 0 1 0 1    y         1 1 0 0 0 0 0 0    z          1 0 0 0 0 1 0 0 1       0 0 1 0 0 0 1 0       0 0 1 0 1 1 1 0 Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

  19. A small example of XL: row-echelon form   1 1 1 1 0 0 0 0   0 1 0 1 1 0 1 0      0 0 1 1 1 0 1 0   xyz      0 0 0 1 0 1 0 0 xy             0 0 0 0 1 0 1 0 xz             0 0 0 0 0 1 0 1 x     = 0         0 0 0 0 0 0 1 1 yz          0 0 0 0 0 0 0 0    y         0 0 0 0 0 0 0 0    z          0 0 0 0 0 0 0 0 1       0 0 0 0 0 0 0 0       0 0 0 0 0 0 0 0 Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Quantum Algorithms for Topological Invariants Stephen Jordan Wed Feb. 3, 2010 What is a quantum

Quantum Algorithms for Topological Invariants Stephen Jordan Wed Feb. 3, 2010 What is a quantum

Quantum Algorithms for Topological Invariants Stephen Jordan Wed Feb. 3, 2010 What is a quantum algorithm? Classical Quantum 0101101 the rules: solve problem using sequence of local quantum gates the goal: use fewer gates than

1.11k views • 37 slides
Testing asymptotically safe quantum gravity through coupling to dynamical matter Astrid Eichhorn

Testing asymptotically safe quantum gravity through coupling to dynamical matter Astrid Eichhorn

Testing asymptotically safe quantum gravity through coupling to dynamical matter Astrid Eichhorn Perimeter Institute for Theoretical Physics Experimental search for quantum gravity 2014, SISSA, Trieste How to test quantum gravity

1.07k views • 69 slides
Big- Big -O O Analyzing Algorithms Asymptotically Analyzing Algorithms Asymptotically P1 P2

Big- Big -O O Analyzing Algorithms Asymptotically Analyzing Algorithms Asymptotically P1 P2

Comparing Algorithms Comparing Algorithms Big- Big -O O Analyzing Algorithms Asymptotically Analyzing Algorithms Asymptotically P1 P2 CS 226 CS 226 5 February 2002 5 February 2002 Noah Smith ( nasmith@cs Noah Smith ( nasmith@cs ) )

108 views • 6 slides
Quantum Algorithms for Quantum Algorithms for Evaluating M IN Evaluating M IN -M -M AX AX Trees

Quantum Algorithms for Quantum Algorithms for Evaluating M IN Evaluating M IN -M -M AX AX Trees

Quantum Algorithms for Quantum Algorithms for Evaluating M IN Evaluating M IN -M -M AX AX Trees Trees Richard Cleve Dmitry Gavinsky D. L. Yonge-Mallo Institute for Quantum Computing, University of Waterloo January 30, 2008 TQC Tokyo,

842 views • 34 slides
Quantum Computation (Lecture QC-3: Quantum Algorithms) Lu s Soares Barbosa MFES -

Quantum Computation (Lecture QC-3: Quantum Algorithms) Lu s Soares Barbosa MFES -

Quantum Computation (Lecture QC-3: Quantum Algorithms) Lu s Soares Barbosa MFES - Arquitectura e C alculo May 2019 Quantum Algorithms The Deutsch-Jozsa Algorithm Quantum Search: Grover A quantum machine Structure of a quantum

1.08k views • 29 slides
SIDH on ARM: Faster Modular Multiplications for Faster Post-Quantum Supersingular Isogeny Key

SIDH on ARM: Faster Modular Multiplications for Faster Post-Quantum Supersingular Isogeny Key

SIDH on ARM: Faster Modular Multiplications for Faster Post-Quantum Supersingular Isogeny Key Exchange. Hwajeong Seo (Hansung University), Zhe Liu (Nanjing University of Aeronautics and Astronautics), Patrick Longa (Microsoft Research), Zhi

593 views • 36 slides
Asymptotically Exact TTL-Approximations of the Cache Replacement Algorithms LRU(m) and h-LRU

Asymptotically Exact TTL-Approximations of the Cache Replacement Algorithms LRU(m) and h-LRU

Asymptotically Exact TTL-Approximations of the Cache Replacement Algorithms LRU(m) and h-LRU Nicolas Gast 1 , Benny Van Houdt 2 ITC 2016 September 13-15, W urzburg, Germany 1 Inria 2 University of Antwerp Nicolas Gast 1 / 24 Caches are

692 views • 50 slides
Approximation Algorithms Q. Suppose I need to solve an NP-hard problem. What should I do? A.

Approximation Algorithms Q. Suppose I need to solve an NP-hard problem. What should I do? A.

Approximation Algorithms Q. Suppose I need to solve an NP-hard problem. What should I do? A. Theory says you're unlikely to find a poly-time algorithm. Must sacrifice one of three desired features. Solve problem to optimality. Solve

247 views • 20 slides
Quantum Computing, At First Glance, This . . . Here We Come! Making Lemonade . . . Fast Search

Quantum Computing, At First Glance, This . . . Here We Come! Making Lemonade . . . Fast Search

Faster, Faster, Faster: . . . Blame It on Einsteins . . . Honey, I Shrunk the . . . Why Is Micro-World . . . Quantum Computing, At First Glance, This . . . Here We Come! Making Lemonade . . . Fast Search Vladik Kreinovich End of

566 views • 25 slides
New Algorithms for Quantum (Symmetric) Cryptanalysis Mara Naya-Plasencia 2 , Andr

New Algorithms for Quantum (Symmetric) Cryptanalysis Mara Naya-Plasencia 2 , Andr

Quantum-safe (Symmetric) Cryptography Quantum Collision Search Quantum k-xor Algorithms New Algorithms for Quantum (Symmetric) Cryptanalysis Mara Naya-Plasencia 2 , Andr Schrottenloher 2 Joint work with Andr Chailloux 2 and Lorenzo Grassi

1.63k views • 65 slides
Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers can break public-key cryptography that is based on assuming hardness of factoring, discrete logs, and a few other problems I Post-quantum

2.98k views • 37 slides
Algorithms COSC 1010 Algorithms Algorithm - A clear specification of how to solve a problem

Algorithms COSC 1010 Algorithms Algorithm - A clear specification of how to solve a problem

Algorithms COSC 1010 Algorithms Algorithm - A clear specification of how to solve a problem E ff ective method: Measured in the resources solved in dependence of the size of the problem Time Memory Algorithms

477 views • 16 slides
Distributed Quantum Computing Using the most precise description of our world to solve some of

Distributed Quantum Computing Using the most precise description of our world to solve some of

Distributed Quantum Computing Using the most precise description of our world to solve some of the hardest problems by Matthias Egli Based on the paper Distributed Quantum Computing by Harry Buhrman and Hein Rhrig These slides are just

969 views • 31 slides
Defini3ons Programming Working out algorithms that solve

Defini3ons Programming Working out algorithms that solve

2013-10-10 Defini3ons Programming Working out algorithms that solve problems. Coding Lecture OO Implemen3ng algorithms in some language.

401 views • 4 slides
From quantum hardware to quantum AI School of Electrical and Electronic Engineering University

From quantum hardware to quantum AI School of Electrical and Electronic Engineering University

CLASSICAL BIT vs QUBIT Computation as physical process Concept of programmable matter Classical neural network Distance between quantum states Quantum algorithms Quantum Neural Networks From quantum hardware to quantum AI School of

322 views • 31 slides
Quantum Quantum Computing Sensing Algorithms Hybrid computing Compilers

Quantum Quantum Computing Sensing Algorithms Hybrid computing Compilers

QIS Workshop: Welcome Argonne PSE/CELS QIS Working Group Salman Habib CPS/HEP Divisions September 23, 2019 Quantum Quantum Computing Sensing Algorithms Hybrid computing Compilers Error correction Precision metrology

285 views • 6 slides
The Yin and Yang Sides of Embedded Security Indocrypt 2011 December 12, Chennai Christof Paar

The Yin and Yang Sides of Embedded Security Indocrypt 2011 December 12, Chennai Christof Paar

The Yin and Yang Sides of Embedded Security Indocrypt 2011 December 12, Chennai Christof Paar Horst Grtz Institute for IT-Security Ruhr University Bochum Acknowledgement Tim Gneysu Markus Kasper Timo Kasper Gregor

787 views • 45 slides
New Type Inference & Related Language Features Svetlana Isakova @sveta_isakova Agenda

New Type Inference & Related Language Features Svetlana Isakova @sveta_isakova Agenda

New Type Inference & Related Language Features Svetlana Isakova @sveta_isakova Agenda Experimental features Contracts New type inference Experimental features Experimental features Our goal: to let new features be tried by early

1.05k views • 84 slides
Living with an Issue: On-Going Debt Administration Refunding an Issue Outline of presentation

Living with an Issue: On-Going Debt Administration Refunding an Issue Outline of presentation

Living with an Issue: On-Going Debt Administration Refunding an Issue Outline of presentation by: Tim Schaefer President Burlingame, California April 10, 2008 What is a Refunding? Defined broadly as the substitution of one class

494 views • 23 slides
Context-switch & Threads Goal of Todays Class Understand the concepts of context,

Context-switch & Threads Goal of Todays Class Understand the concepts of context,

Context-switch & Threads Goal of Todays Class Understand the concepts of context, context-switch and threads Understand the related functions in assignment P1 thread_init, thread_create, thread_yield, thread_exit ctx_entry,

3.57k views • 47 slides
A General Approach for Synthesis of Supervisors for Partially-Observed Discrete-Event Systems

A General Approach for Synthesis of Supervisors for Partially-Observed Discrete-Event Systems

A General Approach for Synthesis of Supervisors for Partially-Observed Discrete-Event Systems Xiang Yin and Stphane Lafortune EECS Department, University of Michigan 19th IFAC WC, August 24-29, 2014, Cape Town, South Africa 1/18 X.Yin &

1.02k views • 47 slides
Content-Collaborative Disentanglement Representation Learning for Enhanced Recommendation

Content-Collaborative Disentanglement Representation Learning for Enhanced Recommendation

Content-Collaborative Disentanglement Representation Learning for Enhanced Recommendation YinZhangZiweiZhuYunHeJamesCaverlee Department of Computer Science and Engineering Texas A&M University, USA

693 views • 21 slides
Class 8 Review; questions Discuss Problem Set 4 questions Assign (see Schedule for

Class 8 Review; questions Discuss Problem Set 4 questions Assign (see Schedule for

Class 8 Review; questions Discuss Problem Set 4 questions Assign (see Schedule for links) Complications of analysisinterprocedural control dependence, pointers, etc. Problem Set 4: due 9/15/09 1 Dynamic Slicing

390 views • 23 slides
Entrepreneurship@Stanford Joel Jean Katherine Chen Kamil Dada Michael Duong CS181 Final

Entrepreneurship@Stanford Joel Jean Katherine Chen Kamil Dada Michael Duong CS181 Final

Entrepreneurship@Stanford Joel Jean Katherine Chen Kamil Dada Michael Duong CS181 Final Presentation June 1, 2011 Is there a minimum age for changing the world ? Topics of Conversation Undergraduate Community Survey Individual

598 views • 24 slides

More recommend