optimal merging in quantum k xor and k sum algorithms
play

Optimal Merging in Quantum k -xor and k -sum Algorithms Mara - PowerPoint PPT Presentation

Jun 02, 2023 •371 likes •727 views

Optimal Merging in Quantum k -xor and k -sum Algorithms Mara Naya-Plasencia, Andr Schrottenloher Inria, France Merging with many Solutions Quantum Merging With a Single Solution Outline Merging with many Solutions 1 Quantum Merging 2

  1. Optimal Merging in Quantum k -xor and k -sum Algorithms María Naya-Plasencia, André Schrottenloher Inria, France

  2. Merging with many Solutions Quantum Merging With a Single Solution Outline Merging with many Solutions 1 Quantum Merging 2 With a Single Solution 3 María N.-P., André S. Quantum Merging Algorithms 2/28

  3. Merging with many Solutions Quantum Merging With a Single Solution Generalized Birthday Problem(s) In this talk ( ⊕ can be replaced by + ): Problem 1: “oracle” Given oracle access to a random n -bit to n -bit function H , find x 1 , . . . x k such that H ( x 1 ) ⊕ . . . ⊕ H ( x k ) = 0. Problem 2: “unique solution” Given oracle access to a random n / k -bit to n -bit function H , find the single k -tuple x 1 , . . . x k such that H ( x 1 ) ⊕ . . . ⊕ H ( x k ) = 0. María N.-P., André S. Quantum Merging Algorithms 3/28

  4. Merging with many Solutions Quantum Merging With a Single Solution Applications Subset-sum: given n integers a 0 , . . . a n − 1 on poly ( n ) bits, find a binary ¯ e such that a · ¯ ¯ e = 0 = ⇒ reduces to k -sum Parity check problem: given P ( X ) of degree n , find a low-weight multiple of P = ⇒ reduces to k -sum LPN: given samples a , a · s + e with n -bit uniform random a and Bernoulli noise e , find s = ⇒ reduces to k -sum Multiple-encryption: given a few plaintext-ciphertext pairs ( x , E k 1 ◦ . . . ◦ E k r ( x )) , find the independent keys k 1 , . . . k r = ⇒ similar algorithms applicable María N.-P., André S. Quantum Merging Algorithms 4/28

  5. Merging with many Solutions Quantum Merging With a Single Solution Merging with many Solutions María N.-P., André S. Quantum Merging Algorithms 5/28

  6. Merging with many Solutions Quantum Merging With a Single Solution Known classical complexities To get a k -xor on n bits (with oracle access to H : { 0 , 1 } n → { 0 , 1 } n ): The optimal query complexity is Θ( 2 n / k ) � 2 n / ( 1 + ⌊ log 2 ( k ) ⌋ ) � The time complexity is O * Logarithmic improvements in time (but we focus on exponents ) * Wagner, “A Generalized Birthday Problem” , CRYPTO 02 María N.-P., André S. Quantum Merging Algorithms 6/28

  7. Merging with many Solutions Quantum Merging With a Single Solution Wagner’s algorithm in a single slide Merging From two lists L 1 , L 2 of outputs of H , compute the join L 1 ⊲ ⊳ u L 2 : the pairs x 1 , x 2 ∈ L 1 × L 2 with x 1 ⊕ x 2 | u = 0 (partial collision on u bits). All lists are presumed sorted, the time is: MAX ( | L 1 ⊲ ⊳ u L 2 | , MIN ( | L 1 | , | L 2 | )) Wagner’s algorithm is a sequence of pairwise joins The strategy (optimal u ) depends on ⌊ log 2 ( k ) ⌋ ; we merge 2 ⌊ log 2 ( k ) ⌋ lists Wagner, “A Generalized Birthday Problem” , CRYPTO 02 María N.-P., André S. Quantum Merging Algorithms 7/28

  8. Merging with many Solutions Quantum Merging With a Single Solution An example with k = 4 Query 2 n / 3 elements for each list 1 L 1 of size L 2 of size L 3 of size L 4 of size 2 n / 3 2 n / 3 2 n / 3 2 n / 3 María N.-P., André S. Quantum Merging Algorithms 8/28

  9. Merging with many Solutions Quantum Merging With a Single Solution An example with k = 4 Query 2 n / 3 elements for each list 1 Compute the joins L 1 ⊲ ⊳ n / 3 L 2 and L 3 ⊲ ⊳ n / 3 L 4 2 L 1 of size L 2 of size L 3 of size L 4 of size 2 n / 3 2 n / 3 2 n / 3 2 n / 3 L 1 ⊲ ⊳ n / 3 L 2 L 3 ⊲ ⊳ n / 3 L 4 of size 2 n / 3 of size 2 n / 3 María N.-P., André S. Quantum Merging Algorithms 8/28

  10. Merging with many Solutions Quantum Merging With a Single Solution An example with k = 4 1. Query 4 lists of x , H ( x ) : L 1 , L 2 , L 3 , L 4 of size 2 n / 3 ⊳ n / 3 L 4 of size 2 n / 3 2. Compute the joins L 1 ⊲ ⊳ n / 3 L 2 and L 3 ⊲ 3. Compute the join ( L 1 ⊲ ⊳ n / 3 L 2 ) ⊲ ⊳ 2 n / 3 ( L 3 ⊲ ⊳ n / 3 L 4 ) of size 1 L 1 of size L 2 of size L 3 of size L 4 of size 2 n / 3 2 n / 3 2 n / 3 2 n / 3 L 1 ⊲ ⊳ n / 3 L 2 L 3 ⊲ ⊳ n / 3 L 4 of size 2 n / 3 of size 2 n / 3 Single 4-xor to 0 on n bits María N.-P., André S. Quantum Merging Algorithms 8/28

  11. Merging with many Solutions Quantum Merging With a Single Solution Known quantum complexities To get a k -xor on n bits (with quantum oracle access to H ): � 2 n / ( k + 1 ) � The optimal query complexity is Θ * � 2 n / 3 � � 2 n / 3 � For k = 2 (collisions), the time is � O using O classical memory with quantum access (QACM) 1 For any k , exponent α k = 2 + ⌊ log 2 ( k ) ⌋ ) using quantum memory with quantum access (QAQM) * Belovs and Spalek, “Adversary lower bound for the k -sum problem” , ACM 13 Brassard, Høyer, and Tapp, “Quantum Cryptanalysis of Hash and Claw-Free Functions” , LATIN Grassi, Naya-Plasencia, and S., “Quantum Algorithms for the k -xor Problem” , AC 18 María N.-P., André S. Quantum Merging Algorithms 9/28

  12. Merging with many Solutions Quantum Merging With a Single Solution Previous exponents (with QAQM) Classical time 0 . 5 Quantum time [AC 18] time = � 0 . 4 O ( 2 α k n ) α k 0 . 3 0 . 2 0 . 1 5 10 15 20 k María N.-P., André S. Quantum Merging Algorithms 10/28

  13. Merging with many Solutions Quantum Merging With a Single Solution Our results (with QACM) Classical 0 . 5 [AC 18] New 0 . 4 time = � O ( 2 α k n ) α k 0 . 3 0 . 2 0 . 1 5 10 15 20 k María N.-P., André S. Quantum Merging Algorithms 11/28

  14. Merging with many Solutions Quantum Merging With a Single Solution Quantum Merging María N.-P., André S. Quantum Merging Algorithms 12/28

  15. Merging with many Solutions Quantum Merging With a Single Solution Classical search Let X = G ∪ B ���� ���� ���� Search space, Good ones, Bad ones, size N − T size N size T Let Sample and Test be functions to sample x from X and test if x ∈ G , in time t Sample and t Test . There exists a function Sample G that samples from G in time: � � N t Sample + t Test T ⇒ we transform a sampling procedure for the “search space” into a sampling procedure for the “solution space”. María N.-P., André S. Quantum Merging Algorithms 13/28

  16. Merging with many Solutions Quantum Merging With a Single Solution Quantum search X = G ∪ B ���� ���� ���� Search space, Good ones, Bad ones, size N − T size N size T Let QSample and QTest be quantum algorithms to sample X and test if x ∈ G , in time t Sample and t Test . There exists an algorithm QSample G that samples G in time: � � � N t QSample + t QTest T Grover, “A Fast Quantum Mechanical Algorithm for Database Search” , STOC 96 Brassard et al., “Quantum amplitude amplification and estimation” , Contemp. Math. 02 María N.-P., André S. Quantum Merging Algorithms 14/28

  17. Merging with many Solutions Quantum Merging With a Single Solution Classical merging as a sampling procedure Sampling from L List L 1 List L 2 We sample from list L 1 u -bit prefix u -bit prefix We try to match against list L 2 � 2 c � List L = L 1 ⊲ ⊳ c L 2 t Sample ( L ) = max | L 2 | , 1 t Sample ( L 1 ) size | L | = | L 1 || L 2 | / 2 c prefix u + c Computing the full “join” ⊲ ⊳ means sampling from L repeatedly. María N.-P., André S. Quantum Merging Algorithms 15/28

  18. Merging with many Solutions Quantum Merging With a Single Solution Depth-first traversal of Wagner’s tree We sample from L 0 (the solution) once. L 1 of size L 2 of size L 3 of size L 4 of size 2 n / 3 2 n / 3 2 n / 3 2 n / 3 L 1 ⊲ ⊳ n / 3 L 2 L 3 ⊲ ⊳ n / 3 L 4 of size 2 n / 3 of size 2 n / 3 L 0 of size 1 María N.-P., André S. Quantum Merging Algorithms 16/28

  19. Merging with many Solutions Quantum Merging With a Single Solution Depth-first traversal of Wagner’s tree We sample from L 0 (the solution) once. ⊳ L 2 2 n / 3 times. = ⇒ we sample from L 1 ⊲ L 1 of size L 2 of size L 3 of size L 4 of size 2 n / 3 2 n / 3 2 n / 3 2 n / 3 L 1 ⊲ ⊳ n / 3 L 2 L 3 ⊲ ⊳ n / 3 L 4 of size 2 n / 3 of size 2 n / 3 L 0 of size 1 María N.-P., André S. Quantum Merging Algorithms 16/28

  20. Merging with many Solutions Quantum Merging With a Single Solution Depth-first traversal of Wagner’s tree We sample from L 0 (the solution). ⊳ L 2 2 n / 3 times. = ⇒ we sample from L 1 ⊲ ⇒ we sample from L 1 2 n / 3 times. = L 1 of size L 2 of size L 3 of size L 4 of size 2 n / 3 2 n / 3 2 n / 3 2 n / 3 L 1 ⊲ ⊳ n / 3 L 2 L 3 ⊲ ⊳ n / 3 L 4 of size 2 n / 3 of size 2 n / 3 L 0 of size 1 María N.-P., André S. Quantum Merging Algorithms 16/28

  21. Merging with many Solutions Quantum Merging With a Single Solution Quantum merging Sampling from L List L 1 List L 2 We sample from list L 1 u -bit prefix u -bit prefix We try to match against list L 2 We have a square-root speedup List L = L 1 ⊲ ⊳ c L 2 size | L | = | L 1 || L 2 | / 2 c � � 2 c � prefix u + c t QSample ( L ) = max | L 2 | , 1 t QSample ( L 1 ) María N.-P., André S. Quantum Merging Algorithms 17/28

  22. Merging with many Solutions Quantum Merging With a Single Solution 4-xor example “The time of the red branch is reduced to a square-root.” (Quantum) sampling from L 1 : time 1 Sampling from L 1 ⊲ ⊳ n / 3 L 2 : time 1 again Sampling from L 0 : 2 n / 6 instead of 2 n / 3 L 1 of size L 2 of size L 3 of size L 4 of size 2 n / 3 2 n / 3 2 n / 3 2 n / 3 L 1 ⊲ ⊳ n / 3 L 2 L 3 ⊲ ⊳ n / 3 L 4 of size 2 n / 3 of size 2 n / 3 L 0 of size 1 María N.-P., André S. Quantum Merging Algorithms 18/28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Quantum Merging Algorithms Mara Naya-Plasencia 2 , Andr Schrottenloher 2 Joint work with Andr

Quantum Merging Algorithms Mara Naya-Plasencia 2 , Andr Schrottenloher 2 Joint work with Andr

Quantum (Generalized) Collisions Quantum Merging Extended Quantum Merging Quantum Merging Algorithms Mara Naya-Plasencia 2 , Andr Schrottenloher 2 Joint work with Andr Chailloux 2 and Lorenzo Grassi 1 1 IAIK, Graz University of Technology,

727 views • 50 slides
Quantum Algorithms for Quantum Algorithms for Evaluating M IN Evaluating M IN -M -M AX AX Trees

Quantum Algorithms for Quantum Algorithms for Evaluating M IN Evaluating M IN -M -M AX AX Trees

Quantum Algorithms for Quantum Algorithms for Evaluating M IN Evaluating M IN -M -M AX AX Trees Trees Richard Cleve Dmitry Gavinsky D. L. Yonge-Mallo Institute for Quantum Computing, University of Waterloo January 30, 2008 TQC Tokyo,

842 views • 34 slides
Quantum Computation (Lecture QC-3: Quantum Algorithms) Lu s Soares Barbosa MFES -

Quantum Computation (Lecture QC-3: Quantum Algorithms) Lu s Soares Barbosa MFES -

Quantum Computation (Lecture QC-3: Quantum Algorithms) Lu s Soares Barbosa MFES - Arquitectura e C alculo May 2019 Quantum Algorithms The Deutsch-Jozsa Algorithm Quantum Search: Grover A quantum machine Structure of a quantum

1.08k views • 29 slides
Towards Optimal Constructions of Towards Optimal Constructions of Dynamically Corrected Quantum

Towards Optimal Constructions of Towards Optimal Constructions of Dynamically Corrected Quantum

Second International Conference on Quantum Error Correction University of Southern California, Dec. 5-9 2011 Towards Optimal Constructions of Towards Optimal Constructions of Dynamically Corrected Quantum Gates Dynamically Corrected Quantum

700 views • 25 slides
Optimal Quantum Sample Complexity of Learning Algorithms Srinivasan Arunachalam (Joint work with

Optimal Quantum Sample Complexity of Learning Algorithms Srinivasan Arunachalam (Joint work with

Optimal Quantum Sample Complexity of Learning Algorithms Srinivasan Arunachalam (Joint work with Ronald de Wolf) 1/ 23 Machine learning Classical machine learning 2/ 23 Machine learning Classical machine learning Grand goal: enable AI

1.07k views • 103 slides
Quantum Algorithms for Topological Invariants Stephen Jordan Wed Feb. 3, 2010 What is a quantum

Quantum Algorithms for Topological Invariants Stephen Jordan Wed Feb. 3, 2010 What is a quantum

Quantum Algorithms for Topological Invariants Stephen Jordan Wed Feb. 3, 2010 What is a quantum algorithm? Classical Quantum 0101101 the rules: solve problem using sequence of local quantum gates the goal: use fewer gates than

1.11k views • 37 slides
New Algorithms for Quantum (Symmetric) Cryptanalysis Mara Naya-Plasencia 2 , Andr

New Algorithms for Quantum (Symmetric) Cryptanalysis Mara Naya-Plasencia 2 , Andr

Quantum-safe (Symmetric) Cryptography Quantum Collision Search Quantum k-xor Algorithms New Algorithms for Quantum (Symmetric) Cryptanalysis Mara Naya-Plasencia 2 , Andr Schrottenloher 2 Joint work with Andr Chailloux 2 and Lorenzo Grassi

1.63k views • 65 slides
Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers can break public-key cryptography that is based on assuming hardness of factoring, discrete logs, and a few other problems I Post-quantum

2.98k views • 37 slides
From quantum hardware to quantum AI School of Electrical and Electronic Engineering University

From quantum hardware to quantum AI School of Electrical and Electronic Engineering University

CLASSICAL BIT vs QUBIT Computation as physical process Concept of programmable matter Classical neural network Distance between quantum states Quantum algorithms Quantum Neural Networks From quantum hardware to quantum AI School of

322 views • 31 slides
Optimal Control of Josephson qubits What can quantum control do for quantum computing? .K. Wilhelm

Optimal Control of Josephson qubits What can quantum control do for quantum computing? .K. Wilhelm

Finding and optimizing gates Application to Josephson qubits Summary Optimal Control of Josephson qubits What can quantum control do for quantum computing? .K. Wilhelm 1 2 M.J. Storcz 2 J. Ferber 2 A. Sprl 3 F T. Schulte-Herbrggen 3 S.J.

731 views • 40 slides
Quantum Quantum Computing Sensing Algorithms Hybrid computing Compilers

Quantum Quantum Computing Sensing Algorithms Hybrid computing Compilers

QIS Workshop: Welcome Argonne PSE/CELS QIS Working Group Salman Habib CPS/HEP Divisions September 23, 2019 Quantum Quantum Computing Sensing Algorithms Hybrid computing Compilers Error correction Precision metrology

285 views • 6 slides
Optimal quantum driving of a thermal machine Andrea Mari Vasco Cavina Vittorio Giovannetti

Optimal quantum driving of a thermal machine Andrea Mari Vasco Cavina Vittorio Giovannetti

Optimal quantum driving of a thermal machine Andrea Mari Vasco Cavina Vittorio Giovannetti Alberto Carlini Workshop on Quantum Science and Quantum Technologies ICTP, Trieste, 12-09-2017 Outline 1. Slow driving of quantum thermal

952 views • 31 slides
Quantum algorithms Daniel J. Bernstein University of Illinois at Chicago Quantum algorithm

Quantum algorithms Daniel J. Bernstein University of Illinois at Chicago Quantum algorithm

1 Quantum algorithms Daniel J. Bernstein University of Illinois at Chicago Quantum algorithm means an algorithm that a quantum computer can run. i.e. a sequence of instructions, where each instruction is in a quantum computers

1.42k views • 138 slides
Optimal Algorithms for Learning Bayesian Optimal Algorithms for Learning Bayesian Network

Optimal Algorithms for Learning Bayesian Optimal Algorithms for Learning Bayesian Network

Optimal Algorithms for Learning Bayesian Optimal Algorithms for Learning Bayesian Network Structures: Network Structures: Introduction and Heuristic Search Introduction and Heuristic Search Changhe Yuan UAI 2015 Tutorial Sunday, July 12 th ,

858 views • 56 slides
Quantum algorithms based on quantum walks . J er emie Roland Universit e Libre de

Quantum algorithms based on quantum walks . J er emie Roland Universit e Libre de

. Quantum algorithms based on quantum walks . J er emie Roland Universit e Libre de Bruxelles Quantum Information & Communication J er emie Roland (ULB - QuIC) Quantum walks Grenoble, Novembre 2012 1 / 39 Outline

564 views • 29 slides
Quantum Algorithms for Quantum Field Theories Stephen Jordan Joint work with Keith Lee John

Quantum Algorithms for Quantum Field Theories Stephen Jordan Joint work with Keith Lee John

Quantum Algorithms for Quantum Field Theories Stephen Jordan Joint work with Keith Lee John Preskill [arXiv:1111.3633 and 1112.4833] Feb 21, 2012 Quantum Mechanics Each state of the system is a basis vector. | dead i | alive i A general

672 views • 36 slides
Verilog HDL:Digital Design and Modeling Chapter 2 Overview Chapter 2 Overview 2 Page 16

Verilog HDL:Digital Design and Modeling Chapter 2 Overview Chapter 2 Overview 2 Page 16

Chapter 2 Overview 1 Verilog HDL:Digital Design and Modeling Chapter 2 Overview Chapter 2 Overview 2 Page 16 //dataflow and gate with two inputs module and2 (x1, x2, z1); input x1, x2; output z1; wire x1, x2; wire z1; assign z1 = x1

679 views • 32 slides
Quantum Information Complexity and Direct Sum Dave Touchette Universit e de Montr eal QIP

Quantum Information Complexity and Direct Sum Dave Touchette Universit e de Montr eal QIP

Quantum Information Complexity and Direct Sum Dave Touchette Universit e de Montr eal QIP 2015, Sydney, Australia touchette.dave@gmail.com Quantum Information Complexity and Direct Sum QIP 2015, Sydney, Australia 1 / 19 Interactive

649 views • 25 slides
Sparse Prefix Sums Michael Shekelyan, Anton Digns, Johann Gamper 1 0 0 0 1 7 7 15 0 0

Sparse Prefix Sums Michael Shekelyan, Anton Digns, Johann Gamper 1 0 0 0 1 7 7 15 0 0

1 7 8 6 7 6 5 16 5 6 77 8 2 5 54 Sparse Prefix Sums Michael Shekelyan, Anton Digns, Johann Gamper 1 0 0 0 1 7 7 15 0 0 0 6 6 0 0 0 Free University of Bozen-Bolzano, Italy 7 0 0 6 13 0 0 6 7 0 5 27 34

1.2k views • 62 slides
High-Throughput Multi-Threaded Sum-Product Network Inference in the Reconfigurable Cloud Micha

High-Throughput Multi-Threaded Sum-Product Network Inference in the Reconfigurable Cloud Micha

High-Throughput Multi-Threaded Sum-Product Network Inference in the Reconfigurable Cloud Micha Ober, Jaco A. Hofmann, Lukas Sommer, Lukas Weber, Andreas Koch Embedded Systems and Applications Group, TU Darmstadt 20.11.2019 | TU Darmstadt |

623 views • 36 slides
Repetition Statements Recitation 02/20/2009 CS 180 Department of Computer Science, Purdue

Repetition Statements Recitation 02/20/2009 CS 180 Department of Computer Science, Purdue

Repetition Statements Recitation 02/20/2009 CS 180 Department of Computer Science, Purdue University Announcement Grades are out: Project 2, 3 Lab 2, 3, 4, 5 Project 4 is due on Feb 25 th Syntax for Three Forms of Loops

212 views • 18 slides
SAMS Programming A/B Week 2 Lecture Loops July 19, 2018 Mark Stehlik Outline for Today

SAMS Programming A/B Week 2 Lecture Loops July 19, 2018 Mark Stehlik Outline for Today

SAMS Programming A/B Week 2 Lecture Loops July 19, 2018 Mark Stehlik Outline for Today But first, a word from our sponsor: So how did the homework go? Problem solving before coding (e.g., setKthDigit) Test calls and

528 views • 17 slides
Inference and Representation David Sontag New York University Lecture 5, Sept. 30, 2014 David

Inference and Representation David Sontag New York University Lecture 5, Sept. 30, 2014 David

Inference and Representation David Sontag New York University Lecture 5, Sept. 30, 2014 David Sontag (NYU) Inference and Representation Lecture 5, Sept. 30, 2014 1 / 16 Todays lecture 1 Running-time of variable elimination Elimination as

175 views • 16 slides
CS510 Software Engineering Program Slicing Asst. Prof. Mathias Payer Department of Computer

CS510 Software Engineering Program Slicing Asst. Prof. Mathias Payer Department of Computer

CS510 Software Engineering Program Slicing Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Scott A. Carr Slides inspired by Xiangyu Zhang http://nebelwelt.net/teaching/15-CS510-SE Spring 2015 What is slicing?

812 views • 39 slides

More recommend