Quantum algorithms for Information Set Decoding Elena Kirshanova - - PowerPoint PPT Presentation

quantum algorithms for information set decoding
SMART_READER_LITE
LIVE PREVIEW

Quantum algorithms for Information Set Decoding Elena Kirshanova - - PowerPoint PPT Presentation

Apr 01, 2024 269 likes •669 views

Quantum algorithms for Information Set Decoding Elena Kirshanova ENS Lyon April 11, 2018 Quantum ISD | E.Kirshanova Information Set Decoding (ISD) The ISD Problem Given H P F p n k q n , s P F n k , find e P F n 2 s.t. He s 2 2 e

slide-1
SLIDE 1

Quantum algorithms for Information Set Decoding

Elena Kirshanova

ENS Lyon

April 11, 2018

Quantum ISD | E.Kirshanova

slide-2
SLIDE 2

Information Set Decoding (ISD)

The ISD Problem

Given H P Fpn´kqˆn

2

, s P Fn´k

2

, find e P Fn

2 s.t. He “ s

H “

e s

We assume we know wtpeq “ w “ γ ¨ n, γ ă 1{2

Quantum ISD | E.Kirshanova

slide-3
SLIDE 3

Information Set Decoding (ISD)

The ISD Problem

Given H P Fpn´kqˆn

2

, s P Fn´k

2

, find e P Fn

2 s.t. He “ s

H “

e s

We assume we know wtpeq “ w “ γ ¨ n, γ ă 1{2 All known algorithms have complexity 2c¨n`opnq. We want to improve the constant c.

Quantum ISD | E.Kirshanova

slide-4
SLIDE 4

Selected Algorithms for ISD (full-distance)

log T n

Enumerate e [Prange’62] 0.120

slide-5
SLIDE 5

Selected Algorithms for ISD (full-distance)

log T n

Enumerate e [Prange’62] 0.120 Collision search

  • btw. 2 lists

[Stern’89, Dumer’91] 0.116

slide-6
SLIDE 6

Selected Algorithms for ISD (full-distance)

log T n

Enumerate e [Prange’62] 0.120 Collision search

  • btw. 2 lists

[Stern’89, Dumer’91] 0.116 Collision search

  • btw. 4 lists

[MMT’11, BJMM’12] 0.102

slide-7
SLIDE 7

Selected Algorithms for ISD (full-distance)

log T n

Enumerate e [Prange’62] 0.120 Collision search

  • btw. 2 lists

[Stern’89, Dumer’91] 0.116 Collision search

  • btw. 4 lists

[MMT’11, BJMM’12] 0.102 NN search [MO’15] 0.114 NN search [MO’15] 0.095 [Both, May’18] 0.088

slide-8
SLIDE 8

Selected Algorithms for ISD (full-distance)

log T n

Enumerate e [Prange’62] 0.120 Collision search

  • btw. 2 lists

[Stern’89, Dumer’91] 0.116 Collision search

  • btw. 4 lists

[MMT’11, BJMM’12] 0.102 NN search [MO’15] 0.114 NN search [MO’15] 0.095 [Both, May’18] 0.088

log T n

Grover e [Ber’10] 0.0603

slide-9
SLIDE 9

Selected Algorithms for ISD (full-distance)

log T n

Enumerate e [Prange’62] 0.120 Collision search

  • btw. 2 lists

[Stern’89, Dumer’91] 0.116 Collision search

  • btw. 4 lists

[MMT’11, BJMM’12] 0.102 NN search [MO’15] 0.114 NN search [MO’15] 0.095 [Both, May’18] 0.088

log T n

Grover e [Ber’10] 0.0603 Quantum col- lision search [KT’17] 0.0596 Quantum col- lision search [KT’17] 0.0586

slide-10
SLIDE 10

Selected Algorithms for ISD (full-distance)

log T n

Enumerate e [Prange’62] 0.120 Collision search

  • btw. 2 lists

[Stern’89, Dumer’91] 0.116 Collision search

  • btw. 4 lists

[MMT’11, BJMM’12] 0.102 NN search [MO’15] 0.114 NN search [MO’15] 0.095 [Both, May’18] 0.088

log T n

Grover e [Ber’10] 0.0603 Quantum col- lision search [KT’17] 0.0596 Quantum col- lision search [KT’17] 0.0586 Quantum NN search [This work] 0.0594

? ?

Quantum ISD | E.Kirshanova

slide-11
SLIDE 11

Main results

  • An analysis of locality-sensitive filtering techniques for

hamming metric

  • A quantum version of May-Ozerov ISD

Quantum ISD | E.Kirshanova

slide-12
SLIDE 12

Algorithms for ISD: Stern’89

Given H, s, find e

H “

e s

Quantum ISD | E.Kirshanova

slide-13
SLIDE 13

Algorithms for ISD: Stern’89

Given H, s, find e

H “

e s

Step1: Bring H into the systematic form:

H ¨ P = Q In´k “

e ¯ s

For ¯ s “ s ¨ P

Quantum ISD | E.Kirshanova

slide-14
SLIDE 14

Algorithms for ISD: Stern’89

Step2: Search for collisions

Qe1 ` e2 “ s Qe1 « s rQe1sℓ “ rssℓ

Q In´k

e1 e2

p w ´ p wt : “

s

Quantum ISD | E.Kirshanova

slide-15
SLIDE 15

Algorithms for ISD: Stern’89

Step2: Search for collisions

Qe1 ` e2 “ s Qe1 « s rQe1sℓ “ rssℓ

L1 “ tpeL

1 , QeL 1 q : wtpeL 1 q “ p 2u

L2 “ tpeR

1 , QeR 1 ` sq : wtpeR 1 q “ p 2u

Q In´k

eL

1

eR

1

e2

p w ´ p wt : “

s

p{2 p{2

L1 L2 Lout

Quantum ISD | E.Kirshanova

slide-16
SLIDE 16

Algorithms for ISD: Stern’89

Step2: Search for collisions

Qe1 ` e2 “ s Qe1 « s rQe1sℓ “ rssℓ

L1 “ tpeL

1 , QeL 1 q : wtpeL 1 q “ p 2u

L2 “ tpeR

1 , QeR 1 ` sq : wtpeR 1 q “ p 2u

Lout “ L1 Y L2 : L1r2s “ L2r2s on ℓ T “ Prre2 “ 0 on ℓs ¨ maxt|Li|, |Lout|u

Q In´k

eL

1

eR

1

e2

p w ´ p wt : “

s

p{2 p{2

L1 L2 Lout

Quantum ISD | E.Kirshanova

slide-17
SLIDE 17

Quantum collision search

L

N

Goal: find xi “ xj, i ‰ j - a collision in L.

Quantum ISD | E.Kirshanova

slide-18
SLIDE 18

Quantum collision search

L

N

ř

IĂrNs |I|“N2{3

|Iy

Goal: find xi “ xj, i ‰ j - a collision in L.

  • create a superposition over all N 2{3-subsets of rNs

Quantum ISD | E.Kirshanova

slide-19
SLIDE 19

Quantum collision search

L

N LI N

2 3

ř

IĂrNs |I|“N2{3

|Iy ř

IĂrNs |I|“N2{3

|Iy |LIy

Goal: find xi “ xj, i ‰ j - a collision in L.

  • create a superposition over all N 2{3-subsets of rNs
  • ‘upload’ LI
  • preprocess LI to quickly decide whether LI contains

a collision

Quantum ISD | E.Kirshanova

slide-20
SLIDE 20

Quantum collision search

L

N LI N

2 3

ř

IĂrNs |I|“N2{3

|Iy ř

IĂrNs |I|“N2{3

|Iy |LIy ř

IĂrNs |I|“N2{3

|Iztiu Y tjuy |LI1y

Goal: find xi “ xj, i ‰ j - a collision in L.

  • create a superposition over all N 2{3-subsets of rNs
  • ‘upload’ LI
  • preprocess LI to quickly decide whether LI contains

a collision

  • perform quantum walk

Quantum ISD | E.Kirshanova

slide-21
SLIDE 21

Quantum collision search

L

N LI N

2 3

ř

IĂrNs |I|“N2{3

|Iy ř

IĂrNs |I|“N2{3

|Iy |LIy ř

IĂrNs |I|“N2{3

|Iztiu Y tjuy |LI1y

N 1{3 times

œ

N 1{3 times

Goal: find xi “ xj, i ‰ j - a collision in L.

  • create a superposition over all N 2{3-subsets of rNs
  • ‘upload’ LI
  • preprocess LI to quickly decide whether LI contains

a collision

  • perform quantum walk

Quantum ISD | E.Kirshanova

slide-22
SLIDE 22

Quantum collision search

L

N LI N

2 3

ř

IĂrNs |I|“N2{3

|Iy ř

IĂrNs |I|“N2{3

|Iy |LIy ř

IĂrNs |I|“N2{3

|Iztiu Y tjuy |LI1y

N 1{3 times

œ

N 1{3 times

Goal: find xi “ xj, i ‰ j - a collision in L.

  • create a superposition over all N 2{3-subsets of rNs
  • ‘upload’ LI
  • preprocess LI to quickly decide whether LI contains

a collision

  • perform quantum walk
  • measure after r

OpN 2{3q steps

Quantum ISD | E.Kirshanova

slide-23
SLIDE 23

Algorithms for ISD: Stern’89

Step2: Search for collisions Qe1 ` e2 “ s Qe1 « s rQe1sℓ “ rssℓ

L1 “ tpeL

1 , QeL 1 q : wtpeL 1 q “ p 2u

L2 “ tpeR

1 , QeR 1 ` sq : wtpeR 1 q “ p 2u

Lout “ L1 Y L2 : L1r2s “ L2r2s on ℓ T “ Prre2 “ 0 on ℓs ¨ maxt|Li|, |Lout|u T Q “ Prre2 “ 0 on ℓs1{2 ¨ |Li|2{3

Q In´k

eL

1

eR

1

e2

p w ´ p “

s

p{2 p{2

L1 L2 Lout

Quantum ISD | E.Kirshanova

slide-24
SLIDE 24

Algorithms for ISD: MO’15

Step2: Search for approximate collisions

Qe1 ` e2 “ s Qe1 « s

L1 “ tpeL

1 , QeL 1 q : wtpeL 1 q “ p 2u

L2 “ tpeR

1 , QeR 1 ` sq wtpeR 1 q “ p 2u

Lout “ L1 Y L2 s.t. L1r2s « L2r2s T “ TNNp|Li|, wq

Q In´k

eL

1

eR

1

e2

p w ´ p “

s

p{2 p{2

L1 L2 Lout

Quantum ISD | E.Kirshanova

slide-25
SLIDE 25

Locality sensitive filtering over F2

γ-Near Neighbour

Given L Ă Fn

2 , preprocess L s.t. upon receiving a query vector q P Fn 2 , we can

efficiently find all v P L s.t. distpv, qq ď γ ¨ n for γ ă 1{2.

slide-26
SLIDE 26

Locality sensitive filtering over F2

γ-Near Neighbour

Given L Ă Fn

2 , preprocess L s.t. upon receiving a query vector q P Fn 2 , we can

efficiently find all v P L s.t. distpv, qq ď γ ¨ n for γ ă 1{2. c1 c2 c5 c3 c4 c6 c7 c8 c9 c10

α

slide-27
SLIDE 27

Locality sensitive filtering over F2

γ-Near Neighbour

Given L Ă Fn

2 , preprocess L s.t. upon receiving a query vector q P Fn 2 , we can

efficiently find all v P L s.t. distpv, qq ď γ ¨ n for γ ă 1{2. c1 c2 c5 c3 c4 c6 c7 c8 c9 c10

α

v1 v2 v3 v4 v5 v6 v7 v8 v9 v10 v11 v12 v13 v14

slide-28
SLIDE 28

Locality sensitive filtering over F2

γ-Near Neighbour

Given L Ă Fn

2 , preprocess L s.t. upon receiving a query vector q P Fn 2 , we can

efficiently find all v P L s.t. distpv, qq ď γ ¨ n for γ ă 1{2. c1 c2 c5 c3 c4 c6 c7 c8 c9 c10

α

v1 v2 v3 v4 v5 v6 v7 v8 v9 v10 v11 v12 v13 v14 q β

Quantum ISD | E.Kirshanova

slide-29
SLIDE 29

Classical LSF

c1 c2 c5 c3 c4 c6 c7 c8 c9 c10

α

Algorithms

D - the LSF data structure: D “ YcPCBucketc

Quantum ISD | E.Kirshanova

slide-30
SLIDE 30

Classical LSF

c1 c2 c5 c3 c4 c6 c7 c8 c9 c10

α

v1 v2 v3 v4 v5 v6 v7 v8 v9 v10 v11 v12 v13 v14

Algorithms

D - the LSF data structure: D “ YcPCBucketc D.Insertα(v): Add v to all the relevant buckets of D

Quantum ISD | E.Kirshanova

slide-31
SLIDE 31

Classical LSF

c1 c2 c5 c3 c4 c6 c7 c8 c9 c10

α

v2 v3 v4 v5 v6 v7 v8 v9 v10 v11 v12 v13 v14

Algorithms

D - the LSF data structure: D “ YcPCBucketc D.Insertα(v): Add v to all the relevant buckets of D D.Removeα(v): Remove v from all buckets

Quantum ISD | E.Kirshanova

slide-32
SLIDE 32

Classical LSF

c1 c2 c5 c3 c4 c6 c7 c8 c9 c10

α

v2 v3 v4 v5 v6 v7 v8 v9 v10 v11 v12 v13 v14 q β

Algorithms

D - the LSF data structure: D “ YcPCBucketc D.Insertα(v): Add v to all the relevant buckets of D D.Removeα(v): Remove v from all buckets D.Queryβ(q): Find all v P D with distpv, qq ď β We have runtimes of these algorithms.

Quantum ISD | E.Kirshanova

slide-33
SLIDE 33

LSF for Quantum walk

Quantum walk Quantum walk with NN use some data structure D use LSF-data structure to check for D “ YcBucketc to check for = «

Quantum ISD | E.Kirshanova

slide-34
SLIDE 34

LSF for Quantum walk

Quantum walk Quantum walk with NN use some data structure D use LSF-data structure to check for D “ YcBucketc to check for = « Setup: ř

IĂrNs |I|“N2{3

|Iy |LIy ř

IĂrNs |I|“N2{3

|Iy |D.UpdatepLIqy

Quantum ISD | E.Kirshanova

slide-35
SLIDE 35

LSF for Quantum walk

Quantum walk Quantum walk with NN use some data structure D use LSF-data structure to check for D “ YcBucketc to check for = « Setup: ř

IĂrNs |I|“N2{3

|Iy |LIy ř

IĂrNs |I|“N2{3

|Iy |D.UpdatepLIqy A step of the walk: ř |Iztxuy ř |Iy |D.Removepxqy ř |I Y tyuy ř |Iy |D.Updatepyqy

Quantum ISD | E.Kirshanova

slide-36
SLIDE 36

LSF for Quantum walk

Quantum walk Quantum walk with NN use some data structure D use LSF-data structure to check for D “ YcBucketc to check for = « Setup: ř

IĂrNs |I|“N2{3

|Iy |LIy ř

IĂrNs |I|“N2{3

|Iy |D.UpdatepLIqy A step of the walk: ř |Iztxuy ř |Iy |D.Removepxqy ř |I Y tyuy ř |Iy |D.Updatepyqy Check for (approxi- mate) equality: ř |Iy ˇ ˇ ˇvi

?

“ y E ř |Iy |D.Querypyqy

Quantum ISD | E.Kirshanova

slide-37
SLIDE 37

LSF for Quantum walk

Quantum walk Quantum walk with NN use some data structure D use LSF-data structure to check for D “ YcBucketc to check for = « Setup: ř

IĂrNs |I|“N2{3

|Iy |LIy ř

IĂrNs |I|“N2{3

|Iy |D.UpdatepLIqy A step of the walk: ř |Iztxuy ř |Iy |D.Removepxqy ř |I Y tyuy ř |Iy |D.Updatepyqy Check for (approxi- mate) equality: ř |Iy ˇ ˇ ˇvi

?

“ y E ř |Iy |D.Querypyqy

logpTq “ 0.0597 ¨ n logpTq “ 0.0594 ¨ n

Quantum ISD | E.Kirshanova

slide-38
SLIDE 38

LSF for Quantum walk

Quantum walk Quantum walk with NN use some data structure D use LSF-data structure to check for D “ YcBucketc to check for = « Setup: ř

IĂrNs |I|“N2{3

|Iy |LIy ř

IĂrNs |I|“N2{3

|Iy |D.UpdatepLIqy A step of the walk: ř |Iztxuy ř |Iy |D.Removepxqy ř |I Y tyuy ř |Iy |D.Updatepyqy Check for (approxi- mate) equality: ř |Iy ˇ ˇ ˇvi

?

“ y E ř |Iy |D.Querypyqy

logpTq “ 0.0597 ¨ n logpTq “ 0.0594 ¨ n

Thank you!

Quantum ISD | E.Kirshanova