quantum algorithms for the hidden shift problem of
play

Quantum algorithms for the hidden shift problem of Boolean functions - PowerPoint PPT Presentation

Sep 09, 2023 •759 likes •1.51k views

Quantum algorithms for the hidden shift problem of Boolean functions Maris Ozols University of Waterloo, IQC and NEC Labs Joint work with: Martin R otteler (NEC Labs) (NEC Labs) J er emie Roland Andrew Childs (University of

  1. Quantum algorithms for the hidden shift problem of Boolean functions Maris Ozols University of Waterloo, IQC and NEC Labs Joint work with: Martin R¨ otteler (NEC Labs) (NEC Labs) J´ er´ emie Roland Andrew Childs (University of Waterloo, IQC) arXiv:1103.2774 Quantum rejection sampling arXiv:1103.3017 Quantum algorithm for the Boolean hidden shift problem 19/09/2011 Dagstuhl 1

  2. Motivation Hidden shift and subgroup problems Legendre symbol Factoring ❦ ◗ ✑ ✸ ◗ ✑✑✑ [van Dam et al. , 2003] ◗ [Shor, 1994] ◗ Discrete ✿ ✘ ✘✘ Hidden Hidden logarithm [Shor, 1994] shift subgroup ❳❳ ❳ ③ problem problem Pell’s equation Dihedral ❩❩ [Hallgren, 2002] group ? � Symmetric ⑦ ❩ ? � group Lattice � � ✠ ? ? problems ❄ ❄ New algorithms [Regev, 2002] Attacks on Graph cryptosystems isomorphism 19/09/2011 Dagstuhl 2

  3. Boolean hidden shift problem (BHSP) Problem ◮ Given: Complete knowledge of f : Z n 2 → Z 2 and access to a black-box oracle for f s ( x ) := f ( x + s ) x ⇒ ⇒ f s ( x ) ◮ Determine: The hidden shift s 19/09/2011 Dagstuhl 3

  4. Boolean hidden shift problem (BHSP) Problem ◮ Given: Complete knowledge of f : Z n 2 → Z 2 and access to a black-box oracle for f s ( x ) := f ( x + s ) x ⇒ ⇒ f s ( x ) ◮ Determine: The hidden shift s Delta functions are hard ◮ f ( x ) := δ x,x 0 f ( x ) 1 0 0 n x 0 1 n 19/09/2011 Dagstuhl 3

  5. Boolean hidden shift problem (BHSP) Problem ◮ Given: Complete knowledge of f : Z n 2 → Z 2 and access to a black-box oracle for f s ( x ) := f ( x + s ) x ⇒ ⇒ f s ( x ) ◮ Determine: The hidden shift s Delta functions are hard ◮ f ( x ) := δ x,x 0 f s ( x ) 1 s 0 0 n x 0 1 n x 0 + s 19/09/2011 Dagstuhl 3

  6. Boolean hidden shift problem (BHSP) Problem ◮ Given: Complete knowledge of f : Z n 2 → Z 2 and access to a black-box oracle for f s ( x ) := f ( x + s ) x ⇒ ⇒ f s ( x ) ◮ Determine: The hidden shift s Delta functions are hard ◮ f ( x ) := δ x,x 0 √ ◮ Equivalent to Grover’s search: Θ( 2 n ) f s ( x ) 1 s 0 0 n x 0 1 n x 0 + s 19/09/2011 Dagstuhl 3

  7. Fourier transform of Boolean functions The ± 1 -function (normalized) 1 2 n ( − 1) f ( x ) ◮ F ( x ) := √ 19/09/2011 Dagstuhl 4

  8. Fourier transform of Boolean functions The ± 1 -function (normalized) 1 2 n ( − 1) f ( x ) ◮ F ( x ) := √ Fourier transform � � 1 1 1 H := √ 1 − 1 2 ◮ ˆ F ( w ) := � w | H ⊗ n | F � 19/09/2011 Dagstuhl 4

  9. Fourier transform of Boolean functions The ± 1 -function (normalized) 1 2 n ( − 1) f ( x ) ◮ F ( x ) := √ Fourier transform � � 1 1 1 H := √ 1 − 1 2 ◮ ˆ F ( w ) := � w | H ⊗ n | F � = 1 2 ( − 1) w · x F ( x ) √ � x ∈ Z n 2 n 19/09/2011 Dagstuhl 4

  10. Fourier transform of Boolean functions The ± 1 -function (normalized) 1 2 n ( − 1) f ( x ) ◮ F ( x ) := √ Fourier transform � � 1 1 1 H := √ 1 − 1 2 ◮ ˆ F ( w ) := � w | H ⊗ n | F � = 1 2 ( − 1) w · x F ( x ) √ � x ∈ Z n 2 n Function f is bent if ∀ w : | ˆ 1 F ( w ) | = √ 2 n 19/09/2011 Dagstuhl 4

  11. Bent functions are easy Preparing the “phase state” ◮ Phase oracle O f s : | x � �→ ( − 1) f s ( x ) | x � 19/09/2011 Dagstuhl 5

  12. Bent functions are easy Preparing the “phase state” ◮ Phase oracle O f s : | x � �→ ( − 1) f s ( x ) | x � | 0 � ⊗ n O f s H ⊗ n H ⊗ n | Φ( s ) � 2 ( − 1) s · w ˆ ◮ | Φ( s ) � := � F ( w ) | w � w ∈ Z n 19/09/2011 Dagstuhl 5

  13. Bent functions are easy Preparing the “phase state” ◮ Phase oracle O f s : | x � �→ ( − 1) f s ( x ) | x � | 0 � ⊗ n O f s H ⊗ n H ⊗ n | Φ( s ) � 2 ( − 1) s · w ˆ ◮ | Φ( s ) � := � F ( w ) | w � w ∈ Z n Algorithm [R¨ otteler’10] ◮ Prepare | Φ( s ) � 19/09/2011 Dagstuhl 5

  14. Bent functions are easy Preparing the “phase state” ◮ Phase oracle O f s : | x � �→ ( − 1) f s ( x ) | x � | 0 � ⊗ n O f s H ⊗ n H ⊗ n | Φ( s ) � 2 ( − 1) s · w ˆ ◮ | Φ( s ) � := � F ( w ) | w � w ∈ Z n Algorithm [R¨ otteler’10] ◮ Prepare | Φ( s ) � 2 ( − 1) s · w | ˆ ◮ D | Φ( s ) � = � F ( w ) || w � w ∈ Z n � | ˆ � F ( w ) | where D := diag [Curtis & Meyer’04] ˆ F ( w ) 19/09/2011 Dagstuhl 5

  15. Bent functions are easy Preparing the “phase state” ◮ Phase oracle O f s : | x � �→ ( − 1) f s ( x ) | x � | 0 � ⊗ n O f s H ⊗ n H ⊗ n | Φ( s ) � 2 ( − 1) s · w ˆ ◮ | Φ( s ) � := � F ( w ) | w � w ∈ Z n Algorithm [R¨ otteler’10] ◮ Prepare | Φ( s ) � 2 ( − 1) s · w | ˆ ◮ D | Φ( s ) � = � F ( w ) || w � w ∈ Z n � | ˆ � F ( w ) | where D := diag [Curtis & Meyer’04] ˆ F ( w ) ◮ If f is bent then H ⊗ n D | Φ( s ) � = | s � 19/09/2011 Dagstuhl 5

  16. Bent functions are easy Preparing the “phase state” ◮ Phase oracle O f s : | x � �→ ( − 1) f s ( x ) | x � | 0 � ⊗ n O f s H ⊗ n H ⊗ n | Φ( s ) � 2 ( − 1) s · w ˆ ◮ | Φ( s ) � := � F ( w ) | w � w ∈ Z n Algorithm [R¨ otteler’10] ◮ Prepare | Φ( s ) � 2 ( − 1) s · w | ˆ ◮ D | Φ( s ) � = � F ( w ) || w � w ∈ Z n � | ˆ � F ( w ) | where D := diag [Curtis & Meyer’04] ˆ F ( w ) ◮ If f is bent then H ⊗ n D | Φ( s ) � = | s � ◮ Complexity: Θ(1) 19/09/2011 Dagstuhl 5

  17. All Boolean functions 19/09/2011 Dagstuhl 6

  18. All Boolean functions In total there are 2 2 n Boolean functions with n arguments. For n = 8 this is roughly 10 77 . 19/09/2011 Dagstuhl 6

  19. All Boolean functions In total there are 2 2 n Boolean functions with n arguments. For n = 8 this is roughly 10 77 . ◭ Easy ( bent function ) 19/09/2011 Dagstuhl 6

  20. All Boolean functions In total there are 2 2 n Boolean functions with n arguments. For n = 8 this is roughly 10 77 . ◭ Easy ( bent function ) Hard ( delta function ) ◮ 19/09/2011 Dagstuhl 6

  21. All Boolean functions In total there are 2 2 n Boolean functions with n arguments. For n = 8 this is roughly 10 77 . What about the rest? ◭ Easy ( bent function ) Hard ( delta function ) ◮ 19/09/2011 Dagstuhl 6

  22. All Boolean functions In total there are 2 2 n Boolean functions with n arguments. For n = 8 this is roughly 10 77 . What about the rest? ◭ Easy ( bent function ) Three approaches: 1. Grover-like [Grover’00] / quantum rejection sampling [ORR’11] 2. Pretty good measurement 3. Simon-like [R¨ otteler’10, GRR’11] Hard ( delta function ) ◮ 19/09/2011 Dagstuhl 6

  23. Algorithm 1 : Grover-like / quantum rejection sampling 1 ( − 1) s · w ˆ � � ( − 1) s · w F ( w ) | w � �→ √ 2 n | w � w ∈ Z n w ∈ Z n 2 2 19/09/2011 Dagstuhl 7

  24. Algorithm 1 : Grover-like / quantum rejection sampling 1 ( − 1) s · w ˆ � � ( − 1) s · w F ( w ) | w � �→ √ 2 n | w � w ∈ Z n w ∈ Z n 2 2 ◮ Pick ε ∈ R 2 n such that ∀ w : 0 ≤ ε w ≤ | ˆ F ( w ) | 19/09/2011 Dagstuhl 7

  25. Algorithm 1 : Grover-like / quantum rejection sampling 1 ( − 1) s · w ˆ � � ( − 1) s · w F ( w ) | w � �→ √ 2 n | w � w ∈ Z n w ∈ Z n 2 2 ◮ Pick ε ∈ R 2 n such that ∀ w : 0 ≤ ε w ≤ | ˆ F ( w ) | � » ˆ F ( w ) 2 − ε 2 � 1 ◮ Apply R ε : | w �| 0 � �→ | w � w | 0 � + ε w | 1 � ˆ F ( w ) 19/09/2011 Dagstuhl 7

  26. Algorithm 1 : Grover-like / quantum rejection sampling 1 ( − 1) s · w ˆ � � ( − 1) s · w F ( w ) | w � �→ √ 2 n | w � w ∈ Z n w ∈ Z n 2 2 ◮ Pick ε ∈ R 2 n such that ∀ w : 0 ≤ ε w ≤ | ˆ F ( w ) | � » ˆ F ( w ) 2 − ε 2 � 1 ◮ Apply R ε : | w �| 0 � �→ | w � w | 0 � + ε w | 1 � ˆ F ( w ) ◮ If we would measure the last qubit, we would get outcome “ 1 ” w.p. � ε � 2 2 and the post-measurement state would be 1 ( − 1) s · w ε w | w � � � ε � 2 w ∈ Z n 2 19/09/2011 Dagstuhl 7

  27. Algorithm 1 : Grover-like / quantum rejection sampling 1 ( − 1) s · w ˆ � � ( − 1) s · w F ( w ) | w � �→ √ 2 n | w � w ∈ Z n w ∈ Z n 2 2 ◮ Pick ε ∈ R 2 n such that ∀ w : 0 ≤ ε w ≤ | ˆ F ( w ) | � » ˆ F ( w ) 2 − ε 2 � 1 ◮ Apply R ε : | w �| 0 � �→ | w � w | 0 � + ε w | 1 � ˆ F ( w ) ◮ If we would measure the last qubit, we would get outcome “ 1 ” w.p. � ε � 2 2 and the post-measurement state would be 1 ( − 1) s · w ε w | w � � � ε � 2 w ∈ Z n 2 ◮ Instead of measuring, amplify the amplitude on | 1 � 19/09/2011 Dagstuhl 7

  28. Algorithm 1 : Grover-like / quantum rejection sampling 1 ( − 1) s · w ˆ � � ( − 1) s · w F ( w ) | w � �→ √ 2 n | w � w ∈ Z n w ∈ Z n 2 2 ◮ Pick ε ∈ R 2 n such that ∀ w : 0 ≤ ε w ≤ | ˆ F ( w ) | � » ˆ F ( w ) 2 − ε 2 � 1 ◮ Apply R ε : | w �| 0 � �→ | w � w | 0 � + ε w | 1 � ˆ F ( w ) ◮ If we would measure the last qubit, we would get outcome “ 1 ” w.p. � ε � 2 2 and the post-measurement state would be 1 ( − 1) s · w ε w | w � � � ε � 2 w ∈ Z n 2 ◮ Instead of measuring, amplify the amplitude on | 1 � ◮ Complexity: O (1 / � ε � 2 ) 19/09/2011 Dagstuhl 7

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

On the quantum complexity of the continuous hidden subgroup problem Koen de Boer, Lo Ducas,

On the quantum complexity of the continuous hidden subgroup problem Koen de Boer, Lo Ducas,

On the quantum complexity of the continuous hidden subgroup problem Koen de Boer, Lo Ducas, Serge Fehr 1 / 20 Paper: https://eprint.iacr.org/2019/716.pdf Overview Introduction Problem statement Quantum algorithm Error analysis

855 views • 20 slides
Hidden Subgroup Hidden Subgroup Def. A Map is said to have A Map

Hidden Subgroup Hidden Subgroup Def. A Map is said to have A Map

Continuous Quantum Continuous Quantum Hidden Subgroup Hidden Subgroup Algorithms Algorithms This work is in collaboration with This work is in collaboration with Samuel J. Lomonaco, Jr. Louis H. Kauffman Louis H. Kauffman Dept. of Comp.

317 views • 12 slides
Abelian Hidden Subgroup Problem Laura Mancinska University of Waterloo, Department of C&O

Abelian Hidden Subgroup Problem Laura Mancinska University of Waterloo, Department of C&O

Abelian Hidden Subgroup Problem Laura Mancinska University of Waterloo, Department of C&O December 12, 2007 Abelian hidden subgroup problem Outline Basic concepts in quantum computing Statement of the hidden subgroup problem (HSP)

439 views • 22 slides
Weak Fourier-Schur Sampling, the Hidden Subgroup Problem & the Quantum Collision Problem

Weak Fourier-Schur Sampling, the Hidden Subgroup Problem & the Quantum Collision Problem

Weak Fourier-Schur Sampling, the Hidden Subgroup Problem & the Quantum Collision Problem Pawel M. Wocjan School of Electrical Engineering and Computer Science University of Central Florida Orlando wocjan@cs.ucf.edu Weak Fourier-Schur

264 views • 25 slides
Graph isomorphism, the hidden subgroup problem and identifying quantum states Pranab Sen NEC

Graph isomorphism, the hidden subgroup problem and identifying quantum states Pranab Sen NEC

Graph isomorphism, the hidden subgroup problem and identifying quantum states Pranab Sen NEC Laboratories America, Princeton, NJ, U.S.A. Joint work with Sean Hallgren and Martin R otteler. Quant-ph 0511148: Lower bound for graph

955 views • 56 slides
Quantum Algorithms for the k -xor Problem Lorenzo Grassi 1 , Mara Naya-Plasencia 2 , Andr

Quantum Algorithms for the k -xor Problem Lorenzo Grassi 1 , Mara Naya-Plasencia 2 , Andr

Context Low-qubits k -xor algorithms k -xor algorithms with qRAM Quantum Algorithms for the k -xor Problem Lorenzo Grassi 1 , Mara Naya-Plasencia 2 , Andr Schrottenloher 2 1 IAIK, Graz University of Technology, Austria 2 Inria, France December

428 views • 24 slides
Quantum Algorithms for Topological Invariants Stephen Jordan Wed Feb. 3, 2010 What is a quantum

Quantum Algorithms for Topological Invariants Stephen Jordan Wed Feb. 3, 2010 What is a quantum

Quantum Algorithms for Topological Invariants Stephen Jordan Wed Feb. 3, 2010 What is a quantum algorithm? Classical Quantum 0101101 the rules: solve problem using sequence of local quantum gates the goal: use fewer gates than

1.11k views • 37 slides
Quantum algorithms Subset-sum example: for the subset-sum problem Is there a subsequence of (499

Quantum algorithms Subset-sum example: for the subset-sum problem Is there a subsequence of (499

Quantum algorithms Subset-sum example: for the subset-sum problem Is there a subsequence of (499 852 1927 2535 3596 3608 D. J. Bernstein 4688 5989 6385 7353 7650 9413) University of Illinois at

2.02k views • 163 slides
Quantum Algorithms for Quantum Algorithms for Evaluating M IN Evaluating M IN -M -M AX AX Trees

Quantum Algorithms for Quantum Algorithms for Evaluating M IN Evaluating M IN -M -M AX AX Trees

Quantum Algorithms for Quantum Algorithms for Evaluating M IN Evaluating M IN -M -M AX AX Trees Trees Richard Cleve Dmitry Gavinsky D. L. Yonge-Mallo Institute for Quantum Computing, University of Waterloo January 30, 2008 TQC Tokyo,

842 views • 34 slides
Quantum Computation (Lecture QC-3: Quantum Algorithms) Lu s Soares Barbosa MFES -

Quantum Computation (Lecture QC-3: Quantum Algorithms) Lu s Soares Barbosa MFES -

Quantum Computation (Lecture QC-3: Quantum Algorithms) Lu s Soares Barbosa MFES - Arquitectura e C alculo May 2019 Quantum Algorithms The Deutsch-Jozsa Algorithm Quantum Search: Grover A quantum machine Structure of a quantum

1.08k views • 29 slides
A Simple and Efficient Solution of the Identifiability Problem for Hidden Markov Models and

A Simple and Efficient Solution of the Identifiability Problem for Hidden Markov Models and

Guideline Introduction String Functions Solution of the Identifiability Problem A Simple and Efficient Solution of the Identifiability Problem for Hidden Markov Models and Quantum Random Walks Alexander Schnhuth Pacific Institute for the

648 views • 37 slides
Quantum Versions of k-CSP The Need for . . . k -CSP problems Algorithms: a First Step Known

Quantum Versions of k-CSP The Need for . . . k -CSP problems Algorithms: a First Step Known

Outline General Problem of . . . Probabilistic and . . . Interval . . . Additional Problem: . . . Quantum Versions of k-CSP The Need for . . . k -CSP problems Algorithms: a First Step Known Algorithm for . . . Sch onings Algorithm . .

622 views • 15 slides
Quantum algorithms for the subset-sum problem D. J. Bernstein University of Illinois at Chicago

Quantum algorithms for the subset-sum problem D. J. Bernstein University of Illinois at Chicago

Quantum algorithms for the subset-sum problem D. J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven cr.yp.to/qsubsetsum.html Joint work with: Stacey Jeffery University of Waterloo Tanja Lange Technische

1.2k views • 98 slides
New Algorithms for Quantum (Symmetric) Cryptanalysis Mara Naya-Plasencia 2 , Andr

New Algorithms for Quantum (Symmetric) Cryptanalysis Mara Naya-Plasencia 2 , Andr

Quantum-safe (Symmetric) Cryptography Quantum Collision Search Quantum k-xor Algorithms New Algorithms for Quantum (Symmetric) Cryptanalysis Mara Naya-Plasencia 2 , Andr Schrottenloher 2 Joint work with Andr Chailloux 2 and Lorenzo Grassi

1.63k views • 65 slides
Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers can break public-key cryptography that is based on assuming hardness of factoring, discrete logs, and a few other problems I Post-quantum

2.98k views • 37 slides
Quantum algorithms for the subset-sum problem D. J. Bernstein University of Illinois at Chicago

Quantum algorithms for the subset-sum problem D. J. Bernstein University of Illinois at Chicago

Quantum algorithms for the subset-sum problem D. J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Joint work with: Stacey Jeffery University of Waterloo Tanja Lange Technische Universiteit Eindhoven

1.2k views • 89 slides
Measurement of the UHECRs flux and composition with Pierre Auger Observatory OBSERVATORY Ioana

Measurement of the UHECRs flux and composition with Pierre Auger Observatory OBSERVATORY Ioana

Measurement of the UHECRs flux and composition with Pierre Auger Observatory OBSERVATORY Ioana C. Mari s for the Pierre Auger Collaboration Outline Ultra high energy cosmic rays Pierre Auger Observatory Energy spectrum

973 views • 42 slides
Talk on The Extraordinary Jubilee Year of Mercy (8 Dec, 2015 20 Nov, 2016) 23 August,

Talk on The Extraordinary Jubilee Year of Mercy (8 Dec, 2015 20 Nov, 2016) 23 August,

Talk on The Extraordinary Jubilee Year of Mercy (8 Dec, 2015 20 Nov, 2016) 23 August, 2016 Jesus Christ is the face of the Fathers mercy. Whoever sees Jesus, sees the Father (John 14:9). Jesus of Nazareth, by his words, his

690 views • 50 slides
Basis Light-front Approach to Hadron Structure Xingbo Zhao Institute of Modern Physics Chinese

Basis Light-front Approach to Hadron Structure Xingbo Zhao Institute of Modern Physics Chinese

Basis Light-front Approach to Hadron Structure Xingbo Zhao Institute of Modern Physics Chinese Academy of Sciences Lanzhou, China XVIII International Conference on Hadron Spectroscopy and Structure, Guilin China, 08/20/2019 Collaborators

869 views • 43 slides
LARGE DATASETS rogier.kievit@mrc-cbu.cam.ac.uk/@rogierK Outline 1) What is big data? 2)

LARGE DATASETS rogier.kievit@mrc-cbu.cam.ac.uk/@rogierK Outline 1) What is big data? 2)

LARGE DATASETS rogier.kievit@mrc-cbu.cam.ac.uk/@rogierK Outline 1) What is big data? 2) Why bother? 3) Where to find large datasets 4) Challenges, pitfalls and opportunities Big data? The Australian Square Kilometre Array

833 views • 20 slides
Organisational Matters Lecturer: Ulle Endriss ( ulle@illc.uva.nl ), Room P.316 Timetable:

Organisational Matters Lecturer: Ulle Endriss ( ulle@illc.uva.nl ), Room P.316 Timetable:

Introduction COMSOC 2007 Introduction COMSOC 2007 Organisational Matters Lecturer: Ulle Endriss ( ulle@illc.uva.nl ), Room P.316 Timetable: Tuesdays 11am-1pm in Room P.014 Examination: There will be several coursework assignments

370 views • 9 slides
Develop Your Data Mindset Module 4 - Balanced Assessment System and Assessment Calendar Part 3 -

Develop Your Data Mindset Module 4 - Balanced Assessment System and Assessment Calendar Part 3 -

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Develop Your Data Mindset Module 4 - Balanced Assessment System and Assessment Calendar Part 3 - Balanced Assessment System and

1.61k views • 121 slides
Effective moments and transition operators

Effective moments and transition operators

684 views • 32 slides
Registrant List Page 1 of 5 UCSF OCME Name City, State Abitz Leslie C Kohler, WI 1 2

Registrant List Page 1 of 5 UCSF OCME Name City, State Abitz Leslie C Kohler, WI 1 2

University of California San Francisco 10/13/2014 MOB15001: OB/GYN Update Registrant List Page 1 of 5 UCSF OCME Name City, State Abitz Leslie C Kohler, WI 1 2 Adams Susan L. RN, NP, PhD San Rafael, CA Afework Sebhat Cerritos, CA

158 views • 5 slides

More recommend