quantum circuits for the csidh optimizing quantum
play

Quantum circuits for the CSIDH: optimizing quantum evaluation of - PowerPoint PPT Presentation

Feb 16, 2024 •232 likes •412 views

Quantum circuits for the CSIDH: optimizing quantum evaluation of isogenies Daniel J. Bernstein Tanja Lange Chloe Martindale Lorenz Panny quantum.isogeny.org Key bits where all known attacks take 2 operations (naive serial attack metric,

  1. Quantum circuits for the CSIDH: optimizing quantum evaluation of isogenies Daniel J. Bernstein Tanja Lange Chloe Martindale Lorenz Panny quantum.isogeny.org

  2. Key bits where all known attacks take 2 λ operations (naive serial attack metric, ignoring memory cost): pre-quantum post-quantum SIDH, SIKE (24 + o (1)) λ (36 + o (1)) λ compressed (14 + o (1)) λ (21 + o (1)) λ CRS, CSIDH (4 + o (1)) λ superlinear

  3. Key bits where all known attacks take 2 λ operations (naive serial attack metric, ignoring memory cost): pre-quantum post-quantum SIDH, SIKE (24 + o (1)) λ (36 + o (1)) λ compressed (14 + o (1)) λ (21 + o (1)) λ CRS, CSIDH (4 + o (1)) λ superlinear For which λ does this cross (21 + o (1)) λ ?

  4. Key bits where all known attacks take 2 λ operations (naive serial attack metric, ignoring memory cost): pre-quantum post-quantum SIDH, SIKE (24 + o (1)) λ (36 + o (1)) λ compressed (14 + o (1)) λ (21 + o (1)) λ CRS, CSIDH (4 + o (1)) λ superlinear For which λ does this cross (21 + o (1)) λ ? Subexp 2010 Childs–Jao–Soukharev attack, using 2003 Kuperberg or 2004 Regev or 2011 Kuperberg.

  5. Key bits where all known attacks take 2 λ operations (naive serial attack metric, ignoring memory cost): pre-quantum post-quantum SIDH, SIKE (24 + o (1)) λ (36 + o (1)) λ compressed (14 + o (1)) λ (21 + o (1)) λ CRS, CSIDH (4 + o (1)) λ superlinear For which λ does this cross (21 + o (1)) λ ? Subexp 2010 Childs–Jao–Soukharev attack, using 2003 Kuperberg or 2004 Regev or 2011 Kuperberg. • How many queries do these attacks perform?

  6. Key bits where all known attacks take 2 λ operations (naive serial attack metric, ignoring memory cost): pre-quantum post-quantum SIDH, SIKE (24 + o (1)) λ (36 + o (1)) λ compressed (14 + o (1)) λ (21 + o (1)) λ CRS, CSIDH (4 + o (1)) λ superlinear For which λ does this cross (21 + o (1)) λ ? Subexp 2010 Childs–Jao–Soukharev attack, using 2003 Kuperberg or 2004 Regev or 2011 Kuperberg. • How many queries do these attacks perform? • How expensive is each CSIDH query?

  7. Key bits where all known attacks take 2 λ operations (naive serial attack metric, ignoring memory cost): pre-quantum post-quantum SIDH, SIKE (24 + o (1)) λ (36 + o (1)) λ compressed (14 + o (1)) λ (21 + o (1)) λ CRS, CSIDH (4 + o (1)) λ superlinear For which λ does this cross (21 + o (1)) λ ? Subexp 2010 Childs–Jao–Soukharev attack, using 2003 Kuperberg or 2004 Regev or 2011 Kuperberg. • How many queries do these attacks perform? • How expensive is each CSIDH query? Our 56-page paper: see quantum.isogeny.org .

  8. Key bits where all known attacks take 2 λ operations (naive serial attack metric, ignoring memory cost): pre-quantum post-quantum SIDH, SIKE (24 + o (1)) λ (36 + o (1)) λ compressed (14 + o (1)) λ (21 + o (1)) λ CRS, CSIDH (4 + o (1)) λ superlinear For which λ does this cross (21 + o (1)) λ ? Subexp 2010 Childs–Jao–Soukharev attack, using 2003 Kuperberg or 2004 Regev or 2011 Kuperberg. • How many queries do these attacks perform? • How expensive is each CSIDH query? Our 56-page paper: see quantum.isogeny.org . • What about memory, using parallel AT metric?

  9. Case study: attacking CSIDH-512 CSIDH-512 query, uniform over {− 5 , . . . , 5 } 74 , failure chance < 2 − 32 (maybe ok), nonlinear bit ops: ≈ 2 51 by 2018 Jao–LeGrow–Leonardi–Ruiz-Lopez.

  10. Case study: attacking CSIDH-512 CSIDH-512 query, uniform over {− 5 , . . . , 5 } 74 , failure chance < 2 − 32 (maybe ok), nonlinear bit ops: ≈ 2 51 by 2018 Jao–LeGrow–Leonardi–Ruiz-Lopez. 1118827416420 ≈ 2 40 by our Algorithm 7.1.

  11. Case study: attacking CSIDH-512 CSIDH-512 query, uniform over {− 5 , . . . , 5 } 74 , failure chance < 2 − 32 (maybe ok), nonlinear bit ops: ≈ 2 51 by 2018 Jao–LeGrow–Leonardi–Ruiz-Lopez. 1118827416420 ≈ 2 40 by our Algorithm 7.1. 765325228976 ≈ 0 . 7 · 2 40 by our Algorithm 8.1. Generic conversion to quantum computation: ≈ 2 43 . 3 T -gates using ≈ 2 40 qubits.

  12. Case study: attacking CSIDH-512 CSIDH-512 query, uniform over {− 5 , . . . , 5 } 74 , failure chance < 2 − 32 (maybe ok), nonlinear bit ops: ≈ 2 51 by 2018 Jao–LeGrow–Leonardi–Ruiz-Lopez. 1118827416420 ≈ 2 40 by our Algorithm 7.1. 765325228976 ≈ 0 . 7 · 2 40 by our Algorithm 8.1. Generic conversion to quantum computation: ≈ 2 43 . 3 T -gates using ≈ 2 40 qubits. Can do ≈ 2 45 . 3 T -gates using ≈ 2 20 qubits.

  13. Case study: attacking CSIDH-512 CSIDH-512 query, uniform over {− 5 , . . . , 5 } 74 , failure chance < 2 − 32 (maybe ok), nonlinear bit ops: ≈ 2 51 by 2018 Jao–LeGrow–Leonardi–Ruiz-Lopez. 1118827416420 ≈ 2 40 by our Algorithm 7.1. 765325228976 ≈ 0 . 7 · 2 40 by our Algorithm 8.1. Generic conversion to quantum computation: ≈ 2 43 . 3 T -gates using ≈ 2 40 qubits. Can do ≈ 2 45 . 3 T -gates using ≈ 2 20 qubits. Total gates ( T +Clifford): ≈ 2 46 . 9 .

  14. Case study: attacking CSIDH-512 CSIDH-512 query, uniform over {− 5 , . . . , 5 } 74 , failure chance < 2 − 32 (maybe ok), nonlinear bit ops: ≈ 2 51 by 2018 Jao–LeGrow–Leonardi–Ruiz-Lopez. 1118827416420 ≈ 2 40 by our Algorithm 7.1. 765325228976 ≈ 0 . 7 · 2 40 by our Algorithm 8.1. Generic conversion to quantum computation: ≈ 2 43 . 3 T -gates using ≈ 2 40 qubits. Can do ≈ 2 45 . 3 T -gates using ≈ 2 20 qubits. Total gates ( T +Clifford): ≈ 2 46 . 9 . BS18 claim only ≈ 2 2 lattice overhead per query. BS18 claim only ≈ 2 32 . 5 queries using ≈ 2 31 qubits.

  15. Case study: attacking CSIDH-512 CSIDH-512 query, uniform over {− 5 , . . . , 5 } 74 , failure chance < 2 − 32 (maybe ok), nonlinear bit ops: ≈ 2 51 by 2018 Jao–LeGrow–Leonardi–Ruiz-Lopez. 1118827416420 ≈ 2 40 by our Algorithm 7.1. 765325228976 ≈ 0 . 7 · 2 40 by our Algorithm 8.1. Generic conversion to quantum computation: ≈ 2 43 . 3 T -gates using ≈ 2 40 qubits. Can do ≈ 2 45 . 3 T -gates using ≈ 2 20 qubits. Total gates ( T +Clifford): ≈ 2 46 . 9 . BS18 claim only ≈ 2 2 lattice overhead per query. BS18 claim only ≈ 2 32 . 5 queries using ≈ 2 31 qubits. If these claims are correct: ≈ 2 81 . 4 total gates.

  16. Case study: attacking CSIDH-512 CSIDH-512 query, uniform over {− 5 , . . . , 5 } 74 , failure chance < 2 − 32 (maybe ok), nonlinear bit ops: ≈ 2 51 by 2018 Jao–LeGrow–Leonardi–Ruiz-Lopez. 1118827416420 ≈ 2 40 by our Algorithm 7.1. 765325228976 ≈ 0 . 7 · 2 40 by our Algorithm 8.1. Generic conversion to quantum computation: ≈ 2 43 . 3 T -gates using ≈ 2 40 qubits. Can do ≈ 2 45 . 3 T -gates using ≈ 2 20 qubits. Total gates ( T +Clifford): ≈ 2 46 . 9 . BS18 claim only ≈ 2 2 lattice overhead per query. BS18 claim only ≈ 2 32 . 5 queries using ≈ 2 31 qubits. If these claims are correct: ≈ 2 81 . 4 total gates. BS18 claim 2 71 total gates. We explain gap.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Quantum circuits for the CSIDH: optimizing quantum evaluation of isogenies Daniel J. Bernstein

Quantum circuits for the CSIDH: optimizing quantum evaluation of isogenies Daniel J. Bernstein

Quantum circuits for the CSIDH: optimizing quantum evaluation of isogenies Daniel J. Bernstein Tanja Lange Chloe Martindale Lorenz Panny quantum.isogeny.org Non-interactive key exchange Alice: secret a , public aG . Bob: secret b , public bG

499 views • 28 slides
Optimizing quantum circuits with classical thinking Craig Gidney Google Quantum AI QPL/MFPS

Optimizing quantum circuits with classical thinking Craig Gidney Google Quantum AI QPL/MFPS

Optimizing quantum circuits with classical thinking Craig Gidney Google Quantum AI QPL/MFPS 2018 Goal: explain section 3-D of arXiv:1805.03662 [...] [...] Key ideas we'll cover 1. Cost of error corrected quantum computation 2. Preparing

993 views • 45 slides
[&quot;si:saId] Why CSIDH? Drop-in post-quantum replacement for (EC)DH.

[&quot;si:saId] Why CSIDH? Drop-in post-quantum replacement for (EC)DH.

CSIDH : An Efficient Post-Quantum Commutative Group Action Wouter Castryck 1 Tanja Lange 2 Chloe Martindale 2 Lorenz Panny 2 Joost Renes 3 1 KU Leuven 2 TU Eindhoven 3 Radboud Universiteit Brisbane, 6 December 2018 [&quot;si:saId] Why CSIDH?

934 views • 57 slides
Kuperbergs Collimation Sieve vs. CSIDH Chris Peikert University of Michigan Quantum

Kuperbergs Collimation Sieve vs. CSIDH Chris Peikert University of Michigan Quantum

Kuperbergs Collimation Sieve vs. CSIDH Chris Peikert University of Michigan Quantum Cryptanalysis of Post-Quantum Cryptography Simons Institute 24 February 2020 1 / 16 He Gives C-Sieves on the CSIDH Chris Peikert University of Michigan

1.61k views • 85 slides
Sparse Quantum Codes from Quantum Circuits Steve Flammia QEC 2014 15 December 2014 ETH Zrich

Sparse Quantum Codes from Quantum Circuits Steve Flammia QEC 2014 15 December 2014 ETH Zrich

Sparse Quantum Codes from Quantum Circuits Steve Flammia QEC 2014 15 December 2014 ETH Zrich Joint work with D Bacon, A W Harrow, and J Shi arxiv:1411.3334 Quantum Error Correction Quantum error correction allows us to deal with the

641 views • 28 slides
Quantum circuits: From Structure to Software Aleks Kissinger Quantum Natural Language Processing,

Quantum circuits: From Structure to Software Aleks Kissinger Quantum Natural Language Processing,

Quantum circuits: From Structure to Software Aleks Kissinger Quantum Natural Language Processing, Oxford 2020 Aleks Kissinger QNLP 2020 1 / 34 Quantum software 1. := the code the runs on a quantum computer factoring search physical

1.09k views • 73 slides
Classical simulations of quantum circuits Resource-theoretic approach to quantum computing Kamil

Classical simulations of quantum circuits Resource-theoretic approach to quantum computing Kamil

Classical simulations of quantum circuits Resource-theoretic approach to quantum computing Kamil Korzekwa Faculty of Physics, Astronomy and Applied Computer Science, Jagiellonian University, Poland Outline 1. Motivation 2. Background 3.

492 views • 18 slides
Quantum Computation and Quantum Circuits Robert Spalek, CWI September 18, 2003 1 Classical

Quantum Computation and Quantum Circuits Robert Spalek, CWI September 18, 2003 1 Classical

Quantum Computation and Quantum Circuits Robert Spalek, CWI September 18, 2003 1 Classical computation deterministic computer in 1 state at each moment parallel computation modelled by circuits: &amp; &amp; x 1 x 2 x 3 x 4

307 views • 14 slides
Leonardo DiCarlo Leonardo DiCarlo Superconducting quantum circuits: Superconducting quantum

Leonardo DiCarlo Leonardo DiCarlo Superconducting quantum circuits: Superconducting quantum

Leonardo DiCarlo Leonardo DiCarlo Superconducting quantum circuits: Superconducting quantum circuits: Circuit QED Circuit QED Circuit QED: Cavity QED with wires Josephson-junction qubits Transmission-line resonators mediate

435 views • 12 slides
Optimizing the fundamental limits for quantum communication Xin Wang Baidu Research TQC 2020

Optimizing the fundamental limits for quantum communication Xin Wang Baidu Research TQC 2020

Optimizing the fundamental limits for quantum communication Xin Wang Baidu Research TQC 2020 arXiv:1912.00931 Quantum capacity of a quantum channel l The quantum capacity of a channel N is the number of qubits, on average, that can be

697 views • 14 slides
Q UANTUM G ROUP Introduction Quantum circuits Spiders ZX-calculus MBQC Survey Picturing

Q UANTUM G ROUP Introduction Quantum circuits Spiders ZX-calculus MBQC Survey Picturing

Introduction Quantum circuits Spiders ZX-calculus MBQC Survey Diagrammatic Reasoning and Quantum Computation Aleks Kissinger ACA, Kalamata November 4, 2015 Q UANTUM G ROUP Introduction Quantum circuits Spiders ZX-calculus MBQC

1.19k views • 101 slides
Leonardo DiCarlo Leonardo DiCarlo Superconducting quantum circuits: Superconducting quantum

Leonardo DiCarlo Leonardo DiCarlo Superconducting quantum circuits: Superconducting quantum

Leonardo DiCarlo Leonardo DiCarlo Superconducting quantum circuits: Superconducting quantum circuits: The transmon qubit The transmon qubit Natures quantum bits true qubits effective qubits energy = 1 e = 1 = 0 E 01 g = 0

396 views • 10 slides
Simulation of quantum circuits by ZX-diagram contraction John van de Wetering

Simulation of quantum circuits by ZX-diagram contraction John van de Wetering

Simulation of quantum circuits by ZX-diagram contraction John van de Wetering john@vdwetering.name Institute for Computing and Information Sciences Radboud University Nijmegen September 6, 2019 Holy Trinity of quantum circuits Holy Trinity

794 views • 64 slides
Optimisation and verification of quantum circuits with string diagrams Aleks Kissinger STRING 3;

Optimisation and verification of quantum circuits with string diagrams Aleks Kissinger STRING 3;

Optimisation and verification of quantum circuits with string diagrams Aleks Kissinger STRING 3; Birmingham 2019 Aleks Kissinger STRING 3, 2019 1 / 43 Quantum software 1. := the code the runs on a quantum computer factoring search quantum

1.16k views • 91 slides
Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information

1.95k views • 154 slides
Simulating Quantum Field Theories on a Quantum Computer Stephen Jordan C a n q u a n t u m c o m

Simulating Quantum Field Theories on a Quantum Computer Stephen Jordan C a n q u a n t u m c o m

Simulating Quantum Field Theories on a Quantum Computer Stephen Jordan C a n q u a n t u m c o m p u t e r s s i m u l a t e a l l p h y s i c a l processes efficiently? Universality Conjecture: Quantum circuits can simulate all physical

334 views • 30 slides
3/18/2018 [1] PE Prof. Mor M. Peretz Analog Electronic Circuits 361-1-3671 M I C T HE C

3/18/2018 [1] PE Prof. Mor M. Peretz Analog Electronic Circuits 361-1-3671 M I C T HE C

3/18/2018 [1] PE Prof. Mor M. Peretz Analog Electronic Circuits 361-1-3671 M I C T HE C ENTER FOR P OWER E LECTRONICS AND M IXED -S IGNAL IC, B EN -G URION U NIVERSITY BGU Analog Electronic Circuits Prof. Mor M. Peretz The Center for

475 views • 8 slides
Amortized Resource Analysis Martin Hofmann Ludwig-Maximilians-Universit at M unchen EWSCS

Amortized Resource Analysis Martin Hofmann Ludwig-Maximilians-Universit at M unchen EWSCS

Amortized Resource Analysis Martin Hofmann Ludwig-Maximilians-Universit at M unchen EWSCS Winter School 2011, Palmse, Estonia mh (lmumun) Amortized Resource Analysis 28.02.-04.03.2011 1 / 72 Why resource analysis Computing under

1.16k views • 72 slides
Formal Software Methods for Cryptosystems Implementation Security Pablo Rauzy rauzy@enst.fr

Formal Software Methods for Cryptosystems Implementation Security Pablo Rauzy rauzy@enst.fr

Formal Software Methods for Cryptosystems Implementation Security Pablo Rauzy rauzy@enst.fr pablo.rauzy.name Telecom ParisTech LTCI / COMELEC / SEN December 4, 2013 Pablo Rauzy (Telecom ParisTech) Formal Security for Implementations PhD

969 views • 60 slides
Course Script INF 5110: Compiler con- struction INF5110, spring 2020 Martin Steffen Contents

Course Script INF 5110: Compiler con- struction INF5110, spring 2020 Martin Steffen Contents

style/uiologo.pdf Course Script INF 5110: Compiler con- struction INF5110, spring 2020 Martin Steffen Contents ii Contents 9 Intermediate code generation 1 9.1 Intro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1.07k views • 57 slides
Introduction Lijun Zhang zlj@nju.edu.cn http://cs.nju.edu.cn/zlj Outline Mathematical

Introduction Lijun Zhang zlj@nju.edu.cn http://cs.nju.edu.cn/zlj Outline Mathematical

Introduction Lijun Zhang zlj@nju.edu.cn http://cs.nju.edu.cn/zlj Outline Mathematical Optimization Least-squares Linear Programming Convex Optimization Nonlinear Optimization Summary Outline Mathematical Optimization

749 views • 38 slides
Synthesis Tools for White-box Implementations Aleksei Udovenko SnT, University of Luxembourg

Synthesis Tools for White-box Implementations Aleksei Udovenko SnT, University of Luxembourg

Synthesis Tools for White-box Implementations Aleksei Udovenko SnT, University of Luxembourg WhibOx Workshop May 19, 2019 Introduction Circuit Construction Compilation Attacks Conclusion Plan Introduction Circuit Construction

690 views • 30 slides
Lecture 25: Autoencoders Kernel PCA Aykut Erdem January 2017 Hacettepe University Today

Lecture 25: Autoencoders Kernel PCA Aykut Erdem January 2017 Hacettepe University Today

Lecture 25: Autoencoders Kernel PCA Aykut Erdem January 2017 Hacettepe University Today Motivation PCA algorithms Applications PCA shortcomings Autoencoders Kernel PCA 2 Autoencoders 3

550 views • 34 slides
Space charge studies based on beta measurement in J-PARC MR K. Ohmi KEK, Accelerator Lab Dec.

Space charge studies based on beta measurement in J-PARC MR K. Ohmi KEK, Accelerator Lab Dec.

Space charge studies based on beta measurement in J-PARC MR K. Ohmi KEK, Accelerator Lab Dec. 10, 2015, talk at Fermilab K. Ohmi (KEK) Space charge on measured beta Dec. 10, 2015, talk at Fermilab 1 / 36 Overview Hamiltonian and Resonances

632 views • 37 slides

More recommend