quantum merging algorithms
play

Quantum Merging Algorithms Mara Naya-Plasencia 2 , Andr - PowerPoint PPT Presentation

Jan 28, 2024 •207 likes •727 views

Quantum (Generalized) Collisions Quantum Merging Extended Quantum Merging Quantum Merging Algorithms Mara Naya-Plasencia 2 , Andr Schrottenloher 2 Joint work with Andr Chailloux 2 and Lorenzo Grassi 1 1 IAIK, Graz University of Technology,

  1. Quantum (Generalized) Collisions Quantum Merging Extended Quantum Merging Quantum Merging Algorithms María Naya-Plasencia 2 , André Schrottenloher 2 Joint work with André Chailloux 2 and Lorenzo Grassi 1 1 IAIK, Graz University of Technology, Austria 2 Inria, France M. Naya-Plasencia, A. Schrottenloher Quantum Merging 1/44

  2. Quantum (Generalized) Collisions Quantum Merging Extended Quantum Merging Outline Quantum (Generalized) Collisions 1 Quantum Merging 2 Extended Quantum Merging 3 M. Naya-Plasencia, A. Schrottenloher Quantum Merging 2/44

  3. Quantum (Generalized) Collisions Quantum Merging Extended Quantum Merging Quantum (Generalized) Collisions M. Naya-Plasencia, A. Schrottenloher Quantum Merging 3/44

  4. Quantum (Generalized) Collisions Quantum Merging Extended Quantum Merging Generalized Birthday Problem(s) Problem 1: “original” Given L 1 , . . . L k classical lists of random n -bit strings, find x 1 , . . . x k ∈ L 1 × . . . L k such that x 1 ⊕ . . . ⊕ x k = 0. Problem 2: “oracle” Given oracle access to a random n -bit to n -bit function H , find x 1 , . . . x k such that H ( x 1 ) ⊕ . . . ⊕ H ( x k ) = 0. Problem 3: “unique solution” Given oracle access to a random n / k -bit to n -bit function H , find the single k -tuple x 1 , . . . x k such that H ( x 1 ) ⊕ . . . H ( x k ) = 0. M. Naya-Plasencia, A. Schrottenloher Quantum Merging 4/44

  5. Quantum (Generalized) Collisions Quantum Merging Extended Quantum Merging Applications Parity check problem: given P ( X ) of degree n , find a low-weight multiple of P Multiple-encryption: given a few plaintext-ciphertext pairs ( x , E k 1 ◦ . . . ◦ E k r ( x )) , find the independent keys k 1 , . . . k r Subset-sum: given n integers a 0 , . . . a n − 1 on poly ( n ) bits, find a binary ¯ e such that ¯ e = 0 a · ¯ LPN: given samples a , a · s + e with n -bit uniform random a and Bernoulli noise e , find s Except LPN, we have quantum oracle access. M. Naya-Plasencia, A. Schrottenloher Quantum Merging 5/44

  6. Quantum (Generalized) Collisions Quantum Merging Extended Quantum Merging Focus on Problem 2 (with oracle) Problem 2: The “oracle” k-xor Let H : { 0 , 1 } n → { 0 , 1 } n be a random function, find x 1 , . . . , x k such that H ( x 1 ) ⊕ . . . ⊕ H ( x k ) = 0. We suppose that quantum oracle access to H is given We focus on the exponent in the time complexity � O ( 2 α k n ) All the results apply with + instead of ⊕ M. Naya-Plasencia, A. Schrottenloher Quantum Merging 6/44

  7. Quantum (Generalized) Collisions Quantum Merging Extended Quantum Merging The 1-xor problem: exhaustive search Classically: look for a preimage of 0. Since H is random, we need to query it O ( 2 n ) times. � 2 n / 2 � Quantumly: use Grover’s algorithm. O quantum queries and time. Grover search / amplitude amplification Find in S (of size 2 n ) an element x (2 t solutions) such that x satisfies some condition. � � 2 ( n − t ) / 2 Sampling + Checking � �� � � �� � � �� � Produce � 2 t solutions s ∈ S | s � Test | x � among 2 n M. Naya-Plasencia, A. Schrottenloher Quantum Merging 7/44

  8. Quantum (Generalized) Collisions Quantum Merging Extended Quantum Merging Interlude: Quantum Memory M. Naya-Plasencia, A. Schrottenloher Quantum Merging 8/44

  9. Quantum (Generalized) Collisions Quantum Merging Extended Quantum Merging The “quantum memory” landscape Quantum Sequential access random access Classical memory Classical memory Classical sequential access quantum random access write SAM QACM (or qRAM) Quantum memory Quantum memory Quantum sequential access quantum random access write Qubits QAQM M. Naya-Plasencia, A. Schrottenloher Quantum Merging 9/44

  10. Quantum (Generalized) Collisions Quantum Merging Extended Quantum Merging The “quantum memory” landscape (ctd.) In our work, we consider that answering a query “ x ∈ L ”, for a superposition of x , costs: (C)SAM: � O ( | L | ) QACM: poly ( log | L | ) Qubits: � O ( | L | ) QAQM: poly ( log | L | ) M. Naya-Plasencia, A. Schrottenloher Quantum Merging 10/44

  11. Quantum (Generalized) Collisions Quantum Merging Extended Quantum Merging Converting QACM to SAM We can emulate QACM queries with classical sequential memory accesses: perform a sequence of comparisons. Converting QACM to SAM On input x , to compute if x ∈ L : Read L sequentially; Run a sequence of | L | comparison circuits; Aggregate the comparison results. We can make the memory in some quantum algorithms classical (however, no guarantee of a quantum speedup) M. Naya-Plasencia, A. Schrottenloher Quantum Merging 11/44

  12. Quantum (Generalized) Collisions Quantum Merging Extended Quantum Merging Quantum Collisions without qRAM Joint work with André Chailloux M. Naya-Plasencia, A. Schrottenloher Quantum Merging 12/44

  13. Quantum (Generalized) Collisions Quantum Merging Extended Quantum Merging The 2-xor problem: collision search � 2 n / 2 � � 2 n / 2 � Classical (naive): O computations and O memory. � 2 n / 2 � Classical (Pollard’s rho): O computations and O ( 1 ) memory. � 2 n / 3 � � 2 n / 3 � Quantum (BHT*): � O computations and O QACM. BHT Store 2 n / 3 arbitrary queries x , H ( x ) in a list L Search { 0 , 1 } n with the predicate: f ( x ) = ( ∃ y � = x , ( y , H ( x )) ∈ L ) (needs QACM) * Brassard, Høyer, and Tapp, “Quantum Cryptanalysis of Hash and Claw-Free Functions” , LATIN 98 M. Naya-Plasencia, A. Schrottenloher Quantum Merging 13/44

  14. Quantum (Generalized) Collisions Quantum Merging Extended Quantum Merging Quantum collisions without qRAM In BHT, we perform 2 n / 3 membership queries to a list L of size 2 n / 3 : the conversion increases the time up to 2 2 n / 3 ! Let’s try again, with: A smaller list Less membership queries To do this, we put a constraint on L , and search for a collision in a smaller subspace. Chailloux, Naya-Plasencia, and S., “An Efficient Quantum Collision Search Algorithm and Implications on Symmetric Cryptography” , ASIACRYPT 17 M. Naya-Plasencia, A. Schrottenloher Quantum Merging 14/44

  15. Quantum (Generalized) Collisions Quantum Merging Extended Quantum Merging Quantum collisions without qRAM (ctd.) We search only for a collision among distinguished points , e.g. x such that H ( x ) = 0 2 n / 5 || z for z ∈ { 0 , 1 } 3 n / 5 . Create a list L of distinguished y , H ( y ) 1 Grover search among distinguished points for a match on L 2 � � 2 n / 5 + n / 5 2 n / 5 2 n / 5 2 n / 5 = 2 2 n / 5 + + � �� � � �� � � �� � � �� � Build L 2 − 2 n / 5 Sample Match L distinguished probability points of a match We do 2 n / 5 accesses to a 2 n / 5 -sized memory. Chailloux, Naya-Plasencia, and S., “An Efficient Quantum Collision Search Algorithm and Implications on Symmetric Cryptography” , ASIACRYPT 17 M. Naya-Plasencia, A. Schrottenloher Quantum Merging 15/44

  16. Quantum (Generalized) Collisions Quantum Merging Extended Quantum Merging Quantum Algorithms for the (Many-solutions) k-xor Problem Joint work with Lorenzo Grassi M. Naya-Plasencia, A. Schrottenloher Quantum Merging 16/44

  17. Quantum (Generalized) Collisions Quantum Merging Extended Quantum Merging Classical results for general k To get a k -xor on n bits: The optimal query complexity is Θ( 2 n / k ) � 2 n / ( 1 + ⌊ log 2 ( k ) ⌋ ) � The time complexity is O * Logarithmic improvements in time (but we focus on exponents ) * Wagner, “A Generalized Birthday Problem” , CRYPTO 02 M. Naya-Plasencia, A. Schrottenloher Quantum Merging 17/44

  18. Quantum (Generalized) Collisions Quantum Merging Extended Quantum Merging Wagner’s algorithm in a single slide Merging From two lists L 1 , L 2 , compute the “join” L 1 ⊲ ⊳ u L 2 : the pairs x 1 , x 2 ∈ L 1 × L 2 with x 1 ⊕ x 2 | u = 0 (partial collision on u bits). All lists are presumed sorted, the time is: MAX ( | L 1 ⊲ ⊳ u L 2 | , MIN ( | L 1 | , | L 2 | )) Wagner’s algorithm is a sequence of pairwise joins The strategy (optimal u ) depends on ⌊ log 2 ( k ) ⌋ ; we merge 2 ⌊ log 2 ( k ) ⌋ lists M. Naya-Plasencia, A. Schrottenloher Quantum Merging 18/44

  19. Quantum (Generalized) Collisions Quantum Merging Extended Quantum Merging An example with k = 4 1. Query 4 lists of x , H ( x ) : L 1 , L 2 , L 3 , L 4 of size 2 n / 3 L 1 of size L 2 of size L 3 of size L 4 of size 2 n / 3 2 n / 3 2 n / 3 2 n / 3 M. Naya-Plasencia, A. Schrottenloher Quantum Merging 19/44

  20. Quantum (Generalized) Collisions Quantum Merging Extended Quantum Merging An example with k = 4 1. Query 4 lists of x , H ( x ) : L 1 , L 2 , L 3 , L 4 of size 2 n / 3 ⊳ n / 3 L 4 of size 2 n / 3 2. Compute the joins L 1 ⊲ ⊳ n / 3 L 2 and L 3 ⊲ L 1 ⊲ ⊳ n / 3 L 2 L 3 ⊲ ⊳ n / 3 L 4 of size 2 n / 3 of size 2 n / 3 L 2 of size L 1 of size L 4 of size L 3 of size 2 n / 3 2 n / 3 2 n / 3 2 n / 3 M. Naya-Plasencia, A. Schrottenloher Quantum Merging 19/44

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Optimal Merging in Quantum k -xor and k -sum Algorithms Mara Naya-Plasencia, Andr

Optimal Merging in Quantum k -xor and k -sum Algorithms Mara Naya-Plasencia, Andr

Optimal Merging in Quantum k -xor and k -sum Algorithms Mara Naya-Plasencia, Andr Schrottenloher Inria, France Merging with many Solutions Quantum Merging With a Single Solution Outline Merging with many Solutions 1 Quantum Merging 2

727 views • 34 slides
Quantum Algorithms for Quantum Algorithms for Evaluating M IN Evaluating M IN -M -M AX AX Trees

Quantum Algorithms for Quantum Algorithms for Evaluating M IN Evaluating M IN -M -M AX AX Trees

Quantum Algorithms for Quantum Algorithms for Evaluating M IN Evaluating M IN -M -M AX AX Trees Trees Richard Cleve Dmitry Gavinsky D. L. Yonge-Mallo Institute for Quantum Computing, University of Waterloo January 30, 2008 TQC Tokyo,

842 views • 34 slides
Quantum Computation (Lecture QC-3: Quantum Algorithms) Lu s Soares Barbosa MFES -

Quantum Computation (Lecture QC-3: Quantum Algorithms) Lu s Soares Barbosa MFES -

Quantum Computation (Lecture QC-3: Quantum Algorithms) Lu s Soares Barbosa MFES - Arquitectura e C alculo May 2019 Quantum Algorithms The Deutsch-Jozsa Algorithm Quantum Search: Grover A quantum machine Structure of a quantum

1.08k views • 29 slides
Quantum Algorithms for Topological Invariants Stephen Jordan Wed Feb. 3, 2010 What is a quantum

Quantum Algorithms for Topological Invariants Stephen Jordan Wed Feb. 3, 2010 What is a quantum

Quantum Algorithms for Topological Invariants Stephen Jordan Wed Feb. 3, 2010 What is a quantum algorithm? Classical Quantum 0101101 the rules: solve problem using sequence of local quantum gates the goal: use fewer gates than

1.11k views • 37 slides
New Algorithms for Quantum (Symmetric) Cryptanalysis Mara Naya-Plasencia 2 , Andr

New Algorithms for Quantum (Symmetric) Cryptanalysis Mara Naya-Plasencia 2 , Andr

Quantum-safe (Symmetric) Cryptography Quantum Collision Search Quantum k-xor Algorithms New Algorithms for Quantum (Symmetric) Cryptanalysis Mara Naya-Plasencia 2 , Andr Schrottenloher 2 Joint work with Andr Chailloux 2 and Lorenzo Grassi

1.63k views • 65 slides
Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers can break public-key cryptography that is based on assuming hardness of factoring, discrete logs, and a few other problems I Post-quantum

2.98k views • 37 slides
From quantum hardware to quantum AI School of Electrical and Electronic Engineering University

From quantum hardware to quantum AI School of Electrical and Electronic Engineering University

CLASSICAL BIT vs QUBIT Computation as physical process Concept of programmable matter Classical neural network Distance between quantum states Quantum algorithms Quantum Neural Networks From quantum hardware to quantum AI School of

322 views • 31 slides
Quantum Quantum Computing Sensing Algorithms Hybrid computing Compilers

Quantum Quantum Computing Sensing Algorithms Hybrid computing Compilers

QIS Workshop: Welcome Argonne PSE/CELS QIS Working Group Salman Habib CPS/HEP Divisions September 23, 2019 Quantum Quantum Computing Sensing Algorithms Hybrid computing Compilers Error correction Precision metrology

285 views • 6 slides
Quantum algorithms Daniel J. Bernstein University of Illinois at Chicago Quantum algorithm

Quantum algorithms Daniel J. Bernstein University of Illinois at Chicago Quantum algorithm

1 Quantum algorithms Daniel J. Bernstein University of Illinois at Chicago Quantum algorithm means an algorithm that a quantum computer can run. i.e. a sequence of instructions, where each instruction is in a quantum computers

1.42k views • 138 slides
Quantum algorithms based on quantum walks . J er emie Roland Universit e Libre de

Quantum algorithms based on quantum walks . J er emie Roland Universit e Libre de

. Quantum algorithms based on quantum walks . J er emie Roland Universit e Libre de Bruxelles Quantum Information & Communication J er emie Roland (ULB - QuIC) Quantum walks Grenoble, Novembre 2012 1 / 39 Outline

564 views • 29 slides
Quantum Algorithms for Quantum Field Theories Stephen Jordan Joint work with Keith Lee John

Quantum Algorithms for Quantum Field Theories Stephen Jordan Joint work with Keith Lee John

Quantum Algorithms for Quantum Field Theories Stephen Jordan Joint work with Keith Lee John Preskill [arXiv:1111.3633 and 1112.4833] Feb 21, 2012 Quantum Mechanics Each state of the system is a basis vector. | dead i | alive i A general

672 views • 36 slides
Quantum algorithms Daniel J. Bernstein Quantum algorithm means an algorithm that a

Quantum algorithms Daniel J. Bernstein Quantum algorithm means an algorithm that a

1 Quantum algorithms Daniel J. Bernstein Quantum algorithm means an algorithm that a quantum computer can run. i.e. a sequence of instructions, where each instruction is in a quantum computers supported instruction set. How do we

1.53k views • 135 slides
Summary: * Why quantum for computers? * Logic gates and algorithms * Manipulating quantum

Summary: * Why quantum for computers? * Logic gates and algorithms * Manipulating quantum

Elements of quantum information processing and quantum computers (with trapped ion examples) D. J. Wineland, Dept. of Physics, U Oregon, Eugene, OR; & Research Associate, NIST, Boulder, CO Summary: * Why quantum for computers? *

742 views • 42 slides
Trapdoor simulation Algorithms in CS courses of quantum algorithms WHAT is your algorithm?

Trapdoor simulation Algorithms in CS courses of quantum algorithms WHAT is your algorithm?

Trapdoor simulation Algorithms in CS courses of quantum algorithms WHAT is your algorithm? Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Joint work with: Tung Chou Technische

922 views • 70 slides
Parton Showers and Matching/Merging Lecture 2 of 2: Matching/Merging & Non-Perturbative

Parton Showers and Matching/Merging Lecture 2 of 2: Matching/Merging & Non-Perturbative

Parton Showers and Matching/Merging Lecture 2 of 2: Matching/Merging & Non-Perturbative Corrections (Hadron Decays) Hadronisation Parton Shower Matching & Merging Hard process Peter Skands (Monash University) Feynrules/Madgraph

698 views • 27 slides
Efficient L 1 -Based Probability Assessments Correction: Algorithms and Applications to Belief

Efficient L 1 -Based Probability Assessments Correction: Algorithms and Applications to Belief

Introduction Correction Merging and revision Efficient L 1 -Based Probability Assessments Correction: Algorithms and Applications to Belief Merging and Revision Marco Baioletti, Andrea Capotorti Dipartimento di Matematica e Informatica

417 views • 19 slides
Composite GUTs: model building and expectations at the LHC M. Frigerio J. Serra A. Varagnolo

Composite GUTs: model building and expectations at the LHC M. Frigerio J. Serra A. Varagnolo

Motivations and Intro Model Building Some phenomenology Summary Composite GUTs: model building and expectations at the LHC M. Frigerio J. Serra A. Varagnolo based on 1103.2997 [hep-ph], JHEP 1106:029,2011 Supersymmetry 2011, Fermilab

649 views • 36 slides
ERROR DETECTON & CORRECTION Error Detection EDC= Error Detection and Correction bits

ERROR DETECTON & CORRECTION Error Detection EDC= Error Detection and Correction bits

ERROR DETECTON & CORRECTION Error Detection EDC= Error Detection and Correction bits (redundancy) D = Data protected by error checking, may include header fields Error detection not 100% reliable! protocol may miss some errors,

320 views • 18 slides
Web Services & Axis2 Architecture & Tutorial Ing. Buda Claudio claudio.buda@unibo.it

Web Services & Axis2 Architecture & Tutorial Ing. Buda Claudio claudio.buda@unibo.it

Web Services & Axis2 Architecture & Tutorial Ing. Buda Claudio claudio.buda@unibo.it 2nd Engineering Faculty University of Bologna June 2007 Axis from SOAP Apache Axis is an implementation of the SOAP ("Simple Object Access

406 views • 27 slides
Tutorial on Web Services HY559 Infrastructure Technologies for Large- Scale Service-Oriented

Tutorial on Web Services HY559 Infrastructure Technologies for Large- Scale Service-Oriented

Tutorial on Web Services HY559 Infrastructure Technologies for Large- Scale Service-Oriented Systems Jason Polakis polakis@csd.uoc.gr Required Software Eclipse IDE for Java developers EE http://www.eclipse.org/downloads/ Netbeans IDE

405 views • 26 slides
The Simplex Method Marco Chiarandini Department of Mathematics & Computer Science University

The Simplex Method Marco Chiarandini Department of Mathematics & Computer Science University

DM545 Linear and Integer Programming Lecture 2 The Simplex Method Marco Chiarandini Department of Mathematics & Computer Science University of Southern Denmark Introduction Solving LP Problems Outline Preliminaries 1. Introduction

733 views • 48 slides
Construction of Quantum Subspace Codes of the Simplex Type for Quantum Network Coding Gabriella

Construction of Quantum Subspace Codes of the Simplex Type for Quantum Network Coding Gabriella

Construction of Quantum Subspace Codes of the Simplex Type for Quantum Network Coding Gabriella Akemi Miyamoto Joint work with Wanessa Gazzoni and Reginaldo Palazzo Jr. July 27, 2018 Contents I 1 Mathematical Concepts 2 Construction of Simplex

288 views • 28 slides
Lattice simplices of maximal dimension with a given degree Akihiro Higashitani (Kyoto Sangyo

Lattice simplices of maximal dimension with a given degree Akihiro Higashitani (Kyoto Sangyo

Lattice simplices of maximal dimension with a given degree Akihiro Higashitani (Kyoto Sangyo University) Einstein Workshop on Lattice Polytopes at Berlin 1216 Dec. 2016 1 Contents 1. Introduction to Cayley Conjecture and Nills bound 2.

440 views • 26 slides
Linear codes and Betti numbers of Stanley-Reisner rings associated to matroids. Based on parts

Linear codes and Betti numbers of Stanley-Reisner rings associated to matroids. Based on parts

Linear codes and Betti numbers of Stanley-Reisner rings associated to matroids. Based on parts of joint work with Jan N. Roksvold and H. Verdure Trygve Johnsen Department of Mathematics and Statistics December 3, 2013 Content 1 Matroids -

1.69k views • 144 slides

More recommend