Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
169 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Quantum Complexity for Discrete Logarithms and Related Problems (2307.03065v2)

Published 6 Jul 2023 in quant-ph and cs.CR

Abstract: This paper studies the quantum computational complexity of the discrete logarithm (DL) and related group-theoretic problems in the context of generic algorithms -- that is, algorithms that do not exploit any properties of the group encoding. We establish a generic model of quantum computation for group-theoretic problems, which we call the quantum generic group model. Shor's algorithm for the DL problem and related algorithms can be described in this model. We show the quantum complexity lower bounds and almost matching algorithms of the DL and related problems in this model. More precisely, we prove the following results for a cyclic group $G$ of prime order. - Any generic quantum DL algorithm must make $\Omega(\log |G|)$ depth of group operations. This shows that Shor's algorithm is asymptotically optimal among the generic quantum algorithms, even considering parallel algorithms. - We observe that variations of Shor's algorithm can take advantage of classical computations to reduce the number of quantum group operations. We introduce a model for generic hybrid quantum-classical algorithms and show that these algorithms are almost optimal in this model. Any generic hybrid algorithm for the DL problem with a total number of group operations $Q$ must make $\Omega(\log |G|/\log Q)$ quantum group operations of depth $\Omega(\log\log |G| - \log\log Q)$. - When the quantum memory can only store $t$ group elements and use quantum random access memory of $r$ group elements, any generic hybrid algorithm must make either $\Omega(\sqrt{|G|})$ group operations in total or $\Omega(\log |G|/\log (tr))$ quantum group operations. As a side contribution, we show a multiple DL problem admits a better algorithm than solving each instance one by one, refuting a strong form of the quantum annoying property suggested in the context of password-authenticated key exchange protocol.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (53)
  1. Scott Aaronson. Ten semi-grand challenges for quantum computing theory, July 2005.
  2. Quantum depth in the random oracle model. arXiv preprint arXiv:2210.06454, to appear at STOC 2023, 2022.
  3. On the need for large quantum depth. J. ACM, 70(1):6:1–6:38, 2023.
  4. Constructing elliptic curve isogenies in quantum subexponential time. J. Math. Cryptol., 8(1):1–29, 2014.
  5. CSIDH: an efficient post-quantum commutative group action. In Thomas Peyrin and Steven D. Galbraith, editors, Advances in Cryptology - ASIACRYPT 2018 - 24th International Conference on the Theory and Application of Cryptology and Information Security, Brisbane, QLD, Australia, December 2-6, 2018, Proceedings, Part III, volume 11274 of Lecture Notes in Computer Science, pages 395–427. Springer, 2018.
  6. Computations with greater quantum depth are strictly more powerful (relative to an oracle). In Konstantin Makarychev, Yury Makarychev, Madhur Tulsiani, Gautam Kamath, and Julia Chuzhoy, editors, Proccedings of the 52nd Annual ACM SIGACT Symposium on Theory of Computing, STOC 2020, Chicago, IL, USA, June 22-26, 2020, pages 889–901. ACM, 2020.
  7. Jean-Marc Couveignes. Hard homogeneous spaces. Cryptology ePrint Archive, Paper 2006/291, 2006. https://eprint.iacr.org/2006/291.
  8. Fast parallel circuits for the quantum Fourier transform. In Proceedings 41st Annual Symposium on Foundations of Computer Science, pages 526–536. IEEE, 2000.
  9. Adaptive versus static multi-oracle algorithms, and quantum security of a split-key PRF. In Eike Kiltz and Vinod Vaikuntanathan, editors, Theory of Cryptography - 20th International Conference, TCC 2022, Chicago, IL, USA, November 7-10, 2022, Proceedings, Part I, volume 13747 of Lecture Notes in Computer Science, pages 33–51. Springer, 2022.
  10. New directions in cryptography. IEEE Trans. Inf. Theory, 22(6):644–654, 1976.
  11. Generic models for group actions. Cryptology ePrint Archive, Paper 2023/186, to appear at PKC 2023, 2023. https://eprint.iacr.org/2023/186.
  12. On quantum algorithms for noncommutative hidden subgroups. Adv. Appl. Math., 25(3):239–251, 2000.
  13. Quantum algorithms for computing short discrete logarithms and factoring RSA integers. In Tanja Lange and Tsuyoshi Takagi, editors, Post-Quantum Cryptography - 8th International Workshop, PQCrypto 2017, Utrecht, The Netherlands, June 26-28, 2017, Proceedings, volume 10346 of Lecture Notes in Computer Science, pages 347–363. Springer, 2017.
  14. The quantum query complexity of the hidden subgroup problem is polynomial. Inf. Process. Lett., 91(1):43–48, 2004.
  15. Martin Ekerå. Revisiting Shor’s quantum algorithm for computing general discrete logarithms. arXiv preprint arXiv:1905.09084, 2019.
  16. Martin Ekerå. Quantum algorithms for computing general discrete logarithms and orders with tradeoffs. J. Math. Cryptol., 15(1):359–407, 2021.
  17. The "quantum annoying" property of password-authenticated key exchange protocols. In Jung Hee Cheon and Jean-Pierre Tillich, editors, Post-Quantum Cryptography - 12th International Workshop, PQCrypto 2021, Daejeon, South Korea, July 20-22, 2021, Proceedings, volume 12841 of Lecture Notes in Computer Science, pages 154–173. Springer, 2021.
  18. Taher El Gamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory, 31(4):469–472, 1985.
  19. How to factor 2048 bit RSA integers in 8 hours using 20 million noisy qubits. Quantum, 5:433, 2021.
  20. Craig Gidney. Windowed quantum arithmetic. arXiv preprint arXiv:1905.07682, 2019.
  21. Improved quantum circuits for elliptic curve discrete logarithms. In Jintai Ding and Jean-Pierre Tillich, editors, Post-Quantum Cryptography - 11th International Conference, PQCrypto 2020, Paris, France, April 15-17, 2020, Proceedings, volume 12100 of Lecture Notes in Computer Science, pages 425–444. Springer, 2020.
  22. Quantum-classical tradeoffs in the random oracle model. arXiv preprint arXiv:2211.12954, 2022.
  23. Limitations of quantum coset states for graph isomorphism. J. ACM, 57(6):34:1–34:33, 2010.
  24. Normal subgroup reconstruction and quantum computation using group representations. In F. Frances Yao and Eugene M. Luks, editors, Proceedings of the Thirty-Second Annual ACM Symposium on Theory of Computing, May 21-23, 2000, Portland, OR, USA, pages 627–635. ACM, 2000.
  25. Quantum fan-out is powerful. Theory Comput., 1(1):81–103, 2005.
  26. Richard Jozsa. An introduction to measurement based quantum computation. NATO Science Series, III: Computer and Systems Sciences. Quantum Information Processing-From Theory to Experiment, 199:137–158, 2006.
  27. General linear group action on tensors: A candidate for post-quantum cryptography. In Dennis Hofheinz and Alon Rosen, editors, Theory of Cryptography - 17th International Conference, TCC 2019, Nuremberg, Germany, December 1-5, 2019, Proceedings, Part I, volume 11891 of Lecture Notes in Computer Science, pages 251–281. Springer, 2019.
  28. On the equivalence of generic group models. In Provable Security: Second International Conference, ProvSec 2008, Shanghai, China, October 30-November 1, 2008. Proceedings 2, pages 200–209. Springer, 2008.
  29. Burton S. Kaliski Jr. A quantum "magic box" for the discrete logarithm problem. Cryptology ePrint Archive, Paper 2017/745, 2017. http://eprint.iacr.org/2017/745.
  30. Alexei Y. Kitaev. Quantum measurements and the abelian stabilizer problem. Electron. Colloquium Comput. Complex., TR96-003, 1996.
  31. Random walks revisited: Extensions of Pollard’s Rho algorithm for computing multiple discrete logarithms. In Serge Vaudenay and Amr M. Youssef, editors, Selected Areas in Cryptography, 8th Annual International Workshop, SAC 2001 Toronto, Ontario, Canada, August 16-17, 2001, Revised Papers, volume 2259 of Lecture Notes in Computer Science, pages 212–229. Springer, 2001.
  32. Greg Kuperberg. A subexponential-time quantum algorithm for the dihedral hidden subgroup problem. SIAM J. Comput., 35(1):170–188, 2005.
  33. Ueli M. Maurer. Abstract models of computation in cryptography. In Nigel P. Smart, editor, Cryptography and Coding, 10th IMA International Conference, Cirencester, UK, December 19-21, 2005, Proceedings, volume 3796 of Lecture Notes in Computer Science, pages 1–12. Springer, 2005.
  34. The hidden subgroup problem and eigenvalue estimation on a quantum computer. In Colin P. Williams, editor, Quantum Computing and Quantum Communications, First NASA International Conference, QCQC’98, Palm Springs, California, USA, February 17-20, 1998, Selected Papers, volume 1509 of Lecture Notes in Computer Science, pages 174–188. Springer, 1998.
  35. Unifying generic group models. Cryptology ePrint Archive, Paper 2020/996, 2020. https://eprint.iacr.org/2020/996.
  36. The symmetric group defies strong fourier sampling. SIAM J. Comput., 37(6):1842–1864, 2008.
  37. Full quantum equivalence of group action DLog and CDH, and more. In Advances in Cryptology–ASIACRYPT 2022: 28th International Conference on the Theory and Application of Cryptology and Information Security, Taipei, Taiwan, December 5–9, 2022, Proceedings, Part I, pages 3–32. Springer, 2023.
  38. Chris Peikert. He gives c-sieves on the CSIDH. In Anne Canteaut and Yuval Ishai, editors, Advances in Cryptology - EUROCRYPT 2020 - 39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, May 10-14, 2020, Proceedings, Part II, volume 12106 of Lecture Notes in Computer Science, pages 463–492. Springer, 2020.
  39. Fast quantum modular exponentiation architecture for Shor’s factoring algorithm. Quantum Inf. Comput., 14(7-8):649–682, 2014.
  40. Nicholas Pippenger. On the evaluation of powers and monomials. SIAM Journal on Computing, 9(2):230–250, 1980.
  41. Shor’s discrete logarithm quantum algorithm for elliptic curves. Quantum Inf. Comput., 3(4):317–344, 2003.
  42. Oded Regev. Quantum computation and lattice problems. SIAM J. Comput., 33(3):738–760, 2004.
  43. Quantum resource estimates for computing elliptic curve discrete logarithms. In Tsuyoshi Takagi and Thomas Peyrin, editors, Advances in Cryptology - ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China, December 3-7, 2017, Proceedings, Part II, volume 10625 of Lecture Notes in Computer Science, pages 241–270. Springer, 2017.
  44. Ansis Rosmanis. Hybrid quantum-classical search algorithms. arXiv preprint arXiv:2202.11443, 2022.
  45. Public-key cryptosystem based on isogenies. Cryptology ePrint Archive, Paper 2006/145, 2006. https://eprint.iacr.org/2006/145.
  46. A quantum circuit to find discrete logarithms on ordinary binary elliptic curves in depth O⁢(log2⁡n)𝑂superscript2𝑛{O}(\log^{2}n)italic_O ( roman_log start_POSTSUPERSCRIPT 2 end_POSTSUPERSCRIPT italic_n ). Quantum Inf. Comput., 14(9-10):888–900, 2014.
  47. Depth efficient neural networks for division and related problems. IEEE Trans. Inf. Theory, 39(3):946–956, 1993.
  48. Peter W Shor. Algorithms for quantum computation: discrete logarithms and factoring. In Proceedings 35th annual symposium on foundations of computer science, pages 124–134. Ieee, 1994.
  49. Victor Shoup. Lower bounds for discrete logarithms and related problems. In International Conference on the Theory and Applications of Cryptographic Techniques, pages 256–266. Springer, 1997.
  50. Steve Thomas. Re: [Cfrg] proposed PAKE selection process. CFRG Mailing list, June 2019.
  51. Aaram Yun. Generic hardness of the multiple discrete logarithm problem. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 817–836. Springer, 2015.
  52. Mark Zhandry. Redeeming reset indifferentiability and applications to post-quantum security. In Mehdi Tibouchi and Huaxiong Wang, editors, Advances in Cryptology - ASIACRYPT 2021 - 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6-10, 2021, Proceedings, Part I, volume 13090 of Lecture Notes in Computer Science, pages 518–548. Springer, 2021.
  53. Mark Zhandry. To label, or not to label (in generic groups). In Yevgeniy Dodis and Thomas Shrimpton, editors, Advances in Cryptology - CRYPTO 2022 - 42nd Annual International Cryptology Conference, CRYPTO 2022, Santa Barbara, CA, USA, August 15-18, 2022, Proceedings, Part III, volume 13509 of Lecture Notes in Computer Science, pages 66–96. Springer, 2022.
Citations (5)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now