scholarly journals Mildly Short Vectors in Cyclotomic Ideal Lattices in Quantum Polynomial Time

2021 ◽  
Vol 68 (2) ◽  
pp. 1-26
Author(s):  
Ronald Cramer ◽  
Léo Ducas ◽  
Benjamin Wesolowski
Keyword(s):  
Polynomial Time ◽  
Ideal Lattices ◽  
Quantum Polynomial

scholarly journals An algorithm for NTRU problems and cryptanalysis of the GGH multilinear map without a low-level encoding of zero

2016 ◽  
Vol 19 (A) ◽  
pp. 255-266 ◽  
Author(s):  
Jung Hee Cheon ◽  
Jinhyuck Jeong ◽  
Changmin Lee
Keyword(s):  
Polynomial Time ◽  
Euclidean Norm ◽  
Low Level ◽  
Ideal Lattices ◽  
Security Parameter ◽  
Main Technique ◽  
Multilinear Maps ◽  
Multilinear Map

Let$\mathbf{f}$and$\mathbf{g}$be polynomials of a bounded Euclidean norm in the ring$\mathbb{Z}[X]/\langle X^{n}+1\rangle$. Given the polynomial$[\mathbf{f}/\mathbf{g}]_{q}\in \mathbb{Z}_{q}[X]/\langle X^{n}+1\rangle$, the NTRU problem is to find$\mathbf{a},\mathbf{b}\in \mathbb{Z}[X]/\langle X^{n}+1\rangle$with a small Euclidean norm such that$[\mathbf{a}/\mathbf{b}]_{q}=[\mathbf{f}/\mathbf{g}]_{q}$. We propose an algorithm to solve the NTRU problem, which runs in$2^{O(\log ^{2}\unicode[STIX]{x1D706})}$time when$\Vert \mathbf{g}\Vert ,\Vert \mathbf{f}\Vert$, and$\Vert \mathbf{g}^{-1}\Vert$are within some range. The main technique of our algorithm is the reduction of a problem on a field to one on a subfield. The GGH scheme, the first candidate of an (approximate) multilinear map, was recently found to be insecure by the Hu–Jia attack using low-level encodings of zero, but no polynomial-time attack was known without them. In the GGH scheme without low-level encodings of zero, our algorithm can be directly applied to attack this scheme if we have some top-level encodings of zero and a known pair of plaintext and ciphertext. Using our algorithm, we can construct a level-$0$encoding of zero and utilize it to attack a security ground of this scheme in the quasi-polynomial time of its security parameter using the parameters suggested by Garg, Gentry and Halevi [‘Candidate multilinear maps from ideal lattices’,Advances in cryptology — EUROCRYPT 2013(Springer, 2013) 1–17].

scholarly journals Merlin-Arthur with efficient quantum Merlin and quantum supremacy for the second level of the Fourier hierarchy

Quantum ◽  
2018 ◽  
Vol 2 ◽  
pp. 106 ◽  
Author(s):  
Tomoyuki Morimae ◽  
Yuki Takeuchi ◽  
Harumichi Nishimura
Keyword(s):  
Quantum Computing ◽  
Polynomial Time ◽  
Probability Distributions ◽  
Quantum Circuits ◽  
Universal Models ◽  
Reversible Circuit ◽  
Universal Quantum ◽  
Quantum Polynomial ◽  
Output Probability ◽  
Probabilistic Polynomial Time

We introduce a simple sub-universal quantum computing model, which we call the Hadamard-classical circuit with one-qubit (HC1Q) model. It consists of a classical reversible circuit sandwiched by two layers of Hadamard gates, and therefore it is in the second level of the Fourier hierarchy. We show that output probability distributions of the HC1Q model cannot be classically efficiently sampled within a multiplicative error unless the polynomial-time hierarchy collapses to the second level. The proof technique is different from those used for previous sub-universal models, such as IQP, Boson Sampling, and DQC1, and therefore the technique itself might be useful for finding other sub-universal models that are hard to classically simulate. We also study the classical verification of quantum computing in the second level of the Fourier hierarchy. To this end, we define a promise problem, which we call the probability distribution distinguishability with maximum norm (PDD-Max). It is a promise problem to decide whether output probability distributions of two quantum circuits are far apart or close. We show that PDD-Max is BQP-complete, but if the two circuits are restricted to some types in the second level of the Fourier hierarchy, such as the HC1Q model or the IQP model, PDD-Max has a Merlin-Arthur system with quantum polynomial-time Merlin and classical probabilistic polynomial-time Arthur.

Quantum polynomial-time fixed-point attack for RSA

2018 ◽  
Vol 15 (2) ◽  
pp. 25-32 ◽  
Author(s):  
Yahui Wang ◽  
Huanguo Zhang ◽  
Houzhen Wang
Keyword(s):  
Fixed Point ◽  
Polynomial Time ◽  
Quantum Polynomial

scholarly journals EXACT NON-IDENTITY CHECK IS NQP-COMPLETE

2010 ◽  
Vol 08 (05) ◽  
pp. 807-819
Author(s):  
YU TANAKA
Keyword(s):  
Computational Complexity ◽  
Polynomial Time ◽  
Decision Problem ◽  
Quantum Circuit ◽  
Quantum Circuits ◽  
Quantum Gates ◽  
Unitary Operation ◽  
Classical Description ◽  
Quantum Polynomial ◽  
Equivalence Check

To understand quantum gate array complexity, we define a problem named exact non-identity check, which is a decision problem to determine whether a given classical description of a quantum circuit is strictly equivalent to the identity or not. We show that the computational complexity of this problem is non-deterministic quantum polynomial-time (NQP)-complete. As corollaries, it is derived that exact non-equivalence check of two given classical descriptions of quantum circuits is also NQP-complete and that minimizing the number of quantum gates for a given quantum circuit without changing the implemented unitary operation is NQP-hard.

scholarly journals Quantum Algorithm for Attacking RSA Based on Fourier Transform and Fixed-Point

2021 ◽  
Vol 26 (6) ◽  
pp. 489-494
Author(s):  
Yahui WANG ◽  
Huanguo ZHANG
Keyword(s):  
Fixed Point ◽  
Polynomial Time ◽  
Multiplicative Group ◽  
Success Probability ◽  
Quantum Algorithm ◽  
Polynomial Time Algorithm ◽  
Time Algorithm ◽  
Rsa Cryptosystem ◽  
Shor's Algorithm ◽  
Quantum Polynomial

Shor in 1994 proposed a quantum polynomial-time algorithm for finding the order r of an element a in the multiplicative group Zn*, which can be used to factor the integer n by computing [see formula in PDF]and hence break the famous RSA cryptosystem. However, the order r must be even. This restriction can be removed. So in this paper, we propose a quantum polynomial-time fixed-point attack for directly recovering the RSA plaintext M from the ciphertext C, without explicitly factoring the modulus n. Compared to Shor’s algorithm, the order r of the fixed-point C for RSA(e, n) satisfying [see formula in PDF] does not need to be even. Moreover, the success probability of the new algorithm is at least [see formula in PDF] and higher than that of Shor’s algorithm, though the time complexity for both algorithms is about the same.

scholarly journals Almost-Everywhere Superiority for Quantum Polynomial Time

2002 ◽  
Vol 175 (2) ◽  
pp. 171-181 ◽  
Author(s):  
Edith Hemaspaandra ◽  
Lane A. Hemaspaandra ◽  
Marius Zimand
Keyword(s):  
Polynomial Time ◽  
Almost Everywhere ◽  
Quantum Polynomial
Sign in / Sign up

Export Citation Format

Share Document