Results 1  10
of
44
A subexponentialtime quantum algorithm for the dihedral hidden subgroup problem
, 2003
"... Abstract. We present a quantum algorithm for the dihedral hidden subgroup problem (DHSP) with time and query complexity 2O(√log N). In this problem an oracle computes a function f on the dihedral group DN which is invariant under a hidden reflection in DN. By contrast, the classical query complexity ..."
Abstract

Cited by 55 (0 self)
 Add to MetaCart
Abstract. We present a quantum algorithm for the dihedral hidden subgroup problem (DHSP) with time and query complexity 2O(√log N). In this problem an oracle computes a function f on the dihedral group DN which is invariant under a hidden reflection in DN. By contrast, the classical query complexity of DHSP is O ( √ N). The algorithm also applies to the hidden shift problem for an arbitrary finitely generated abelian group. The algorithm begins as usual with a quantum character transform, which in the case of DN is essentially the abelian quantum Fourier transform. This yields the name of a group representation of DN, which is not by itself useful, and a state in the representation, which is a valuable but indecipherable qubit. The algorithm proceeds by repeatedly pairing two unfavorable qubits to make a new qubit in a more favorable representation of DN. Once the algorithm obtains certain target representations, direct measurements reveal the hidden subgroup.
New lattice based cryptographic constructions
 In Proceedings of the 35th ACM Symposium on Theory of Computing
, 2003
"... We introduce the use of Fourier analysis on lattices as an integral part of a lattice based construction. The tools we develop provide an elegant description of certain Gaussian distributions around lattice points. Our results include two cryptographic constructions that are based on the worstcase ..."
Abstract

Cited by 38 (6 self)
 Add to MetaCart
We introduce the use of Fourier analysis on lattices as an integral part of a lattice based construction. The tools we develop provide an elegant description of certain Gaussian distributions around lattice points. Our results include two cryptographic constructions that are based on the worstcase hardness of the unique shortest vector problem. The main result is a new public key cryptosystem whose security guarantee is considerably stronger than previous results (O(n 1.5) instead of O(n 7)). This provides the first alternative to Ajtai and Dwork’s original 1996 cryptosystem. Our second result is a family of collision resistant hash functions with an improved security guarantee in terms of the unique shortest vector problem. Surprisingly, both results are derived from one theorem that presents two indistinguishable distributions on the segment [0, 1). It seems that this theorem can have further applications; as an example, we use it to solve an open problem in quantum computation related to the dihedral hidden subgroup problem. 1
Hidden translation and orbit coset in quantum computing
 In Proc. 35th ACM STOC
, 2003
"... We give efficient quantum algorithms for the problems of Hidden Translation and Hidden Subgroup in a large class of nonabelian solvable groups including solvable groups of constant exponent and of constant length derived series. Our algorithms are recursive. For the base case, we solve efficiently ..."
Abstract

Cited by 38 (6 self)
 Add to MetaCart
We give efficient quantum algorithms for the problems of Hidden Translation and Hidden Subgroup in a large class of nonabelian solvable groups including solvable groups of constant exponent and of constant length derived series. Our algorithms are recursive. For the base case, we solve efficiently Hidden Translation in Z n p, whenever p is a fixed prime. For the induction step, we introduce the problem Orbit Coset generalizing both Hidden Translation and Hidden Subgroup, and prove a powerful selfreducibility result: Orbit Coset in a finite group G is reducible to Orbit Coset in G/N and subgroups of N, for any solvable normal subgroup N of G. Our selfreducibility framework combined with Kuperberg’s subexponential quantum algorithm for solving Hidden Translation in any abelian group, leads to subexponential quantum algorithms for Hidden Translation and Hidden Subgroup in any solvable group. 1
Latticebased Cryptography
, 2008
"... In this chapter we describe some of the recent progress in latticebased cryptography. Latticebased cryptographic constructions hold a great promise for postquantum cryptography, as they enjoy very strong security proofs based on worstcase hardness, relatively efficient implementations, as well a ..."
Abstract

Cited by 36 (5 self)
 Add to MetaCart
In this chapter we describe some of the recent progress in latticebased cryptography. Latticebased cryptographic constructions hold a great promise for postquantum cryptography, as they enjoy very strong security proofs based on worstcase hardness, relatively efficient implementations, as well as great simplicity. In addition, latticebased cryptography is believed to be secure against quantum computers. Our focus here
The symmetric group defies strong Fourier sampling
, 2005
"... We resolve the question of whether Fourier sampling can efficiently solve the hidden subgroup problem. Specifically, we show that the hidden subgroup problem over the symmetric group cannot be efficiently solved by strong Fourier sampling, even if one may perform an arbitrary POVM on the coset state ..."
Abstract

Cited by 27 (10 self)
 Add to MetaCart
We resolve the question of whether Fourier sampling can efficiently solve the hidden subgroup problem. Specifically, we show that the hidden subgroup problem over the symmetric group cannot be efficiently solved by strong Fourier sampling, even if one may perform an arbitrary POVM on the coset state. These results apply to the special case relevant to the Graph Isomorphism problem. 1 Introduction: the hidden subgroup problem Many problems of interest in quantum computing can be reduced to an instance of the Hidden Subgroup Problem (HSP). We are given a group G and a function f with the promise that, for some subgroup H ⊆ G, f is invariant precisely under translation by H: that is, f is constant on the cosets of H and takes distinct values on distinct cosets. We then wish to determine the subgroup H by querying f.
On the impossibility of a quantum sieve algorithm for Graph Isomorphism
, 2006
"... ABSTRACT. It is known that any quantum algorithm for Graph Isomorphism that works within the framework of the hidden subgroup problem (HSP) must perform highly entangled measurements across Ω(n log n) coset states. One of the only known models for how such a measurement could be carried out efficien ..."
Abstract

Cited by 16 (2 self)
 Add to MetaCart
ABSTRACT. It is known that any quantum algorithm for Graph Isomorphism that works within the framework of the hidden subgroup problem (HSP) must perform highly entangled measurements across Ω(n log n) coset states. One of the only known models for how such a measurement could be carried out efficiently is Kuperberg’s algorithm for the HSP in the dihedral group, in which quantum states are adaptively combined and measured according to the decomposition of tensor products into irreducible representations. This “quantum sieve ” starts with coset states, and works its way down towards representations whose probabilities differ depending on, for example, whether the hidden subgroup is trivial or nontrivial. In this paper we show that no such approach can produce a polynomialtime quantum algorithm for Graph Isomorphism. Specifically, we consider the natural reduction of Graph Isomorphism to the HSP over the the wreath product Sn ≀ Z2. Using a recently proved bound on the irreducible characters of Sn, we show that no algorithm in this family can solve Graph Isomorphism in less than e Ω( √ n) time, no matter what adaptive rule it uses to select and combine quantum states. In particular, algorithms of this type can offer essentially no improvement over the best known classical algorithms, which run in time e O( √ nlog n) 1.
A lattice problem in quantum NP
 In Proc. 44th IEEE Symposium on Foundations of Computer Science
, 2003
"... We consider coGapSV P √ n, a gap version of the shortest vector in a lattice problem. This problem is known to be in AM∩coNP but is not known to be in NP or in MA. We prove that it lies inside QMA, the quantum analogue of NP. This is the first nontrivial upper bound on the quantum complexity of a l ..."
Abstract

Cited by 14 (2 self)
 Add to MetaCart
We consider coGapSV P √ n, a gap version of the shortest vector in a lattice problem. This problem is known to be in AM∩coNP but is not known to be in NP or in MA. We prove that it lies inside QMA, the quantum analogue of NP. This is the first nontrivial upper bound on the quantum complexity of a lattice problem. The proof relies on two novel ideas. First, we give a new characterization of QMA, called QMA+. Working with the QMA+ formulation allows us to circumvent a problem which arises commonly in the context of QMA: the prover might use entanglement between different copies of the same state in order to cheat. The second idea involves using estimations of autocorrelation functions for verification. We make the important observation that autocorrelation functions are positive definite functions and using properties of such functions we severely restrict the prover’s possibility to cheat. We hope that these ideas will lead to further developments in the field. 1
A subexponential time algorithm for the dihedral hidden subgroup problem with polynomial space, 2004. arXiv, quantph/0406151. [Sho94a
 In S. Goldwasser, Ed., Proceedings of the 35th Annual Symposium on the Foundations of Computer Science
, 1994
"... In a recent paper, Kuperberg described the first subexponential time algorithm for solving the dihedral hidden subgroup problem. The space requirement of his algorithm is superpolynomial. We describe a modified algorithm whose running time is still subexponential and whose space requirement is only ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
In a recent paper, Kuperberg described the first subexponential time algorithm for solving the dihedral hidden subgroup problem. The space requirement of his algorithm is superpolynomial. We describe a modified algorithm whose running time is still subexponential and whose space requirement is only polynomial. 1
Shor’s algorithm is optimal
, 2004
"... We show that the ‘standard ’ quantum algorithm for the abelian hidden subgroup problem is not only efficient but is optimal in the information theoretic sense, in that it maximizes the probability of correctly identifying the hidden subgroup. The proof uses semidefinite programming to show that the ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
We show that the ‘standard ’ quantum algorithm for the abelian hidden subgroup problem is not only efficient but is optimal in the information theoretic sense, in that it maximizes the probability of correctly identifying the hidden subgroup. The proof uses semidefinite programming to show that the standard algorithm implements the optimal set of measurements. The arguments break down for the nonabelian hidden subgroup problem, and for the special case of the dihedral group, we give explicit expressions for the optimal measurement to distinguish between the subgroups given one random coset state. This measurement cannot be expressed in terms of the Fourier basis, which suggests that to find a quantum algorithm for the nonabelian hidden subgroup problem we may have to look beyond the Fourier transform. 1
For distinguishing conjugate hidden subgroups, the pretty good measurement is as good as it gets
"... Recently Bacon, Childs and van Dam showed that the “pretty good measurement ” (PGM) is optimal for the Hidden Subgroup Problem on the dihedral group Dn in the case where the hidden subgroup is chosen uniformly from the n involutions. We show that, for any group and any subgroup H, the PGM is the opt ..."
Abstract

Cited by 11 (6 self)
 Add to MetaCart
Recently Bacon, Childs and van Dam showed that the “pretty good measurement ” (PGM) is optimal for the Hidden Subgroup Problem on the dihedral group Dn in the case where the hidden subgroup is chosen uniformly from the n involutions. We show that, for any group and any subgroup H, the PGM is the optimal oneregister experiment in the case where the hidden subgroup is a uniformly random conjugate of H. We go on to show that when H forms a Gel’fand pair with its parent group, the PGM is the optimal measurement for any number of registers. In both cases we bound the probability that the optimal measurement succeeds. This generalizes the case of the dihedral group, and includes a number of other examples of interest. 1 The Hidden Conjugate Problem Consider the following special case of the Hidden Subgroup Problem, called the Hidden Conjugate Problem in [16]. Let G be a group, and H a nonnormal subgroup of G; denote conjugates of H as H g = g −1 Hg. Then we are promised that the hidden subgroup is H g for some g, and our goal is to find out which one. The usual approach is to prepare a uniform superposition over the group, entangle the group element with a second register by calculating or querying the oracle function, and then measure the oracle function. This yields a uniform superposition over a random left coset of the hidden subgroup, cH g 〉 = 1 ∑ √ ch 〉. H Rather than viewing this as a pure state where c is random, we may treat this as a classical mixture over left cosets, giving the mixed state with density matrix ρg = 1 ∑ cH G g 〉 〈cH g . (1.1) c∈G We then wish to find a positive operatorvalued measurement (POVM) to identify g. A POVM consists of a set of positive measurement operators {Ei} that obey the completeness condition Ei = 1. (1.2)