Results 1  10
of
25
Succinct Quantum Proofs for Properties of Finite Groups
 In Proc. IEEE FOCS
, 2000
"... In this paper we consider a quantum computational variant of nondeterminism based on the notion of a quantum proof, which is a quantum state that plays a role similar to a certificate in an NPtype proof. Specifically, we consider quantum proofs for properties of blackbox groups, which are finite g ..."
Abstract

Cited by 63 (3 self)
 Add to MetaCart
In this paper we consider a quantum computational variant of nondeterminism based on the notion of a quantum proof, which is a quantum state that plays a role similar to a certificate in an NPtype proof. Specifically, we consider quantum proofs for properties of blackbox groups, which are finite groups whose elements are encoded as strings of a given length and whose group operations are performed by a group oracle. We prove that for an arbitrary group oracle there exist succinct (polynomiallength) quantum proofs for the Group NonMembership problem that can be checked with small error in polynomial time on a quantum computer. Classically this is impossibleit is proved that there exists a group oracle relative to which this problem does not have succinct proofs that can be checked classically with bounded error in polynomial time (i.e., the problem is not in MA relative to the group oracle constructed). By considering a certain subproblem of the Group NonMembership problem we obtain a simple proof that there exists an oracle relative to which BQP is not contained in MA. Finally, we show that quantum proofs for nonmembership and classical proofs for various other group properties can be combined to yield succinct quantum proofs for other group properties not having succinct proofs in the classical setting, such as verifying that a number divides the order of a group and verifying that a group is not a simple group.
A polynomialtime theory of blackbox groups I
, 1998
"... We consider the asymptotic complexity of algorithms to manipulate matrix groups over finite fields. Groups are given by a list of generators. Some of the rudimentary tasks such as membership testing and computing the order are not expected to admit polynomialtime solutions due to number theoretic o ..."
Abstract

Cited by 40 (6 self)
 Add to MetaCart
We consider the asymptotic complexity of algorithms to manipulate matrix groups over finite fields. Groups are given by a list of generators. Some of the rudimentary tasks such as membership testing and computing the order are not expected to admit polynomialtime solutions due to number theoretic obstacles such as factoring integers and discrete logarithm. While these and other “abelian obstacles ” persist, we demonstrate that the “nonabelian normal structure ” of matrix groups over finite fields can be mapped out in great detail by polynomialtime randomized (Monte Carlo) algorithms. The methods are based on statistical results on finite simple groups. We indicate the elements of a project under way towards a more complete “recognition” of such groups in polynomial time. In particular, under a now plausible hypothesis, we are able to determine the names of all nonabelian composition factors of a matrix group over a finite field. Our context is actually far more general than matrix groups: most of the algorithms work for “blackbox groups ” under minimal assumptions. In a blackbox group, the group elements are encoded by strings of uniform length, and the group operations are performed by a “black box.”
Quantum algorithms for solvable groups
 In Proceedings of the 33rd ACM Symposium on Theory of Computing
, 2001
"... ABSTRACT In this paper we give a polynomialtime quantum algorithm for computing orders of solvable groups. Several other problems, such as testing membership in solvable groups, testing equality of subgroups in a given solvable group, and testing normality of a subgroup in a given solvable group, r ..."
Abstract

Cited by 38 (1 self)
 Add to MetaCart
ABSTRACT In this paper we give a polynomialtime quantum algorithm for computing orders of solvable groups. Several other problems, such as testing membership in solvable groups, testing equality of subgroups in a given solvable group, and testing normality of a subgroup in a given solvable group, reduce to computing orders of solvable groups and therefore admit polynomialtime quantum algorithms as well. Our algorithm works in the setting of blackbox groups, wherein none of these problems have polynomialtime classical algorithms. As an important byproduct, our algorithm is able to produce a pure quantum state that is uniform over the elements in any chosen subgroup of a solvable group, which yields a natural way to apply existing quantum algorithms to factor groups of solvable groups. 1.
The product replacement algorithm and Kazhdan’s property
 T), J. Amer. Math. Soc
"... A problem of great importance in computational group theory is to generate (nearly) uniformly distributed random elements in a finite group G. A good example of such an algorithm should start at any given set of generators, use no prior knowledge of the structure of G, and in a polynomial number of ..."
Abstract

Cited by 36 (11 self)
 Add to MetaCart
A problem of great importance in computational group theory is to generate (nearly) uniformly distributed random elements in a finite group G. A good example of such an algorithm should start at any given set of generators, use no prior knowledge of the structure of G, and in a polynomial number of group operations
What Do We Know About The Product Replacement Algorithm?
 in: Groups ann Computation III
, 2000
"... . The product replacement algorithm is a commonly used heuristic to generate random group elements in a finite group G, by running a random walk on generating ktuples of G. While experiments showed outstanding performance, until recently there was little theoretical explanation. We give an exten ..."
Abstract

Cited by 30 (7 self)
 Add to MetaCart
. The product replacement algorithm is a commonly used heuristic to generate random group elements in a finite group G, by running a random walk on generating ktuples of G. While experiments showed outstanding performance, until recently there was little theoretical explanation. We give an extensive review of both positive and negative theoretical results in the analysis of the algorithm. Introduction In the past few decades the study of groups by means of computations has become a wonderful success story. The whole new field, Computational Group Theory, was developed out of needs to discover and prove new results on finite groups. More recently, the probabilistic method became an important tool for creating faster and better algorithms. A number of applications were developed which assume a fast access to (nearly) uniform group elements. This led to a development of the so called "product replacement algorithm", which is a commonly used heuristic to generate random group elemen...
The Product Replacement Algorithm is Polynomial
 In Proc. 41 st IEEE Symposium on Foundations of Computer Science (FOCS
, 2000
"... The product replacement algorithm is a heuristic designed to generate random group elements. The idea is to run a random walk on generating ktuples of the group, and then output a random component. The algorithm was designed by LeedhamGreen and Soicher ([31]), and further investigated in [12]. It ..."
Abstract

Cited by 21 (4 self)
 Add to MetaCart
The product replacement algorithm is a heuristic designed to generate random group elements. The idea is to run a random walk on generating ktuples of the group, and then output a random component. The algorithm was designed by LeedhamGreen and Soicher ([31]), and further investigated in [12]. It was found to have an outstanding performance, much better than the the previously known algorithms (see [12, 22, 26]). The algorithm is now included in two major group algebra packages GAP [42] and MAGMA [10]. In spite of the many serious attempts and partial results, (see [6, 14, 15, 21, 22, 32, 39, 40]), the analysis of the algorithm remains difficult at best. For small values of k even graph connectivity becomes a serious obstacle (see [19, 37, 39, 40]). The most general results are due to Diaconis and SaloffCoste [22], who used a state of the art analytic technique to obtain polynomial bounds in special cases, and (sub)exponential bounds in general case. The main result of this pape...
Walks on Generating Sets of Groups
, 1996
"... We study a Markov chain on generating ntuples of a fixed group which arises in algorithms for manipulating finite groups. The main tools are comparison of two Markov chains on different but related state spaces and combinatorics of random paths. The results involve group theoretical parameters such ..."
Abstract

Cited by 21 (0 self)
 Add to MetaCart
We study a Markov chain on generating ntuples of a fixed group which arises in algorithms for manipulating finite groups. The main tools are comparison of two Markov chains on different but related state spaces and combinatorics of random paths. The results involve group theoretical parameters such as the size of minimal generating sets, the number of distinct generating ktuples for different k's and the maximal diameter of the group.
On the notion of pseudofree groups
 in: Proc. 1st Theory of Cryptography Conference (TCC’04), Vol. 2951 of LNCS, 2004
"... Abstract. We explore the notion of a pseudofree group, first introduced by Hohenberger [Hoh03], and provide an alternative stronger definition. We show that if Z ∗ n is a pseudofree abelian group (as we conjecture), then Z ∗ n also satisfies the Strong RSA Assumption [FO97,CS00,BP97]. Being a “pse ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
Abstract. We explore the notion of a pseudofree group, first introduced by Hohenberger [Hoh03], and provide an alternative stronger definition. We show that if Z ∗ n is a pseudofree abelian group (as we conjecture), then Z ∗ n also satisfies the Strong RSA Assumption [FO97,CS00,BP97]. Being a “pseudofree abelian group ” may be the strongest natural cryptographic assumption one can make about a group such as Z ∗ n. More generally, we show that a pseudofree group satisfies several standard cryptographic assumptions, such as the difficulty of computing discrete logarithms. 1