In this paper we consider a quantum computational variant of nondeterminism based on the notion of a quantum proof, which is a quantum state that plays a role similar to a certificate in an NP-type proof. Specifically, we consider quantum proofs for properties of black-box groups, which are finite groups whose elements are encoded as strings of a given length and whose group operations are performed by a group oracle. We prove that for an arbitrary group oracle there exist succinct (polynomial-length) quantum proofs for the Group Non-Membership problem that can be checked with small error in polynomial time on a quantum computer. Classically this is impossible---it is proved that there exists a group oracle relative to which this problem does not have succinct proofs that can be checked classically with bounded error in polynomial time (i.e., the problem is not in MA relative to the group oracle constructed). By considering a certain subproblem of the Group Non-Membership problem we obtain a simple proof that there exists an oracle relative to which BQP is not contained in MA. Finally, we show that quantum proofs for non-membership and classical proofs for various other group properties can be combined to yield succinct quantum proofs for other group properties not having succinct proofs in the classical setting, such as verifying that a number divides the order of a group and verifying that a group is not a simple group.

The "product replacement algorithm" is a commonly used heuristic to generate random group elements in a finite group G, by running a random walk on generating k-tuples of G. While experiments showed outstanding performance, the theoretical explanation remained mysterious. In this paper we propose a new approach to study of the algorithm, by using Kazhdan's property (T) from representation theory of Lie groups.

We consider the asymptotic complexity of algorithms to manipulate matrix groups over finite fields. Groups are given by a list of generators. Some of the rudimentary tasks such as membership testing and computing the order are not expected to admit polynomial-time solutions due to number theoretic obstacles such as factoring integers and discrete logarithm. While these and other “abelian obstacles ” persist, we demonstrate that the “nonabelian normal structure ” of matrix groups over finite fields can be mapped out in great detail by polynomial-time randomized (Monte Carlo) algorithms. The methods are based on statistical results on finite simple groups. We indicate the elements of a project under way towards a more complete “recognition” of such groups in polynomial time. In particular, under a now plausible hypothesis, we are able to determine the names of all nonabelian composition factors of a matrix group over a finite field. Our context is actually far more general than matrix groups: most of the algorithms work for “black-box groups ” under minimal assumptions. In a black-box group, the group elements are encoded by strings of uniform length, and the group operations are performed by a “black box.”

ABSTRACT In this paper we give a polynomial-time quantum algorithm for computing orders of solvable groups. Several other problems, such as testing membership in solvable groups, testing equality of subgroups in a given solvable group, and testing normality of a subgroup in a given solvable group, reduce to computing orders of solvable groups and therefore admit polynomial-time quantum algorithms as well. Our algorithm works in the setting of black-box groups, wherein none of these problems have polynomial-time classical algorithms. As an important byproduct, our algorithm is able to produce a pure quantum state that is uniform over the elements in any chosen subgroup of a solvable group, which yields a natural way to apply existing quantum algorithms to factor groups of solvable groups. 1.

. The product replacement algorithm is a commonly used heuristic to generate random group elements in a finite group G, by running a random walk on generating k-tuples of G. While experiments showed outstanding performance, until recently there was little theoretical explanation. We give an extensive review of both positive and negative theoretical results in the analysis of the algorithm. Introduction In the past few decades the study of groups by means of computations has become a wonderful success story. The whole new field, Computational Group Theory, was developed out of needs to discover and prove new results on finite groups. More recently, the probabilistic method became an important tool for creating faster and better algorithms. A number of applications were developed which assume a fast access to (nearly) uniform group elements. This led to a development of the so called "product replacement algorithm", which is a commonly used heuristic to generate random group elemen...

We study a Markov chain on generating n-tuples of a fixed group which arises in algorithms for manipulating finite groups. The main tools are comparison of two Markov chains on different but related state spaces and combinatorics of random paths. The results involve group theoretical parameters such as the size of minimal generating sets, the number of distinct generating k-tuples for different k's and the maximal diameter of the group.

Abstract not found

The product replacement algorithm is a heuristic designed to generate random group elements. The idea is to run a random walk on generating k-tuples of the group, and then output a random component. The algorithm was designed by Leedham-Green and Soicher ([31]), and further investigated in [12]. It was found to have an outstanding performance, much better than the the previously known algorithms (see [12, 22, 26]). The algorithm is now included in two major group algebra packages GAP [42] and MAGMA [10]. In spite of the many serious attempts and partial results, (see [6, 14, 15, 21, 22, 32, 39, 40]), the analysis of the algorithm remains difficult at best. For small values of k even graph connectivity becomes a serious obstacle (see [19, 37, 39, 40]). The most general results are due to Diaconis and Saloff--Coste [22], who used a state of the art analytic technique to obtain polynomial bounds in special cases, and (sub)-exponential bounds in general case. The main result of this pape...

Abstract. We explore the notion of a pseudo-free group, first introduced by Hohenberger [Hoh03], and provide an alternative stronger definition. We show that if Z ∗ n is a pseudo-free abelian group (as we conjecture), then Z ∗ n also satisfies the Strong RSA Assumption [FO97,CS00,BP97]. Being a “pseudo-free abelian group ” may be the strongest natural cryptographic assumption one can make about a group such as Z ∗ n. More generally, we show that a pseudo-free group satisfies several standard cryptographic assumptions, such as the difficulty of computing discrete logarithms. 1

Given a black-box group G isomorphic to some finite simple group of Lie type and the characteristic of G, we compute the standard name of G by a Monte Carlo algorithm. The running time is polynomial in the input length and in the time requirement for the group operations in G. The algorithm chooses a relatively small number...