In this paper we consider a quantum computational variant of nondeterminism based on the notion of a quantum proof, which is a quantum state that plays a role similar to a certificate in an NP-type proof. Specifically, we consider quantum proofs for properties of black-box groups, which are finite groups whose elements are encoded as strings of a given length and whose group operations are performed by a group oracle. We prove that for an arbitrary group oracle there exist succinct (polynomial-length) quantum proofs for the Group Non-Membership problem that can be checked with small error in polynomial time on a quantum computer. Classically this is impossible---it is proved that there exists a group oracle relative to which this problem does not have succinct proofs that can be checked classically with bounded error in polynomial time (i.e., the problem is not in MA relative to the group oracle constructed). By considering a certain subproblem of the Group Non-Membership problem we obtain a simple proof that there exists an oracle relative to which BQP is not contained in MA. Finally, we show that quantum proofs for non-membership and classical proofs for various other group properties can be combined to yield succinct quantum proofs for other group properties not having succinct proofs in the classical setting, such as verifying that a number divides the order of a group and verifying that a group is not a simple group.

ABSTRACT In this paper we give a polynomial-time quantum algorithm for computing orders of solvable groups. Several other problems, such as testing membership in solvable groups, testing equality of subgroups in a given solvable group, and testing normality of a subgroup in a given solvable group, reduce to computing orders of solvable groups and therefore admit polynomial-time quantum algorithms as well. Our algorithm works in the setting of black-box groups, wherein none of these problems have polynomial-time classical algorithms. As an important byproduct, our algorithm is able to produce a pure quantum state that is uniform over the elements in any chosen subgroup of a solvable group, which yields a natural way to apply existing quantum algorithms to factor groups of solvable groups. 1.

Given a black-box group G isomorphic to some finite simple group of Lie type and the characteristic of G, we compute the standard name of G by a Monte Carlo algorithm. The running time is polynomial in the input length and in the time requirement for the group operations in G. The algorithm chooses a relatively small number...

We associate a weighted graph (G) to each nite simple group G of Lie type. We show that, with an explicit list of exceptions, (G) determines G up to isomorphism, and for these exceptions, (G) nevertheless determines the characteristic of G. This result was motivated by algorithmic considerations. We prove that for any nite simple group G of Lie type, input as a black box group with an oracle to compute the orders of group elements, (G) and the characteristic of G can be computed by a Monte Carlo algorithm in time polynomial in the input length. The characteristic is needed as part of the input in a previous constructive recognition algorithm for G.

We are now witnessing a rapid growth of a new part of group theory which has become known as "statistical group theory". A typical result in this area would say something like "a random element (or a tuple of elements) of a group G has a property P with probability p". The validity of a statement like that does, of course, heavily depend on how one defines probability on groups, or, equivalently, how one measures sets in a group (in particular, in a free group). We hope that new approaches to defining probabilities on groups as outlined in this paper create, among other things, an appropriate framework for the study of the "average case" complexity of algorithms on groups. Contents 1.

Abstract not found

We discuss basic structural properties of finite black box groups. A special emphasis is made on the use of centralisers of involutions in probabilistic recognition of black box groups. In particular, we suggest an algorithm for finding the p-core of a black box group of odd characteristic. This special role of involutions suggest that the theory of black box groups reproduces, at a non-deterministic level, some important features of the classification of finite simple groups. 2000 Mathematical Subject Classification: 20P05. 1 What is a black box group? A black box group X is a device or an algorithm (‘oracle ’ or ‘black box’) which produces (nearly) uniformly distributed independent random elements from some finite group X. These elements are encoded as 0– 1 strings of uniform length; given strings representing x, y ∈ X, the black box can compute strings representing xy and x −1, and decide whether x = y in time bounded from above by a constant. In this setting, one is usually interested in finding probabilistic algorithms which allow us to determine, with probability of error ǫ, the isomorphism type of X in time O(|ǫ | ·(log |X|) c). We say in this situation that our algorithm is run in Monte Carlo polynomial time. A critical discussion of this concept can be found

Abstract not found

The black-box field (BBF) extraction problem is, for a given field�, to determine a secret field element hidden in a black-box which allows to add and multiply values in�in the box and which reports only equalities of elements in the box. This problem is of cryptographic interest for two reasons. First, for ���Ôit corresponds to the generic reduction of the discrete logarithm problem to the computational Diffie-Hellman problem in a group of prime orderÔ. Second, an efficient solution to the BBF problem proves the inexistence of certain field-homomorphic encryption schemes whose realization is an interesting open problems in algebra-based cryptography. BBFs are also of independent interest in computational algebra. In the previous literature, BBFs had only been considered for the prime field case. In this paper we consider a generalization of the extraction problem to BBFs that are extension fields. More precisely we discuss the representation problem defined as follows: For given generators��������algebraically generating a BBF and an additional elementÜ, all hidden in a black-box, expressÜalgebraically in terms of ��������. We give an efficient algorithm for this representation problem and related problems for fields with small characteristic (e.g.���Òfor someÒ). We also consider extension fields of large characteristic and show how to reduce the representation problem to the extraction problem for the underlying prime field. These results imply the inexistence of field-homomorphic (as opposed to only group-homomorphic, like RSA) one-way permutations for fields of small characteristic.

A group is usually input into a computer by specifying the group either using a presentation or using a generating set of permutations or matrices. Here we will emphasize the latter approach, referring to [Si3, Si4, Ser1] for details of the other situations. Thus, the basic computational setting discussed here is as follows: a group is given, specified as G = X in terms of some generating set X of its elements, where X is an arbitrary subset of either Sn or GL(d, q ) (a familiar example is the group of Rubik’s cube). The goal is then to find properties of G efficiently, such as |G|, the derived series, a composition series, Sylow subgroups, and so on.