Results 1  10
of
34
Fully homomorphic encryption using ideal lattices
 In Proc. STOC
, 2009
"... We propose a fully homomorphic encryption scheme – i.e., a scheme that allows one to evaluate circuits over encrypted data without being able to decrypt. Our solution comes in three steps. First, we provide a general result – that, to construct an encryption scheme that permits evaluation of arbitra ..."
Abstract

Cited by 267 (11 self)
 Add to MetaCart
We propose a fully homomorphic encryption scheme – i.e., a scheme that allows one to evaluate circuits over encrypted data without being able to decrypt. Our solution comes in three steps. First, we provide a general result – that, to construct an encryption scheme that permits evaluation of arbitrary circuits, it suffices to construct an encryption scheme that can evaluate (slightly augmented versions of) its own decryption circuit; we call a scheme that can evaluate its (augmented) decryption circuit bootstrappable. Next, we describe a public key encryption scheme using ideal lattices that is almost bootstrappable. Latticebased cryptosystems typically have decryption algorithms with low circuit complexity, often dominated by an inner product computation that is in NC1. Also, ideal lattices provide both additive and multiplicative homomorphisms (modulo a publickey ideal in a polynomial ring that is represented as a lattice), as needed to evaluate general circuits. Unfortunately, our initial scheme is not quite bootstrappable – i.e., the depth that the scheme can correctly evaluate can be logarithmic in the lattice dimension, just like the depth of the decryption circuit, but the latter is greater than the former. In the final step, we show how to modify the scheme to reduce the depth of the decryption circuit, and thereby obtain a bootstrappable encryption scheme, without reducing the depth that the scheme can evaluate. Abstractly, we accomplish this by enabling the encrypter to start the decryption process, leaving less work for the decrypter, much like the server leaves less work for the decrypter in a serveraided cryptosystem.
A subexponentialtime quantum algorithm for the dihedral hidden subgroup problem
, 2003
"... Abstract. We present a quantum algorithm for the dihedral hidden subgroup problem (DHSP) with time and query complexity 2O(√log N). In this problem an oracle computes a function f on the dihedral group DN which is invariant under a hidden reflection in DN. By contrast, the classical query complexity ..."
Abstract

Cited by 55 (0 self)
 Add to MetaCart
Abstract. We present a quantum algorithm for the dihedral hidden subgroup problem (DHSP) with time and query complexity 2O(√log N). In this problem an oracle computes a function f on the dihedral group DN which is invariant under a hidden reflection in DN. By contrast, the classical query complexity of DHSP is O ( √ N). The algorithm also applies to the hidden shift problem for an arbitrary finitely generated abelian group. The algorithm begins as usual with a quantum character transform, which in the case of DN is essentially the abelian quantum Fourier transform. This yields the name of a group representation of DN, which is not by itself useful, and a state in the representation, which is a valuable but indecipherable qubit. The algorithm proceeds by repeatedly pairing two unfavorable qubits to make a new qubit in a more favorable representation of DN. Once the algorithm obtains certain target representations, direct measurements reveal the hidden subgroup.
Hidden translation and orbit coset in quantum computing
 In Proc. 35th ACM STOC
, 2003
"... We give efficient quantum algorithms for the problems of Hidden Translation and Hidden Subgroup in a large class of nonabelian solvable groups including solvable groups of constant exponent and of constant length derived series. Our algorithms are recursive. For the base case, we solve efficiently ..."
Abstract

Cited by 38 (6 self)
 Add to MetaCart
We give efficient quantum algorithms for the problems of Hidden Translation and Hidden Subgroup in a large class of nonabelian solvable groups including solvable groups of constant exponent and of constant length derived series. Our algorithms are recursive. For the base case, we solve efficiently Hidden Translation in Z n p, whenever p is a fixed prime. For the induction step, we introduce the problem Orbit Coset generalizing both Hidden Translation and Hidden Subgroup, and prove a powerful selfreducibility result: Orbit Coset in a finite group G is reducible to Orbit Coset in G/N and subgroups of N, for any solvable normal subgroup N of G. Our selfreducibility framework combined with Kuperberg’s subexponential quantum algorithm for solving Hidden Translation in any abelian group, leads to subexponential quantum algorithms for Hidden Translation and Hidden Subgroup in any solvable group. 1
Computing arbitrary functions of encrypted data
 Commun. ACM
, 2010
"... Suppose that you want to delegate the ability to process your data, without giving away access to it. We show that this separation is possible: we describe a “fully homomorphic” encryption scheme that keeps data private, but that allows a worker that does not have the secret decryption key to comput ..."
Abstract

Cited by 32 (0 self)
 Add to MetaCart
Suppose that you want to delegate the ability to process your data, without giving away access to it. We show that this separation is possible: we describe a “fully homomorphic” encryption scheme that keeps data private, but that allows a worker that does not have the secret decryption key to compute any (still encrypted) result of the data, even when the function of the data is very complex. In short, a third party can perform complicated processing of data without being able to see it. Among other things, this helps make cloud computing compatible with privacy. 1.
The symmetric group defies strong Fourier sampling
, 2005
"... We resolve the question of whether Fourier sampling can efficiently solve the hidden subgroup problem. Specifically, we show that the hidden subgroup problem over the symmetric group cannot be efficiently solved by strong Fourier sampling, even if one may perform an arbitrary POVM on the coset state ..."
Abstract

Cited by 27 (10 self)
 Add to MetaCart
We resolve the question of whether Fourier sampling can efficiently solve the hidden subgroup problem. Specifically, we show that the hidden subgroup problem over the symmetric group cannot be efficiently solved by strong Fourier sampling, even if one may perform an arbitrary POVM on the coset state. These results apply to the special case relevant to the Graph Isomorphism problem. 1 Introduction: the hidden subgroup problem Many problems of interest in quantum computing can be reduced to an instance of the Hidden Subgroup Problem (HSP). We are given a group G and a function f with the promise that, for some subgroup H ⊆ G, f is invariant precisely under translation by H: that is, f is constant on the cosets of H and takes distinct values on distinct cosets. We then wish to determine the subgroup H by querying f.
A lattice problem in quantum NP
 In Proc. 44th IEEE Symposium on Foundations of Computer Science
, 2003
"... We consider coGapSV P √ n, a gap version of the shortest vector in a lattice problem. This problem is known to be in AM∩coNP but is not known to be in NP or in MA. We prove that it lies inside QMA, the quantum analogue of NP. This is the first nontrivial upper bound on the quantum complexity of a l ..."
Abstract

Cited by 14 (2 self)
 Add to MetaCart
We consider coGapSV P √ n, a gap version of the shortest vector in a lattice problem. This problem is known to be in AM∩coNP but is not known to be in NP or in MA. We prove that it lies inside QMA, the quantum analogue of NP. This is the first nontrivial upper bound on the quantum complexity of a lattice problem. The proof relies on two novel ideas. First, we give a new characterization of QMA, called QMA+. Working with the QMA+ formulation allows us to circumvent a problem which arises commonly in the context of QMA: the prover might use entanglement between different copies of the same state in order to cheat. The second idea involves using estimations of autocorrelation functions for verification. We make the important observation that autocorrelation functions are positive definite functions and using properties of such functions we severely restrict the prover’s possibility to cheat. We hope that these ideas will lead to further developments in the field. 1
Quantum information processing in continuous time
, 2004
"... Quantum mechanical computers can solve certain problems asymptotically faster than any classical computing device. Several fast quantum algorithms are known, but the nature of quantum speedup is not well understood, and inventing new quantum algorithms seems to be difficult. In this thesis, we explo ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
Quantum mechanical computers can solve certain problems asymptotically faster than any classical computing device. Several fast quantum algorithms are known, but the nature of quantum speedup is not well understood, and inventing new quantum algorithms seems to be difficult. In this thesis, we explore two approaches to designing quantum algorithms based on continuoustime Hamiltonian dynamics. In quantum computation by adiabatic evolution, the computer is prepared in the known ground state of a simple Hamiltonian, which is slowly modified so that its ground state encodes the solution to a problem. We argue that this approach should be inherently robust against lowtemperature thermal noise and certain control errors, and we support this claim using simulations. We then show that any adiabatic algorithm can be implemented in a different way, using only a sequence of measurements of the Hamiltonian. We illustrate how this approach can achieve quadratic speedup for the unstructured search problem. We also demonstrate two examples of quantum speedup by quantum walk, a quantum mechanical analog of random walk. First, we consider the problem of searching a region
For distinguishing conjugate hidden subgroups, the pretty good measurement is as good as it gets
"... Recently Bacon, Childs and van Dam showed that the “pretty good measurement ” (PGM) is optimal for the Hidden Subgroup Problem on the dihedral group Dn in the case where the hidden subgroup is chosen uniformly from the n involutions. We show that, for any group and any subgroup H, the PGM is the opt ..."
Abstract

Cited by 11 (6 self)
 Add to MetaCart
Recently Bacon, Childs and van Dam showed that the “pretty good measurement ” (PGM) is optimal for the Hidden Subgroup Problem on the dihedral group Dn in the case where the hidden subgroup is chosen uniformly from the n involutions. We show that, for any group and any subgroup H, the PGM is the optimal oneregister experiment in the case where the hidden subgroup is a uniformly random conjugate of H. We go on to show that when H forms a Gel’fand pair with its parent group, the PGM is the optimal measurement for any number of registers. In both cases we bound the probability that the optimal measurement succeeds. This generalizes the case of the dihedral group, and includes a number of other examples of interest. 1 The Hidden Conjugate Problem Consider the following special case of the Hidden Subgroup Problem, called the Hidden Conjugate Problem in [16]. Let G be a group, and H a nonnormal subgroup of G; denote conjugates of H as H g = g −1 Hg. Then we are promised that the hidden subgroup is H g for some g, and our goal is to find out which one. The usual approach is to prepare a uniform superposition over the group, entangle the group element with a second register by calculating or querying the oracle function, and then measure the oracle function. This yields a uniform superposition over a random left coset of the hidden subgroup, cH g 〉 = 1 ∑ √ ch 〉. H Rather than viewing this as a pure state where c is random, we may treat this as a classical mixture over left cosets, giving the mixed state with density matrix ρg = 1 ∑ cH G g 〉 〈cH g . (1.1) c∈G We then wish to find a positive operatorvalued measurement (POVM) to identify g. A POVM consists of a set of positive measurement operators {Ei} that obey the completeness condition Ei = 1. (1.2)
Quantum Lower Bound for Recursive Fourier Sampling
 Quantum Information and Computation
, 2003
"... We revisit the oftneglected 'recursive Fourier sampling' (RFS) prob lem, introduced by Bernstein and Vazirani to prove an oracle separation between B]] and BQ] . We show that the known quantum algorithm for RF q is essentially optimal, despite its seemingly wasteful need to un compute informa ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
We revisit the oftneglected 'recursive Fourier sampling' (RFS) prob lem, introduced by Bernstein and Vazirani to prove an oracle separation between B]] and BQ] . We show that the known quantum algorithm for RF q is essentially optimal, despite its seemingly wasteful need to un compute information. This implies that, to place BQ] outside of ]H [log] relative to an oracle, one needs to go outside the RFS framework. Our proof argues that, given any variant of RF q, either the adversary method of Ambainis yields a good quantum lower bound, or else there is an efficient classical algorithm. This technique may be of independent interest.
Explicit Multiregister Measurements for Hidden . . .
"... We present an explicit measurement in the Fourier basis that solves an important case of the Hidden Subgroup Problem, including the case to which Graph Isomorphism reduces. This entangled measurement uses k = log 2 G registers, and each of the 2^k subsets of the registers contributes some informat ..."
Abstract

Cited by 7 (6 self)
 Add to MetaCart
We present an explicit measurement in the Fourier basis that solves an important case of the Hidden Subgroup Problem, including the case to which Graph Isomorphism reduces. This entangled measurement uses k = log 2 G registers, and each of the 2^k subsets of the registers contributes some information.