Haibin Shen,Yier Jin,Rongquan You

DOI: https://doi.org/10.1109/ICICIC.2006.180

2006-01-01

Abstract:Modular reduction is the basic operation of cryptographic systems. The Barrett's algorithm and Montgomery's algorithm are widely used nowadays and they are both based on pre-computation. In the field of elliptic curve cryptosystem (ECC) over GF(2m), the reduction polynomials recommended by SEC have few items and the degree of second item is much less than that of the first one. Making use of this characteristic, the paper presents a new method to accelerate modular reduction without pre-computation which speeds up modular reduction by 10-30 times over GF(2m) and speeds up ECC point multiplication by 40%-50%. This algorithm has been implemented in a high-speed public-key cipher accelerator

D. N. Goncalves,R. Portugal

DOI: https://doi.org/10.48550/arXiv.1104.1361

2011-04-07

Abstract:The hidden subgroup problem (HSP) plays an important role in quantum computation, because many quantum algorithms that are exponentially faster than classical algorithms can be casted in the HSP structure. In this paper, we present a new polynomial-time quantum algorithm that solves the HSP over the group $\Z_{p^r} \rtimes \Z_{q^s}$, when $p^r/q= \up{poly}(\log p^r)$, where $p$, $q$ are any odd prime numbers and $r, s$ are any positive integers. To find the hidden subgroup, our algorithm uses the abelian quantum Fourier transform and a reduction procedure that simplifies the problem to find cyclic subgroups.

Quantum Physics,Group Theory,Representation Theory

Hefeng Wang

2023-01-01

Abstract: Many problems for which quantum algorithm achieves exponential speedup over its classical counterparts can be reduced to the Abelian hidden subgroup problem (HSP). However, there is no efficient quantum algorithm for solving the non-Abelian HSP. We proposed an efficient quantum algorithm for solving a hierarchical structured search problem. In this work, we demonstrate that the HSP can be reduced to the hierarchical structured search problem, and apply the algorithm for solving the HSP and problems that can be reduced to both the Abelian and the non-Abelian HSP in polynomial time.

Hefeng Wang

DOI: https://doi.org/10.48550/arXiv.2204.03295

2023-05-04

Abstract:The hidden subgroup problem~(HSP) is one of the most important problems in quantum computation. Many problems for which quantum algorithm achieves exponential speedup over its classical counterparts can be reduced to the Abelian HSP. However, there is no efficient quantum algorithm for solving the non-Abelian HSP. We find that the HSP can be reduced to a nested structured search problem that is solved efficiently by using a quantum algorithm via multistep quantum computation. Then we solve the HSP and problems that can be reduced to both the Abelian and the non-Abelian HSP in polynomial time by using this algorithm.

Quantum Physics

Matan Banin,Boaz Tsaban

DOI: https://doi.org/10.1007/s10623-015-0130-2

2015-08-19

Abstract:We present a polynomial-time reduction of the discrete logarithm problem (DLP) in any periodic (or torsion) semigroup (Semigroup DLP) to the classic DLP in a subgroup of the same semigroup. It follows that Semigroup DLP can be solved in polynomial time by quantum computers, and that Semigroup DLP has subexponential complexity whenever the classic DLP in the corresponding groups has subexponential complexity. We also consider several natural constructions of nonperiodic semigroups, and provide polynomial time solutions for the DLP in these semigroups.

mathematics, applied,computer science, theory & methods

Muhammad Imran,Gábor Ivanyos

DOI: https://doi.org/10.1007/s10623-024-01416-8

IF: 1.4

2024-05-22

Designs Codes and Cryptography

Abstract:The semidirect discrete logarithm problem (SDLP) is the following analogue of the standard discrete logarithm problem in the semidirect product semigroup for a finite semigroup G . Given , and for some integer t , the SDLP , for g and h , asks to determine t . As Shor's algorithm crucially depends on commutativity, it is believed not to be applicable to the SDLP. For generic semigroups, the best known algorithm for the SDLP is based on Kuperberg's subexponential time quantum algorithm. Still, the problem plays a central role in the security of certain proposed cryptosystems in the family of semidirect product key exchange . This includes a recently proposed signature protocol called SPDH-Sign. In this paper, we show that the SDLP is even easier in some important special cases. Specifically, for a finite group G , we describe quantum algorithms for the SDLP in for the following two classes of instances: the first one is when G is solvable and the second is when G is a matrix group and a power of with a polynomially small exponent is an inner automorphism of G . We further extend the results to groups composed of factors from these classes. A consequence is that SPDH-Sign and similar cryptosystems whose security assumption is based on the presumed hardness of the SDLP in the cases described above are insecure against quantum attacks. The quantum ingredients we rely on are not new: these are Shor's factoring and discrete logarithm algorithms and well-known generalizations.

mathematics, applied,computer science, theory & methods

Christopher Battarbee,Delaram Kahrobaei,Ludovic Perret,Siamak F. Shahandashti

2024-06-07

Abstract:Group-based cryptography is a relatively unexplored family in post-quantum cryptography, and the so-called Semidirect Discrete Logarithm Problem (SDLP) is one of its most central problems. However, the complexity of SDLP and its relationship to more well-known hardness problems, particularly with respect to its security against quantum adversaries, has not been well understood and was a significant open problem for researchers in this area. In this paper we give the first dedicated security analysis of SDLP. In particular, we provide a connection between SDLP and group actions, a context in which quantum subexponential algorithms are known to apply. We are therefore able to construct a subexponential quantum algorithm for solving SDLP, thereby classifying the complexity of SDLP and its relation to known computational problems.

Cryptography and Security,Group Theory,Quantum Physics

Kelsey Horan,Delaram Kahrobaei

DOI: https://doi.org/10.48550/arXiv.1805.04179

2018-05-21

Abstract:In this paper we discuss the Hidden Subgroup Problem (HSP) in relation to post-quantum group-based cryptography. We review the relationship between HSP and other computational problems discuss an optimal solution method, and review the known results about the quantum complexity of HSP. We also overview some platforms for group-based cryptosystems. Notably, efficient algorithms for solving HSP in such infinite group platforms are not yet known.

Cryptography and Security,Computational Complexity,Group Theory,Quantum Physics

Simran Tinani,Carlo Matteotti,Joachim Rosenthal

2023-10-08

Abstract:In the recently emerging field of nonabelian group-based cryptography, a prominently used one-way function is the Conjugacy Search Problem (CSP), and two important classes of platform groups are polycyclic and matrix groups. In this paper, we discuss the complexity of the conjugacy search problem (CSP) in these two classes of platform groups using the three protocols in [10], [26], and [29] as our starting point. We produce a polynomial time solution for the CSP in a finite polycyclic group with two generators, and show that a restricted CSP is reducible to a DLP. In matrix groups over finite fields, we usedthe Jordan decomposition of a matrix to produce a polynomial time reduction of an A-restricted CSP, where A is a cyclic subgroup of the general linear group, to a set of DLPs over an extension of Fq. We use these general methods and results to describe concrete cryptanalysis algorithms for these three systems. In particular, we show that in the group of invertible matrices over finite fields and in polycyclic groups with two generators, a CSP where conjugators are restricted to a cyclic subgroup is reducible to a set of O(n2) discrete logarithm problems. Using our general results, we demonstrate concrete cryptanalysis algorithms for each of these three schemes. We believe that our methods and findings are likely to allow for several other heuristic attacks in the general case.

Cryptography and Security,Computational Complexity

Lu Xi

2005-01-01

Computer Science

Abstract:Many fast quantum algorithms,which cannot be solved efficiently by classical probabilistic algorithms,can be reduced to the discussion of hidden subgroup problems. The quantum algorithms of hidden subgroup problems are reviewed and the advantages of quantum algorithm over group are analyzed in the paper. This paper surveys the mod- ern cryptosystems that can be broken by quantum hidden subgroup algorithms in polynomial time. Limits of the hid- den subgroup problems quantum algorithms are also discussed.

Qizhi Zhang,Bingsheng Zhang,Lichun Li,Shan Yin,Juanjuan Sun

2021-01-01

Abstract:Secure computation enables two or more parties to jointly evaluate a function without revealing to each other their private input.G-module is an abelian groupM,where the groupG acts compatibly with the abelian group structure onM. In this work, we present several secure computation protocols forG-module operations in the online/offline mode. We then show how to instantiate those protocols to implement many widely used secure computation primitives in privacy-preserving machine learning and data mining, such as oblivious cyclic shift, oneround shared OT, oblivious permutation, oblivious shuffle, secure comparison,oblivious selection,DReLU,andReLU,etc. All the proposed protocols are constant-round, and they are 2X 10X more efficient than the-state-of-the-art constant-round protocols in terms of communication complexity.

Richard Jozsa

DOI: https://doi.org/10.1109/5992.909000

2000-12-17

Abstract:Amongst the most remarkable successes of quantum computation are Shor's efficient quantum algorithms for the computational tasks of integer factorisation and the evaluation of discrete logarithms. In this article we review the essential ingredients of these algorithms and draw out the unifying generalization of the so-called abelian hidden subgroup problem. This involves an unexpectedly harmonious alignment of the formalism of quantum physics with the elegant mathematical theory of group representations and fourier transforms on finite groups. Finally we consider the non-abelian hidden subgroup problem mentioning some open questions where future quantum algorithms may be expected to have a substantial impact.

Quantum Physics

Xia Liu,Huan Yang,Li Yang

DOI: https://doi.org/10.1186/s42400-023-00181-w

2023-01-01

Abstract:The elliptic curve discrete logarithm problem (ECDLP) is a popular choice for cryptosystems due to its high level of security. However, with the advent of the extended Shor's algorithm, there is concern that ECDLP may soon be vulnerable. While the algorithm does offer hope in solving ECDLP, it is still uncertain whether it can pose a real threat in practice. From the perspective of the quantum circuits of the algorithm, this paper analyzes the feasibility of cracking ECDLP using an ion trap quantum computer with improved quantum circuits for the extended Shor's algorithm. We give precise quantum circuits for extended Shor's algorithm to calculate discrete logarithms on elliptic curves over prime fields, including modular subtraction, three different modular multiplication, and modular inverse. Additionally, we incorporate and improve upon windowed arithmetic in the circuits to reduce the CNOT-counts. Whereas previous studies mostly focused on minimizing the number of qubits or the depth of the circuit, we focus on minimizing the number of CNOT gates in the circuit, which greatly affects the running time of the algorithm on an ion trap quantum computer. Specifically, we begin by presenting implementations of basic arithmetic operations with the lowest known CNOT-counts, along with improved constructions for modular inverse, point addition, and windowed arithmetic. Next, we precisely estimate that, to execute the extended Shor's algorithm with the improved circuits to factor an n-bit integer, the CNOT-count required is 1237n(3)/ log n + 2n(2) + n. Finally, we analyze the running time and feasibility of the extended Shor's algorithm on an ion trap quantum computer.

Gorjan Alagic,Cristopher Moore,Alexander Russell

DOI: https://doi.org/10.48550/arXiv.quant-ph/0603251

2007-01-26

Abstract:Daniel Simon's 1994 discovery of an efficient quantum algorithm for solving the hidden subgroup problem (HSP) over Z_2^n provided one of the first algebraic problems for which quantum computers are exponentially faster than their classical counterparts. In this paper, we study the generalization of Simon's problem to arbitrary groups. Fixing a finite group G, this is the problem of recovering an involution m = (m_1, ..., m_n) in G^n from an oracle f with the property that f(x) = f(xy) iff y equals m or the identity. In the current parlance, this is the hidden subgroup problem (HSP) over groups of the form G^n, where G is a nonabelian group of constant size, and where the hidden subgroup is either trivial or has order two. Although groups of the form G^n have a simple product structure, they share important representation-theoretic properties with the symmetric groups S_n, where a solution to the HSP would yield a quantum algorithm for Graph Isomorphism. In particular, solving their HSP with the so-called ``standard method'' requires highly entangled measurements on the tensor product of many coset states. Here we give quantum algorithms with time complexity 2^O(sqrt(n log n)) that recover hidden involutions m = (m_1, ..., m_n) in G^n where, as in Simon's problem, each m_i is either the identity or the conjugate of a known element k, and there is a character X of G for which X(k) = -X(1)$. Our approach combines the general idea behind Kuperberg's sieve for dihedral groups with the ``missing harmonic'' approach of Moore and Russell. These are the first nontrivial hidden subgroup algorithms for group families that require highly entangled multiregister Fourier sampling.

Quantum Physics

Delaram Kahrobaei,Carmine Monetta,Ludovic Perret,Maria Tota,Martina Vigorito

2023-09-25

Abstract:There are many group-based cryptosystems in which the security relies on the difficulty of solving Conjugacy Search Problem (CSP) and Simultaneous Conjugacy Search Problem (SCSP) in their underlying platform groups. In this paper we give a cryptanalysis of these systems which use certain semidirect product of abelian groups.

Group Theory,Cryptography and Security

Razvan Barbulescu,Adrien Poulalion

DOI: https://doi.org/10.48550/arXiv.2303.03978

2023-03-07

Abstract:Unit group computations are a cryptographic primitive for which one has a fast quantum algorithm, but the required number of qubits is $\tilde O(m^5)$. In this work we propose a modification of the algorithm for which the number of qubits is $\tilde O(m^2)$ in the case of cyclotomic fields. Moreover, under a recent conjecture on the size of the class group of $\mathbb{Q}(\zeta_m + \zeta_m^{-1})$, the quantum algorithms is much simpler because it is a hidden subgroup problem (HSP) algorithm rather than its error estimation counterpart: continuous hidden subgroup problem (CHSP). We also discuss the (minor) speed-up obtained when exploiting Galois automorphisms thanks to the Buchmann-Pohst algorithm over $\mathcal{O}_K$-lattices.

Cryptography and Security,Number Theory

Hart Montgomery,Mark Zhandry

DOI: https://doi.org/10.1007/s00145-024-09521-6

2024-10-10

Journal of Cryptology

Abstract:Cryptographic group actions are a relaxation of standard cryptographic groups that have less structure. This lack of structure allows them to be plausibly quantum resistant despite Shor's algorithm, while still having a number of applications. The most famous examples of cryptographic group actions are built from isogenies on elliptic curves. Our main result is that CDH for abelian group actions is quantumly equivalent to discrete log. Galbraith et al. (Mathematical Cryptology) previously showed perfectly solving CDH to be equivalent to discrete log quantumly; our result works for any non-negligible advantage. We also explore several other questions about group action and isogeny protocols.

computer science, theory & methods,engineering, electrical & electronic,mathematics, applied

Muhammad Imran,Gábor Ivanyos

DOI: https://doi.org/10.1007/s11128-023-04228-2

IF: 1.965

2024-01-06

Quantum Information Processing

Abstract:We propose a method for solving the hidden subgroup problem in nilpotent groups. The main idea is iteratively transforming the hidden subgroup to its images in the quotient groups by the members of a central series, eventually to its image in the commutative quotient of the original group, and then using an abelian hidden subgroup algorithm to determine this image. Knowing this image allows one to descend to a proper subgroup unless the hidden subgroup is the full group. The transformation relies on finding zero sum subsequences of sufficiently large sequences of vectors over finite prime fields. We present a new deterministic polynomial time algorithm for the latter problem in the case when the size of the field is constant. The consequence is a polynomial time exact quantum algorithm for the hidden subgroup problem in nilpotent groups having constant nilpotency class and whose order only have prime factors also bounded by a constant.

physics, multidisciplinary,quantum science & technology, mathematical

Hari Krovi,Martin Roetteler

DOI: https://doi.org/10.48550/arXiv.0810.3695

2008-10-21

Abstract:Many exponential speedups that have been achieved in quantum computing are obtained via hidden subgroup problems (HSPs). We show that the HSP over Weyl-Heisenberg groups can be solved efficiently on a quantum computer. These groups are well-known in physics and play an important role in the theory of quantum error-correcting codes. Our algorithm is based on non-commutative Fourier analysis of coset states which are quantum states that arise from a given black-box function. We use Clebsch-Gordan decompositions to combine and reduce tensor products of irreducible representations. Furthermore, we use a new technique of changing labels of irreducible representations to obtain low-dimensional irreducible representations in the decomposition process. A feature of the presented algorithm is that in each iteration of the algorithm the quantum computer operates on two coset states simultaneously. This is an improvement over the previously best known quantum algorithm for these groups which required four coset states.

Quantum Physics,Computational Complexity