Quantum Algorithms for the Subset-Sum Problem

The security of code-based cryptosystems such as the McEliece cryptosystem relies primarily on the difficulty of decoding random linear codes. The best decoding algorithms are all improvements of an old algorithm due to Prange: they are known under the name of information set decoding techniques. It is also important to assess the security of such cryptosystems against a quantum computer. This research thread started in [22] and the best algorithm to date has been Bernstein's quantising [5] of the simplest information set decoding algorithm, namely Prange's algorithm. It consists in applying Grover's quantum search to obtain a quadratic speed-up of Prange's algorithm. In this paper, we quantise other information set decoding algorithms by using quantum walk techniques which were devised for the subset-sum problem in [6]. This results in improving the worst-case complexity of 2 0.06035n of Bernstein's algorithm to 2 0.05869n with the best algorithm presented here (where n is the codelength).

show abstract

“…Let V 0 be the set of all pairs (v 00 , v 01 ) we have found for the first 2-sum problem (5), whereas V 1 is the set of all solutions to (6).…”

Section: The Shamir-schroeppel Ideamentioning

confidence: 99%

“…By following the approach of [6], we will define a quantum algorithm for solving the 4-sum problem by combining Grover search with a quantum walk with a complexity given by Proposition 2. Consider the generalised 4-sum problem with sets V u of size V .…”

Section: A Quantum Version Of the Shamir-schroeppel Algorithmmentioning

confidence: 99%

Quantum Information Set Decoding Algorithms

Kachigar

Tillich

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…It is related to black box models of algorithms for breaking collision-resistant hash functions (an important cryptographic primitive). The quantum algorithm for element disticntness is also useful as a subroutine for other quantum algorithms, from checking matrix products [22] to solving typical instances of subset sum (which is also important for cryptography) [16].…”

Section: Introductionmentioning

confidence: 99%

Understanding Quantum Algorithms via Query Complexity

Ambainis

2019

Proceedings of the International Congress of Mathematicians (ICM 2018)

View full text Add to dashboard Cite

Query complexity is a model of computation in which we have to compute a function f (x1, . . . , xN ) of variables xi which can be accessed via queries. The complexity of an algorithm is measured by the number of queries that it makes. Query complexity is widely used for studying quantum algorithms, for two reasons. First, it includes many of the known quantum algorithms (including Grover's quantum search and a key subroutine of Shor's factoring algorithm). Second, one can prove lower bounds on the query complexity, bounding the possible quantum advantage. In the last few years, there have been major advances on several longstanding problems in the query complexity. In this talk, we survey these results and related work, including:• the biggest quantum-vs-classical gap for partial functions (a problem solvable with 1 query quantumly but requiring Ω( √ N ) queries classically);• the biggest quantum-vs-determistic and quantum-vs-probabilistic gaps for total functions (for example, a problem solvable with M queries quantumly but requiringΩ(M 2.5 ) queries probabilistically);• the biggest probabilistic-vs-deterministic gap for total functions (a problem solvable with M queries probabilistically but requiringΩ(M 2 ) queries deterministically);• the bounds on the gap that can be achieved for subclasses of functions (for example, symmetric functions);• the connections between query algorithms and approximations by low-degree polynomials.

show abstract

“…The de-facto standard notion of security for PKE is that of indistinguishability against chosen-ciphertext attacks [29] (IND-CCA), where we now demand that an active (computationally bounded) adversary given pk should not be able to distinguish the encryption of two (adversarially chosen) messages M 0 , M 1 even given access to an oracle decrypting arbitrarily chosen ciphertexts. 3 By now we dispose of many PKE schemes satisfying IND-CCA security under a variety of assumptions, including factoring [15], decisional and computational Diffie-Hellman [8,6], and learning parity with noise [18].…”

Section: Introductionmentioning

confidence: 99%

“…At the time of writing, the best quantum attack-due to Bernstein et al [3]-on Subset Sum requires complexity 2 (0.241+o(1))n to solve a random instance of the problem.…”

Section: Introductionmentioning

confidence: 99%

Chosen-Ciphertext Security from Subset Sum

Faust

Masny

Venturi

2016

Public-Key Cryptography – PKC 2016

View full text Add to dashboard Cite

Abstract. We construct a public-key encryption (PKE) scheme whose security is polynomial-time equivalent to the hardness of the Subset Sum problem. Our scheme achieves the standard notion of indistinguishability against chosen-ciphertext attacks (IND-CCA) and can be used to encrypt messages of arbitrary polynomial length, improving upon a previous construction by Lyubashevsky, Palacio, and Segev (TCC 2010) which achieved only the weaker notion of semantic security (IND-CPA) and whose concrete security decreases with the length of the message being encrypted. At the core of our construction is a trapdoor technique which originates in the work of Micciancio and Peikert (Eurocrypt 2012).

show abstract

Quantum Algorithms for the Subset-Sum Problem

Abstract: Abstract. This paper introduces a subset-sum algorithm with heuristic asymptotic cost exponent below 0.25. The new algorithm combines the 2010 Howgrave-Graham-Joux subset-sum algorithm with a new streamlined data structure for quantum walks on Johnson graphs.

Cited by 52 publications

References 19 publications

Quantum Information Set Decoding Algorithms

Quantum Information Set Decoding Algorithms

Understanding Quantum Algorithms via Query Complexity

Chosen-Ciphertext Security from Subset Sum

Contact Info

Product

Resources

About