Download presentation

Presentation is loading. Please wait.

Published bySeth McDonald Modified over 2 years ago

1
Quantum Lower Bound for the Collision Problem Scott Aaronson 1/10/2002 quant-ph/ I was born at the Big Bang. Cool! We have the same birthday.

2
Collision Problem Given Promised: (1) X is one-to-one (permutation) or (2) X is two-to-one Problem: Decide which w.h.p., using few queries to the x i Randomized alg: ( n)

3
One-to-OneTwo-to-One

4
Result Any quantum algorithm for the collision problem uses (n 1/5 ) queries Previously no lower bound better than (1) Shi improved to (n 1/4 ) (n 1/3 ) when |range| >> n

5
Implications 1.No polytime blackbox algorithms for –graph isomorphism –nonabelian hidden subgroup –breaking cryptographic hash functions

6
Implications 2. Dynamical quantum theories cant be simulated in BQP, relative to oracle Define joint distribution over values of observable at times t 1, t 2, etc. (I.e. classical history) Given polytime quantum algorithm and set of sampling points, how hard to sample from this distribution?

7
How to Find a Collision in O(1) Queries If Your Memory Is Perfect 1.Prepare and observe 2 nd register If X is 2-1, obtain (|i +|j )/ 2 with x i =x j 2.Sample 3. Hadamard every bit, and sample again 4. Hadamard every bit again (returning to (|i +|j )/ 2), and sample again Which basis state (|i or |j ) were you in after Step 2? After Step 4?

8
Implications 3. |x |f(x) oracles (Kashefi et al. 2001) more powerful than |x |x |f(x) Requires (n 1/7 ) lower bound for set comparison problem: given sequences x 1 …x n and y 1 …y n, decide whether {x 1,…,x n }={y 1,…,y n } or |{x 1,…,x n,y 1,…,y n }|>1.1n Can improve to (n 1/6 ) using ideas of Shi

9
Quantum Query Model State after t queries: : workbits i: index to query z: output Query: |,i,z | x i,i,z Arbitrary unitaries that dont depend on X By end:

10
Brassard-Høyer-Tapp (1998) (n 1/3 ) quantum alg for collision problem n 1/3 x i s, queried classically, sorted for fast lookup Grovers algorithm over n 2/3 x i s Do I collide with any of the pink x i s?

11
Lower Bound: Main Ideas P(X) [0,1], even for g-1 inputs X with g>2. Surprisingly strong constraint. Take uniform dist. over g-1 inputs P becomes poly in g of deg 2T. Algebraic magic! Use approximation theory to show T large

12
Lemma (follows Beals et al. 1998): Let (x i,h)=1 if x i =h, 0 otherwise. Then P(X) is poly of deg 2T over the (x i,h). Proof: Let t,X,,i,z = amplitude of |,i,z after t queries. t,X,,i,z is poly of deg t, by induction. Base case (t=0) trivial. Unitaries cant increase degree. Query replaces t,X,,i,z by

13
Input Distribution D(g): Uniform distribution over g-1 inputs Technicality: g might not divide n But assume for simplicity that it does Let

14
Monomials of P(X) I(X) = product of r variables (x i,h) Let Then for some I, Claim: If T=O( n) then P(g) is a polynomial of degree 2T in g for integers 1 g n.

15
Calculating (I,g): #1 Range of I: Y.w=|Y|. (I,g) = 0 unless Y S (range of X) So since

16
Calculating (I,g): #2 Given an S containing Y, # of g-1 inputs of size n: n!/(g!) n/g Let {y 1,…,y w } be distinct values in Y –r i = # of times y i appears in Y –r 1 + … + r w = r # of g-1 inputs X with range S s.t. I(X)=1:

17
Becomes ~polynomial(g) Polynomial in g of degree w + (r-w) = r 2T

18
Markovs Inequality Let P(x) be a poly with b 1 P(x) b 2 for all a 1 x a 2 and |dP(x*)/dx| c for some a 1 x* a 2. Then Long Short Large derivative

19
Lower Bound 0 P(g) 1 for all 0 g n P(1) 1/10 and P(2) 9/10 So dP/dg 4/5 somewhere (n 1/4 ) lower bound would follow if g always divided n

20
How to Handle n mod g 0: Sketch Choose N slightly larger than n such that g divides N Choose g-1 function on {1,…,N} u.a.r, then subfunction of size n Acceptance prob. close to bivariate polynomial in g,N for all g|N s.t.

21
(continued) Restrict gs range to [1,G]; then (g,N) points with g|N are plentiful, so P is bounded P has large derivative somewhere in either the g or N directions Lower bound obtained when G=n 2/5 :

22
Large derivative between 1-1 and 2-1 Lots of points at which g|N so P is bounded

23
Shis Improvement to (n 1/4 ) Choose N n s.t. g divides N, instead of N n If basis state | queries an undefined x i, | drops out of the universe Result: Final state vector has norm in [0,1] Still OK! P(g,N) is exactly polynomial in (g,N); so gs range need not be restricted to [1,n 2/5 ]

24
Shis Improvement to (n 1/3 ) For functions with range {1,…,3n/2} Uses Paturis inequality: if 0 p(x) 1 for 0 x n and p( )= (1)

Similar presentations

© 2016 SlidePlayer.com Inc.

All rights reserved.

Ads by Google