Advertisement

Asymptotically Faster Quantum Algorithms to Solve Multivariate Quadratic Equations

  • Daniel J. Bernstein
  • Bo-Yin Yang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10786)

Abstract

This paper designs and analyzes a quantum algorithm to solve a system of m quadratic equations in n variables over a finite field \({\mathbf {F}}_q\). In the case \(m=n\) and \(q=2\), under standard assumptions, the algorithm takes time \(2^{(t+o(1))n}\) on a mesh-connected computer of area \(2^{(a+o(1))n}\), where \(t\approx 0.45743\) and \(a\approx 0.01467\). The area-time product has asymptotic exponent \(t+a\approx 0.47210\).

For comparison, the area-time product of Grover’s algorithm has asymptotic exponent 0.50000. Parallelizing Grover’s algorithm to reach asymptotic time exponent 0.45743 requires asymptotic area exponent 0.08514, much larger than 0.01467.

Keywords

FXL Grover Reversibility Bennett–Tompa Parallelization Asymptotics 

References

  1. 1.
    Bennett, C.H.: Time/space trade-offs for reversible computation. SIAM J. Comput. 18, 766–776 (1989). Cited in §3.1, §3.2MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Bernstein, D.J.: Circuits for integer factorization: a proposal (2001). https://cr.yp.to/papers.html#nfscircuit. Cited in §2.6
  3. 3.
    Brent, R.P., Kung, H.T.: The area-time complexity of binary multiplication. J. ACM 28, 521–534 (1981). http://wwwmaths.anu.edu.au/~brent/pub/pub055.html. Cited in §2.6
  4. 4.
    Cheng, C.-M., Chou, T., Niederhagen, R., Yang, B.-Y.: Solving quadratic equations with XL on parallel architectures. In: CHES 2012 [21], pp. 356–373 (2012). https://eprint.iacr.org/2016/412. Cited in §2.5
  5. 5.
    Chester, C.R., Friedman, B., Ursell, F.: An extension of the method of steepest descents. In: Proceedings of Cambridge Philosophical Society, vol. 53, pp. 599–611 (1957). Cited in §4.5Google Scholar
  6. 6.
    Courtois, N., Klimov, A., Patarin, J., Shamir, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Eurocrypt 2000 [20], pp. 392–407 (2000). http://minrank.org/xlfull.pdf. Cited in §2.1, §2.7
  7. 7.
    Diem, C.: The XL-algorithm and a conjecture from commutative algebra. In: Asiacrypt 2004 [14], pp. 323–337 (2004). Cited §4.5Google Scholar
  8. 8.
    Faugère, J.-C., Otmani, A., Perret, L., Tillich, J.-P.: Algebraic cryptanalysis of McEliece variants with compact keys. In: Eurocrypt 2010 [10], pp. 279–298 (2010). https://www.iacr.org/archive/eurocrypt2010/66320290/66320290.pdf. Cited in §1.1
  9. 9.
    Flajolet, P., Sedgewick, R.: Analytic Combinatorics. Cambridge University Press, Cambridge (2009). ISBN 978-0-521-89806-5. http://ac.cs.princeton.edu/home/. Cited in §2.4, §2.4, §2.4CrossRefzbMATHGoogle Scholar
  10. 10.
    Gilbert, H. (ed.): Advances in Cryptology-EUROCRYPT 2010. LNCS, vol. 6110. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13190-5. ISBN 978-3-642-13189-9. See [8]zbMATHGoogle Scholar
  11. 11.
    Klein, P.N. (ed.): Proceedings of the Twenty-Eighth Annual ACM-SIAM Symposium on Discrete Algorithms, SODA 2017, Barcelona, Spain, Hotel Porta Fira, 16–19 January. SIAM (2017). See [15]Google Scholar
  12. 12.
    Knill, E.: An analysis of Bennett’s pebble game (1995). http://arxiv.org/abs/math/9508218. Cited in §3.2, §3.3
  13. 13.
    Lazard, D.: Résolution des systèmes d’équations algébriques. Theoret. Comput. Sci. 15, 77–110 (1981). https://www.sciencedirect.com/science/article/pii/0304397581900645. Cited in §2.1MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Lee, P.J. (ed.): Advances in Cryptology-ASIACRYPT 2004. LNCS, vol. 3329. Springer, Heidelberg (2004).  https://doi.org/10.1007/b104116. See [7]zbMATHGoogle Scholar
  15. 15.
    Lokshtanov, D., Paturi, R., Tamaki, S., Williams, R.R., Yu, H.: Beating brute force for systems of polynomial equations over finite fields. In: SODA 2017 [11], pp. 2190–2202 (2017). http://theory.stanford.edu/~yuhch123/files/polyEq.pdf. Cited in §1.2, §1.2
  16. 16.
    Lopez, J., Qing, S., Okamoto, E. (eds.): Information and Communications Security, ICICS 2004. LNCS, vol. 3269. Springer, Cham (2004).  https://doi.org/10.1007/b101042. ISBN 3-540-23563-9. See [26]zbMATHGoogle Scholar
  17. 17.
    Maurer, U.M. (ed.): Advances in Cryptology-EUROCRYPT 1996. LNCS, vol. 1070. Springer, Heidelberg (1996).  https://doi.org/10.1007/3-540-68339-9. ISBN 3-540-61186-X. MR 97g:94002. See [18]zbMATHGoogle Scholar
  18. 18.
    Patarin, J.: Hidden fields equations (HFE) and isomorphisms of polynomials (IP): two new families of asymmetric algorithms. In: Eurocrypt 1996 [17], pp. 33–48 (1996). See also newer version [19]Google Scholar
  19. 19.
    Patarin, J.: Hidden fields equations (HFE) and isomorphisms of polynomials (IP): two new families of asymmetric algorithms, extended version (1998). See also older version [18]. http://minrank.org/hfe.pdf. Cited in §1.1
  20. 20.
    Preneel, B. (ed.): Advances in Cryptology-EUROCRYPT 2000. LNCS, vol. 1807. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-45539-6. See [6]zbMATHGoogle Scholar
  21. 21.
    Prouff, E., Schaumont, P. (eds.): Cryptographic Hardware and Embedded Systems-CHES 2012. LNCS, vol. 7428. Springer, Heidelberg (2012). ISBN 978-3-642-33026-1. See [4]zbMATHGoogle Scholar
  22. 22.
    Wang, H., Pieprzyk, J., Varadharajan, V. (eds.): Information Security and Privacy. LNCS, vol. 3108. Springer, Heidelberg (2004).  https://doi.org/10.1007/b98755. ISBN 3-540-22379-7. See [25]Google Scholar
  23. 23.
    Wiedemann, D.H.: Solving sparse linear equations over finite fields. IEEE Trans. Inf. Theory 32, 54–62 (1986). MR 87g:11166. Cited in §2.5, §2.5MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Wong, R.: Asymptotic Approximations of Integrals. Academic Press, Cambridge (1989). ISBN 0-12-762535-6. Cited in §2.4zbMATHGoogle Scholar
  25. 25.
    Yang, B.-Y., Chen, J.-M.: Theoretical analysis of XL over small fields. In: ACISP 2004 [22], pp. 277–288 (2004). http://precision.moscito.org/by-publ/recent/xxl2-update.pdf. Cited in §2.5, §4.5
  26. 26.
    Yang, B.-Y., Chen, J.-M., Courtois, N.: On asymptotic security estimates in XL and Gröbner bases-related algebraic cryptanalysis. In: ICICS 2004 [16], pp. 401–413 (2004). http://www.iis.sinica.edu.tw/papers/byyang/2384-F.pdf. Cited in §1.2, §2.5, §4.5, §4.5, §4.7

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of Illinois at ChicagoChicagoUSA
  2. 2.Institute of Information Science, Academia SinicaTaipeiTaiwan

Personalised recommendations