The Quantum Decoding Problem

Authors André Chailloux, Jean-Pierre Tillich



PDF
Thumbnail PDF

File

LIPIcs.TQC.2024.6.pdf
  • Filesize: 0.75 MB
  • 14 pages

Document Identifiers

Author Details

André Chailloux
  • Inria de Paris, France
Jean-Pierre Tillich
  • Inria de Paris, France

Cite AsGet BibTex

André Chailloux and Jean-Pierre Tillich. The Quantum Decoding Problem. In 19th Conference on the Theory of Quantum Computation, Communication and Cryptography (TQC 2024). Leibniz International Proceedings in Informatics (LIPIcs), Volume 310, pp. 6:1-6:14, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2024)
https://doi.org/10.4230/LIPIcs.TQC.2024.6

Abstract

One of the founding results of lattice based cryptography is a quantum reduction from the Short Integer Solution (SIS) problem to the Learning with Errors (LWE) problem introduced by Regev. It has recently been pointed out by Chen, Liu and Zhandry [Chen et al., 2022] that this reduction can be made more powerful by replacing the LWE problem with a quantum equivalent, where the errors are given in quantum superposition. In parallel, Regev’s reduction has recently been adapted in the context of code-based cryptography by Debris, Remaud and Tillich [Debris-Alazard et al., 2023], who showed a reduction between the Short Codeword Problem and the Decoding Problem (the DRT reduction). This motivates the study of the Quantum Decoding Problem (QDP), which is the Decoding Problem but with errors in quantum superposition and see how it behaves in the DRT reduction. The purpose of this paper is to introduce and to lay a firm foundation for QDP. We first show QDP is likely to be easier than classical decoding, by proving that it can be solved in quantum polynomial time in a large regime of noise whereas no non-exponential quantum algorithm is known for the classical decoding problem. Then, we show that QDP can even be solved (albeit not necessarily efficiently) beyond the information theoretic Shannon limit for classical decoding. We give precisely the largest noise level where we can solve QDP giving in a sense the information theoretic limit for this new problem. Finally, we study how QDP can be used in the DRT reduction. First, we show that our algorithms can be properly used in the DRT reduction showing that our quantum algorithms for QDP beyond Shannon capacity can be used to find minimal weight codewords in a random code. On the negative side, we show that the DRT reduction cannot be, in all generality, a reduction between finding small codewords and QDP by exhibiting quantum algorithms for QDP where this reduction entirely fails. Our proof techniques include the use of specific quantum measurements, such as q-ary unambiguous state discrimination and pretty good measurements as well as strong concentration bounds on weight distribution of random shifted dual codes, which we relate using quantum Fourier analysis.

Subject Classification

ACM Subject Classification
  • Theory of computation → Quantum information theory
  • Theory of computation → Error-correcting codes
  • Security and privacy → Cryptanalysis and other attacks
Keywords
  • quantum information theory
  • code-based cryptography
  • quantum algorithms

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads

References

  1. Miklós Ajtai. Generating hard instances of lattice problems (extended abstract). In Gary L. Miller, editor, Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, Philadelphia, Pennsylvania, USA, May 22-24, 1996, pages 99-108. ACM, 1996. URL: https://doi.org/10.1145/237814.237838.
  2. Benny Applebaum, Naama Haramaty, Yuval Ishai, Eyal Kushilevitz, and Vinod Vaikuntanathan. Low-complexity cryptographic hash functions. In ITCS, volume 67 of LIPIcs, pages 7:1-7:31. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2017. Google Scholar
  3. Sanjeev Arora and Rong Ge. New algorithms for learning in presence of errors. In Luca Aceto, Monika Henzinger, and Jiří Sgall, editors, Automata, Languages and Programming, volume 6755 of LNCS, pages 403-415. Springer Berlin Heidelberg, 2011. URL: https://doi.org/10.1007/978-3-642-22006-7_34.
  4. H. Barnum and E. Knill. Reversing quantum dynamics with near-optimal quantum and classical fidelity. Journal of Mathematical Physics, 43(5):2097-2106, April 2002. URL: https://doi.org/10.1063/1.1459754.
  5. Anja Becker, Antoine Joux, Alexander May, and Alexander Meurer. Decoding random binary linear codes in 2^n/20: How 1+1 = 0 improves information set decoding. In Advances in Cryptology - EUROCRYPT 2012, LNCS. Springer, 2012. Google Scholar
  6. Leif Both and Alexander May. Optimizing BJMM with Nearest Neighbors: Full Decoding in 2^2/21 n and McEliece Security. In WCC Workshop on Coding and Cryptography, September 2017. URL: http://wcc2017.suai.ru/Proceedings_WCC2017.zip.
  7. Zvika Brakerski, Vadim Lyubashevsky, Vinod Vaikuntanathan, and Daniel Wichs. Worst-case hardness for LPN and cryptographic hashing via code smoothing. In Yuval Ishai and Vincent Rijmen, editors, Advances in Cryptology - EUROCRYPT 2019 - 38th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Darmstadt, Germany, May 19-23, 2019, Proceedings, Part III, volume 11478 of LNCS, pages 619-635. Springer, 2019. URL: https://doi.org/10.1007/978-3-030-17659-4_21.
  8. Kevin Carrier, Thomas Debris-Alazard, Charles Meyer-Hilfiger, and Jean-Pierre Tillich. Statistical decoding 2.0: Reducing decoding to LPN. In Advances in Cryptology - ASIACRYPT 2022, LNCS. Springer, 2022. URL: https://eprint.iacr.org/2022/1000.
  9. André Chailloux, Thomas Debris-Alazard, and Simona Etinski. Classical and quantum algorithms for generic syndrome decoding problems and applications to the lee metric. In Jung Hee Cheon and Jean-Pierre Tillich, editors, Post-Quantum Cryptography, pages 44-62, Cham, 2021. Springer International Publishing. Google Scholar
  10. Anthony Chefles and Stephen M. Barnett. Optimum unambiguous discrimination between linearly independent symmetric states. Physics Letters A, 250(4):223-229, 1998. URL: https://doi.org/10.1016/S0375-9601(98)00827-5.
  11. Yilei Chen, Zihan Hu, Qipeng Liu, Han Luo, and Yaxin Tu. On the hardness of S|LWE⟩ with gaussian and other amplitudes, 2023. URL: https://arxiv.org/abs/2310.00644.
  12. Yilei Chen, Qipeng Liu, and Mark Zhandry. Quantum algorithms for variants of average-case lattice problems via filtering. In Orr Dunkelman and Stefan Dziembowski, editors, Advances in Cryptology - EUROCRYPT 2022 - 41st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Trondheim, Norway, May 30 - June 3, 2022, Proceedings, Part III, volume 13277 of LNCS, pages 372-401. Springer, 2022. URL: https://doi.org/10.1007/978-3-031-07082-2_14.
  13. Thomas Debris-Alazard. Code-based cryptography: Lecture notes, arxiv cs.cr 2304.03541, 2023. Google Scholar
  14. Thomas Debris-Alazard, Maxime Remaud, and Jean-Pierre Tillich. Quantum reduction of finding short code vectors to the decoding problem. IEEE Trans. Inform. Theory, November 2023. in press, see also arXiv:2106.02747 (v2). URL: https://doi.org/10.1109/TIT.2023.3327759.
  15. Il'ya Dumer. Two decoding algorithms for linear codes. Probl. Inf. Transm., 25(1):17-23, 1989. Google Scholar
  16. Oded Goldreich, Shafi Goldwasser, and Dana Ron. Property testing and its connection to learning and approximation. J. ACM, 45(4):653-750, 1998. URL: https://doi.org/10.1145/285055.285060.
  17. Alex B. Grilo, Iordanis Kerenidis, and Timo Zijlstra. Learning-with-errors problem is easy with quantum samples. Phys. Rev. A, 99:032314, March 2019. URL: https://doi.org/10.1103/PhysRevA.99.032314.
  18. Ghazal Kachigar and Jean-Pierre Tillich. Quantum information set decoding algorithms. In Post-Quantum Cryptography 2017, volume 10346 of LNCS, pages 69-89, Utrecht, The Netherlands, June 2017. Springer. Google Scholar
  19. Alexander May, Alexander Meurer, and Enrico Thomae. Decoding random linear codes in O(2^0.054n). In Dong Hoon Lee and Xiaoyun Wang, editors, Advances in Cryptology - ASIACRYPT 2011, volume 7073 of LNCS, pages 107-124. Springer, 2011. Google Scholar
  20. Alexander May and Ilya Ozerov. On computing nearest neighbors with applications to decoding of binary linear codes. In E. Oswald and M. Fischlin, editors, Advances in Cryptology - EUROCRYPT 2015, volume 9056 of LNCS, pages 203-228. Springer, 2015. Google Scholar
  21. Rafael Misoczki, Jean-Pierre Tillich, Nicolas Sendrier, and Paulo S. L. M. Barreto. MDPC-McEliece: New McEliece variants from moderate density parity-check codes, 2012. URL: https://doi.org/10.1109/ISIT.2013.6620590.
  22. Ashley Montanaro. On the distinguishability of random quantum states. Communications in Mathematical Physics, 273, July 2006. URL: https://doi.org/10.1007/s00220-007-0221-7.
  23. Eugene Prange. The use of information sets in decoding cyclic codes. IRE Transactions on Information Theory, 8(5):5-9, 1962. URL: https://doi.org/10.1109/TIT.1962.1057777.
  24. Oded Regev. On lattices, learning with errors, random linear codes, and cryptography. In Proceedings of the 37th Annual ACM Symposium on Theory of Computing, Baltimore, MD, USA, May 22-24, 2005, pages 84-93, 2005. URL: https://doi.org/10.1145/1060590.1060603.
  25. Claude E. Shannon. A mathematical theory of communication. Bell System Technical Journal, 27(3):379-423, 1948. URL: https://doi.org/10.1002/j.1538-7305.1948.tb01338.x.
  26. Damien Stehlé, Ron Steinfeld, Keisuke Tanaka, and Keita Xagawa. Efficient public key encryption based on ideal lattices. In Mitsuru Matsui, editor, Advances in Cryptology - ASIACRYPT 2009, 15th International Conference on the Theory and Application of Cryptology and Information Security, Tokyo, Japan, December 6-10, 2009. Proceedings, volume 5912 of LNCS, pages 617-635. Springer, 2009. URL: https://doi.org/10.1007/978-3-642-10366-7_36.
  27. Jacques Stern. A method for finding codewords of small weight. In G. D. Cohen and J. Wolfmann, editors, Coding Theory and Applications, volume 388 of LNCS, pages 106-113. Springer, 1988. Google Scholar
  28. Takahashi Yamakawa and Mark Zhandry. Verifiable quantum advantage without structure. In 63rd IEEE Annual Symposium on Foundations of Computer Science, FOCS 2022, Denver, CO, USA, October 31 - November 3, 2022, pages 69-74. IEEE, 2022. URL: https://doi.org/10.1109/FOCS54457.2022.00014.
  29. Yu Yu, Jiang Zhang, Jian Weng, Chun Guo, and Xiangxue Li. Collision resistant hashing from sub-exponential learning parity with noise. In ASIACRYPT (2), volume 11922 of Lecture Notes in Computer Science, pages 3-24. Springer, 2019. Google Scholar
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail