Quantum Time-Space Tradeoff for Finding Multiple Collision Pairs

Authors Yassine Hamoudi , Frédéric Magniez



PDF
Thumbnail PDF

File

LIPIcs.TQC.2021.1.pdf
  • Filesize: 0.81 MB
  • 21 pages

Document Identifiers

Author Details

Yassine Hamoudi
  • Université de Paris, IRIF, CNRS, F-75013 Paris, France
Frédéric Magniez
  • Université de Paris, IRIF, CNRS, F-75013 Paris, France

Acknowledgements

The authors want to thank the anonymous referees for their valuable comments and suggestions which helped to improve this paper.

Cite AsGet BibTex

Yassine Hamoudi and Frédéric Magniez. Quantum Time-Space Tradeoff for Finding Multiple Collision Pairs. In 16th Conference on the Theory of Quantum Computation, Communication and Cryptography (TQC 2021). Leibniz International Proceedings in Informatics (LIPIcs), Volume 197, pp. 1:1-1:21, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2021)
https://doi.org/10.4230/LIPIcs.TQC.2021.1

Abstract

We study the problem of finding K collision pairs in a random function f : [N] → [N] by using a quantum computer. We prove that the number of queries to the function in the quantum random oracle model must increase significantly when the size of the available memory is limited. Namely, we demonstrate that any algorithm using S qubits of memory must perform a number T of queries that satisfies the tradeoff T³ S ≥ Ω(K³N). Classically, the same question has only been settled recently by Dinur [Dinur, 2020], who showed that the Parallel Collision Search algorithm of van Oorschot and Wiener [Oorschot and Wiener, 1999] achieves the optimal time-space tradeoff of T² S = Θ(K² N). Our result limits the extent to which quantum computing may decrease this tradeoff. Our method is based on a novel application of Zhandry’s recording query technique [Zhandry, 2019] for proving lower bounds in the exponentially small success probability regime. As a second application, we give a simpler proof of the time-space tradeoff T² S ≥ Ω(N³) for sorting N numbers on a quantum computer, which was first obtained by Klauck, Špalek and de Wolf [Klauck et al., 2007].

Subject Classification

ACM Subject Classification
  • Theory of computation → Quantum complexity theory
Keywords
  • Quantum computing
  • query complexity
  • lower bound
  • time-space tradeoff

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads

References

  1. S. Aaronson. Limitations of quantum advice and one-way communication. Theory of Computing, 1(1):1-28, 2005. Google Scholar
  2. S. Aaronson and Y. Shi. Quantum lower bounds for the collision and the element distinctness problems. Journal of the ACM, 51(4):595-605, 2004. Google Scholar
  3. K. Abrahamson. A time-space tradeoff for boolean matrix multiplication. In Proceedings of the 31st Symposium on Foundations of Computer Science (FOCS), pages 412-419, 1990. Google Scholar
  4. G. Adj, D. Cervantes-Vázquez, J.-J. Chi-Domínguez, A. Menezes, and F. Rodríguez-Henríquez. On the cost of computing isogenies between supersingular elliptic curves. In Proceedings of the 25th Conference on Selected Areas in Cryptography (SAC), pages 322-343, 2018. Google Scholar
  5. A. Ambainis. Quantum lower bounds by quantum arguments. Journal of Computer and System Sciences, 64(4):750-767, 2002. Google Scholar
  6. A. Ambainis. Quantum walk algorithm for element distinctness. SIAM Journal on Computing, 37(1):210-239, 2007. Google Scholar
  7. A. Ambainis. A new quantum lower bound method, with an application to a strong direct product theorem for quantum search. Theory of Computing, 6(1):1-25, 2010. Google Scholar
  8. A. Ambainis, R. Špalek, and R. de Wolf. A new quantum lower bound method, with applications to direct product theorems and time-space tradeoffs. Algorithmica, 55(3):422-461, 2009. Google Scholar
  9. P. Beame. A general sequential time-space tradeoff for finding unique elements. SIAM Journal on Computing, 20(2):270-277, 1991. Google Scholar
  10. P. Beame, M. Saks, X. Sun, and E. Vee. Time-space trade-off lower bounds for randomized computation of decision problems. Journal of the ACM, 50(2):154-195, 2003. Google Scholar
  11. D. J. Bernstein. Understanding brute force, 2005. ECRYPT STVL Workshop on Symmetric Key Encryption. Google Scholar
  12. D. J. Bernstein. Cost analysis of hash collisions: Will quantum computers make SHARCS obsolete? In Proceedings of the 4th Workshop on Special-purpose Hardware for Attacking Cryptograhic Systems (SHARCS), pages 105-116, 2009. Google Scholar
  13. A. Borodin, F. E. Fich, F. Meyer auf der Heide, E. Upfal, and A. Wigderson. A time-space tradeoff for element distinctness. SIAM Journal on Computing, 16(1):97-99, 1987. Google Scholar
  14. A. Borodin, M. J. Fischer, D. G. Kirkpatrick, N. A. Lynch, and M. Tompa. A time-space tradeoff for sorting on non-oblivious machines. Journal of Computer and System Sciences, 22(3):351-364, 1981. Google Scholar
  15. M. Boyer, G. Brassard, P. Høyer, and A. Tapp. Tight bounds on quantum searching. Fortschritte der Physik, 46(4-5):493-505, 1998. Google Scholar
  16. G. Brassard, P. Høyer, and A. Tapp. Quantum cryptanalysis of hash and claw-free functions. In Proceedings of the 3rd Latin American Symposium on Theoretical Informatics (LATIN), pages 163-169, 1998. Google Scholar
  17. H. Buhrman and R. de Wolf. Complexity measures and decision tree complexity: A survey. Theoretical Computer Science, 288(1):21-43, 2002. Google Scholar
  18. A. Chakrabarti and Y. Chen. Time-space tradeoffs for the memory game, 2017. http://arxiv.org/abs/1712.01330 [cs.CC].
  19. A. Chiesa, P. Manohar, and N. Spooner. Succinct arguments in the quantum random oracle model. In Proceedings of the 17th Conference on Theory of Cryptography (TCC), pages 1-29, 2019. Google Scholar
  20. J. Czajkowski, C. Majenz, C. Schaffner, and S. Zur. Quantum lazy sampling and game-playing proofs for quantum indifferentiability, 2019. http://arxiv.org/abs/1904.11477v1 [quant-ph].
  21. C. Delaplace, A. Esser, and A. May. Improved low-memory subset sum and LPN algorithms via multiple collisions. In Proceedings of the 17th IMA International Conference on Cryptography and Coding (IMACC), pages 178-199, 2019. Google Scholar
  22. I. Dinur. Tight time-space lower bounds for finding multiple collision pairs and their applications. In Proceedings of the 39th International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT), pages 405-434, 2020. Google Scholar
  23. I. Dinur, O. Dunkelman, N. Keller, and A. Shamir. Efficient dissection of composite problems, with applications to cryptanalysis, knapsacks, and combinatorial search problems. In Proceedings of the 32th International Cryptology Conference (CRYPTO), pages 719-740, 2012. Google Scholar
  24. P. Flajolet and A. M. Odlyzko. Random mapping statistics. In Proceedings of the 7th Workshop on the Theory and Application of Cryptographic Techniques (EUROCRYPT), pages 329-354, 1989. Google Scholar
  25. A. Ghoshal, J. Jaeger, and S. Tessaro. The memory-tightness of authenticated encryption. In Proceedings of the 40th International Cryptology Conference (CRYPTO), pages 127-156, 2020. Google Scholar
  26. A. Hosoyamada and T. Iwata. 4-round Luby-Rackoff construction is a qPRP. In Proceedings of the 25th International Conference on the Theory and Applications of Cryptology and Information Security (ASIACRYPT), pages 145-174, 2019. Google Scholar
  27. J. Jaeger and S. Tessaro. Tight time-memory trade-offs for symmetric encryption. In Proceedings of the 38th International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT), pages 467-497, 2019. Google Scholar
  28. A. Joux and S. Lucks. Improved generic algorithms for 3-collisions. In Proceedings of the 15th International Conference on the Theory and Applications of Cryptology and Information Security (ASIACRYPT), pages 347-363, 2009. Google Scholar
  29. H. Klauck, R. Špalek, and R. de Wolf. Quantum and classical strong direct product theorems and optimal time-space tradeoffs. SIAM Journal on Computing, 36(5):1472-1493, 2007. Google Scholar
  30. Q. Liu and M. Zhandry. On finding quantum multi-collisions. In Proceedings of the 38th International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT), pages 189-218, 2019. Google Scholar
  31. Y. Mansour, N. Nisan, and P. Tiwari. The computational complexity of universal hashing. Theoretical Computer Science, 107(1):121-133, 1993. Google Scholar
  32. P. C. van Oorschot and M. J. Wiener. Parallel collision search with cryptanalytic applications. Journal of Cryptology, 12(1):1-28, 1999. Google Scholar
  33. J. M. Pollard. A Monte Carlo method for factorization. BIT Numerical Mathematics, 15(3):331-334, 1975. Google Scholar
  34. R. Špalek. The multiplicative quantum adversary. In Proceedings of the 23rd Computational Complexity Conference (CCC), pages 237-248, 2008. Google Scholar
  35. S. Tessaro and A. Thiruvengadam. Provable time-memory trade-offs: Symmetric cryptography against memory-bounded adversaries. In Proceedings of the 16th Conference on Theory of Cryptography (TCC), pages 3-32, 2018. Google Scholar
  36. C. van Vredendaal. Reduced memory meet-in-the-middle attack against the NTRU private key. LMS Journal of Computation and Mathematics, 19(A):43-57, 2016. Google Scholar
  37. D. Wagner. A generalized birthday problem. In Proceedings of the 22nd International Cryptology Conference (CRYPTO), pages 288-304, 2002. Google Scholar
  38. M. J. Wiener. The full cost of cryptanalytic attacks. Journal of Cryptology, 17(2):105-124, 2004. Google Scholar
  39. A. C.-C. Yao. Near-optimal time-space tradeoff for element distinctness. SIAM Journal on Computing, 23(5):966-975, 1994. Google Scholar
  40. M. Zhandry. A note on the quantum collision and set equality problems. Quantum Information & Computation, 15(7&8):557-567, 2015. Google Scholar
  41. M. Zhandry. How to record quantum queries, and applications to quantum indifferentiability. In Proceedings of the 39th International Cryptology Conference (CRYPTO), pages 239-268, 2019. Google Scholar
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail