The Parallel Reversible Pebbling Game: Analyzing the Post-Quantum
Security of iMHFs
- URL: http://arxiv.org/abs/2110.04191v3
- Date: Tue, 11 Oct 2022 20:59:04 GMT
- Title: The Parallel Reversible Pebbling Game: Analyzing the Post-Quantum
Security of iMHFs
- Authors: Jeremiah Blocki and Blake Holman and Seunghoon Lee
- Abstract summary: We introduce a new parallel reversible pebbling game which captures additional restrictions imposed by the No-Deletion Theorem in Quantum Computing.
We apply our new reversible pebbling game to analyze the reversible space-time complexity of several important graphs.
- Score: 6.305950347749109
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: The classical (parallel) black pebbling game is a useful abstraction which
allows us to analyze the resources (space, space-time, cumulative space)
necessary to evaluate a function $f$ with a static data-dependency graph $G$.
Of particular interest in the field of cryptography are data-independent
memory-hard functions $f_{G,H}$ which are defined by a directed acyclic graph
(DAG) $G$ and a cryptographic hash function $H$. The pebbling complexity of the
graph $G$ characterizes the amortized cost of evaluating $f_{G,H}$ multiple
times as well as the total cost to run a brute-force preimage attack over a
fixed domain $\mathcal{X}$, i.e., given $y \in \{0,1\}^*$ find $x \in
\mathcal{X}$ such that $f_{G,H}(x)=y$. While a classical attacker will need to
evaluate the function $f_{G,H}$ at least $m=|\mathcal{X}|$ times a quantum
attacker running Grover's algorithm only requires $\mathcal{O}(\sqrt{m})$
blackbox calls to a quantum circuit $C_{G,H}$ evaluating the function
$f_{G,H}$. Thus, to analyze the cost of a quantum attack it is crucial to
understand the space-time cost (equivalently width times depth) of the quantum
circuit $C_{G,H}$. We first observe that a legal black pebbling strategy for
the graph $G$ does not necessarily imply the existence of a quantum circuit
with comparable complexity -- in contrast to the classical setting where any
efficient pebbling strategy for $G$ corresponds to an algorithm with comparable
complexity evaluating $f_{G,H}$. Motivated by this observation we introduce a
new parallel reversible pebbling game which captures additional restrictions
imposed by the No-Deletion Theorem in Quantum Computing. We apply our new
reversible pebbling game to analyze the reversible space-time complexity of
several important graphs: Line Graphs, Argon2i-A, Argon2i-B, and DRSample. (See
the paper for the full abstract.)
Related papers
- Implementation of Continuous-Time Quantum Walk on Sparse Graph [0.0]
Continuous-time quantum walks (CTQWs) play a crucial role in quantum computing.
How to efficiently implement CTQWs is a challenging issue.
In this paper, we study implementation of CTQWs on sparse graphs.
arXiv Detail & Related papers (2024-08-20T05:20:55Z) - On the instance optimality of detecting collisions and subgraphs [7.055459105099637]
We investigate the unlabeled instance optimality of substructure detection problems in graphs and functions.
A problem is $g(n)$-instance optimal if it admits an algorithm $A$ satisfying that for any possible input.
Our results point to a trichotomy of unlabeled instance optimality among substructure detection problems in graphs and functions.
arXiv Detail & Related papers (2023-12-15T20:50:03Z) - Universality of graph homomorphism games and the quantum coloring
problem [0.0]
We show that quantum graph parameters encode winning strategies for all possible synchronous non-local games.
Winning strategies for a synchronous game can be transformed into winning strategies for an associated graph coloring game.
arXiv Detail & Related papers (2023-05-29T14:28:28Z) - On the Unlikelihood of D-Separation [69.62839677485087]
We provide analytic evidence that on large graphs, d-separation is a rare phenomenon, even when guaranteed to exist.
For the PC Algorithm, while it is known that its worst-case guarantees fail on non-sparse graphs, we show that the same is true for the average case.
For UniformSGS, while it is known that the running time is exponential for existing edges, we show that in the average case, that is the expected running time for most non-existing edges as well.
arXiv Detail & Related papers (2023-03-10T00:11:18Z) - From Bit-Parallelism to Quantum String Matching for Labelled Graphs [0.0]
Many problems that can be solved in quadratic time have bit-parallel speed-ups with factor $w$, where $w$ is the computer word size.
We show that a simple bit-parallel algorithm on such restricted family of graphs can indeed be converted into a realistic quantum algorithm.
arXiv Detail & Related papers (2023-02-06T15:14:34Z) - Mind the gap: Achieving a super-Grover quantum speedup by jumping to the
end [114.3957763744719]
We present a quantum algorithm that has rigorous runtime guarantees for several families of binary optimization problems.
We show that the algorithm finds the optimal solution in time $O*(2(0.5-c)n)$ for an $n$-independent constant $c$.
We also show that for a large fraction of random instances from the $k$-spin model and for any fully satisfiable or slightly frustrated $k$-CSP formula, statement (a) is the case.
arXiv Detail & Related papers (2022-12-03T02:45:23Z) - Beyond the Berry Phase: Extrinsic Geometry of Quantum States [77.34726150561087]
We show how all properties of a quantum manifold of states are fully described by a gauge-invariant Bargmann.
We show how our results have immediate applications to the modern theory of polarization.
arXiv Detail & Related papers (2022-05-30T18:01:34Z) - Quantum double aspects of surface code models [77.34726150561087]
We revisit the Kitaev model for fault tolerant quantum computing on a square lattice with underlying quantum double $D(G)$ symmetry.
We show how our constructions generalise to $D(H)$ models based on a finite-dimensional Hopf algebra $H$.
arXiv Detail & Related papers (2021-06-25T17:03:38Z) - Quantum speedups for dynamic programming on $n$-dimensional lattice
graphs [0.11470070927586015]
We show a quantum algorithm with complexity $widetilde O(T_Dn)$, where $T_D D+1$.
While the best known classical algorithm is $textpoly(m,n)log n T_Dn$, the time complexity of our quantum algorithm is $textpoly(m,n)log n T_Dn$.
arXiv Detail & Related papers (2021-04-29T14:50:03Z) - An Optimal Separation of Randomized and Quantum Query Complexity [67.19751155411075]
We prove that for every decision tree, the absolute values of the Fourier coefficients of a given order $ellsqrtbinomdell (1+log n)ell-1,$ sum to at most $cellsqrtbinomdell (1+log n)ell-1,$ where $n$ is the number of variables, $d$ is the tree depth, and $c>0$ is an absolute constant.
arXiv Detail & Related papers (2020-08-24T06:50:57Z) - Streaming Complexity of SVMs [110.63976030971106]
We study the space complexity of solving the bias-regularized SVM problem in the streaming model.
We show that for both problems, for dimensions of $frac1lambdaepsilon$, one can obtain streaming algorithms with spacely smaller than $frac1lambdaepsilon$.
arXiv Detail & Related papers (2020-07-07T17:10:00Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.