Cryptanalysis of Three Quantum Money Schemes
- URL: http://arxiv.org/abs/2205.10488v2
- Date: Sat, 29 Oct 2022 03:39:54 GMT
- Title: Cryptanalysis of Three Quantum Money Schemes
- Authors: Andriyan Bilyk and Javad Doliskani and Zhiyong Gong
- Abstract summary: We investigate the security assumptions behind three public-key quantum money schemes.
We give a time quantum reduction from a hard problem to a linear algebra problem.
- Score: 1.5254598796939927
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: We investigate the security assumptions behind three public-key quantum money
schemes. Aaronson and Christiano proposed a scheme based on hidden subspaces of
the vector space $\mathbb{F}_2^n$ in 2012. It was conjectured by Pena et al in
2015 that the hard problem underlying the scheme can be solved in
quasi-polynomial time. We confirm this conjecture by giving a polynomial time
quantum algorithm for the underlying problem. Our algorithm is based on
computing the Zariski tangent space of a random point in the hidden subspace.
Zhandry proposed a scheme based on multivariate hash functions in 2017. We
give a polynomial time quantum algorithm for cloning a money state with high
probability. Our algorithm uses the verification circuit of the scheme to
produce a banknote from a given serial number.
Kane, Sharif and Silverberg proposed a scheme based on quaternion algebras in
2021. The underlying hard problem in their scheme is cloning a quantum state
that represents an eigenvector of a set of Hecke operators. We give a
polynomial time quantum reduction from this hard problem to a linear algebra
problem. The latter problem is much easier to understand, and we hope that our
reduction opens new avenues to future cryptanalyses of this scheme.
Related papers
- Learning quantum states prepared by shallow circuits in polynomial time [1.127500169412367]
We learn a constant depth quantum circuit that prepares $vertpsirangle$ on a finite-dimensional lattice.
The algorithm extends to the case when the depth of $U$ is $mathrmpolylog(n)$, with a quasi-polynomial run-time.
As an application, we give an efficient algorithm to test whether an unknown quantum state on a lattice has low or high quantum circuit complexity.
arXiv Detail & Related papers (2024-10-31T04:12:49Z) - An Attack on $p$-adic Lattice Public-key Cryptosystems and Signature Schemes [3.444630356331766]
In this paper, we improve the LVP algorithm in local fields.
We utilize this algorithm to attack the above schemes so that we are able to forge any message and decrypt any ciphertext.
Although these schemes are broken, this work does not mean that $p$-adic lattices are not suitable in constructing cryptographic primitives.
arXiv Detail & Related papers (2024-09-13T12:31:57Z) - Quantum multi-row iteration algorithm for linear systems with non-square coefficient matrices [7.174256268278207]
We propose a quantum algorithm inspired by the classical multi-row iteration method.
Our algorithm places less demand on the coefficient matrix, making it suitable for solving inconsistent systems.
arXiv Detail & Related papers (2024-09-06T03:32:02Z) - Quantum One-Wayness of the Single-Round Sponge with Invertible Permutations [49.1574468325115]
Sponge hashing is a widely used class of cryptographic hash algorithms.
Intrepid permutations have so far remained a fundamental open problem.
We show that finding zero-pairs in a random $2n$-bit permutation requires at least $Omega (2n/2)$ many queries.
arXiv Detail & Related papers (2024-03-07T18:46:58Z) - Quantum Worst-Case to Average-Case Reductions for All Linear Problems [66.65497337069792]
We study the problem of designing worst-case to average-case reductions for quantum algorithms.
We provide an explicit and efficient transformation of quantum algorithms that are only correct on a small fraction of their inputs into ones that are correct on all inputs.
arXiv Detail & Related papers (2022-12-06T22:01:49Z) - Quantum Depth in the Random Oracle Model [57.663890114335736]
We give a comprehensive characterization of the computational power of shallow quantum circuits combined with classical computation.
For some problems, the ability to perform adaptive measurements in a single shallow quantum circuit is more useful than the ability to perform many shallow quantum circuits without adaptive measurements.
arXiv Detail & Related papers (2022-10-12T17:54:02Z) - Adiabatic Quantum Graph Matching with Permutation Matrix Constraints [75.88678895180189]
Matching problems on 3D shapes and images are frequently formulated as quadratic assignment problems (QAPs) with permutation matrix constraints, which are NP-hard.
We propose several reformulations of QAPs as unconstrained problems suitable for efficient execution on quantum hardware.
The proposed algorithm has the potential to scale to higher dimensions on future quantum computing architectures.
arXiv Detail & Related papers (2021-07-08T17:59:55Z) - Lattice sieving via quantum random walks [0.0]
lattice-based cryptography is one of the leading proposals for post-quantum cryptography.
Shortest Vector Problem (SVP) is arguably the most important problem for the cryptanalysis of lattice-based cryptography.
We present an algorithm that has a (heuristic) running time of $20.2570 d + o(d)$ where $d$ is the lattice dimension.
arXiv Detail & Related papers (2021-05-12T11:59:30Z) - Quantum copy-protection of compute-and-compare programs in the quantum random oracle model [48.94443749859216]
We introduce a quantum copy-protection scheme for a class of evasive functions known as " compute-and-compare programs"
We prove that our scheme achieves non-trivial security against fully malicious adversaries in the quantum random oracle model (QROM)
As a complementary result, we show that the same scheme fulfils a weaker notion of software protection, called "secure software leasing"
arXiv Detail & Related papers (2020-09-29T08:41:53Z) - Quantum Garbled Circuits [9.937090317971313]
We show how to compute an encoding of a given quantum circuit and quantum input, from which it is possible to derive the output of the computation and nothing else.
Our protocol has the so-called $Sigma$ format with a single-bit challenge, and allows the inputs to be delayed to the last round.
arXiv Detail & Related papers (2020-06-01T17:07:01Z) - Quantum Gram-Schmidt Processes and Their Application to Efficient State
Read-out for Quantum Algorithms [87.04438831673063]
We present an efficient read-out protocol that yields the classical vector form of the generated state.
Our protocol suits the case that the output state lies in the row space of the input matrix.
One of our technical tools is an efficient quantum algorithm for performing the Gram-Schmidt orthonormal procedure.
arXiv Detail & Related papers (2020-04-14T11:05:26Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.