Skip to main content
QUICK REVIEW

[论文解读] Quantum Algorithms for Variants of Average-Case Lattice Problems via Filtering

Poremba, Alexander|arXiv (Cornell University)|Aug 25, 2021
Cryptography and Data Security参考文献 33被引用 5
一句话总结

本文提出了一类新型量子滤波技术,用于解决特定变体的短整数解(SIS)、学习错误(LWE)和外推二面体陪集问题(EDCP)的多项式时间量子算法。该方法可在给定具有非平凡误差分布(如有界均匀分布和拉普拉斯分布)的LWE类量子态、且模数为多项式大小的情况下求解LWE,扩展了先前结果,并解决了这些参数范围内此前未解的量子复杂性问题。

ABSTRACT

Quantum information has the property that measurement is an inherently destructive process. This feature is most apparent in the principle of complementarity, which states that mutually incompatible observables cannot be measured at the same time. Recent work by Broadbent and Islam (TCC 2020) builds on this aspect of quantum mechanics to realize a cryptographic notion called certified deletion. While this remarkable notion enables a classical verifier to be convinced that a (private-key) quantum ciphertext has been deleted by an untrusted party, it offers no additional layer of functionality. In this work, we augment the proof-of-deletion paradigm with fully homomorphic encryption (FHE). We construct the first fully homomorphic encryption scheme with certified deletion - an interactive protocol which enables an untrusted quantum server to compute on encrypted data and, if requested, to simultaneously prove data deletion to a client. Our scheme has the desirable property that verification of a deletion certificate is public; meaning anyone can verify that deletion has taken place. Our main technical ingredient is an interactive protocol by which a quantum prover can convince a classical verifier that a sample from the Learning with Errors (LWE) distribution in the form of a quantum state was deleted. As an application of our protocol, we construct a Dual-Regev public-key encryption scheme with certified deletion, which we then extend towards a (leveled) FHE scheme of the same type. We introduce the notion of Gaussian-collapsing hash functions - a special case of collapsing hash functions defined by Unruh (Eurocrypt 2016) - and we prove the security of our schemes under the assumption that the Ajtai hash function satisfies a certain strong Gaussian-collapsing property in the presence of leakage.

研究动机与目标

  • 通过在非标准参数下求解SIS和LWE的先前未解变体,弥合平均情况格问题量子算法的差距。
  • 通过为给定LWE类量子态构造高效的LWE量子算法,将SIS和EDCP的量子约化框架扩展至LWE。
  • 开发一种新型量子滤波技术,能够从具有结构化误差分布的噪声量子态中提取有用信息。
  • 证明在模数为多项式大小且误差范数有界的SIS和LWE变体在量子环境下是可解的,尽管它们尚未被证明与最坏情况格问题一样困难。
  • 在更广泛的误差分布和参数范围内,推广并改进先前针对EDCP的量子算法。

提出的方法

  • 引入一种量子滤波技术,用于从具有非均匀误差分布的LWE类量子态中提取信息。
  • 将Arora-Ge算法作为子程序,用于求解由滤波后量子态导出的LWE实例。
  • 利用从SIS和EDCP到LWE的量子约化,将问题转化为在特定量子态输入下求解LWE。
  • 应用量子傅里叶变换(QFT)和态制备技术,将EDCP态转换为LWE类态。
  • 对循环矩阵应用Gram-Schmidt正交化,以界定滤波后态的范数,确保非可忽略的成功概率。
  • 应用Chernoff不等式,证明测量结果的集中性,从而确保滤波过程的高成功概率。

实验结果

研究问题

  • RQ1在模数q = poly(n)、范数界β = q/2 − 1且矩阵维度极宽(m = poly(n))的条件下,能否用量子算法求解SIS∞?
  • RQ2在模数为多项式大小、且误差分布为有界均匀或拉普拉斯分布的条件下,能否高效求解LWE?
  • RQ3当误差分布非均匀且模数为多项式大小时,能否使用量子算法在多项式时间内求解EDCP?
  • RQ4所提出的量子滤波技术在成功概率和参数范围覆盖方面是否优于现有方法?
  • RQ5从SIS和EDCP到LWE的量子约化在多大程度上可扩展至非标准参数范围?

主要发现

  • 提出了一种针对模数q = poly(n)、范数界β = q/2 − 1且矩阵维度极宽(m = poly(n))的SIS∞的多项式时间量子算法,解决了长期悬而未决的问题。
  • 本文构造了一种量子算法,可在给定具有有界均匀和拉普拉斯误差分布的LWE类量子态、且模数为多项式大小的条件下求解LWE。
  • 对于EDCP,算法在m = Ω((q−c)^3 · n^{c+1} · q · log q)个样本下,对区间[0, q−c)上的均匀误差分布实现多项式时间求解,优于先前工作。
  • 滤波技术确保测量到有用结果的概率为Ω(m · q / ((2B+1)^3 · 2^{2c})),当m足够大时该概率为非可忽略值。
  • 证明当样本数m ∈ Ω((2B+1)^3 · n^{c+1} · q · log q)时,Arora-Ge算法在滤波样本上的成功概率为1−negl(n),即为高概率成功。
  • 滤波后Gram-Schmidt正交化态的范数下界为√q / ((2B+1)^{1.5} · 2^{q−2B−1}),确保有用测量具有非可忽略振幅。

更好的研究,从现在开始

从论文设计到论文写作,大幅缩短您的研究时间。

无需绑定信用卡

本解读由 AI 生成,并经人工编辑审核。