Quantum Algorithms for the Approximate k-List Problem and their Application to Lattice Sieving

Elena Kirshanova, Erik Mårtensson, Eamonn Postlethwaite, Subhayan Roy Moulik

Research output: Chapter in Book/Report/Conference proceedingPaper in conference proceedingpeer-review

Abstract

The Shortest Vector Problem (SVP) is one of the mathematical foundations of lattice based cryptography. Lattice sieve algorithms are amongst the foremost methods of solving SVP. The asymptotically fastest known classical and quantum sieves solve SVP in a $d$-dimensional lattice in $2^{\const d + \smallo(d)}$ time steps with $2^{\const' d + \smallo(d)}$ memory for constants $c, c'$. In this work, we give various quantum sieving algorithms that trade computational steps for memory.

We first give a quantum analogue of the classical $k$-Sieve algorithm [Herold--Kirshanova--Laarhoven, PKC'18] in the Quantum Random Access Memory (QRAM) model, achieving an algorithm that heuristically solves SVP in $2^{0.2989d + o(d)}$ time steps using $2^{0.1395d + o(d)}$ memory. This should be compared to the state-of-the-art algorithm [Laarhoven, Ph.D Thesis, 2015] which, in the same model, solves SVP in $2^{0.2653d + o(d)}$ time steps and memory. In the QRAM model these algorithms can be implemented using $\poly(d)$ width quantum circuits.

Secondly, we frame the $k$-Sieve as the problem of $k$-clique listing in a graph and apply quantum $k$-clique finding techniques to the $k$-Sieve.

Finally, we explore the large quantum memory regime by adapting parallel quantum search [Beals et al., Proc. Roy. Soc. A'13] to the $2$-Sieve and giving an analysis in the quantum circuit model. We show how to heuristically solve SVP in $2^{0.1037d + o(d)}$ time steps using $2^{0.2075d + o(d)}$ quantum memory.
Original languageEnglish
Title of host publicationAdvances in Cryptology - ASIACRYPT 2019 - 25th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings
PublisherSpringer
DOIs
Publication statusPublished - 2019
EventAdvances in Cryptology - ASIACRYPT 2019 - 25th International Conference on the Theory and Application of Cryptology and Information Security - Kobe, Japan
Duration: 2019 Dec 82019 Dec 12
Conference number: 25
https://asiacrypt.iacr.org/2019/

Conference

ConferenceAdvances in Cryptology - ASIACRYPT 2019 - 25th International Conference on the Theory and Application of Cryptology and Information Security
Abbreviated titleAsiacrypt
Country/TerritoryJapan
CityKobe
Period2019/12/082019/12/12
Internet address

Subject classification (UKÄ)

  • Other Electrical Engineering, Electronic Engineering, Information Engineering

Free keywords

  • shortest vector problem (SVP)
  • lattice sieving
  • Grover's algorithm
  • approximate $k$-list problem
  • nearest neighbour algorithms
  • distributed computation

Fingerprint

Dive into the research topics of 'Quantum Algorithms for the Approximate k-List Problem and their Application to Lattice Sieving'. Together they form a unique fingerprint.

Cite this