-
On the practicality of quantum sieving algorithms for the shortest vector problem
Authors:
Joao F. Doriguello,
George Giapitzakis,
Alessandro Luongo,
Aditya Morolia
Abstract:
One of the main candidates of post-quantum cryptography is lattice-based cryptography. Its cryptographic security against quantum attackers is based on the worst-case hardness of lattice problems like the shortest vector problem (SVP), which asks to find the shortest non-zero vector in an integer lattice. Asymptotic quantum speedups for solving SVP are known and rely on Grover's search. However, t…
▽ More
One of the main candidates of post-quantum cryptography is lattice-based cryptography. Its cryptographic security against quantum attackers is based on the worst-case hardness of lattice problems like the shortest vector problem (SVP), which asks to find the shortest non-zero vector in an integer lattice. Asymptotic quantum speedups for solving SVP are known and rely on Grover's search. However, to assess the security of lattice-based cryptography against these Grover-like quantum speedups, it is necessary to carry out a precise resource estimation beyond asymptotic scalings. In this work, we perform a careful analysis on the resources required to implement several sieving algorithms aided by Grover's search for dimensions of cryptographic interests. For such, we take into account fixed-point quantum arithmetic operations, non-asymptotic Grover's search, the cost of using quantum random access memory (QRAM), different physical architectures, and quantum error correction. We find that even under very optimistic assumptions like circuit-level noise of $10^{-5}$, code cycles of 100 ns, reaction time of 1 $μ$s, and using state-of-the-art arithmetic circuits and quantum error-correction protocols, the best sieving algorithms require $\approx 10^{13}$ physical qubits and $\approx 10^{31}$ years to solve SVP on a lattice of dimension 400, which is roughly the dimension for minimally secure post-quantum cryptographic standards currently being proposed by NIST. We estimate that a 6-GHz-clock-rate single-core classical computer would take roughly the same amount of time to solve the same problem. We conclude that there is currently little to no quantum speedup in the dimensions of cryptographic interest and the possibility of realising a considerable quantum speedup using quantum sieving algorithms would require significant breakthroughs in theoretical protocols and hardware development.
△ Less
Submitted 17 February, 2025; v1 submitted 17 October, 2024;
originally announced October 2024.
-
Quantum generalizations of Glauber and Metropolis dynamics
Authors:
András Gilyén,
Chi-Fang Chen,
Joao F. Doriguello,
Michael J. Kastoryano
Abstract:
Classical Markov Chain Monte Carlo methods have been essential for simulating statistical physical systems and have proven well applicable to other systems with complex degrees of freedom. Motivated by the statistical physics origins, Chen, Kastoryano, and Gilyén [CKG23] proposed a continuous-time quantum thermodynamic analog to Glauber dynamic that is (i) exactly detailed balanced, (ii) efficient…
▽ More
Classical Markov Chain Monte Carlo methods have been essential for simulating statistical physical systems and have proven well applicable to other systems with complex degrees of freedom. Motivated by the statistical physics origins, Chen, Kastoryano, and Gilyén [CKG23] proposed a continuous-time quantum thermodynamic analog to Glauber dynamic that is (i) exactly detailed balanced, (ii) efficiently implementable, and (iii) quasi-local for geometrically local systems. Physically, their construction gives a smooth variant of the Davies' generator derived from weak system-bath interaction. In this work, we give an efficiently implementable discrete-time quantum counterpart to Metropolis sampling that also enjoys the desirable features (i)-(iii). Also, we give an alternative highly coherent quantum generalization of detailed balanced dynamics that resembles another physically derived master equation, and propose a smooth interpolation between this and earlier constructions. We study generic properties of all constructions, including the uniqueness of the fixed-point and the locality of the resulting operators. We hope our results provide a systematic approach to the possible quantum generalizations of classical Glauber and Metropolis dynamics.
△ Less
Submitted 30 May, 2024;
originally announced May 2024.
-
Beyond Bell sampling: stabilizer state learning and quantum pseudorandomness lower bounds on qudits
Authors:
Jonathan Allcock,
Joao F. Doriguello,
Gábor Ivanyos,
Miklos Santha
Abstract:
Bell sampling is a simple yet powerful measurement primitive that has recently attracted a lot of attention, and has proven to be a valuable tool in studying stabiliser states. Unfortunately, however, it is known that Bell sampling fails when used on qu\emph{d}its of dimension $d>2$. In this paper, we explore and quantify the limitations of Bell sampling on qudits, and propose new quantum algorith…
▽ More
Bell sampling is a simple yet powerful measurement primitive that has recently attracted a lot of attention, and has proven to be a valuable tool in studying stabiliser states. Unfortunately, however, it is known that Bell sampling fails when used on qu\emph{d}its of dimension $d>2$. In this paper, we explore and quantify the limitations of Bell sampling on qudits, and propose new quantum algorithms to circumvent the use of Bell sampling in solving two important problems: learning stabiliser states and providing pseudorandomness lower bounds on qudits. More specifically, as our first result, we characterise the output distribution corresponding to Bell sampling on copies of a stabiliser state and show that the output can be uniformly random, and hence reveal no information. As our second result, for $d=p$ prime we devise a quantum algorithm to identify an unknown stabiliser state in $(\mathbb{C}^p)^{\otimes n}$ that uses $O(n)$ copies of the input state and runs in time $O(n^4)$. As our third result, we provide a quantum algorithm that efficiently distinguishes a Haar-random state from a state with non-negligible stabiliser fidelity. As a corollary, any Clifford circuit on qudits of dimension $d$ using $O(\log{n}/\log{d})$ auxiliary non-Clifford single-qudit gates cannot prepare computationally pseudorandom quantum states.
△ Less
Submitted 10 May, 2024;
originally announced May 2024.
-
Quantum Algorithms for the Pathwise Lasso
Authors:
Joao F. Doriguello,
Debbie Lim,
Chi Seng Pun,
Patrick Rebentrost,
Tushar Vaidya
Abstract:
We present a novel quantum high-dimensional linear regression algorithm with an $\ell_1$-penalty based on the classical LARS (Least Angle Regression) pathwise algorithm. Similarly to available classical algorithms for Lasso, our quantum algorithm provides the full regularisation path as the penalty term varies, but quadratically faster per iteration under specific conditions. A quadratic speedup o…
▽ More
We present a novel quantum high-dimensional linear regression algorithm with an $\ell_1$-penalty based on the classical LARS (Least Angle Regression) pathwise algorithm. Similarly to available classical algorithms for Lasso, our quantum algorithm provides the full regularisation path as the penalty term varies, but quadratically faster per iteration under specific conditions. A quadratic speedup on the number of features $d$ is possible by using the simple quantum minimum-finding subroutine from Dürr and Hoyer (arXiv'96) in order to obtain the joining time at each iteration. We then improve upon this simple quantum algorithm and obtain a quadratic speedup both in the number of features $d$ and the number of observations $n$ by using the approximate quantum minimum-finding subroutine from Chen and de Wolf (ICALP'23). In order to do so, we approximately compute the joining times to be searched over by the approximate quantum minimum-finding subroutine. As another main contribution, we prove, via an approximate version of the KKT conditions and a duality gap, that the LARS algorithm (and therefore our quantum algorithm) is robust to errors. This means that it still outputs a path that minimises the Lasso cost function up to a small error if the joining times are only approximately computed. Furthermore, we show that, when the observations are sampled from a Gaussian distribution, our quantum algorithm's complexity only depends polylogarithmically on $n$, exponentially better than the classical LARS algorithm, while keeping the quadratic improvement on $d$. Moreover, we propose a dequantised version of our quantum algorithm that also retains the polylogarithmic dependence on $n$, albeit presenting the linear scaling on $d$ from the standard LARS algorithm. Finally, we prove query lower bounds for classical and quantum Lasso algorithms.
△ Less
Submitted 20 March, 2025; v1 submitted 21 December, 2023;
originally announced December 2023.
-
Do you know what q-means?
Authors:
Joao F. Doriguello,
Alessandro Luongo,
Ewin Tang
Abstract:
Clustering is one of the most important tools for analysis of large datasets, and perhaps the most popular clustering algorithm is Lloyd's iteration for $k$-means. This iteration takes $n$ vectors $V=[v_1,\dots,v_n]\in\mathbb{R}^{n\times d}$ and outputs $k$ centroids $c_1,\dots,c_k\in\mathbb{R}^d$; these partition the vectors into clusters based on which centroid is closest to a particular vector.…
▽ More
Clustering is one of the most important tools for analysis of large datasets, and perhaps the most popular clustering algorithm is Lloyd's iteration for $k$-means. This iteration takes $n$ vectors $V=[v_1,\dots,v_n]\in\mathbb{R}^{n\times d}$ and outputs $k$ centroids $c_1,\dots,c_k\in\mathbb{R}^d$; these partition the vectors into clusters based on which centroid is closest to a particular vector. We present an overall improved version of the "$q$-means" algorithm, the quantum algorithm originally proposed by Kerenidis, Landman, Luongo, and Prakash (NeurIPS'19) which performs $\varepsilon$-$k$-means, an approximate version of $k$-means clustering. Our algorithm does not rely on quantum linear algebra primitives of prior work, but instead only uses QRAM to prepare simple states based on the current iteration's clusters and multivariate quantum amplitude estimation. The time complexity is $\widetilde{O}\big(\frac{\|V\|_F}{\sqrt{n}}\frac{k^{5/2}d}{\varepsilon}(\sqrt{k} + \log{n})\big)$ and maintains the logarithmic dependence on $n$ while improving the dependence on most of the other parameters. We also present a "dequantized" algorithm for $\varepsilon$-$k$-means which runs in $O\big(\frac{\|V\|_F^2}{n}\frac{k^{2}}{\varepsilon^2}(kd + \log{n})\big)$ time. Notably, this classical algorithm matches the logarithmic dependence on $n$ attained by the quantum algorithm.
△ Less
Submitted 20 March, 2025; v1 submitted 18 August, 2023;
originally announced August 2023.
-
Constant-depth circuits for Boolean functions and quantum memory devices using multi-qubit gates
Authors:
Jonathan Allcock,
Jinge Bao,
Joao F. Doriguello,
Alessandro Luongo,
Miklos Santha
Abstract:
We explore the power of the unbounded Fan-Out gate and the Global Tunable gates generated by Ising-type Hamiltonians in constructing constant-depth quantum circuits, with particular attention to quantum memory devices. We propose two types of constant-depth constructions for implementing Uniformly Controlled Gates. These gates include the Fan-In gates defined by…
▽ More
We explore the power of the unbounded Fan-Out gate and the Global Tunable gates generated by Ising-type Hamiltonians in constructing constant-depth quantum circuits, with particular attention to quantum memory devices. We propose two types of constant-depth constructions for implementing Uniformly Controlled Gates. These gates include the Fan-In gates defined by $|x\rangle|b\rangle\mapsto |x\rangle|b\oplus f(x)\rangle$ for $x\in\{0,1\}^n$ and $b\in\{0,1\}$, where $f$ is a Boolean function. The first of our constructions is based on computing the one-hot encoding of the control register $|x\rangle$, while the second is based on Boolean analysis and exploits different representations of $f$ such as its Fourier expansion. Via these constructions, we obtain constant-depth circuits for the quantum counterparts of read-only and read-write memory devices -- Quantum Random Access Memory (QRAM) and Quantum Random Access Gate (QRAG) -- of memory size $n$. The implementation based on one-hot encoding requires either $O(n\log^{(d)}{n}\log^{(d+1)}{n})$ ancillae and $O(n\log^{(d)}{n})$ Fan-Out gates or $O(n\log^{(d)}{n})$ ancillae and $16d-10$ Global Tunable gates, where $d$ is any positive integer and $\log^{(d)}{n} = \log\cdots \log{n}$ is the $d$-times iterated logarithm. On the other hand, the implementation based on Boolean analysis requires $8d-6$ Global Tunable gates at the expense of $O(n^{1/(1-2^{-d})})$ ancillae.
△ Less
Submitted 14 November, 2024; v1 submitted 16 August, 2023;
originally announced August 2023.
-
Quantum algorithm for robust optimization via stochastic-gradient online learning
Authors:
Debbie Lim,
João F. Doriguello,
Patrick Rebentrost
Abstract:
Optimization theory has been widely studied in academia and finds a large variety of applications in industry. The different optimization models in their discrete and/or continuous settings has catered to a rich source of research problems. Robust convex optimization is a branch of optimization theory in which the variables or parameters involved have a certain level of uncertainty. In this work,…
▽ More
Optimization theory has been widely studied in academia and finds a large variety of applications in industry. The different optimization models in their discrete and/or continuous settings has catered to a rich source of research problems. Robust convex optimization is a branch of optimization theory in which the variables or parameters involved have a certain level of uncertainty. In this work, we consider the online robust optimization meta-algorithm by Ben-Tal et al. and show that for a large range of stochastic subgradients, this algorithm has the same guarantee as the original non-stochastic version. We develop a quantum version of this algorithm and show that an at most quadratic improvement in terms of the dimension can be achieved. The speedup is due to the use of quantum state preparation, quantum norm estimation, and quantum multi-sampling. We apply our quantum meta-algorithm to examples such as robust linear programs and robust semidefinite programs and give applications of these robust optimization problems in finance and engineering.
△ Less
Submitted 5 April, 2023;
originally announced April 2023.
-
Decoding probabilistic syndrome measurement and the role of entropy
Authors:
João F. Doriguello
Abstract:
In realistic stabiliser-based quantum error correction there are many ways in which real physical systems deviate from simple toy models of error. Stabiliser measurements may not always be deterministic or may suffer from erasure errors, such that they do not supply syndrome outcomes required for error correction. In this paper, we study the performance of the toric code under a model of probabili…
▽ More
In realistic stabiliser-based quantum error correction there are many ways in which real physical systems deviate from simple toy models of error. Stabiliser measurements may not always be deterministic or may suffer from erasure errors, such that they do not supply syndrome outcomes required for error correction. In this paper, we study the performance of the toric code under a model of probabilistic stabiliser measurement. We find that, even under a completely continuous model of syndrome extraction, the threshold can be maintained at reasonably high values of $1.69\%$ by suitably modifying the decoder using the edge-contraction method of Stace and Barrett (Physical Review A 81, 022317 (2010)), compared to a value of $2.93\%$ for deterministic stabiliser measurements. Finally, we study the role of entropic factors which account for degenerate error configurations for improving on the performance of the decoder. We find that in the limit of completely continuous stabiliser measurement any advantage further provided by these factors becomes negligible in contrast to the case of deterministic measurements.
△ Less
Submitted 22 February, 2023;
originally announced February 2023.
-
A note on the partition bound for one-way classical communication complexity
Authors:
Srinivasan Arunachalam,
João F. Doriguello,
Rahul Jain
Abstract:
We present a linear program for the one-way version of the partition bound (denoted $\mathsf{prt}^1_\varepsilon(f)$). We show that it characterizes one-way randomized communication complexity $\mathsf{R}_\varepsilon^1(f)$ with shared randomness of every partial function $f:\mathcal{X}\times\mathcal{Y}\to\mathcal{Z}$, i.e., for $δ,\varepsilon\in(0,1/2)$,…
▽ More
We present a linear program for the one-way version of the partition bound (denoted $\mathsf{prt}^1_\varepsilon(f)$). We show that it characterizes one-way randomized communication complexity $\mathsf{R}_\varepsilon^1(f)$ with shared randomness of every partial function $f:\mathcal{X}\times\mathcal{Y}\to\mathcal{Z}$, i.e., for $δ,\varepsilon\in(0,1/2)$, $\mathsf{R}_\varepsilon^1(f) \geq \log\mathsf{prt}_\varepsilon^1(f)$ and $\mathsf{R}_{\varepsilon+δ}^1(f) \leq \log\mathsf{prt}_\varepsilon^1(f) + \log\log(1/δ)$. This improves upon the characterization of $\mathsf{R}_\varepsilon^1(f)$ in terms of the rectangle bound (due to Jain and Klauck, 2010) by reducing the additive $O(\log(1/δ))$-term to $\log\log(1/δ)$.
△ Less
Submitted 20 February, 2023;
originally announced February 2023.
-
Quantum algorithm for stochastic optimal stopping problems with applications in finance
Authors:
João F. Doriguello,
Alessandro Luongo,
Jinge Bao,
Patrick Rebentrost,
Miklos Santha
Abstract:
The famous least squares Monte Carlo (LSM) algorithm combines linear least square regression with Monte Carlo simulation to approximately solve problems in stochastic optimal stopping theory. In this work, we propose a quantum LSM based on quantum access to a stochastic process, on quantum circuits for computing the optimal stopping times, and on quantum techniques for Monte Carlo. For this algori…
▽ More
The famous least squares Monte Carlo (LSM) algorithm combines linear least square regression with Monte Carlo simulation to approximately solve problems in stochastic optimal stopping theory. In this work, we propose a quantum LSM based on quantum access to a stochastic process, on quantum circuits for computing the optimal stopping times, and on quantum techniques for Monte Carlo. For this algorithm, we elucidate the intricate interplay of function approximation and quantum algorithms for Monte Carlo. Our algorithm achieves a nearly quadratic speedup in the runtime compared to the LSM algorithm under some mild assumptions. Specifically, our quantum algorithm can be applied to American option pricing and we analyze a case study for the common situation of Brownian motion and geometric Brownian motion processes.
△ Less
Submitted 27 July, 2023; v1 submitted 30 November, 2021;
originally announced November 2021.
-
Matrix hypercontractivity, streaming algorithms and LDCs: the large alphabet case
Authors:
Srinivasan Arunachalam,
Joao F. Doriguello
Abstract:
We prove a hypercontractive inequality for matrix-valued functions defined over large alphabets. In order to do so, we prove a generalization of the powerful $2$-uniform convexity inequality for trace norms of Ball, Carlen, Lieb (Inventiones Mathematicae'94). Using our hypercontractive~inequality, we present upper and lower bounds for the communication complexity of the Hidden Hypermatching proble…
▽ More
We prove a hypercontractive inequality for matrix-valued functions defined over large alphabets. In order to do so, we prove a generalization of the powerful $2$-uniform convexity inequality for trace norms of Ball, Carlen, Lieb (Inventiones Mathematicae'94). Using our hypercontractive~inequality, we present upper and lower bounds for the communication complexity of the Hidden Hypermatching problem defined over large alphabets. We then consider streaming algorithms for approximating the value of Unique Games on a hypergraph with $t$-size hyperedges. By using our communication lower bound, we show that every streaming algorithm in the adversarial model achieving an $(r-\varepsilon)$-approximation of this value requires $Ω(n^{1-2/t})$ quantum space, where $r$ is the alphabet size. We next present a lower bound for locally decodable codes (LDC) $\mathbb{Z}_r^n\to \mathbb{Z}_r^N$ over large alphabets with recoverability probability at least $1/r + \varepsilon$. Using hypercontractivity, we give an exponential lower bound $N = 2^{Ω(\varepsilon^4 n/r^4)}$ for $2$-query (possibly non-linear) LDCs over $\mathbb{Z}_r$ and using the non-commutative Khintchine inequality we prove an improved lower bound of $N = 2^{Ω(\varepsilon^2 n/r^2)}$.
△ Less
Submitted 11 November, 2024; v1 submitted 6 September, 2021;
originally announced September 2021.
-
Quantum Random Access Codes for Boolean Functions
Authors:
João F. Doriguello,
Ashley Montanaro
Abstract:
An $n\overset{p}{\mapsto}m$ random access code (RAC) is an encoding of $n$ bits into $m$ bits such that any initial bit can be recovered with probability at least $p$, while in a quantum RAC (QRAC), the $n$ bits are encoded into $m$ qubits. Since its proposal, the idea of RACs was generalized in many different ways, e.g. allowing the use of shared entanglement (called entanglement-assisted random…
▽ More
An $n\overset{p}{\mapsto}m$ random access code (RAC) is an encoding of $n$ bits into $m$ bits such that any initial bit can be recovered with probability at least $p$, while in a quantum RAC (QRAC), the $n$ bits are encoded into $m$ qubits. Since its proposal, the idea of RACs was generalized in many different ways, e.g. allowing the use of shared entanglement (called entanglement-assisted random access code, or simply EARAC) or recovering multiple bits instead of one. In this paper we generalize the idea of RACs to recovering the value of a given Boolean function $f$ on any subset of fixed size of the initial bits, which we call $f$-random access codes. We study and give protocols for $f$-random access codes with classical ($f$-RAC) and quantum ($f$-QRAC) encoding, together with many different resources, e.g. private or shared randomness, shared entanglement ($f$-EARAC) and Popescu-Rohrlich boxes ($f$-PRRAC). The success probability of our protocols is characterized by the \emph{noise stability} of the Boolean function $f$. Moreover, we give an \emph{upper bound} on the success probability of any $f$-QRAC with shared randomness that matches its success probability up to a multiplicative constant (and $f$-RACs by extension), meaning that quantum protocols can only achieve a limited advantage over their classical counterparts.
△ Less
Submitted 4 March, 2021; v1 submitted 12 November, 2020;
originally announced November 2020.
-
Exponential quantum communication reductions from generalizations of the Boolean Hidden Matching problem
Authors:
João F. Doriguello,
Ashley Montanaro
Abstract:
In this work we revisit the Boolean Hidden Matching communication problem, which was the first communication problem in the one-way model to demonstrate an exponential classical-quantum communication separation. In this problem, Alice's bits are matched into pairs according to a partition that Bob holds. These pairs are compressed using a Parity function and it is promised that the final bit-strin…
▽ More
In this work we revisit the Boolean Hidden Matching communication problem, which was the first communication problem in the one-way model to demonstrate an exponential classical-quantum communication separation. In this problem, Alice's bits are matched into pairs according to a partition that Bob holds. These pairs are compressed using a Parity function and it is promised that the final bit-string is equal either to another bit-string Bob holds, or its complement. The problem is to decide which case is the correct one. Here we generalize the Boolean Hidden Matching problem by replacing the parity function with an arbitrary Boolean function $f$. Efficient communication protocols are presented depending on the sign-degree of $f$. If its sign-degree is less than or equal to 1, we show an efficient classical protocol. If its sign-degree is less than or equal to $2$, we show an efficient quantum protocol. We then completely characterize the classical hardness of all symmetric functions $f$ of sign-degree greater than or equal to $2$, except for one family of specific cases. We also prove, via Fourier analysis, a classical lower bound for any function $f$ whose pure high degree is greater than or equal to $2$. Similarly, we prove, also via Fourier analysis, a quantum lower bound for any function $f$ whose pure high degree is greater than or equal to $3$. These results give a large family of new exponential classical-quantum communication separations.
△ Less
Submitted 17 August, 2021; v1 submitted 15 January, 2020;
originally announced January 2020.
-
Quantum sketching protocols for Hamming distance and beyond
Authors:
João F. Doriguello,
Ashley Montanaro
Abstract:
In this work we use the concept of quantum fingerprinting to develop a quantum communication protocol in the simultaneous message passing model that calculates the Hamming distance between two $n$-bit strings up to relative error $ε$. The number of qubits communicated by the protocol is polynomial in $\log{n}$ and $1/ε$, while any classical protocol must communicate $Ω(\sqrt{n})$ bits. Motivated b…
▽ More
In this work we use the concept of quantum fingerprinting to develop a quantum communication protocol in the simultaneous message passing model that calculates the Hamming distance between two $n$-bit strings up to relative error $ε$. The number of qubits communicated by the protocol is polynomial in $\log{n}$ and $1/ε$, while any classical protocol must communicate $Ω(\sqrt{n})$ bits. Motivated by the relationship between Hamming distance and vertex distance in hypercubes, we apply the protocol to approximately calculate distances between vertices in graphs that can be embedded into a hypercube such that all distances are preserved up to a constant factor. Such graphs are known as $\ell_1$-graphs. This class includes all trees, median graphs, Johnson graphs and Hamming graphs. Our protocol is efficient for $\ell_1$-graphs with low diameter, and we show that its dependence on the diameter is essentially optimal. Finally, we show that our protocol can be used to approximately compute $\ell_1$-distances between vectors efficiently.
△ Less
Submitted 26 August, 2022; v1 submitted 30 October, 2018;
originally announced October 2018.
