Two quantum Ising algorithms for the shortest-vector problem

Quantum computers are expected to break today's public key cryptography within a few decades. New cryptosystems are being designed and standardised for the post-quantum era, and a significant proportion of these rely on the hardness of problems like the Shortest Vector Problem to a quantum adversary. In this paper we describe two variants of a quantum Ising algorithm to solve this problem. One variant is spatially efficient, requiring only O(NlogN) qubits where N is the lattice dimension, while the other variant is more robust to noise. Analysis of the algorithms' performance on a quantum annealer and in numerical simulations show that the more qubit-efficient variant will outperform in the long run, while the other variant is more suitable for near-term implementation.

[1]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[2]  Claus-Peter Schnorr,et al.  Lattice basis reduction: Improved practical algorithms and solving subset sum problems , 1991, FCT.

[3]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[4]  Carl Pomerance,et al.  The Development of the Number Field Sieve , 1994 .

[5]  Ashley Montanaro,et al.  Quantum speedup of branch-and-bound algorithms , 2019, Physical Review Research.

[6]  Alán Aspuru-Guzik,et al.  The Matter Simulation (R)evolution , 2018, ACS central science.

[7]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[8]  Ravi Kannan,et al.  Improved algorithms for integer programming and related lattice problems , 1983, STOC.

[9]  Yoshinori Aono,et al.  Quantum Lattice Enumeration and Tweaking Discrete Pruning , 2018, IACR Cryptol. ePrint Arch..

[10]  Seth Lloyd,et al.  Adiabatic quantum computation is equivalent to standard quantum computation , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[11]  Ashley Montanaro,et al.  Quantum walk speedup of backtracking algorithms , 2015, Theory Comput..

[12]  Travis S. Humble,et al.  Quantum supremacy using a programmable superconducting processor , 2019, Nature.

[13]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[14]  Oded Goldreich,et al.  Public-Key Cryptosystems from Lattice Reduction Problems , 1996, CRYPTO.

[15]  Bettina Helfrich,et al.  Algorithms to Construct Minkowski Reduced an Hermite Reduced Lattice Bases , 1985, Theor. Comput. Sci..

[16]  Fang Song,et al.  A quantum algorithm for computing the unit group of an arbitrary degree number field , 2014, STOC.

[17]  U. Fincke,et al.  Improved methods for calculating vectors of short length in a lattice , 1985 .

[18]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[19]  Cong Ling,et al.  Not-so-adiabatic quantum computation for the shortest vector problem , 2019 .

[20]  Michele Mosca,et al.  Solving the Shortest Vector Problem in Lattices Faster Using Quantum Search , 2013, PQCrypto.

[21]  Damien Stehlé,et al.  Learning with Errors and Extrapolated Dihedral Cosets , 2017, Public Key Cryptography.

[22]  H. Neven,et al.  Low-Depth Quantum Simulation of Materials , 2018 .

[23]  Aidan Roy,et al.  Fast clique minor generation in Chimera qubit connectivity graphs , 2015, Quantum Inf. Process..

[24]  Ravi Kumar,et al.  A sieve algorithm for the shortest lattice vector problem , 2001, STOC '01.

[25]  Nicholas Chancellor,et al.  Finding spin glass ground states using quantum walks , 2019, New Journal of Physics.

[26]  Andrew M. Childs,et al.  Spatial search by quantum walk , 2003, quant-ph/0306054.

[27]  Ronald Cramer,et al.  Short Stickelberger Class Relations and Application to Ideal-SVP , 2016, EUROCRYPT.

[28]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[29]  M. Sipser,et al.  Quantum Computation by Adiabatic Evolution , 2000, quant-ph/0001106.

[30]  Daniel A. Lidar,et al.  Adiabatic quantum optimization with the wrong Hamiltonian , 2013, 1310.0529.

[31]  R. Feynman Simulating physics with computers , 1999 .

[32]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[33]  Nicolas Gama,et al.  Lattice Enumeration Using Extreme Pruning , 2010, EUROCRYPT.

[34]  H. Nishimori,et al.  Quantum annealing in the transverse Ising model , 1998, cond-mat/9804280.

[35]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[36]  Steven P. Reinhardt,et al.  Practical Annealing-Based Quantum Computing , 2019, Computer.

[37]  P. Benioff The computer as a physical system: A microscopic quantum mechanical Hamiltonian model of computers as represented by Turing machines , 1980 .

[38]  E. Farhi,et al.  A Quantum Approximate Optimization Algorithm , 2014, 1411.4028.