Optimal Merging in Quantum k-xor and k-xor-sum Algorithms

The k-xor or Generalized Birthday Problem aims at finding, given k lists of bit-strings, a k-tuple among them XORing to 0. If the lists are unbounded, the best classical (exponential) time complexity has withstood since Wagner’s CRYPTO 2002 paper. If the lists are bounded (of the same size) and such that there is a single solution, the dissection algorithms of Dinur et al. (CRYPTO 2012) improve the memory usage over a simple meet-in-the-middle.

[1]  I. Chuang,et al.  Quantum Computation and Quantum Information: Introduction to the Tenth Anniversary Edition , 2010 .

[2]  María Naya-Plasencia,et al.  Correction to: Optimal Merging in Quantum k-xor and k-sum Algorithms , 2020, IACR Cryptol. ePrint Arch..

[3]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[4]  Greg Kuperberg,et al.  Another Subexponential-time Quantum Algorithm for the Dihedral Hidden Subgroup Problem , 2011, TQC.

[5]  Mark Zhandry,et al.  A note on the quantum collision and set equality problems , 2013, Quantum Inf. Comput..

[6]  Itai Dinur,et al.  An algorithmic framework for the generalized birthday problem , 2019, IACR Cryptol. ePrint Arch..

[7]  Shi Bai,et al.  Improved Combinatorial Algorithms for the Inhomogeneous Short Integer Solution Problem , 2018, Journal of Cryptology.

[8]  Leif Both,et al.  The Approximate k-List Problem , 2017, IACR Trans. Symmetric Cryptol..

[9]  Marc Kaplan,et al.  Quantum attacks against iterated block ciphers , 2014, ArXiv.

[10]  Aleksandrs Belovs,et al.  Adversary lower bound for the k-sum problem , 2012, ITCS '13.

[11]  Adi Shamir,et al.  A T=O(2n/2), S=O(2n/4) Algorithm for Certain NP-Complete Problems , 1981, SIAM J. Comput..

[12]  David A. Wagner,et al.  A Generalized Birthday Problem , 2002, CRYPTO.

[13]  Gilles Brassard,et al.  Quantum Algorithm for the Collision Problem , 2016, Encyclopedia of Algorithms.

[14]  Gilles Brassard,et al.  Strengths and Weaknesses of Quantum Computing , 1997, SIAM J. Comput..

[15]  Andris Ambainis,et al.  Quantum walk algorithm for element distinctness , 2003, 45th Annual IEEE Symposium on Foundations of Computer Science.

[16]  Leif Both,et al.  Decoding Linear Codes with High Error Rate and its Impact for LPN Security , 2017, IACR Cryptol. ePrint Arch..

[17]  Antoine Joux,et al.  Improved Generic Algorithms for Hard Knapsacks , 2011, IACR Cryptol. ePrint Arch..

[18]  Alistair Sinclair,et al.  The Extended k-tree Algorithm , 2011, Journal of Cryptology.

[19]  Adi Shamir,et al.  Efficient Dissection of Composite Problems, with Applications to Cryptanalysis, Knapsacks, and Combinatorial Search Problems , 2012, CRYPTO.

[20]  Yu Sasaki,et al.  Quantum Multicollision-Finding Algorithm , 2017, ASIACRYPT.

[21]  Gilles Brassard,et al.  Quantum Cryptanalysis of Hash and Claw-Free Functions , 1998, LATIN.

[22]  María Naya-Plasencia,et al.  An Efficient Quantum Collision Search Algorithm and Implications on Symmetric Cryptography , 2017, ASIACRYPT.

[23]  Peter Schwabe,et al.  Implementing Wagner's generalized birthday attack against the SHA-3 round-1 candidate FSB , 2009, IACR Cryptol. ePrint Arch..

[24]  María Naya-Plasencia,et al.  Quantum Algorithms for the k -xor Problem , 2018, ASIACRYPT.

[25]  Scott Aaronson,et al.  Quantum lower bounds for the collision and the element distinctness problems , 2004, JACM.

[26]  Tanja Lange,et al.  Quantum Algorithms for the Subset-Sum Problem , 2013, PQCrypto.

[27]  Yu Sasaki,et al.  Refinements of the k-tree Algorithm for the Generalized Birthday Problem , 2015, ASIACRYPT.

[28]  G. Brassard,et al.  Quantum Amplitude Amplification and Estimation , 2000, quant-ph/0005055.

[29]  Jacques Patarin,et al.  The Knapsack Hash Function proposed at Crypto'89 can be broken , 1991, EUROCRYPT.