Results 1  10
of
2,372
On Lattices, Learning with Errors, Random Linear Codes, and Cryptography
 In STOC
, 2005
"... Our main result is a reduction from worstcase lattice problems such as SVP and SIVP to a certain learning problem. This learning problem is a natural extension of the ‘learning from parity with error’ problem to higher moduli. It can also be viewed as the problem of decoding from a random linear co ..."
Abstract

Cited by 366 (6 self)
 Add to MetaCart
(Show Context)
Our main result is a reduction from worstcase lattice problems such as SVP and SIVP to a certain learning problem. This learning problem is a natural extension of the ‘learning from parity with error’ problem to higher moduli. It can also be viewed as the problem of decoding from a random linear code. This, we believe, gives a strong indication that these problems are hard. Our reduction, however, is quantum. Hence, an efficient solution to the learning problem implies a quantum algorithm for SVP and SIVP. A main open question is whether this reduction can be made classical. We also present a (classical) publickey cryptosystem whose security is based on the hardness of the learning problem. By the main result, its security is also based on the worstcase quantum hardness of SVP and SIVP. Previous latticebased publickey cryptosystems such as the one by Ajtai and Dwork were based only on uniqueSVP, a special case of SVP. The new cryptosystem is much more efficient than previous cryptosystems: the public key is of size Õ(n2) and encrypting a message increases its size by a factor of Õ(n) (in previous cryptosystems these values are Õ(n4) and Õ(n2), respectively). In fact, under the assumption that all parties share a random bit string of length Õ(n2), the size of the public key can be reduced to Õ(n). 1
Complexity Measures and Decision Tree Complexity: A Survey
 Theoretical Computer Science
, 2000
"... We discuss several complexity measures for Boolean functions: certificate complexity, sensitivity, block sensitivity, and the degree of a representing or approximating polynomial. We survey the relations and biggest gaps known between these measures, and show how they give bounds for the decision tr ..."
Abstract

Cited by 205 (17 self)
 Add to MetaCart
(Show Context)
We discuss several complexity measures for Boolean functions: certificate complexity, sensitivity, block sensitivity, and the degree of a representing or approximating polynomial. We survey the relations and biggest gaps known between these measures, and show how they give bounds for the decision tree complexity of Boolean functions on deterministic, randomized, and quantum computers. 1 Introduction Computational Complexity is the subfield of Theoretical Computer Science that aims to understand "how much" computation is necessary and sufficient to perform certain computational tasks. For example, given a computational problem it tries to establish tight upper and lower bounds on the length of the computation (or on other resources, like space). Unfortunately, for many, practically relevant, computational problems no tight bounds are known. An illustrative example is the well known P versus NP problem: for all NPcomplete problems the current upper and lower bounds lie exponentially ...
Experimental realization of Shor’s quantum factoring algorithm using nuclear magnetic resonance
, 2001
"... The number of steps any classical computer requires in order to find the prime factors of an ldigit integer N increases exponentially with l, at least using algorithms [1] known at present. Factoring large integers is therefore conjectured to be intractable classically, an observation underlying th ..."
Abstract

Cited by 152 (5 self)
 Add to MetaCart
The number of steps any classical computer requires in order to find the prime factors of an ldigit integer N increases exponentially with l, at least using algorithms [1] known at present. Factoring large integers is therefore conjectured to be intractable classically, an observation underlying the security of widely used cryptographic codes [1, 2]. Quantum computers [3], however, could factor integers in only polynomial time, using Shor’s quantum factoring algorithm [4, 5, 6]. Although important for the study of quantum computers [7], experimental demonstration of this algorithm has proved elusive [8, 9, 10]. Here we report an implementation of the simplest instance of Shor’s algorithm: factorization of N=15 (whose prime factors are 3 and 5). We use seven spin1/2 nuclei in a molecule as quantum bits [11, 12], which can be manipulated with room temperature liquid state nuclear magnetic resonance techniques. This method of using nuclei to store quantum information is in principle scalable to many quantum bit systems [13], but such scalability is not implied by the present work. The significance of our work lies in the demonstration of experimental and theoretical techniques for precise control and modelling of complex quantum
Exponential lower bound for 2query locally decodable codes via a quantum argument
 Journal of Computer and System Sciences
, 2003
"... Abstract A locally decodable code encodes nbit strings x in mbit codewords C(x) in such a way that one can recover any bit xi from a corrupted codeword by querying only a few bits of that word. We use a quantum argument to prove that LDCs with 2 classical queries require exponential length: m = 2 ..."
Abstract

Cited by 139 (15 self)
 Add to MetaCart
Abstract A locally decodable code encodes nbit strings x in mbit codewords C(x) in such a way that one can recover any bit xi from a corrupted codeword by querying only a few bits of that word. We use a quantum argument to prove that LDCs with 2 classical queries require exponential length: m = 2 \Omega (n). Previously this was known only for linear codes (Goldreich et al. 02). The
Quantum Walks on Graphs
, 2002
"... We set the ground for a theory of quantum walks on graphsthe generalization of random walks on finite graphs to the quantum world. Such quantum walks do not converge to any stationary distribution, as they are unitary and reversible. However, by suitably relaxing the definition, we can obtain a meas ..."
Abstract

Cited by 122 (6 self)
 Add to MetaCart
(Show Context)
We set the ground for a theory of quantum walks on graphsthe generalization of random walks on finite graphs to the quantum world. Such quantum walks do not converge to any stationary distribution, as they are unitary and reversible. However, by suitably relaxing the definition, we can obtain a measure of how fast the quantum walk spreads or how confined the quantum walk stays in a small neighborhood. We give definitions of mixing time, filling time, dispersion time. We show that in all these measures, the quantum walk on the cycle is almost quadratically faster then its classical correspondent. On the other hand, we give a lower bound on the possible speed up by quantum walks for general graphs, showing that quantum walks can be at most polynomially faster than their classical counterparts.
A modular functor which is universal for quantum computation
 Comm. Math. Phys
"... Abstract: We show that the topological modular functor from Witten–Chern–Simons theory is universal for quantum computation in the sense that a quantum circuit computation can be efficiently approximated by an intertwining action of a braid on the functor’s state space. A computational model based o ..."
Abstract

Cited by 121 (18 self)
 Add to MetaCart
Abstract: We show that the topological modular functor from Witten–Chern–Simons theory is universal for quantum computation in the sense that a quantum circuit computation can be efficiently approximated by an intertwining action of a braid on the functor’s state space. A computational model based on Chern–Simons theory at a fifth root of unity is defined and shown to be polynomially equivalent to the quantum circuit model. The chief technical advance: the density of the irreducible sectors of the Jones representation has topological implications which will be considered elsewhere. 1.
Consequences and Limits of Nonlocal Strategies
, 2010
"... Thispaperinvestigatesthepowersandlimitationsofquantum entanglementinthecontext of cooperative games of incomplete information. We give several examples of such nonlocal games where strategies that make use of entanglement outperform all possible classical strategies. One implication ofthese examples ..."
Abstract

Cited by 120 (20 self)
 Add to MetaCart
(Show Context)
Thispaperinvestigatesthepowersandlimitationsofquantum entanglementinthecontext of cooperative games of incomplete information. We give several examples of such nonlocal games where strategies that make use of entanglement outperform all possible classical strategies. One implication ofthese examplesis that entanglement canprofoundly affectthesoundness property of twoprover interactive proof systems. We then establish limits on the probability with which strategies making use of entanglement can win restricted types of nonlocal games. These upperbounds mayberegardedasgeneralizationsof Tsirelsontypeinequalities, which place bounds on the extent to which quantum information can allow for the violation of Bell inequalities. We also investigate the amount of entanglement required by optimal and nearly optimal quantum strategies forsome games.
Entanglementassisted capacity of a quantum channel and the reverse shannon theorem
 IEEE Trans. Inf. Theory
, 2002
"... Abstract—The entanglementassisted classical capacity of a noisy quantum channel ( ) is the amount of information per channel use that can be sent over the channel in the limit of many uses of the channel, assuming that the sender and receiver have access to the resource of shared quantum entangleme ..."
Abstract

Cited by 114 (6 self)
 Add to MetaCart
(Show Context)
Abstract—The entanglementassisted classical capacity of a noisy quantum channel ( ) is the amount of information per channel use that can be sent over the channel in the limit of many uses of the channel, assuming that the sender and receiver have access to the resource of shared quantum entanglement, which may be used up by the communication protocol. We show that the capacity is given by an expression parallel to that for the capacity of a purely classical channel: i.e., the maximum, over channel inputs, of the entropy of the channel input plus the entropy of the channel output minus their joint entropy, the latter being defined as the entropy of an entangled purification of after half of it has passed through the channel. We calculate entanglementassisted capacities for two interesting quantum channels, the qubit amplitude damping channel and the bosonic channel with amplification/attenuation and Gaussian noise. We discuss how many independent parameters are required to completely characterize the asymptotic behavior of a general quantum channel, alone or in the presence of ancillary resources such as prior entanglement. In the classical analog of entanglementassisted communication—communication over a discrete memoryless channel (DMC) between parties who share prior random information—we show that one parameter is sufficient, i.e., that in the presence of prior shared random information, all DMCs of equal capacity can simulate one another with unit asymptotic efficiency. Index Terms—Channel capacity, entanglement, quantum information, Shannon theory. I.