We consider the problem of efficiently simulating random quantum states and random unitary operators, in a manner which is convincing to unbounded adversaries with black-box oracle access. This problem has previously only been considered for restri
cted adversaries. Against adversaries with an a priori bound on the number of queries, it is well-known that $t$-designs suffice. Against polynomial-time adversaries, one can use pseudorandom states (PRS) and pseudorandom unitaries (PRU), as defined in a recent work of Ji, Liu, and Song; unfortunately, no provably secure construction is known for PRUs. In our setting, we are concerned with unbounded adversaries. Nonetheless, we are able to give stateful quantum algorithms which simulate the ideal object in both settings of interest. In the case of Haar-random states, our simulator is polynomial-time, has negligible error, and can also simulate verification and reflection through the simulated state. This yields an immediate application to quantum money: a money scheme which is information-theoretically unforgeable and untraceable. In the case of Haar-random unitaries, our simulator takes polynomial space, but simulates both forward and inverse access with zero error. These results can be seen as the first significant steps in developing a theory of lazy sampling for random quantum objects.
We establish an uncertainty principle for functions $f: mathbb{Z}/p rightarrow mathbb{F}_q$ with constant support (where $p mid q-1$). In particular, we show that for any constant $S > 0$, functions $f: mathbb{Z}/p rightarrow mathbb{F}_q$ for which $
|text{supp}; {f}| = S$ must satisfy $|text{supp}; hat{f}| = (1 - o(1))p$. The proof relies on an application of Szemeredis theorem; the celebrated improvements by Gowers translate into slightly stronger statements permitting conclusions for functions possessing slowly growing support as a function of $p$.
We are given an integer $d$, a graph $G=(V,E)$, and a uniformly random embedding $f : V rightarrow {0,1}^d$ of the vertices. We are interested in the probability that $G$ can be realized by a scaled Euclidean norm on $mathbb{R}^d$, in the sense that
there exists a non-negative scaling $w in mathbb{R}^d$ and a real threshold $theta > 0$ so that [ (u,v) in E qquad text{if and only if} qquad Vert f(u) - f(v) Vert_w^2 < theta,, ] where $| x |_w^2 = sum_i w_i x_i^2$. These constraints are similar to those found in the Euclidean minimum spanning tree (EMST) realization problem. A crucial difference is that the realization map is (partially) determined by the random variable $f$. In this paper, we consider embeddings $f : V rightarrow { x, y}^d$ for arbitrary $x, y in mathbb{R}$. We prove that arbitrary trees can be realized with high probability when $d = Omega(n log n)$. We prove an analogous result for graphs parametrized by the arboricity: specifically, we show that an arbitrary graph $G$ with arboricity $a$ can be realized with high probability when $d = Omega(n a^2 log n)$. Additionally, if $r$ is the minimum effective resistance of the edges, $G$ can be realized with high probability when $d=Omegaleft((n/r^2)log nright)$. Next, we show that it is necessary to have $d geq binom{n}{2}/6$ to realize random graphs, or $d geq n/2$ to realize random spanning trees of the complete graph. This is true even if we permit an arbitrary embedding $f : V rightarrow { x, y}^d$ for any $x, y in mathbb{R}$ or negative weights. Along the way, we prove a probabilistic analog of Radons theorem for convex sets in ${0,1}^d$. Our tree-realization result can complement existing results on statistical inference for gene expression data which involves realizing a tree, such as [GJP15].
Formulating and designing unforgeable authentication of classical messages in the presence of quantum adversaries has been a challenge, as the familiar classical notions of unforgeability do not directly translate into meaningful notions in the quant
um setting. A particular difficulty is how to fairly capture the notion of predicting an unqueried value when the adversary can query in quantum superposition. In this work, we uncover serious shortcomings in existing approaches, and propose a new definition. We then support its viability by a number of constructions and characterizations. Specifically, we demonstrate a function which is secure according to the existing definition by Boneh and Zhandry, but is clearly vulnerable to a quantum forgery attack, whereby a query supported only on inputs that start with 0 divulges the value of the function on an input that starts with 1. We then propose a new definition, which we call blind-unforgeability (or BU.) This notion matches intuitive unpredictability in all examples studied thus far. It defines a function to be predictable if there exists an adversary which can use partially blinded oracle access to predict values in the blinded region. Our definition (BU) coincides with standard unpredictability (EUF-CMA) in the classical-query setting. We show that quantum-secure pseudorandom functions are BU-secure MACs. In addition, we show that BU satisfies a composition property (Hash-and-MAC) using Bernoulli-preserving hash functions, a new notion which may be of independent interest. Finally, we show that BU is amenable to security reductions by giving a precise bound on the extent to which quantum algorithms can deviate from their usual behavior due to the blinding in the BU security experiment.
Recent results of Kaplan et al., building on previous work by Kuwakado and Morii, have shown that a wide variety of classically-secure symmetric-key cryptosystems can be completely broken by quantum chosen-plaintext attacks (qCPA). In such an attack,
the quantum adversary has the ability to query the cryptographic functionality in superposition. The vulnerable cryptosystems include the Even-Mansour block cipher, the three-round Feistel network, the Encrypted-CBC-MAC, and many others. In this work, we study simple algebraic adaptations of such schemes that replace $(mathbb Z/2)^n$ addition with operations over alternate finite groups--such as $mathbb Z/{2^n}$--and provide evidence that these adaptations are qCPA-secure. These adaptations furthermore retain the classical security properties (and basic structural features) enjoyed by the original schemes. We establish security by treating the (quantum) hardness of the well-studied Hidden Shift problem as a basic cryptographic assumption. We observe that this problem has a number of attractive features in this cryptographic context, including random self-reducibility, hardness amplification, and--in many cases of interest--a reduction from the search version to the decisional version. We then establish, under this assumption, the qCPA-security of several such Hidden Shift adaptations of symmetric-key constructions. We show that a Hidden Shift version of the Even-Mansour block cipher yields a quantum-secure pseudorandom function, and that a Hidden Shift version of the Encrypted CBC-MAC yields a collision-resistant hash function. Finally, we observe that such adaptations frustrate the direct Simons algorithm-based attacks in more general circumstances, e.g., Feistel networks and slide attacks.
We establish a precise relationship between spherical harmonics and Fourier basis functions over a hypercube randomly embedded in the sphere. In particular, we give a bound on the expected Boolean noise sensitivity of a randomly rotated function in t
erms of its spherical sensitivity, which we define according to its evolution under the spherical heat equation. As an application, we prove an average case of the Gotsman-Linial conjecture, bounding the sensitivity of polynomial threshold functions subjected to a random rotation.
Internet supercomputing is an approach to solving partitionable, computation-intensive problems by harnessing the power of a vast number of interconnected computers. This paper presents a new algorithm for the problem of using network supercomputing
to perform a large collection of independent tasks, while dealing with undependable processors. The adversary may cause the processors to return bogus results for tasks with certain probabilities, and may cause a subset $F$ of the initial set of processors $P$ to crash. The adversary is constrained in two ways. First, for the set of non-crashed processors $P-F$, the emph{average} probability of a processor returning a bogus result is inferior to $frac{1}{2}$. Second, the adversary may crash a subset of processors $F$, provided the size of $P-F$ is bounded from below. We consider two models: the first bounds the size of $P-F$ by a fractional polynomial, the second bounds this size by a poly-logarithm. Both models yield adversaries that are much stronger than previously studied. Our randomized synchronous algorithm is formulated for $n$ processors and $t$ tasks, with $nle t$, where depending on the number of crashes each live processor is able to terminate dynamically with the knowledge that the problem is solved with high probability. For the adversary constrained by a fractional polynomial, the round complexity of the algorithm is $O(frac{t}{n^varepsilon}log{n}log{log{n}})$, its work is $O(tlog{n} log{log{n}})$ and message complexity is $O(nlog{n}log{log{n}})$. For the poly-log constrained adversary, the round complexity is $O(t)$, work is $O(t n^{varepsilon})$, %$O(t , poly log{n})$, and message complexity is $O(n^{1+varepsilon})$ %$O(n , poly log{n})$. All bounds are shown to hold with high probability.
We show that there exists a family of groups $G_n$ and nontrivial irreducible representations $rho_n$ such that, for any constant $t$, the average of $rho_n$ over $t$ uniformly random elements $g_1, ldots, g_t in G_n$ has operator norm $1$ with proba
bility approaching 1 as $n rightarrow infty$. More quantitatively, we show that there exist families of finite groups for which $Omega(log log |G|)$ random elements are required to bound the norm of a typical representation below $1$. This settles a conjecture of A. Wigderson.
Blind rendezvous is a fundamental problem in cognitive radio networks. The problem involves a collection of agents (radios) that wish to discover each other in the blind setting where there is no shared infrastructure and they initially have no knowl
edge of each other. Time is divided into discrete slots; spectrum is divided into discrete channels, ${1,2,..., n}$. Each agent may access a single channel in a single time slot and we say that two agents rendezvous when they access the same channel in the same time slot. The model is asymmetric: each agent $A_i$ may only use a particular subset $S_i$ of the channels and different agents may have access to different subsets of channels. The goal is to design deterministic channel hopping schedules for each agent so as to guarantee rendezvous between any pair of agents with overlapping channel sets. Two independent sets of authors, Shin et al. and Lin et al., gave the first constructions guaranteeing asynchronous blind rendezvous in $O(n^2)$ and $O(n^3)$ time, respectively. We present a substantially improved construction guaranteeing that any two agents, $A_i$, $A_j$, will rendezvous in $O(|S_i| |S_j| loglog n)$ time. Our results are the first that achieve nontrivial dependence on $|S_i|$, the size of the set of available channels. This allows us, for example, to save roughly a quadratic factor over the best previous results in the important case when channel subsets have constant size. We also achieve the best possible bound of $O(1)$ time for the symmetric situation; previous works could do no better than $O(n)$. Using the probabilistic method and Ramsey theory we provide evidence in support of our suspicion that our construction is asymptotically optimal for small size channel subsets: we show both a $c |S_i||S_j|$ lower bound and a $c loglog n$ lower bound when $|S_i|, |S_j| leq n/2$.
Knot and link invariants naturally arise from any braided Hopf algebra. We consider the computational complexity of the invariants arising from an elementary family of finite-dimensional Hopf algebras: quantum doubles of finite groups (denoted D(G),
for a group G). Regarding algorithms for these invariants, we develop quantum circuits for the quantum Fourier transform over D(G); in general, we show that when one can uniformly and efficiently carry out the quantum Fourier transform over the centralizers Z(g) of the elements of G, one can efficiently carry out the quantum Fourier transform over D(G). We apply these results to the symmetric groups to yield efficient circuits for the quantum Fourier transform over D(S_n). With such a Fourier transform, it is straightforward to obtain additive approximation algorithms for the related link invariant. Additionally, we show that certain D(G) invariants (such as D(A_n) invariants) are BPP-hard to additively approximate, SBP-hard to multiplicatively approximate, and #P-hard to exactly evaluate. Finally, we make partial progress on the question of simulating anyonic computation in groups uniformly as a function of the group size. In this direction, we provide efficient quantum circuits for the Clebsch-Gordan transform over D(G) for fluxon irreps, i.e., irreps of D(G) characterized by a conjugacy class of G. For general irreps, i.e., those which are associated with a conjugacy class of G and an irrep of a centralizer, we present an efficient implementation under certain conditions such as when there is an efficient Clebsch-Gordan transform over the centralizers. We remark that this also provides a simulation of certain anyonic models of quantum computation, even in circumstances where the group may have size exponential in the size of the circuit.
