Hidden Symmetry Subgroup Problems

Similar documents
Graph isomorphism, the hidden subgroup problem and identifying quantum states

Lecture 15: The Hidden Subgroup Problem

Quantum algorithms (CO 781, Winter 2008) Prof. Andrew Childs, University of Waterloo LECTURE 6: Quantum query complexity of the HSP

Quantum algorithms for hidden nonlinear structures

Quantum Algorithm for Identifying Hidden Polynomial Function Graphs

Quantum Computing Lecture Notes, Extra Chapter. Hidden Subgroup Problem

Graph Isomorphism is in SPP

7 Semidirect product. Notes 7 Autumn Definition and properties

FINITE GROUP THEORY: SOLUTIONS FALL MORNING 5. Stab G (l) =.

Homework 2 /Solutions

CONSEQUENCES OF THE SYLOW THEOREMS

Selected exercises from Abstract Algebra by Dummit and Foote (3rd edition).

The Hunt for a Quantum Algorithm for Graph Isomorphism

Quantum Algorithms Lecture #2. Stephen Jordan

Factoring integers with a quantum computer

Gábor Ivanyos SZTAKI, Hungarian Academy of Sciences, H-1111 Budapest, Hungary. CNRS LRI, UMR 8623, Université Paris Sud, Orsay, France

Page Points Possible Points. Total 200

Definitions. Notations. Injective, Surjective and Bijective. Divides. Cartesian Product. Relations. Equivalence Relations

Introduction to Quantum Computing

Ph 219b/CS 219b. Exercises Due: Wednesday 22 February 2006

Ph 219b/CS 219b. Exercises Due: Wednesday 11 February 2009

Classical simulations of non-abelian quantum Fourier transforms

LECTURES 11-13: CAUCHY S THEOREM AND THE SYLOW THEOREMS

arxiv: v1 [quant-ph] 23 Apr 2007

The non-injective hidden shift problem

Lecture 21: HSP via the Pretty Good Measurement

Problem 1.1. Classify all groups of order 385 up to isomorphism.

Algebra SEP Solutions

arxiv:quant-ph/ v1 2 Feb 2001

From the Shortest Vector Problem to the Dihedral Hidden Subgroup Problem

Quantum Algorithm for Identifying Hidden Polynomial Function Graphs

Course 311: Abstract Algebra Academic year

From the shortest vector problem to the dihedral hidden subgroup problem

Solution to the Hidden Subgroup Problem for a Class of Noncommutative Groups

SOLVING SOLVABLE QUINTICS. D. S. Dummit

Stab(t) = {h G h t = t} = {h G h (g s) = g s} = {h G (g 1 hg) s = s} = g{k G k s = s} g 1 = g Stab(s)g 1.

Groups and Symmetries

COUNTING INVOLUTIONS. Michael Aschbacher, Ulrich Meierfrankenfeld, and Bernd Stellmacher

Math 429/581 (Advanced) Group Theory. Summary of Definitions, Examples, and Theorems by Stefan Gille

Abstract Algebra Study Sheet

disc f R 3 (X) in K[X] G f in K irreducible S 4 = in K irreducible A 4 in K reducible D 4 or Z/4Z = in K reducible V Table 1

The Outer Automorphism of S 6

DISCRETE MATH (A LITTLE) & BASIC GROUP THEORY - PART 3/3. Contents

INVERSE LIMITS AND PROFINITE GROUPS

Before you begin read these instructions carefully.

QUANTUM COMPUTATION AND LATTICE PROBLEMS

1 Finite abelian groups

GRE Subject test preparation Spring 2016 Topic: Abstract Algebra, Linear Algebra, Number Theory.

Algebra Exam Fall Alexander J. Wertheim Last Updated: October 26, Groups Problem Problem Problem 3...

ALGORITHMS FOR COMPUTING QUARTIC GALOIS GROUPS OVER FIELDS OF CHARACTERISTIC 0

5 Structure of 2-transitive groups

Endotrivial modules. Nadia Mazza. June Lancaster University

Math 581 Problem Set 7 Solutions

GALOIS GROUPS OF CUBICS AND QUARTICS (NOT IN CHARACTERISTIC 2)

Mathematical Foundations of Cryptography

Maximal non-commuting subsets of groups

The Quantum Query Complexity of Algebraic Properties

1 Randomized Computation

ANALYSIS OF SMALL GROUPS

COLLAPSING PERMUTATION GROUPS

ERRATA. Abstract Algebra, Third Edition by D. Dummit and R. Foote (most recently revised on March 4, 2009)

CSIR - Algebra Problems

MINKOWSKI THEORY AND THE CLASS NUMBER

120A LECTURE OUTLINES

1 Chapter 6 - Exercise 1.8.cf

Spectra of Semidirect Products of Cyclic Groups

Algebra Exam, Spring 2017

SUMMARY ALGEBRA I LOUIS-PHILIPPE THIBAULT

ALGEBRA HOMEWORK SET 2. Due by class time on Wednesday 14 September. Homework must be typeset and submitted by as a PDF file.

but no smaller power is equal to one. polynomial is defined to be

Pseudo Sylow numbers

Abstract Algebra II Groups ( )

AM 106/206: Applied Algebra Madhu Sudan 1. Lecture Notes 11

Notes on the definitions of group cohomology and homology.

Theorems and Definitions in Group Theory

Math 120. Groups and Rings Midterm Exam (November 8, 2017) 2 Hours

Definitions, Theorems and Exercises. Abstract Algebra Math 332. Ethan D. Bloch

3. G. Groups, as men, will be known by their actions. - Guillermo Moreno

Quantum pattern matching fast on average

Algebra-I, Fall Solutions to Midterm #1

Galois Theory, summary

D-MATH Algebra I HS 2013 Prof. Brent Doran. Solution 3. Modular arithmetic, quotients, product groups

Introduction to Arithmetic Geometry Fall 2013 Lecture #24 12/03/2013

1 Strict local optimality in unconstrained optimization

ZEROS OF SPARSE POLYNOMIALS OVER LOCAL FIELDS OF CHARACTERISTIC p

Lecture 6: Deterministic Primality Testing

Math 121 Homework 5: Notes on Selected Problems

COURSE SUMMARY FOR MATH 504, FALL QUARTER : MODERN ALGEBRA

Graph Isomorphism is in SPP

School of Mathematics and Statistics. MT5836 Galois Theory. Handout 0: Course Information

Examples: The (left or right) cosets of the subgroup H = 11 in U(30) = {1, 7, 11, 13, 17, 19, 23, 29} are

Determining the Galois group of a rational polynomial

Math 250A, Fall 2004 Problems due October 5, 2004 The problems this week were from Lang s Algebra, Chapter I.

Exercises on chapter 1

HOMEWORK 3 LOUIS-PHILIPPE THIBAULT

Solutions for Problem Set 6

NOTES ON FINITE FIELDS

DIHEDRAL GROUPS II KEITH CONRAD

Algebra Qualifying Exam, Fall 2018

ABSTRACT INVESTIGATION INTO SOLVABLE QUINTICS. Professor Lawrence C. Washington Department of Mathematics

Transcription:

1/27 Hidden Symmetry Subgroup Problems Miklos Santha CNRS, Université Paris Diderot, France and Centre for Quantum Technologies, NUS, Singapore joint work with Thomas Decker Gábor Ivanyos Pawel Wocjan CQT, Singapore SZTAKI, Budapest U. of Central Florida

2/27 How to build quantum algorithms with exponential saving? The success story in hidden structures: Theorem[Shor 94]: The hidden subgroup problem can be solved in abelian groups in quantum polynomial time. Post-abelian hidden structures finding: Hidden subgroups in non-abelian groups Hidden algebraic sets of higher degrees Here: New proposal: Subgroups hidden by symmetries Generalizes the above problems In some cases reduces to solvable hidden subgroup problems

3/27 Hidden Subgroup Problem (HSP) Hidden Subgroup Problem HSP(G; Hidden H) Subgroup where G Problem is finite group, (HSP) 1 H is a family of subgroups Oracle Input: A function f : G S (where S finite) The problem Promise: For some subgroup H H, we have Input: Finite group G and f : G S which hides H G: constant and distinct f (x) on = the f (y) left cosets Hx of = H. Hy. Output: Generators for H. Output: Generators for H. G H a 1H. a th S Theorem: If G is Abelian then there is a quantum algorithm which finds H with probability 1 1/ G, in polynomial time in log G. Parameter: G and H are given explicitly Information: Partition π f of G defined by the level sets f 1 (s) = {x G : f (x) = s}, for s S Efficiency: Polynomial in log G

4/27 HSP in non-abelian groups Theorem: Can be solved in quantum poly(log G )-time when G = Z k 2 Z 2 [Roetteler,Beth 98] H is normal and QFT G is available [Hallgren,Russell,Ta-Shma 00] {N(H) : H G} is large [Grigni,Schulman,Vazirani,Vazirani 01] G = Z p Z m if m = p 1 (log p) c [Moore,Rockmore,Russell,Schulman 04] H is normal and G is solvable [Ivanyos,Magniez,Santha 01] G: is of constant exponent and constant length derived series [Friedl,Ivanyos,Magniez,Santha,Sen 03] G is the Heisenberg group [Bacon,Childs,van Dam 05] G is a nil-2 group [Ivanyos,Sanselme,Santha 08]

5/27 Non-linear hidden structure problems Hidden Polynomial Problem HPP(F q ) Oracle Input: A function f : F n q S Promise: For some n-variate polynomial P of degree d over F q, f (x) = f (y) P(x) = P(y). Output: P. Hidden Quadratic Polynomial Problem HQPP(F q, n, d) Oracle Input: A function f : F q S Promise: Let P u (x) = x 2 2ux. Then for some u F q, f (x) = f (y) P u (x) = P u (y), Output: u. Theorem[Childs,Schulman,Vazirani 07]: If n and d are constants, then for a 1 o(1) fraction of the hidden polynomials, HPP(F q, n, d) has polylogarithmic query complexity. Hidden Polynomial Graph Problem HPGP(F q )

6/27 Group actions Definitions: 1 Permutation action of G on a set M: : G M M, where g (h m) = (gh) m for all g, h G e m = m for the identity element e of G. 2 Stabilizer subgroup of m M: G m = {g G : g m = m} 3 H-orbit of m M for a subgroup H: H m = {h m : h H}.

7/27 Subgroups and partitions Notation: (A(G), ) is the lattice of all subgroups of G and (Π(M), ) is the lattice of partitions of M (A(G), ) (Π(M), ) H H = {H m : m M} π = {g G : i g π i = π i } π = {π 1,..., π l } This is an order-reversing Galois connection between (S(G), ) and (Π(M), ) (where π π if π is finer than π): H π if and only if π H. Definition: The closure of H is H, and H is closed if H = H. Facts: H H H is closed if and only if H = π for some partition π.

Subgroups and partitions: examples 1 Conjugation action: G, M = G, g h = ghg 1 H = {e} = H = Equality = H = Z(G) 2 G = S n, M = labelled graphs on n vertices, σ G = σ(g) π = Total = π = S n = π = Isomorphism types 3 General affine group: invertible {( ) affine transformations over F q a b Aff q = : a F 0 1 q, b F q }. Natural action over ( F q : ) ( ) ( ) a b x ax + b =. 0 1 1 1 The stabilizer of m F {( q : ) } a (1 a)m G m = : a F 0 1 q. Gm = {{m}, {x F q : x m}} since ax + (1 a)m = y x = m + a 1 (y m). G m = Gm is closed 8/27

9/27 Hidden symmetry subgroup problem Hidden Symmetry Subgroup Problem HSSP(G, M, ; H), where G finite, H a set of closed subgroups Oracle Input: A function f : M S Promise: For some subgroup H H, we have f (x) = f (y) H x = H y. Output: H. Remarks: For an arbitrary f there can be no or several subgroups H whose orbits are π f Our promise: π f is closed and π f H More general problem: Without any promise find π f. HSP is a special case of HSSP for M = G and g h = gh

10/27 HSSP can have exponential query complexity Theorem: The query complexity of HSSP(Aff q, F q,, S) is Ω(q 1/2 ), where S = {G m : m F q }. Proof: Grover s search over F q is trivially reducible to this HSSP. Recall that {( ) } a (1 a)m G m = : a F 0 1 q, and G m = {{m}, {x F q : x m}}. These are exactly the level sets of the Grover oracle f m (x) = δ m,x. If ( ) a b generates G 0 1 m then m = (1 a) 1 b.

11/27 Reduction scheme of HSSP to HSP Suppose f : M S hides H G by symmetries. How to construct f HSP : G S, which hides H? Natural idea: Pick B = {m 1,..., m t } M and define f HSP (g) = (f (g m 1 ),..., f (g m t )). For {e} it works if t i=1 G m i = {e}. In general m B HG m = H is necessary. Definition: B is an H-strong base if for every g G, we have m B HG g m = H. B is H-strong for a family of subgroups if it is H-strong for H H. Lemma: If f : M S hides some H H by symmetries and B = {m 1,..., m t } is H-strong, then H is hidden by f HSP. Remark M is strong for closed subgroups: m M HG m = H.

Affine groups The general affine group Aff q is the semi-direct product F q F q: (b, a)(b, a ) = (ab + b, aa ) Definition For {1} < H F q let G = Aff q (H) = F q H. The stabilizer of 0 is G 0 = {(0, a) : a H} = H, and its conjugates are the other stabilizers, for m F q : G m = (m, 1)G 0 ( m, 1). We consider the family of stabilizer subgroups of G: S = {G m : m F q } Aff q doesn t have polynomial size S-strong base. Theorem: Let G = Aff q (H) such that H < F q. If B F q is a uniformly random set of size Θ(log q log 1/ɛ) then B is a S-strong base with probability of at least 1 ɛ. Remark: The same is true in Frobenius groups for the Frobenius complements. 12/27

Small bases in affine groups Outline of proof: Since S consists of H-conjugate subgroups, it suffices to show that B is H-strong. For b b F q we say that m F q separates b and b if b m H (b m). Lemma 1: B is an H-strong base for all b b F q there exists m B which separates b and b. Lemma 2: For all b b F q we have {m F q : m does not separate b and b } < q/2. Proof: If m does not separate b b then a m 1 H such that b + m = a m (b + m). For m m we have a m a m since otherwise b + m = a m (b + m ) which implies a m = 1. Therefore {m F q : m does not separate b and b } H 1 < q/2. The rest is just counting. 13/27

14/27 Efficient solution for the HSSP in some affine groups Theorem: Let H F q such that 1 < H < q 1. Then the following results hold for HSSP(Aff q (H), F q,, S): 1 It has polynomial quantum query complexity. 2 It can be solved in quantum polynomial time when q = p is prime and H = Ω(p/polylog(p)). 3 It can be solved in quantum polynomial time when q = p n is the power of a fixed prime p. Proof: By the reduction scheme to HSP(Aff q (H), S). Special case: Generalized dihedral group, for p 2 Aff p n({±1}) = Z n p Z 2

HQPP and HSSP in generalized dihedral groups Theorem: HQPP(F q ) and HSSP(Aff q ({±1}), F q,, S) are polynomially equivalent. Proof: The level sets of P u (x) = x 2 2ux are {x, x + 2u} since x 2 2ux = y 2 2uy exactly when y {x, x + 2u}. The G u = {(0, 1)(2u, 1)}-orbits: G u = {{x, x + 2u} : x F q } Therefore f hides P u π f = Gu πf = G u f hides G u. Theorem HQPP(F q ) can be solved in quantum polynomial time over fields of constant characteristic (q = p n and p constant). Remark: HQPP(F q ) and HSP(Aff q ({±1}), S) are equivalent. 15/27

16/27 Multivariate quadratic polynomials Theorem: HPP(F q, n, 2) can be computed in time (n + log q) O(1) using an oracle for HQPP(F q ). Classical reduction Corollary:HPP(F q, n, 2) can be solved by a polynomial time quantum algorithm if q is a power of a fixed prime.

17/27 HIDDEN TRANSLATION 3 Input: G finite group. f 0,f 1 : G S injective functions having a translation u G: x G, f 0 (x) =f 1 (xu). Output: u. f 0 7 u f 1 7 3 u 3 2 u 2 4 u 4 Theorem. [Ettinger-Høyer 00]. If G finite Abelian group then HIDDEN TRANSLATION on G HIDDEN SUBGROUP on G Z 2. Group operation on G Z 2 : (x 1,b 1 ) (x 2,b 2 )=(x 1 +( 1) b1 x 2,b 1 b 2 ). Fact. f(x, b) =f b (x) hides H = {(0, 0); (u, 1)} on G Z 2. Theorem. For every prime p, HIDDEN TRANSLATION can be solved on Z n p by a quantum algorithm with query complexity O(p(n + p) p 1 ) and time complexity (n + p) O(p).

18/27 The algorithm: Part 1 (quantum) 4 Idea of [EH 00]: Apply QFT on the direct product Z n p Z 2. 1 1 State: ωp x y ( 1) bc y c f b (x) 1 2p n 1 2p n x Z n p b=0 y Z n p c=0 Rewrite using the hidden translation: 1 ω x y p x Z n p y Z n p c=0 For all x, y the amplitude of y 1 f 0 (x) is: After observation: 1 2p ω x y n p + ω p (x+u) y ( 1) c y c f 0 (x) (1 ω y u p ) Pr[output =(y, 1)] = 1 4p 2n 1 ω y u p 2. Properties of the output distribution: Pr[c = 1] = 1 2 depends only on y u for every (y, 1) observed: y u = 0 mod p.

19/27 The algorithm: Part 2 (classical postprocessing) 5 Sample (y, 1) such that y u = 0 mod p (i.e. y u ) Linear inequations polynomial equations y u = 0 mod p (y u) p 1 = 1 mod p Fact. Solving polynomial equations is NP-complete. Idea: Linearize the system in the symmetric power of Z n p Definition. Z (p 1) p [x 1,...,x n ] is the vector space of homogeneous polynomials in n-variables of degree (p 1) over Z p. A basis: Monomials of degree (p 1) Dimension: n+p 2 p 1 Transfer from Z n p via (Zn p ) to Z (p 1) p [x 1,...,x n ] : Definition. For y =(a 1,...,a n ) Z n p let y (p 1) =( j a jx j ) p 1. y u = 0 mod p = y (p 1) u =(y u) p 1 = 1 mod p, where in u Z n p the monomial xe1 1 xen n has coordinate ue1 1 uen n.

20/27 The algorithm: Part 2 (classical postprocessing) 6 End of the algorithm: Hopefully the linear system in Z (p 1) p [x 1,...,x n ] has unique solution Find the solution U = u Try the (p 1) candidates v such that v = u Example. p =3, n =3, u = (1, 2, 0). Sample in Z 3 3 Inequation in Z 3 3 Equation in Z (2) 3 [x 1,x 2,x 3 ] y 1 = (0, 1, 0) x 2 u = 0 x 2 2 U =1 y 2 = (0, 2, 1) (2x 2 + x 3 ) u = 0 (x 2 2 + x 2 3 + x 2 x 3 ) U =1 y 3 = (0, 2, 2) (2x 2 +2x 3 ) u = 0 (x 2 2 + x 2 3 +2x 2 x 3 ) U =1... where x 1 =(1, 0, 0), x 2 =(0, 1, 0), x 3 =(0, 0, 1), x 2 1 =(1, 0, 0, 0, 0, 0),... System of full rank = unique solution U = x 2 1 + x 2 2 +2x 1 x 2. Try the 2 possible translations (1, 2, 0) and (2, 1, 0) u = (1, 2, 0).

21/27 Translation finding Algorithm 7 Translation finding f (Z n p ) 0. If f 0 (0) = f 1 (0) then return 0. 1. N 13p n+p 2 p 1. 2. For i =1,...,N do (z i,b i ) Fourier sampling f (Z n p Z 2 ). 3. {y 1,...,y m } {z i : b i =1}. 4. For i =1,...,m do Y i y (p 1) i. 5. Solve Y 1 U =1,...,Y m U =1. 6. If several solutions then abort. 7. Let j be such that the coefficient of x p 1 j in U is 1. 8. Let v Z n p be such that v kv j is the coefficient of x k x p 2 j in U. 9. Find 0 <a<p such that f 0 (0) = f 1 (av). 10. Return av.

22/27 Line Lemma 8 Line Lemma. Let L z,y = {(z + ay) (p 1) :0 a p 1} for y, z Z n p. Then y (p 1) Span(L z,y ). Proof. Let M z,y = { p 1 k z (k) y (p 1 k) :0 k p 1}. Claim: Span(L z,y ) = Span(M z,y ). p 1 0 p 1 1 p 1 2 p 1 p 1 z (p 1) (z + y) (p 1) (z +2y) (p 1)... (z +(p 1)y) (p 1) z (p 1) 1 1 1... 1 z (p 2) y (1) 0 1 2... (p 1) z (p 3) y (2) 0 1 2 2... (p 1) 2..... y (p 1) 0 1 (p 1) 2... (p 1) (p 1) Corollary. Z (p 1) p [x 1,...,x n ] is spanned by {y (p 1) : y Z n p }.

23/27 Full rank 9 Lemma. Let W Z (p 1) p [x 1,...,x n ] and R = {y Z n p : y (p 1) W }. Set V k = {y Z n p : y u = k}, and R k = R V k. If W = Z (p 1) p [x 1,...,x n ] then Rk V p 1 k p for k =1,...,p 1. Proof. Corollary = R = Z n p. Case 1: R 0 = V 0. Then R k = V k for k =1,...,p 1. Let y V 1 R 1. Line Lemma = in each coset of <y> an element is outside R. = R Zp n p 2 p 1 <y>... z + <y>... V 0 0... z... V 1 y... z + y............ V p 1 (p 1)y... z +(p 1)y... = Rk V k p 2 p 1. Case 2: R 0 = V 0. Let y V 0 R 0, then V k is union of cosets of <y>. Line Lemma = Rk V p 1 k p.

24/27 Non-linear hidden structure problems Hidden Polynomial Graph Problem HPGP(F q ) Oracle Input: A function f : F n q F q S Promise: For some n-variate polynomial Q of degree d over F q, f (x, y) = f (x, y ) y Q(x) = y Q(x ). Output: Q. Theorem[Decker, Draisma and Wocjan 09]: For every d and for every constant n, HPGP(F q, n, d) can be reduced in polynomial time to HPGP(F q, 1, d). For every d there exists a finite set E d of primes such that when d is constant and the characteristic of F q is not from E d then HPGP(F q, 1, d) can be solved in quantum polynomial time.

25/27 Function graph groups Consider n = 1 and q = p. Level sets of f : F p F p S: f (x, y) = f (x, y ) t Z p : (x, y ) = (x + t, y + Q(x + t) Q(x)). Let F (d) p [x] be the group of univariate polynomials of degree d. Definitions Shift map a t, for every t Z p : (a t Q)(x) = Q(x t). Function graph group Fg(F (d) p [x]): semidirect product Fg(F (d) p [x]) t at Z p. Multiplication rule: (Q 1, t 1 )(Q 2, t 2 ) = (Q 1 + a t1 Q 2, t 1 + t 2 ). Shifting action of Fg(F (d) p [x]) on M = Z p Z p : (Q, t) (x, y) = (x + t, y + Q(x + t)). Standard complements: Conjugates of {(0, t) : t Z p } by (Q, 0): A Q = {(Q a t Q, t) : t Z p }. Claim: Level sets of f hiding Q are the orbits of A Q.

26/27 Results for HPGP Lemma: There exists an easily computable basis of size d + 1 for H = {A Q : Q F (d) q [x]}. Theorem: For n and d constants, and for fixed characteristic, HPGP(F q, n, d) can be solved in quantum polynomial time.

27/27 Conclusion This work: A new paradigm: HSSP Generic reduction to HSP HPP and HPGP are reducible to HSSP Open problems: Multivariate HPP of higher degree Study of HSP inspired by HSSP Find for HSP(Z n p Z 2 ) quantum algorithm polynomial in n and p.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback