3

I have a generalised approach to formulation of cryptanalysis of diverse problems as a problem of solving a linear system of equations Ax=b over a finite (most often the binary) field. The size of the linear system is of polynomial order (matrix size) O(n^k) where n is the number of bits of the data input in the original cryptanalysis problem. So although Gaussian elimination solves this in polynomial time, the time required is too large to be practical. I want to know whether such a problem can be solved more efficiently by Quantum Computation? Grover's square root search algorithm will not be useful again because the square root of the matrix size will be larger than n^3 order required for Gaussian. Are there any suggestions? Those who would be interested in the method can see the paper arxiv.org/abs/2207.03247, July 22. Or the published version

Virendra Sule. Local inversion of maps: Black box cryptanalysis. (Invited article). Computer Algebra Magazine, CA-Rundbrief 71 (2022) 27.

fgrieu
  • 590
  • 5
  • 10
Viren Sule
  • 31
  • 2
  • 2
    Have you come across the HHL algorithm? That might be a starting point. – DaftWullie Dec 02 '22 at 07:38
  • I have looked at HHL but HHL is meant for solving complex linear systems by QC. My question is about Linear Systems over finite fields. – Viren Sule Dec 02 '22 at 14:50
  • It might also be worthwhile to point out that HHL does not give you the solution of the linear system, but only sampling access to it. In particular, you can use it to estimate functions of the solution. If this is enough, then you may also consider the de-quantized version of HHL instead. If not, you should use a classical algorithm. – Markus Heinrich Dec 07 '22 at 09:04
  • Thanks for information Markus Heinrich. I am aware that HHL gives estimate of values of functions of solutions. However that will allow computation of probability of co-ordinates of the solution x and hence will allow the estimate of the solution. – Viren Sule Dec 08 '22 at 07:50

1 Answers1

2

As was mentioned above, You can use the HHL algorithm to solve a linear system. Since You want the system to solve boolean equations, You have to force it to give You boolean answers. This is usually done by adding quadratic equations into Your system of the form: x^2-x=0. However, with this approach, Your system is not linear anymore. Therefore You need further steps to linearize it, most common method is to use the Macauley matrix. If You want to know more You can ask.

Sezzart
  • 162
  • 4
  • Thanks very much. I was unaware of this Macauley matrix method. I need to learn it and see how it relates to the problem. – Viren Sule Dec 07 '22 at 03:24
  • One issue is that if Ax=b is a linear system over the binary field, the constants are not reals but in F_2. Hence even if the real values of unknowns are forced to become 0 or 1 by imposing conditions (x_i)^2-x_i=0 for all variables, the solution method of the nonlinear equations has to take into account the fact that constants are binary. I dont see any way of embedding F_2 in R or C. Any suggestions? – Viren Sule Jan 03 '23 at 10:54
  • Why does the solution method have to take into account that constants are binary? Your method - the HHL algorithm - delivers You a solution to the system. How it is found is left as a black box. – Sezzart Jan 04 '23 at 13:44
  • If the constants are binary, then their arithmetic is different from real numbers o,1. IN binary constants 1+1=0 but real value of 1+1=2. In HHL the systems considered are already over reals so constants are also real. I hope this answers the question. – Viren Sule Jan 05 '23 at 14:56
  • I see what You mean now. You can take a look at "Limitations of the Macaulay matrix approach for using the HHL algorithm to solve multivariate polynomial systems" chapter 3, lemma 3.3. They explain how the reduction can be constructed – Sezzart Jan 05 '23 at 19:00
  • Thank you Sezzart. Which reference is this (chapter 3, Lemma 3.3)? can you please send me the reference? – Viren Sule Jan 06 '23 at 02:41
  • What do You mean by reference? Link to the paper? – Sezzart Jan 06 '23 at 08:46
  • Thanks I got the paper. – Viren Sule Jan 17 '23 at 02:09