Skip to main content
Springer Nature Link
Log in

The NISQ Complexity of Collision Finding

  • Conference paper
  • First Online:
Advances in Cryptology – EUROCRYPT 2024 (EUROCRYPT 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14654))

Abstract

Collision-resistant hashing, a fundamental primitive in modern cryptography, ensures that there is no efficient way to find distinct inputs that produce the same hash value. This property underpins the security of various cryptographic applications, making it crucial to understand its complexity. The complexity of this problem is well-understood in the classical setting and \(\varTheta (N^{1/2})\) queries are needed to find a collision. However, the advent of quantum computing has introduced new challenges since quantum adversaries—equipped with the power of quantum queries—can find collisions much more efficiently. Brassard, Høyer and Tapp [15] and Aaronson and Shi [3] established that full-scale quantum adversaries require \(\varTheta (N^{1/3})\) queries to find a collision, prompting a need for longer hash outputs, which impacts efficiency in terms of the key lengths needed for security.

This paper explores the implications of quantum attacks in the Noisy-Intermediate Scale Quantum (NISQ) era. In this work, we investigate three different models for NISQ algorithms and achieve tight bounds for all of them:

  1. 1.

    A hybrid algorithm making adaptive quantum or classical queries but with a limited quantum query budget, or

  2. 2.

    A quantum algorithm with access to a noisy oracle, subject to a dephasing or depolarizing channel, or

  3. 3.

    A hybrid algorithm with an upper bound on its maximum quantum depth; i.e. a classical algorithm aided by low-depth quantum circuits.

In fact, our results handle all regimes between NISQ and full-scale quantum computers. Previously, only results for the preimage search problem were known for these models (by Sun and Zheng [50], Rosmanis [45, 46], Chen, Cotler, Huang and Li [17]) while nothing was known about the collision finding problem.

Along with our main results, we develop an information-theoretic framework for recording query transcripts of quantum-classical algorithms. The main feature of this framework is that it allows us to record queries in two incompatible bases—classical queries in the standard basis and quantum queries in the Fourier basis—consistently. We call the framework the hybrid compressed oracle as it naturally interpolates between the classical way of recording queries and the compressed oracle framework of Zhandry for recording quantum queries. We demonstrate its applicability by giving simpler proofs of the optimal lower bounds for NISQ preimage search and by showing optimal lower bounds for NISQ collision finding.

The full version of the paper is accessible at [30].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    We remark that for typical applications the parameter M satisfies \(M=\varOmega (N)\).

  2. 2.

    The first \(\lceil {q/2}\rceil \) quantum queries are also used to make classical queries.

  3. 3.

    In the QC model, there are 2q rounds of computation where in the even numbered rounds, c/q classical queries are made, and in the odd numbered round, one quantum query is made followed by a (possibly partial) measurement. The measurements can be deferred till the end using ancilla qubits.

References

  1. Aaronson, S.: Impossibility of succinct quantum proofs for collision-freeness. Quantum Information & Computation 12(1-2), 21—28 (2012). https://doi.org/10.26421/QIC12.1-2-3

  2. Aaronson, S., Kothari, R., Kretschmer, W., Thaler, J.: Quantum lower bounds for approximate counting via Laurent polynomials. In: Proceedings of the 35th Computational Complexity Conference (CCC) (2020). https://doi.org/10.4230/LIPIcs.CCC.2020.7

  3. Aaronson, S., Shi, Y.: Quantum lower bounds for the collision and the element distinctness problems. J. ACM 51(4), 595–605 (2004). https://doi.org/10.1145/1008731.1008735

    Article  MathSciNet  Google Scholar 

  4. Alagic, G., Bai, C., Katz, J., Majenz, C.: Post-quantum security of the Even-Mansour cipher. In: Proceedings of the 41st International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT). pp. 458–487 (2022). https://doi.org/10.1007/978-3-031-07082-2_17

  5. Alagic, G., Majenz, C., Russell, A., Song, F.: Quantum-access-secure message authentication via blind-unforgeability. In: Proceedings of the 39th International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT). pp. 788–817 (2020). https://doi.org/10.1007/978-3-030-45727-3_27

  6. Ambainis, A.: Quantum lower bounds by quantum arguments. J. Comput. Syst. Sci. 64(4), 750–767 (2002). https://doi.org/10.1006/jcss.2002.1826

    Article  MathSciNet  Google Scholar 

  7. Ambainis, A., Hamburg, M., Unruh, D.: Quantum security proofs using semi-classical oracles. In: Proceedings of the 39th International Cryptology Conference (CRYPTO), pp. 269–295 (2019). https://doi.org/10.1007/978-3-030-26951-7_10

  8. Ambainis, A., Špalek, R., de Wolf, R.: A new quantum lower bound method, with applications to direct product theorems and time-space tradeoffs. Algorithmica 55(3), 422–461 (2009). https://doi.org/10.1007/s00453-007-9022-9

    Article  MathSciNet  Google Scholar 

  9. Arora, A.S., Gheorghiu, A., Singh, U.: Oracle separations of hybrid quantum-classical circuits (2022). https://doi.org/10.48550/arXiv.2201.01904, arXiv:2201.01904 [quant-ph]

  10. Barak, B., Goldreich, O.: Universal arguments and their applications. SIAM J. Comput. 38(5), 1661–1694 (2009). https://doi.org/10.1137/070709244

    Article  MathSciNet  Google Scholar 

  11. Beals, R., Buhrman, H., Cleve, R., Mosca, M., de Wolf, R.: Quantum lower bounds by polynomials. J. ACM 48(4), 778–797 (2001). https://doi.org/10.1145/502090.502097

    Article  MathSciNet  Google Scholar 

  12. Bernstein, E., Vazirani, U.V.: Quantum complexity theory. SIAM J. Comput. 26(5), 1411–1473 (1997). https://doi.org/10.1137/S0097539796300921

    Article  MathSciNet  Google Scholar 

  13. Bindel, N., Hamburg, M., Hövelmanns, K., Hülsing, A., Persichetti, E.: Tighter proofs of CCA security in the quantum random oracle model. In: Proceedings of the 17th Conference on Theory of Cryptography (TCC), pp. 61–90 (2019). https://doi.org/10.1007/978-3-030-36033-7_3

  14. Blocki, J., Lee, S., Zhou, S.: On the security of proofs of sequential work in a post-quantum world. In: Proceedings of the 2nd Conference on Information-Theoretic Cryptography (ITC), pp. 22:1–22:27 (2021). https://doi.org/10.4230/LIPIcs.ITC.2021.22

  15. Brassard, G., Høyer, P., Tapp, A.: Quantum cryptanalysis of hash and claw-free functions. In: Proceedings of the 3rd Latin American Symposium on Theoretical Informatics (LATIN), pp. 163–169 (1998). https://doi.org/10.1007/bfb0054319

  16. Buhrman, H., de Wolf, R.: Complexity measures and decision tree complexity: a survey. Theoret. Comput. Sci. 288(1), 21–43 (2002). https://doi.org/10.1016/S0304-3975(01)00144-X

    Article  MathSciNet  Google Scholar 

  17. Chen, S., Cotler, J., Huang, H.Y., Li, J.: The complexity of NISQ. Nature Commun. 14(1), 6001 (2023). https://doi.org/10.1038/s41467-023-41217-6

    Article  Google Scholar 

  18. Chia, N.H., Chung, K.M., Lai, C.Y.: On the need for large quantum depth. J. ACM 70(1) (2023). https://doi.org/10.1145/3570637

  19. Chia, N.H., Hung, S.H.: Classical verification of quantum depth (2022). https://doi.org/10.48550/arXiv.2205.04656, arXiv:2205.04656 [quant-ph]

  20. Chiesa, A., Manohar, P., Spooner, N.: Succinct arguments in the quantum random oracle model. In: Proceedings of the 17th Conference on Theory of Cryptography (TCC), pp. 1–29 (2019). https://doi.org/10.1007/978-3-030-36033-7_1

  21. Chung, K.M., Fehr, S., Huang, Y.H., Liao, T.N.: On the compressed-oracle technique, and post-quantum security of proofs of sequential work. In: Proceedings of the 40th International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT), pp. 598–629 (2021). https://doi.org/10.1007/978-3-030-77886-6_21

  22. Chung, K.M., Guo, S., Liu, Q., Qian, L.: Tight quantum time-space tradeoffs for function inversion. In: Proceedings of the 61st Symposium on Foundations of Computer Science (FOCS), pp. 673–684 (2020). https://doi.org/10.1109/FOCS46700.2020.00068

  23. Chung, K.M., Liao, T.N., Qian, L.: Lower bounds for function inversion with quantum advice. In: Proceedings of the 1st Conference on Information-Theoretic Cryptography (ITC), pp. 8:1–8:15 (2020). https://doi.org/10.4230/LIPIcs.ITC.2020.8

  24. Coudron, M., Menda, S.: Computations with greater quantum depth are strictly more powerful (relative to an oracle). In: Proceedings of the 52nd Symposium on Theory of Computing (STOC), pp. 889—901 (2020). https://doi.org/10.1145/3357713.3384269

  25. Czajkowski, J., Majenz, C., Schaffner, C., Zur, S.: Quantum lazy sampling and game-playing proofs for quantum indifferentiability (2019). https://doi.org/10.48550/arXiv.1904.11477. arXiv:1904.11477 [quant-ph]

  26. Deutsch, D., Jozsa, R.: Rapid solution of problems by quantum computation. Proc. R. Soc. Lond. Ser. A 439(1907), 553–558 (1992). https://doi.org/10.1098/rspa.1992.0167

    Article  MathSciNet  Google Scholar 

  27. Don, J., Fehr, S., Huang, Y.H.: Adaptive versus static multi-oracle algorithms, and quantum security of a split-key PRF. In: Proceedings of the 20th Conference on Theory of Cryptography (TCC), pp. 33–51 (2022). https://doi.org/10.1007/978-3-031-22318-1_2

  28. Grover, L.K., Radhakrishnan, J.: Quantum search for multiple items using parallel queries (2004). https://doi.org/10.48550/arXiv.quant-ph/0407217, arXiv:quant-ph/0407217

  29. Guo, S., Li, Q., Liu, Q., Zhang, J.: Unifying presampling via concentration bounds. In: Proceedings of the 19th Conference on Theory of Cryptography (TCC), pp. 177–208 (2021). https://doi.org/10.1007/978-3-030-90459-3_7

  30. Hamoudi, Y., Liu, Q., Sinha, M.: The NISQ complexity of collision finding (2024). https://doi.org/10.48550/ARXIV.2211.12954, arXiv:2211.12954 [quant-ph]

  31. Hamoudi, Y., Magniez, F.: Quantum time-space tradeoff for finding multiple collision pairs. ACM Trans. Comput. Theory 15(1-2) (2023). https://doi.org/10.1145/3589986

  32. Hasegawa, A., Gall, F.L.: An optimal oracle separation of classical and quantum hybrid schemes. In: Proceedings of the 33rd International Symposium on Algorithms and Computation (ISAAC), pp. 6:1–6:14 (2022). https://doi.org/10.4230/LIPIcs.ISAAC.2022.6

  33. Hhan, M., Xagawa, K., Yamakawa, T.: Quantum random oracle model with auxiliary input. In: Proceedings of the 25th International Conference on the Theory and Applications of Cryptology and Information Security (ASIACRYPT), pp. 584–614 (2019). https://doi.org/10.1007/978-3-030-34578-5_21

  34. Hosoyamada, A., Iwata, T.: 4-round Luby-Rackoff construction is a qPRP. In: Proceedings of the 25th International Conference on the Theory and Applications of Cryptology and Information Security (ASIACRYPT), pp. 145–174 (2019). https://doi.org/10.1007/978-3-030-34578-5_6

  35. Jaeger, J., Song, F., Tessaro, S.: Quantum key-length extension. In: Proceedings of the 19th Conference on Theory of Cryptography (TCC), pp. 209–239 (2021). https://doi.org/10.1007/978-3-030-90459-3_8

  36. Jeffery, S., Magniez, F., de Wolf, R.: Optimal parallel quantum query algorithms. Algorithmica 79(2), 509–529 (2017). https://doi.org/10.1007/s00453-016-0206-z

    Article  MathSciNet  Google Scholar 

  37. Katz, J., Lindell, Y.: Introduction to Modern Cryptography: Principles and Protocols. Chapman & Hall/CRC, 1st edn. (2007). https://doi.org/10.1201/9781420010756

  38. Klauck, H., Špalek, R., de Wolf, R.: Quantum and classical strong direct product theorems and optimal time-space tradeoffs. SIAM J. Comput. 36(5), 1472–1493 (2007). https://doi.org/10.1137/05063235X

    Article  MathSciNet  Google Scholar 

  39. Liu, Q., Zhandry, M.: On finding quantum multi-collisions. In: Proceedings of the 38th International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT), pp. 189–218 (2019). https://doi.org/10.1007/978-3-030-17659-4_7

  40. Liu, Q., Zhandry, M.: Revisiting post-quantum Fiat-Shamir. In: Proceedings of the 39th International Cryptology Conference (CRYPTO), pp. 326–355 (2019). https://doi.org/10.1007/978-3-030-26951-7_12

  41. Merkle, R.C.: A certified digital signature. In: Proceedings of the 9th International Conference on the Theory and Applications of Cryptology (CRYPTO), pp. 347–363 (1989). https://doi.org/10.1007/0-387-34805-0_21

  42. Nayebi, A., Aaronson, S., Belovs, A., Trevisan, L.: Quantum lower bound for inverting a permutation with advice. Quantum Inform. Comput. 15(11 &12), 901–913 (2015). https://doi.org/10.26421/QIC15.11-12-1

  43. Regev, O., Schiff, L.: Impossibility of a quantum speed-up with a faulty oracle. In: Proceedings of the 35th International Colloquium on Automata, Languages, and Programming (ICALP), pp. 773—781 (2008). https://doi.org/10.1007/978-3-540-70575-8_63

  44. Rosmanis, A.: Tight bounds for inverting permutations via compressed oracle arguments (2021). https://doi.org/10.48550/arXiv.2103.08975. arXiv:2103.08975 [quant-ph]

  45. Rosmanis, A.: Hybrid quantum-classical search algorithms (2022). https://doi.org/10.48550/arXiv.2202.11443, arXiv:2202.11443 [quant-ph]d

  46. Rosmanis, A.: Quantum search with noisy oracle (2023). https://doi.org/10.48550/ARXIV.2309.14944, arXiv:2309.14944 [quant-ph]

  47. Sherstov, A.A., Thaler, J.: Vanishing-error approximate degree and QMA complexity. Chicago J. Theor. Comput. Sci. 2023(3) (2023). https://doi.org/10.4086/cjtcs.2023.003

  48. Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997). https://doi.org/10.1137/S0097539795293172

    Article  MathSciNet  Google Scholar 

  49. Simon, D.R.: On the power of quantum computation. SIAM J. Comput. 26(5), 1474–1483 (1997). https://doi.org/10.1137/S0097539796298637

    Article  MathSciNet  Google Scholar 

  50. Sun, X., Zheng, Y.: Hybrid decision trees: Longer quantum time is strictly more powerful (2019). https://doi.org/10.48550/arXiv.1911.13091. arXiv:1911.13091 [cs.CC]

  51. Zalka, C.: Grover’s quantum searching algorithm is optimal. Phys. Rev. A 60, 2746–2751 (1999). https://doi.org/10.1103/PhysRevA.60.2746

    Article  Google Scholar 

  52. Zhandry, M.: How to record quantum queries, and applications to quantum indifferentiability. In: Proceedings of the 39th International Cryptology Conference (CRYPTO), pp. 239–268 (2019). https://doi.org/10.1007/978-3-030-26951-7_9

Download references

Acknowledgements

The authors would like to thank Ansis Rosmanis for fruitful discussions and for sharing a draft of his work on noisy oracles [46]. The authors are also grateful to the anonymous referees for their valuable comments and suggestions which helped to improve the paper. Part of this work was supported by the Simons Institute through Simons-Berkeley Postdoctoral Fellowships.

Author information

Authors and Affiliations

  1. Université de Bordeaux, CNRS, LaBRI, Talence, France

    Yassine Hamoudi

  2. University of California at San Diego, La Jolla, USA

    Qipeng Liu

  3. University of Illinois, Urbana-Champaign, Champaign, USA

    Makrand Sinha

Authors
  1. Yassine Hamoudi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Qipeng Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Makrand Sinha
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yassine Hamoudi .

Editor information

Editors and Affiliations

  1. Zama, Paris, France

    Marc Joye

  2. Ruhr University Bochum, Bochum, Germany

    Gregor Leander

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hamoudi, Y., Liu, Q., Sinha, M. (2024). The NISQ Complexity of Collision Finding. In: Joye, M., Leander, G. (eds) Advances in Cryptology – EUROCRYPT 2024. EUROCRYPT 2024. Lecture Notes in Computer Science, vol 14654. Springer, Cham. https://doi.org/10.1007/978-3-031-58737-5_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-58737-5_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-58736-8

  • Online ISBN: 978-3-031-58737-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships