Optimal quantum algorithm for polynomial interpolation

TL;DR

This paper presents an optimal quantum algorithm for polynomial interpolation over finite fields, achieving the theoretical lower bound of quantum queries needed, thus improving understanding of quantum query complexity and cryptographic security.

Contribution

It demonstrates that the lower bound on quantum queries for polynomial interpolation is achievable and provides an efficient implementation with poly(log q) gate complexity.

Findings

Quantum query complexity for polynomial interpolation is exactly d/2+1/2.

The proposed algorithm attains success probability approaching 1 for large q.

The algorithm's gate complexity is poly(log q), with negligible success probability loss.

Abstract

We consider the number of quantum queries required to determine the coefficients of a degree-d polynomial over GF(q). A lower bound shown independently by Kane and Kutin and by Meyer and Pommersheim shows that d/2+1/2 quantum queries are needed to solve this problem with bounded error, whereas an algorithm of Boneh and Zhandry shows that d quantum queries are sufficient. We show that the lower bound is achievable: d/2+1/2 quantum queries suffice to determine the polynomial with bounded error. Furthermore, we show that d/2+1 queries suffice to achieve probability approaching 1 for large q. These upper bounds improve results of Boneh and Zhandry on the insecurity of cryptographic protocols against quantum attacks. We also show that our algorithm's success probability as a function of the number of queries is precisely optimal. Furthermore, the algorithm can be implemented with gate complexity poly(log q) with negligible decrease in the success probability. We end with a conjecture about the quantum query complexity of multivariate polynomial interpolation.