Does quantum lattice sieving require quantum RAM?
Beomgeun Cho, Minki Hhan, Taehyun Kim, Jeonghoon Lee, Yixin Shen
TL;DR
This paper investigates the necessity of quantum RAM in quantum lattice sieving algorithms, establishing lower bounds, trade-offs, and presenting a QRAM-free quantum circuit with improved depth but exponential qubits.
Contribution
It provides the first lower bounds on QRAM requirements, analyzes the trade-off between QRAM size and quantum speedup, and introduces a QRAM-free quantum lattice sieving circuit.
Findings
Quantum speedups require QRAM under reasonable assumptions.
A new interpolation between classical and quantum lattice sieving is established.
A quantum circuit without QRAM achieves better depth but exponential qubits.
Abstract
In this paper, we study the requirement for quantum random access memory (QRAM) in quantum lattice sieving, a fundamental algorithm for lattice-based cryptanalysis. First, we obtain a lower bound on the cost of quantum lattice sieving with a bounded size QRAM. We do so in a new query model encompassing a wide range of lattice sieving algorithms similar to those in the classical sieving lower bound by Kirshanova and Laarhoven [CRYPTO 21]. This implies that, under reasonable assumptions, quantum speedups in lattice sieving require the use of QRAM. In particular, no quantum speedup is possible without QRAM. Second, we investigate the trade-off between the size of QRAM and the quantum speedup. We obtain a new interpolation between classical and quantum lattice sieving. Moreover, we show that further improvements require a novel way to use the QRAM by proving the optimality of some…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsQuantum Computing Algorithms and Architecture