Niederreiter cryptosystems using quasi-cyclic codes that resist quantum Fourier sampling

<p style='text-indent:20px;'>McEliece and Niederreiter cryptosystems are robust and versatile cryptosystems. These cryptosystems work with many linear error-correcting codes. They are popular these days because they can be quantum-secure. In this paper, we study the Niederreiter cryptosystem using non-binary quasi-cyclic codes. We prove, if these quasi-cyclic codes satisfy certain conditions, the corresponding Niederreiter cryptosystem is resistant to the hidden subgroup problem using weak quantum Fourier sampling. Though our work uses the weak Fourier sampling, we argue that its conclusions should remain valid for the strong Fourier sampling as well.</p>

On the quantum attacks against schemes relying on the hardness of finding a short generator of an ideal in ℚ(𝜁2𝑠 )

A family of ring-based cryptosystems, including the multilinear maps of Garg, Gentry and Halevi [Candidate multilinear maps from ideal lattices, Advances in Cryptology—EUROCRYPT 2013, Lecture Notes in Comput. Sci. 7881, Springer, Heidelberg 2013, 1–17] and the fully homomorphic encryption scheme of Smart and Vercauteren [Fully homomorphic encryption with relatively small key and ciphertext sizes, Public Key Cryptography—PKC 2010, Lecture Notes in Comput. Sci. 6056, Springer, Berlin 2010, 420–443], are based on the hardness of finding a short generator of a principal ideal (short-PIP) in a number field typically in {\mathbb{Q}(\zeta_{2^{s}})} . In this paper, we present a polynomial-time quantum algorithm for recovering a generator of a principal ideal in {\mathbb{Q}(\zeta_{2^{s}})} , and we recall how this can be used to attack the schemes relying on the short-PIP in {\mathbb{Q}(\zeta_{2^{s}})} by using the work of Cramer et al. [R. Cramer, L. Ducas, C. Peikert and O. Regev, Recovering short generators of principal ideals in cyclotomic rings, IACR Cryptology ePrint Archive 2015, https://eprint.iacr.org/2015/313], which is derived from observations of Campbell, Groves and Shepherd [SOLILOQUY, a cautionary tale]. We put this attack into perspective by reviewing earlier attempts at providing an efficient quantum algorithm for solving the PIP in {\mathbb{Q}(\zeta_{2^{s}})} . The assumption that short-PIP is hard was challenged by Campbell, Groves and Shepherd. They proposed an approach for solving short-PIP that proceeds in two steps: first they sketched a quantum algorithm for finding an arbitrary generator (not necessarily short) of the input principal ideal. Then they suggested that it is feasible to compute a short generator efficiently from the generator in step 1. Cramer et al. validated step 2 of the approach by giving a detailed analysis. In this paper, we focus on step 1, and we show that step 1 can run in quantum polynomial time if we use an algorithm for the continuous hidden subgroup problem (HSP) due to Eisenträger et al. [K. Eisenträger, S. Hallgren, A. Kitaev and F. Song, A quantum algorithm for computing the unit group of an arbitrary degree number field, Proceedings of the 2014 ACM Symposium on Theory of Computing—STOC’14, ACM, New York 2014, 293–302].

An Efficient Quantum Algorithm for the Hidden Subgroup Problem over some Non-Abelian Groups

The hidden subgroup problem (HSP) plays an important role in quantum computation, because many quantum algorithms that are exponentially faster than classical algorithms are special cases of the HSP. In this paper we show that there exist a new efficient quantum algorithm for the HSP on groups $\Z_{N}\rtimes\Z_{q^s}$ where $N$ is an integer with a special prime factorization, $q$ prime number and $s$ any positive integer.

Limitations of single coset states and quantum algorithms for code equivalence

Quantum computers can break the RSA, El Gamal, and elliptic curve public-key cryptosystems, as they can efficiently factor integers and extract discrete logarithms. The power of such quantum attacks lies in \emph{quantum Fourier sampling}, an algorithmic paradigm based on generating and measuring coset states. %This motivates the investigation of the power or limitations of quantum Fourier sampling, especially in attacking candidates for ``post-quantum'' cryptosystems -- classical cryptosystems that can be implemented with today's computers but will remain secure even in the presence of quantum attacks. In this article we extend previous negative results of quantum Fourier sampling for Graph Isomorphism, which corresponds to hidden subgroups of order two (over S_n, to several cases corresponding to larger hidden subgroups. For one case, we strengthen some results of Kempe, Pyber, and Shalev on the Hidden Subgroup Problem over the symmetric group. In another case, we show the failure of quantum Fourier sampling on the Hidden Subgroup Problem over the general linear group GL_2(\FF_q). The most important case corresponds to Code Equivalence, the problem of determining whether two given linear codes are equivalent to each other up to a permutation of the coordinates. Our results suggest that for many codes of interest---including generalized Reed Solomon codes, alternant codes, and Reed-Muller codes---solving these instances of Code Equivalence via Fourier sampling appears to be out of reach of current families of quantum algorithms.