Paper 2024/360

The NISQ Complexity of Collision Finding

Yassine Hamoudi, Université de Bordeaux, CNRS, LaBRI
Qipeng Liu, University of California at San Diego
Makrand Sinha, University of Illinois, Urbana-Champaign
Abstract

Collision-resistant hashing, a fundamental primitive in modern cryptography, ensures that there is no efficient way to find distinct inputs that produce the same hash value. This property underpins the security of various cryptographic applications, making it crucial to understand its complexity. The complexity of this problem is well-understood in the classical setting and $\Theta(N^{1/2})$ queries are needed to find a collision. However, the advent of quantum computing has introduced new challenges since quantum adversaries - equipped with the power of quantum queries - can find collisions much more efficiently. Brassard, Höyer and Tapp and Aaronson and Shi established that full-scale quantum adversaries require $\Theta(N^{1/3})$ queries to find a collision, prompting a need for longer hash outputs, which impacts efficiency in terms of the key lengths needed for security. This paper explores the implications of quantum attacks in the Noisy-Intermediate Scale Quantum (NISQ) era. In this work, we investigate three different models for NISQ algorithms and achieve tight bounds for all of them: (1) A hybrid algorithm making adaptive quantum or classical queries but with a limited quantum query budget, or (2) A quantum algorithm with access to a noisy oracle, subject to a dephasing or depolarizing channel, or (3) A hybrid algorithm with an upper bound on its maximum quantum depth; i.e., a classical algorithm aided by low-depth quantum circuits. In fact, our results handle all regimes between NISQ and full-scale quantum computers. Previously, only results for the pre-image search problem were known for these models by Sun and Zheng, Rosmanis, Chen, Cotler, Huang and Li while nothing was known about the collision finding problem. Along with our main results, we develop an information-theoretic framework for recording query transcripts of quantum-classical algorithms. The main feature of this framework is that it allows us to record queries in two incompatible bases - classical queries in the standard basis and quantum queries in the Fourier basis - consistently. We call the framework the hybrid compressed oracle as it naturally interpolates between the classical way of recording queries and the compressed oracle framework of Zhandry for recording quantum queries.

Note: Full version. 40 pages.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
A major revision of an IACR publication in EUROCRYPT 2024
Keywords
QuantumQROMIndifferentiabilityCollision findingPreimage search
Contact author(s)
ys hamoudi @ gmail com
qipengliu0 @ gmail com
msinha @ illinois edu
History
2024-03-01: approved
2024-02-28: received
See all versions
Short URL
https://ia.cr/2024/360
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/360,
      author = {Yassine Hamoudi and Qipeng Liu and Makrand Sinha},
      title = {The NISQ Complexity of Collision Finding},
      howpublished = {Cryptology ePrint Archive, Paper 2024/360},
      year = {2024},
      note = {\url{https://eprint.iacr.org/2024/360}},
      url = {https://eprint.iacr.org/2024/360}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.