Limitations of single coset states and quantum algorithms for code equivalence

Abstract

Quantum computers can break the RSA, El Gamal, and elliptic curve public-key cryptosystems, as they can efficiently factor integers and extract discrete logarithms. The power of such quantum attacks lies in \emph{quantum Fourier sampling}, an algorithmic paradigm based on generating and measuring coset states. %This motivates the investigation of the power or limitations of quantum Fourier sampling, especially in attacking candidates for ``post-quantum'' cryptosystems -- classical cryptosystems that can be implemented with today's computers but will remain secure even in the presence of quantum attacks. In this article we extend previous negative results of quantum Fourier sampling for Graph Isomorphism, which corresponds to hidden subgroups of order two (over S_n, to several cases corresponding to larger hidden subgroups. For one case, we strengthen some results of Kempe, Pyber, and Shalev on the Hidden Subgroup Problem over the symmetric group. In another case, we show the failure of quantum Fourier sampling on the Hidden Subgroup Problem over the general linear group GL_2(\FF_q). The most important case corresponds to Code Equivalence, the problem of determining whether two given linear codes are equivalent to each other up to a permutation of the coordinates. Our results suggest that for many codes of interest---including generalized Reed Solomon codes, alternant codes, and Reed-Muller codes---solving these instances of Code Equivalence via Fourier sampling appears to be out of reach of current families of quantum algorithms.