Abstract

The current paper presents a new quantum algorithm for finding multicollisions, often denoted by ℓ-collisions, where an ℓ-collision for a function is a set of ℓ distinct inputs that are mapped by the function to the same value. In cryptology, it is important to study how many queries are required to find an ℓ-collision for a random function of which domain is larger than its range. However, the problem of finding ℓ-collisions for random functions has not received much attention in the quantum setting. The tight bound of quantum query complexity for finding a 2-collisions of a random function has been revealed to be Θ(N1/3), where N is the size of the range of the function, but neither the lower nor upper bounds are known for general ℓ-collisions. The paper first integrates the results from existing research to derive several new observations, e.g., ℓ-collisions can be generated only with O(N1/2) quantum queries for any integer constant ℓ. It then provides a quantum algorithm that finds an ℓ-collision for a random function with the average quantum query complexity of O(N(2ℓ−1−1)/(2ℓ−1)), which matches the tight bound of Θ(N1/3) for ℓ=2 and improves upon the known bounds, including the above simple bound of O(N1/2). More generally, the algorithm achieves the average quantum query complexity of O(cN⋅N(2ℓ−1−1)/(2ℓ−1)), and runs over O˜(cN⋅N(2ℓ−1−1)/(2ℓ−1)) qubits in O˜(cN⋅N(2ℓ−1−1)/(2ℓ−1)) expected time for a random function F:X→Y such that |X|≥ℓ⋅|Y|/cN for any 1≤cN∈o(N1/(2ℓ−1)), where it is assumed that QRAM is available. With the same query complexity, it is actually able to find a multiclaw for random functions, which is harder to find than a multicollision.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.