A Fusion Algorithm for Solving the Hidden Shift Problem in Finite Abelian Groups

Abstract

It follows from a result by Friedl, Ivanyos, Magniez, Santha and Sen from 2014 that, for any fixed integer \(m > 0\) (thought of as being small), there exists a quantum algorithm for solving the hidden shift problem in an arbitrary finite abelian group \((G, +)\) with time complexity

$$\begin{aligned} \mathrm {poly}( \log |G|) \cdot 2^{O(\sqrt{\log |mG|})}. \end{aligned}$$

As discussed in the current paper, this can be viewed as a modest statement of Pohlig–Hellman type for hard homogeneous spaces. Our main contribution is a somewhat simpler algorithm achieving the same runtime for \(m = 2^tp\), with t any non-negative integer and p any prime number, where additionally the memory requirements are mostly in terms of quantum random access classical memory; indeed, the amount of qubits that need to be stored is \(\mathrm {poly}( \log |G|)\). Our central tool is an extension of Peikert’s adaptation of Kuperberg’s collimation sieve to arbitrary finite abelian groups. This allows for a reduction, in said time, to the hidden shift problem in the quotient \(G/2^tpG\), which can then be tackled in polynomial time, by combining methods by Friedl et al. for p-torsion groups and by Bonnetain and Naya-Plasencia for \(2^t\)-torsion groups.

A Expected Quality of a Collimation Step

Proposition A.1

When \(\varPsi _1\) and \(\varPsi _2\) are given, we have

$$\mathbb {E}\Big (\frac{1}{\delta (\varPsi _3)}\Big )\le \frac{|A_{\varPsi _1}+A_{\varPsi _2}|}{L_1L_2},$$

regardless of how \(A_{\varPsi _1}+A_{\varPsi _2}\) is subdivided, with equality holding as long as every set \(A_i\) in the subdivision contains at least one character \(\chi _{j_1}\chi _{j_2}\) occurring in \(\varPsi _1\otimes \varPsi _2\). Using this the expected value of the logarithm of the density can be bounded as \(\mathbb {E}\log \delta (\varPsi _3)\ge \log (L_1L_2 / |A_{\varPsi _1}+A_{\varPsi _2}|)\). If Q is the quality of the collimation step then the expected value of the logarithm is bounded as

$$\mathbb {E}\log Q\ge \log \Big (\sqrt{L_1L_2}\frac{\sqrt{|A_{\varPsi _1}||A_{\varPsi _2}|}}{|A_{\varPsi _1}+A_{\varPsi _2}|}\Big ).$$

Proof

We have

$$\begin{aligned}&\quad \mathbb {E}\Big (\frac{1}{\delta (\varPsi _3)}\Big ) =\mathbb {E}\Big (\frac{|A_{\varPsi _3}|}{L_3}\Big ) =\sum _{i=1}^p\mathbb {P}(A_{\varPsi _3}=A_i)\frac{|A_i|}{|\{(j_1,j_2)|\chi _{j_1}\chi _{j_2}\in A_i\}|} = \\&\sum _{i=1}^p\frac{|\{(j_1,j_2)|\chi _{j_1}\chi _{j_2}\in A_i\}|}{L_1L_2}\frac{|A_i|}{|\{(j_1,j_2)|\chi _{j_1}\chi _{j_2}\in A_i\}|} =\sum _{i=1}^p\frac{|A_i|}{L_1L_2}=\frac{|A_{\varPsi _1}+A_{\varPsi _2}|}{L_1L_2}. \end{aligned}$$

Note that if \(\mathbb {P}(A_{\varPsi _3}=A_i)=0\) then we simply omit that term from the sum. In this case we only have an upper bound on the expected value of one over the density, rather than an equality. This proves the first statement.

To obtain the second statement we use the result from probability theory that

$$\mathbb {E}\left( -\log \Big (\frac{1}{X}\Big )\right) \ge -\log \mathbb {E}\frac{1}{X},$$

for any random variable X that only assumes positive values. This follows from Jensen’s inequality and the fact that \(-\log x\) is a convex function on \(\mathbb {R}_{>0}\). This can be rewritten as \(\mathbb {E}\log X\ge -\log \mathbb {E} \, X^{-1}\). The second statement follows from this result by applying it to \(X=\delta (\varPsi _3)\). The third statement follows from the second and the definition of the quality Q.    \(\square \)