The NISQ Complexity of Collision Finding
Yassine Hamoudi, Qipeng Liu, Makrand Sinha
TL;DR
This work analyzes collision finding for collision-resistant hashing in the Noisy-Intermediate Scale Quantum (NISQ) regime by introducing a unified hybrid compressed oracle framework. It defines three practical NISQ models—bounded quantum queries, noisy quantum queries, and bounded quantum depth—and proves tight lower bounds with matching algorithms for each model, spanning the spectrum between NISQ and full-scale quantum computing. The framework extends existing compressed-oracle techniques to hybrid and noise-affected access, and provides simplified, unified proofs for preimage search in all three models as well as collision finding, revealing how resource limitations degrade quantum speedups in practice. The results have direct implications for hash-output sizes and security in near-term quantum settings, offering a rigorous bottleneck analysis that informs cryptographic parameter choices under realistic adversary models.
Abstract
Collision-resistant hashing, a fundamental primitive in modern cryptography, ensures that there is no efficient way to find distinct inputs that produce the same hash value. This property underpins the security of various cryptographic applications, making it crucial to understand its complexity. The complexity of this problem is well-understood in the classical setting and $Θ(N^{1/2})$ queries are needed to find a collision. However, the advent of quantum computing has introduced new challenges since quantum adversaries $\unicode{x2013}$ equipped with the power of quantum queries $\unicode{x2013}$ can find collisions much more efficiently. Brassard, Höyer and Tapp and Aaronson and Shi established that full-scale quantum adversaries require $Θ(N^{1/3})$ queries to find a collision, prompting a need for longer hash outputs, which impacts efficiency in terms of the key lengths needed for security. This paper explores the implications of quantum attacks in the Noisy-Intermediate Scale Quantum (NISQ) era. In this work, we investigate three different models for NISQ algorithms and achieve tight bounds for all of them: (1) A hybrid algorithm making adaptive quantum or classical queries but with a limited quantum query budget, or (2) A quantum algorithm with access to a noisy oracle, subject to a dephasing or depolarizing channel, or (3) A hybrid algorithm with an upper bound on its maximum quantum depth; i.e., a classical algorithm aided by low-depth quantum circuits. In fact, our results handle all regimes between NISQ and full-scale quantum computers. Previously, only results for the pre-image search problem were known for these models by Sun and Zheng, Rosmanis, Chen, Cotler, Huang and Li while nothing was known about the collision finding problem.