Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

On the Two-sided Permutation Inversion Problem

Gorjan Alagic, Chen Bai, Alexander Poremba, Kaiyan Shi

TL;DR

The paper extends permutation inversion to a two-sided quantum-access model, where forward and inverse queries to a random permutation are available but the challenge value $y$ is rejected on the inverse side. It defines and analyzes SPI (search) and DPI (decision) variants under auxiliary information and adaptive challenge distributions, and develops amplification and reduction techniques to derive space-time lower bounds for both problems. Leveraging the Swapping Lemma and QRAC-VL lower bounds, the authors show that two-way oracle access does not dramatically ease average-case inversion, and they establish several lower bounds and reductions, including search-to-decision and unstructured-search reductions. The work also connects these theoretical results to cryptographic security notions, proposing OW-QCCRA2 and demonstrating security of RP/PRP-based schemes, with implications for sponge hashing in post-quantum contexts.

Abstract

In the permutation inversion problem, the task is to find the preimage of some challenge value, given oracle access to the permutation. This is a fundamental problem in query complexity, and appears in many contexts, particularly cryptography. In this work, we examine the setting in which the oracle allows for quantum queries to both the forward and the inverse direction of the permutation -- except that the challenge value cannot be submitted to the latter. Within that setting, we consider two options for the inversion algorithm: whether it can get quantum advice about the permutation, and whether it must produce the entire preimage (search) or only the first bit (decision). We prove several theorems connecting the hardness of the resulting variations of the inversion problem, and establish a number of lower bounds. Our results indicate that, perhaps surprisingly, the inversion problem does not become significantly easier when the adversary is granted oracle access to the inverse, provided it cannot query the challenge itself.

On the Two-sided Permutation Inversion Problem

TL;DR

The paper extends permutation inversion to a two-sided quantum-access model, where forward and inverse queries to a random permutation are available but the challenge value is rejected on the inverse side. It defines and analyzes SPI (search) and DPI (decision) variants under auxiliary information and adaptive challenge distributions, and develops amplification and reduction techniques to derive space-time lower bounds for both problems. Leveraging the Swapping Lemma and QRAC-VL lower bounds, the authors show that two-way oracle access does not dramatically ease average-case inversion, and they establish several lower bounds and reductions, including search-to-decision and unstructured-search reductions. The work also connects these theoretical results to cryptographic security notions, proposing OW-QCCRA2 and demonstrating security of RP/PRP-based schemes, with implications for sponge hashing in post-quantum contexts.

Abstract

In the permutation inversion problem, the task is to find the preimage of some challenge value, given oracle access to the permutation. This is a fundamental problem in query complexity, and appears in many contexts, particularly cryptography. In this work, we examine the setting in which the oracle allows for quantum queries to both the forward and the inverse direction of the permutation -- except that the challenge value cannot be submitted to the latter. Within that setting, we consider two options for the inversion algorithm: whether it can get quantum advice about the permutation, and whether it must produce the entire preimage (search) or only the first bit (decision). We prove several theorems connecting the hardness of the resulting variations of the inversion problem, and establish a number of lower bounds. Our results indicate that, perhaps surprisingly, the inversion problem does not become significantly easier when the adversary is granted oracle access to the inverse, provided it cannot query the challenge itself.
Paper Structure (27 sections, 16 theorems, 77 equations, 1 table)

This paper contains 27 sections, 16 theorems, 77 equations, 1 table.

Table of Contents

  1. Introduction
  2. The permutation inversion problem
  3. Related work
  4. Technical preliminaries
  5. Swapping Lemma
  6. Lower bounds for quantum random access codes
  7. The permutation inversion problem
  8. Decision version.
  9. Amplification
  10. Reductions
  11. A search-to-decision reduction
  12. Comparison to O2H lemma.
  13. A reduction from unstructured search
  14. Lower bounds
  15. Search version
  16. ...and 12 more sections

Key Result

Lemma 2.1

Let $f,g: \mathcal{X} \rightarrow \mathcal{Y}$ be functions with $f(x) = g(x)$ for all $x \notin \mathcal{S}$, where $\mathcal{S} \subseteq \mathcal{X}$. Let $\ket{\Psi_f}$ and $\ket{\Psi_g}$ denote the final states of a quantum algorithm $\mathcal{A}$ with quantum oracle access to the functions $f$ where $\| \ket{\Psi_f} - \ket{\Psi_g} \|$ denotes the Euclidean distance and where $T$ is an upper

Theorems & Definitions (40)

  • Lemma 2.1: Swapping Lemma, Vaz98
  • Definition 2.2: Quantum random access codes with variable length
  • Theorem 2.3: chung2019lower, Corollary 1
  • Definition 3.1
  • Definition 3.2
  • Definition 3.3
  • Definition 3.4
  • Definition 3.5
  • Lemma 4.1: Amplification, search
  • proof
  • ...and 30 more