Heuristic Time Complexity of NISQ Shortest-Vector-Problem Solvers
Miloš Prokop, Petros Wallden
TL;DR
This work studies SVP solvers on NISQ devices using Variational Quantum Algorithms, focusing on a fixed-angle variant of QAOA (and a constrained mixer variant CM-QAOA) to avoid the optimisation bottlenecks seen in traditional QAOA. By pretraining angles on small lattice instances and extrapolating to larger ones, the authors derive heuristic time complexities, estimating $O(2^{0.695n})$ for Fixed-angle QAOA and $O(2^{0.895n})$ for Fixed-angle CM-QAOA at depth $p=3$, while maintaining polynomial circuit depth and linearithmic qubit requirements. A novel CM-QAOA mixing strategy eliminates the zero-vector solution without extra qubits, enabling a more space-efficient encoding of SVP on NISQ architectures. The study further extends to approximate SVP ($\gamma$-SVP) and provides a framework to quantify approximation factors, revealing that CM-QAOA offers more stable performance distributions than plain Fixed-angle QAOA, albeit with some trade-offs in exact-SVP efficiency. Overall, the work provides heuristic, scalable bounds to compare QAOA-based SVP solvers with Grover-type approaches and highlights practical paths for evaluating cryptographic hardness on near-term quantum hardware.
Abstract
Shortest Vector Problem is believed to be hard both for classical and quantum computers. Two of the three NIST post-quantum cryptosystems standardised by NIST rely on its hardness. Research on theoretical and practical performance of quantum algorithms to solve SVP is crucial to establish confidence in them. Exploring the capabilities that Variational Quantum Algorithms (VQA) that can run on NISQ devices have in solving SVP has been an active research area. The qubit-requirement for doing so has been analysed and it was demonstrated that it is plausible to encode SVP on the ground state of a Hamiltonian efficiently. Due to the heuristic nature of VQAs no analysis of the time complexity of those approaches for scales beyond the non-interesting classically simulatable sizes has been performed. Motivated by Boulebnane and Montanaro work on the k-SAT problem, we propose to use angle pretraining of the QAOA for SVP and we demonstrate that it performs well on much larger instances than those used in training. Avoiding the limitations that arise due to the use of optimiser, we are able to extrapolate the observed performance and observe the probability of success scaling as $2^{-0.695n}$ with n being dimensionality of the search space for a depth $p=3$ pre-trained QAOA. We observe time heuristic complexity $O(2^{0.695n})$, a bit worse than the fault-tolerant Grover approach of $O(2^{0.5n})$. However, both the number of qubits, and the depth of each quantum computation, are considerably better-Grover requires exponential depth, while each run of constant p fixed-angles QAOA requires polynomial depth. We also propose a novel method to avoid the zero vector solution to SVP without introducing more logical qubits. This improves upon the previous works as it results in more space efficient encoding of SVP on NISQ architectures without ignoring the zero vector problem.