Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Practically Scalable Approach to the Closest Vector Problem for Sieving via QAOA with Fixed Angles

Ben Priestley, Petros Wallden

TL;DR

This work investigates a practically scalable approach to the Closest Vector Problem (CVP) on lattices using a quantum variational method, specifically fixed-angle Quantum Approximate Optimisation Algorithm (QAOA) within lattice sieving for factorisation. It introduces a robust pre-training scheme to obtain fixed QAOA angles, enabling scalable refinement of CVP solutions on the prime lattice and enabling the first systematic time-complexity analysis for this approach. Empirical results show a strong quantum advantage in refinement probability scaling for fixed depth $p$ (notably around $p=10$) with a decay rate $q(n)\approx 1/2^{0.225\,n}$, suggesting potential speedups beyond Grover-type limits, though the overall refinement quality decays and remains unlikely to fully enable factoring under current constraints. The study highlights practical benefits for near-term quantum cryptanalysis on structured lattice problems and outlines clear avenues for extending the method to larger neighbourhoods and more general CVP instances, while carefully noting major limitations and the need for further noise-aware experimentation.

Abstract

The NP-hardness of the closest vector problem (CVP) is an important basis for quantum-secure cryptography, in much the same way that integer factorisation's conjectured hardness is at the foundation of cryptosystems like RSA. Recent work with heuristic quantum algorithms (arXiv:2212.12372) indicates the possibility to find close approximations to (constrained) CVP instances that could be incorporated within fast sieving approaches for factorisation. This work explores both the practicality and scalability of the proposed heuristic approach to explore the potential for a quantum advantage for approximate CVP, without regard for the subsequent factoring claims. We also extend the proposal to include an antecedent "pre-training" scheme to find and fix a set of parameters that generalise well to increasingly large lattices, which both optimises the scalability of the algorithm, and permits direct numerical analyses. Our results further indicate a noteworthy quantum speed-up for lattice problems obeying a certain `prime' structure, approaching fifth order advantage for QAOA of fixed depth p=10 compared to classical brute-force, motivating renewed discussions about the necessary lattice dimensions for quantum-secure cryptosystems in the near-term.

A Practically Scalable Approach to the Closest Vector Problem for Sieving via QAOA with Fixed Angles

TL;DR

This work investigates a practically scalable approach to the Closest Vector Problem (CVP) on lattices using a quantum variational method, specifically fixed-angle Quantum Approximate Optimisation Algorithm (QAOA) within lattice sieving for factorisation. It introduces a robust pre-training scheme to obtain fixed QAOA angles, enabling scalable refinement of CVP solutions on the prime lattice and enabling the first systematic time-complexity analysis for this approach. Empirical results show a strong quantum advantage in refinement probability scaling for fixed depth (notably around ) with a decay rate , suggesting potential speedups beyond Grover-type limits, though the overall refinement quality decays and remains unlikely to fully enable factoring under current constraints. The study highlights practical benefits for near-term quantum cryptanalysis on structured lattice problems and outlines clear avenues for extending the method to larger neighbourhoods and more general CVP instances, while carefully noting major limitations and the need for further noise-aware experimentation.

Abstract

The NP-hardness of the closest vector problem (CVP) is an important basis for quantum-secure cryptography, in much the same way that integer factorisation's conjectured hardness is at the foundation of cryptosystems like RSA. Recent work with heuristic quantum algorithms (arXiv:2212.12372) indicates the possibility to find close approximations to (constrained) CVP instances that could be incorporated within fast sieving approaches for factorisation. This work explores both the practicality and scalability of the proposed heuristic approach to explore the potential for a quantum advantage for approximate CVP, without regard for the subsequent factoring claims. We also extend the proposal to include an antecedent "pre-training" scheme to find and fix a set of parameters that generalise well to increasingly large lattices, which both optimises the scalability of the algorithm, and permits direct numerical analyses. Our results further indicate a noteworthy quantum speed-up for lattice problems obeying a certain `prime' structure, approaching fifth order advantage for QAOA of fixed depth p=10 compared to classical brute-force, motivating renewed discussions about the necessary lattice dimensions for quantum-secure cryptosystems in the near-term.

Paper Structure

This paper contains 35 sections, 19 equations, 10 figures, 1 algorithm.

Table of Contents

  1. Introduction
  2. Quantum-accelerated Sieving on a Lattice
  3. Our Contributions
  4. Limitations to Application and Scope
  5. Background and Preliminaries
  6. Prime Factorisation and Sieving
  7. Lattices and Lattice Problems
  8. Properties of lattices
  9. Problems on lattices
  10. Quantum Approximate Optimisation Algorithm
  11. Fixed Angles for QAOA
  12. Reducing Sieving to a CVP on the Prime Lattice
  13. Suitability of Approximation
  14. Hyperparameters
  15. A Method for CVP Refinement
  16. ...and 20 more sections

Figures (10)

  • Figure 1: Visualising a two-dimensional, full rank lattice $\mathcal{L}$ generated by the basis $B=[\mathbf{b_1},\mathbf{b_2}]$. Shown in red is the shortest vector $\lambda_1(\mathcal{L})$ solving the SVP for this lattice. Shown in blue is a CVP with target $\mathbf{t}$, solved by the lattice vector $\mathbf{v}$.
  • Figure 2: The probability to refine the classical solution (for cases in which a refinement exists) by exact lattice dimension for different depths $p$ of QAOA circuits. Each plot is equipped with a best-fit curve of the form $1/2^{\alpha n}$, and $\alpha$ is shown.
  • Figure 3: Visualisation for the nearest neighbour search centred on the approximate solution $\mathbf{b}_{op}$. The LLL-reduced basis $D=[\mathbf{d}_1,\mathbf{d}_2]$ has been computed and used to define a local neighbourhood (shaded blue region) that aims to encompass lattice points that may be closer to the target $\mathbf{t}$. In this case, $\mathbf{v}_{new}$ is shown with floated values $x_1=-1$ and $x_2=1$, and represents a refinement to the approximate solution.
  • Figure 4: Plotting the the probability to successfully refine the solution (indicative of the underlying optimisation landscape) over a pair of parameters $(\gamma,\beta)$ in a $p=1$ layer QAOA for a random 3-qubit problem instance.
  • Figure 5: Validation performance during the pre-training of $p$-depth QAOA circuits. The 'loss' being minimised is the scaling parameter $\alpha$ in the curve $q(n)=1/2^{\alpha n}$ over a dataset of validation points $(n_i,q_i)$. The dashed line denotes the speed-up offered by Grover's algorithm Grover-1996.
  • ...and 5 more figures

Theorems & Definitions (10)

  • Definition 2.1: Integer factorisation problem
  • Definition 2.2: Smooth number
  • Definition 2.3: Smooth relation pair
  • Definition 2.4: Euclidean Lattice
  • Definition 2.5: Successive minima
  • Definition 2.6: Hermite constant
  • Definition 2.7: Shortest Vector Problem
  • Definition 2.8: Closest Vector Problem
  • Definition A.1: QR-decomposition
  • Definition A.2: LLL Reduction