One-way functions and Pseudorandom generators
Combinatorica - Theory of Computing
A hard-core predicate for all one-way functions
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
A fast quantum mechanical algorithm for database search
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
SIAM Journal on Computing
Strengths and Weaknesses of Quantum Computing
SIAM Journal on Computing
Modern Cryptography, Probabilistic Proofs, and Pseudorandomness
Modern Cryptography, Probabilistic Proofs, and Pseudorandomness
A Quantum Goldreich-Levin Theorem with Cryptographic Applications
STACS '02 Proceedings of the 19th Annual Symposium on Theoretical Aspects of Computer Science
Hi-index | 0.89 |
At the heart of the Goldreich-Levin theorem is the problem of determining an n-bit string a by making queries to two oracles, referred to as IP (inner product) and EQ (equivalence). The IP oracle, on input x, returns a bit that is biased towards a@?x (the modulo two inner product of a with x) in the following sense. For a random x, the probability that IP(x)=a@?x is at least 12(1+@?). The EQ oracle, on input x, returns a bit specifying whether or not x=a. It has been shown that a quantum algorithm can solve this problem with O(1/@?) IP and EQ queries, whereas any classical algorithm requires @W(n/@?^2) such queries. Also, the quantum algorithm requires only O(n/@?) auxiliary one- and two-qubit gates in addition to its queries. We show that the above quantum algorithm is optimal in terms of both EQ and IP queries. Specifically, @W(1/@?) EQ queries are necessary, and @W(1/@?) IP queries are necessary if the number of EQ queries is o(2^n).