通过求解多元二次方程实现量子优势 (Quantum Advantage via Solving Multivariate Quadratics)

from arxiv, While all the proofs in the paper are correct to the best of our knowledge, we have been recently informed about a classical attack on our polynomial system. We would therefore like to reevaluate and withdraw the paper for now

In this work, we propose a new way to (non-interactively, verifiably) demonstrate Quantum Advantage by solving the average-case $\mathsf{NP}$ search problem of finding a solution to a system of (underdetermined) multivariate quadratic equations over the finite field $\mathbb{F}_2$ drawn from a specified distribution. In particular, we design a distribution of degree-2 polynomials $\{p_i(x_1,\ldots,x_n)\}_{i\in [m]}$ for $m<n$ over $\mathbb{F}_2$ for which we show that there is a quantum polynomial-time algorithm that simultaneously solves $\{p_i(x_1,\ldots,x_n)=y_i\}_{i\in [m]}$ for a random vector $(y_1,\ldots,y_m)$. On the other hand, while a solution exists with high probability, we conjecture that it is classically hard to find one based on classical cryptanalysis that we provide, including a comprehensive review of all known relevant classical algorithms for solving multivariate quadratics. Our approach proceeds by examining the Yamakawa-Zhandry (FOCS 2022) quantum advantage scheme and replacing the role of the random oracle with our multivariate quadratic equations. Our work therefore gives several new perspectives: First, our algorithm gives a counterexample to the conventional belief that generic classically hard multivariate quadratic systems are also quantumly hard. Second, based on cryptanalytic evidence, our work gives an explicit simple replacement for the random oracle from the work of Yamakawa and Zhandry. We show how to instantiate the random oracle with families of just degree two multivariate polynomials over $\mathbb{F}_2$.

翻译：在本工作中，我们提出了一种（非交互式、可验证的）展示量子优势的新方法，即通过求解从特定分布中抽取的有限域$\mathbb{F}_2$上（欠定）多元二次方程组的平均情况$\mathsf{NP}$搜索问题。具体而言，我们为$m<n$设计了一组定义在$\mathbb{F}_2$上的二次多项式分布$\{p_i(x_1,\ldots,x_n)\}_{i\in [m]}$，并证明存在量子多项式时间算法能够同时求解$\{p_i(x_1,\ldots,x_n)=y_i\}_{i\in [m]}$，其中$(y_1,\ldots,y_m)$为随机向量。另一方面，虽然解以高概率存在，但基于我们提供的经典密码分析（包括对求解多元二次方程的所有已知相关经典算法的全面综述），我们推测经典计算难以找到解。我们的方法通过审视Yamakawa-Zhandry（FOCS 2022）量子优势方案，并将其中随机预言机的角色替换为我们的多元二次方程组来实现。因此，我们的工作提供了若干新视角：首先，我们的算法对"经典计算困难的通用多元二次方程组同样对量子计算困难"这一传统观念提出了反例。其次，基于密码分析证据，我们的工作为Yamakawa和Zhandry方案中的随机预言机提供了明确而简单的替代方案。我们展示了如何仅用$\mathbb{F}_2$上的二次多元多项式族来实例化随机预言机。