## CryptoDB

### Paper: Optimal Merging in Quantum $k$-xor and $k$-sum Algorithms

Authors: María Naya-Plasencia , Inria, France André Schrottenloher , Inria, France DOI: 10.1007/978-3-030-45724-2_11 (login may be required) Search ePrint Search Google Slides EUROCRYPT 2020 The $k$-xor or Generalized Birthday Problem aims at finding, given $k$ lists of bit-strings, a $k$-tuple among them XORing to 0. If the lists are unbounded, the best classical (exponential) time complexity has withstood since Wagner's CRYPTO 2002 paper. If the lists are bounded (of the same size) and such that there is a single solution, the \emph{dissection algorithms} of Dinur \emph{et al.} (CRYPTO 2012) improve the memory usage over a simple meet-in-the-middle. In this paper, we study quantum algorithms for the $k$-xor problem. With unbounded lists and quantum access, we improve previous work by Grassi \emph{et al.} (ASIACRYPT 2018) for almost all $k$. Next, we extend our study to lists of any size and with classical access only. We define a set of merging trees'' which represent the best known strategies for quantum and classical merging in $k$-xor algorithms, and prove that our method is optimal among these. Our complexities are confirmed by a Mixed Integer Linear Program that computes the best strategy for a given $k$-xor problem. All our algorithms apply also when considering modular additions instead of bitwise xors. This framework enables us to give new improved quantum $k$-xor algorithms for all $k$ and list sizes. Applications include the subset-sum problem, LPN with limited memory and the multiple-encryption problem.
##### BibTeX
@inproceedings{eurocrypt-2020-30188,
title={Optimal Merging in Quantum $k$-xor and $k$-sum Algorithms},
booktitle={39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, May 10–14, 2020, Proceedings},
series={Lecture Notes in Computer Science},
publisher={Springer},
keywords={Generalized Birthday Problem;quantum cryptanalysis;list-merging algorithms;k-list problems;approximate k-list problem;multiple encryption;MILP;LPN;subset-sum},
volume={12105},
doi={10.1007/978-3-030-45724-2_11},
author={María Naya-Plasencia and André Schrottenloher},
year=2020
}