Hidden subgroup problem
The hidden subgroup problem (HSP) is a topic of research in mathematics and theoretical computer science. The framework captures problems like factoring, discrete logarithm, graph isomorphism, and the shortest vector problem. This makes it especially important in the theory of quantum computing because Shor's quantum algorithm for factoring is essentially equivalent to the hidden subgroup problem for finite Abelian groups, while the other problems correspond to finite groups that are not Abelian.
Given a group G, a subgroup H ≤ G, and a set X, we say a function f : G → X hides the subgroup H if for all g1, g2 ∈ G, f(g1) = f(g2) if and only if g1H = g2H for the cosets of H. Equivalently, the function f is constant on the cosets of H, while it is different between the different cosets of H.
Hidden subgroup problem: Let G be a group, X a finite set, and f : G → X a function that hides a subgroup H ≤ G. The function f is given via an oracle, which uses O(log |G|+log|X|) bits. Using information gained from evaluations of f via its oracle, determine a generating set for H.
The hidden subgroup problem is especially important in the theory of quantum computing for the following reasons.
- Shor's quantum algorithm for factoring and discrete logarithm (as well as several of its extensions) relies on the ability of quantum computers to solve the HSP for finite Abelian groups.
- The existence of efficient quantum algorithms for HSPs for certain non-Abelian groups would imply efficient quantum algorithms for two major problems: the graph isomorphism problem and certain shortest vector problems (SVPs) in lattices. More precisely, an efficient quantum algorithm for the HSP for the symmetric group would give a quantum algorithm for the graph isomorphism. An efficient quantum algorithm for the HSP for the dihedral group would give a quantum algorithm for the poly(n) unique SVP.
There is a polynomial time quantum algorithm for solving HSP over finite Abelian groups. (In the case of hidden subgroup problem, "a polynomial time algorithm" means an algorithm whose running time is a polynomial of the logarithm of the size of the group.) Shor's algorithm applies a particular case of this quantum algorithm.
For arbitrary groups, it is known that the hidden subgroup problem is solvable using a polynomial number of evaluations of the oracle. This result, however, allows the quantum algorithm a running time that is exponential in log|G|. To design efficient algorithms for the graph isomorphism and SVP, one needs an algorithm for which both the number of oracle evaluations and the running time are polynomial.
The existence of such algorithm for arbitrary groups is open. Quantum polynomial time algorithms exist for certain subclasses of groups, such as semi-direct products of some Abelian groups.
The 'standard' approach to this problem involves: the creation of the quantum state , a subsequent quantum Fourier transform to the left register, after which this register gets sampled. This approach has been shown to be insufficient for the hidden subgroup problem for the symmetric group.
- Mark Ettinger; Peter Høyer. "A quantum observable for the graph isomorphism problem". arXiv:quant-ph/9901029.
- Oded Regev. "Quantum computation and lattice problems". arXiv:cs/0304005.
- Mark Ettinger; Peter Hoyer; Emanuel Knill. "The quantum query complexity of the hidden subgroup problem is polynomial". Information Processing Letters. 91: 43–48. arXiv:quant-ph/0401083. doi:10.1016/j.ipl.2004.01.024.
- Sean Hallgren; Martin Roetteler; Pranab Sen. "Limitations of Quantum Coset States for Graph Isomorphism". arXiv:quant-ph/0511148.
- Cristopher Moore, Alexander Russell, Leonard J. Schulman. "The Symmetric Group Defies Strong Fourier Sampling: Part I". arXiv:quant-ph/0501056.CS1 maint: Multiple names: authors list (link)