quantum algorithms for equation solving and optimization ... · quantum algorithm for linear...

Introduction Boolean Solution Optimization Applications Conclusion

Quantum Algorithms for Equation Solvingand Optimization over Finite Fields and

Applications in Cryptanalysis

Yu-Ao Chen

Academy of Mathematics and Systems ScienceChinese Academy of Sciences

May 19, 2019

Joint work with Xiao-Shan Gao and Chun-Ming Yuan

What have we done?

(Main contribution) We present a quantum algorithm to find aBoolean solution of F = 0 for F ⊂ C[X] if existing,

(Boolean: each xi is 0 or 1);

‘finding a solution of F = 0 for F ⊂ Fq[X]’ =⇒poly ‘finding aBoolean solution of F ′ = 0 where F ′ ⊂ C[X]’;

‘solving many NP problems’ =⇒poly ‘equation solving over F2’;

‘optimization over Fp ’ =⇒poly ‘equation solving over Fp ’;

‘algebraic attack on many cryptosystems’⇐⇒ ‘equation solvingover F2’.

What have we done?

Inspiration

Quantum algorithm for linear equation solving, HHL algorithm(Harrow, Hassidim and Lloyd, 2009);

Gröbner basis, F4 algorithm (Faugère, 1999) or the XL algorithm(Courtois et al, 2000): ‘Gröbner basis computing’ =⇒ ‘linearequation solving’

‘Gröbner basis computing’⇐⇒ ‘polynomial equation symbolic(algebraic) solving ’

Inspiration

HHL algorithm:

Quantum algorithm for linearequation solving

Quantum Algorithms for Linear Equation Solving

A ∈ CN×N , s-sparse matrix, condition number κ (the quotient of themaximal and minimal nonzero singular value).Let ε ∈ (0,1) be an error bound.

Theorem (HHL Algorithm, 2009)

For linear system A|x〉 = |b〉, there exist quantum algorithmscomputing a solution state |x〉 with error bounded by ε and in timeO(log(N)sκ2/ε) using the best known Hamiltonian simulation.

|x〉 =∑

xi |i〉 ∈ CN .

If κ and s are small, HHL algorithm achieves exponential speedupcomparing to traditional methods,

for instance, comparing to the conjugate gradient method which hascomplexity O(N

√κ/ε).

Quantum Algorithms for Linear Equation Solving

A ∈ CN×N , s-sparse matrix, condition number κ (the quotient of themaximal and minimal nonzero singular value).Let ε ∈ (0,1) be an error bound.

Theorem (HHL Algorithm, 2009)

For linear system A|x〉 = |b〉, there exist quantum algorithmscomputing a solution state |x〉 with error bounded by ε and in timeO(log(N)sκ2/ε) using the best known Hamiltonian simulation.

|x〉 =∑

xi |i〉 ∈ CN .

If κ and s are small, HHL algorithm achieves exponential speedupcomparing to traditional methods,

for instance, comparing to the conjugate gradient method which hascomplexity O(N

√κ/ε).

F4 algorithm:

Gröbner basis, Macaulay matrix,Macaulay linear system and solvingdegree

Macaulay Linear System and Macaulay Matrix

Polynomial System: F = {f1, . . . , fr} ⊂ C[X] with di = degfi , whereX = {x1, . . . , xn}.

Let D ∈ N such that D ≥ maxri=1 di .

For each monomial m in X with deg(m) ≤ D − di ,

mfi = c∗m0 + c∗m1 + · · ·+ c∗mQD−1

is a linear combination of monomials in X of degree up to D

Written as matrix form: MF,DmD = bF,D

m1 < m2 < · · · < mQD−1

m0f1 . . .... . . .... . . .

mQD−dr−1fr . . .

m1m2...

mQD−1

m0 = 1

−f1(0)...

−fr (0)0...0

mfi = c∗m0 + c∗m1 + · · ·+ c∗mQD−1

m1 < m2 < · · · < mQD−1

m0f1 . . .... . . .... . . .

m1m2...

mQD−1

m0 = 1

−f1(0)...

−fr (0)0...0

mfi = c∗m0 + c∗m1 + · · ·+ c∗mQD−1

m1 < m2 < · · · < mQD−1

m0f1 . . .... . . .... . . .

m1m2...

mQD−1

m0 = 1

−f1(0)...

−fr (0)0...0

Example

Let f1 = x21 − x2, f2 = x1 − 2, D = 2. Then we have

f1 0 −1 1 0 0f2 1 0 0 0 0

x1f2 −2 0 1 0 0x2f2 0 −2 0 1 0

x1x2x2

1x1x2x2

Sparseness of Macaulay Matrix

A matrix M is called s-sparse if each row and column of M have atmost s nonzero entries.

Polynomial System: F = {f1, . . . , fr} ⊂ C[X] with ti = #fi the numberof terms of fi and X = {x1, . . . , xn}

MF,D has (∑r

i=1 ti)-sparseness and can be computed effectively.

Two often used casesClassic Macaulay Matrix: Let r = n + 1 and D =

∑n+1i=1 di − n,

MF,D has dimension O(Dn) and (∑r

i=1 ti)-sparseness.

Multivariate Quadratic Polynomial System (MQ):MF,D has dimension O(4n) and O(rn2)-sparseness.

MF,D has (∑r

∑n+1i=1 di − n,

i=1 ti)-sparseness.

MF,D has (∑r

∑n+1i=1 di − n,

i=1 ti)-sparseness.

Gröbner Basis

For a polynomial system F = {f1, . . . , fr} ⊂ C[X], denote (F) the idealgenerated by F .

For a given monomial order �, we can define the leading (maximal)monomial of f (denoted by lm(f )) for any polynomial f ∈ C[X].

A subset G ⊂ (F) is called the Gröbner basis of (F) under themonomial order �, if

∀f ∈ (F), ∃g ∈ G, lm(g) | lm(f ).

Solving degree:

the relationship between Macaulaylinear system and Gröbner basis

Solving Degree for Polynomial System

Polynomial System: F = {f1, . . . , fr}, di = degfi , d = maxi di

Solving Degree (minimal) D of F : if the Gröbner basis of (F) can beobtained by Gaussian elimination over C for linear systemMF,DmD = bF,D,i.e. ∀g ∈ G,∃hi , s.t. g =

∑ri=1 hi fi and deg(hi fi) ≤ D.

Results about solving degree:

Hermann26: SDeg(F) ≤ (2d)2n.

Brownawell87: SDeg(F) ≤ dn, if 1 ∈ (F).Lazard83, Caminata-Gorla17: For DRL monomial ordering, if(F) is projective zero-dimension, then the solving degree:

SDeg(F) ≤ D = d1 + · · ·+ dn+1 − n + 1 ≤ nd + d − n + 1 .

MQ: under Lazard’s condition, SDeg(F) ≤ D = n + 3

Solving Degree for Polynomial System

Polynomial System: F = {f1, . . . , fr}, di = degfi , d = maxi di

Results about solving degree:

Hermann26: SDeg(F) ≤ (2d)2n.

Brownawell87: SDeg(F) ≤ dn, if 1 ∈ (F).Lazard83, Caminata-Gorla17: For DRL monomial ordering, if(F) is projective zero-dimension, then the solving degree:

SDeg(F) ≤ D = d1 + · · ·+ dn+1 − n + 1 ≤ nd + d − n + 1 .

MQ: under Lazard’s condition, SDeg(F) ≤ D = n + 3

Complete solving degree

instead of solving degree:

the bridge between solution andsolution

Complete Solving Degree for Polynomial System

Complete Solving Degree (minimal) D of F = {f1, . . . , fr} ⊂ C[X]:G is the reduced Gröbner basis of (F).∀g ∈ G and ∀m a monomial satisfying deg(mg) ≤ D, ∃hi s.t.mg =

∑ri=1 hi fi , and deg(hi fi) ≤ D.

Lemma (Monomials are solvable in Macaulay linear system)

Let VC(F) = {a1, . . . ,aw} and (F) radical. For D ≥ CSdeg(F), any

solution of MF,DmD = bF,D is of form mD =w∑

i=1ηimD(ai), where∑w

i=1 ηi = 1.

Lemma (Bound for CSdeg)

Let F = F1 ∪ F2 ⊂ C[X], where F1 = {g1, . . . ,gr}, F2 = {f1, . . . , fn}satisfying lm(fi) = xdi

i . We have CSdeg(F) ≤ d − 2n + 2∑n

i=1 di ,where d = max deg(gi).

Lemma (Monomials are solvable in Macaulay linear system)

Let VC(F) = {a1, . . . ,aw} and (F) radical. For D ≥ CSdeg(F), any

solution of MF,DmD = bF,D is of form mD =w∑

i=1ηimD(ai), where∑w

i=1 ηi = 1.

Use HHL on Macaulay Linear System

Polynomial System: F = {f1, . . . , fr}, d = maxi degfi , ti = #fiLet the ideal (F) is radical and projective dimension zero,

also V(F) = {a1, . . . ,aw},

Theorem (Quantum Pseudo Solving for Polynomial System)

For D ≥CSdeg(F) using the HHL algorithms to MF,DmD = bF,D, thesolution is

|mD〉 =∑w

i=1 ηi |mD(ai)〉,for certain ηi ∈ C.

The complexity is O(log(D)nTF κ2)

where TF =∑r

i=1 ti , κ condition number of MF,D.

Use HHL on Macaulay Linear System

Polynomial System: F = {f1, . . . , fr}, d = maxi degfi , ti = #fiLet the ideal (F) is radical and projective dimension zero,

also V(F) = {a1, . . . ,aw},

Theorem (Quantum Pseudo Solving for Polynomial System)

For D ≥CSdeg(F) using the HHL algorithms to MF,DmD = bF,D, thesolution is

|mD〉 =∑w

i=1 ηi |mD(ai)〉,for certain ηi ∈ C.

The complexity is O(log(D)nTF κ2)

where TF =∑r

i=1 ti , κ condition number of MF,D.

We can measure |mD〉 to obtain astate |k〉 also the information:

∃ai s.t. mD(ai)k = mk(ai) 6= 0.

If all ai are assumed Boolean, wehave mk(ai) = 1 furtherly.

Thus we can reduce the equation system to another one with lessvariables by substituting xi = 1 for those xi appearing in mk .

Quantum Algorithm to Find Boolean Solutions

Polynomial System: F = {f1, . . . , fr} ⊂ C[x1, . . . , xn],

TF =∑

i #fi , ε ∈ (0,1), VB(F) = VC(F , x21 − x1, . . . , x2

n − xn),

CSdeg (F , x21 − x1, . . . , x2

n − xn) ≤ 3n

TF =∑

i #fi , ε ∈ (0,1), VB(F) = VC(F , x21 − x1, . . . , x2

n − xn),

CSdeg (F , x21 − x1, . . . , x2

n − xn) ≤ 3n

TF =∑

i #fi , ε ∈ (0,1), VB(F) = VC(F , x21 − x1, . . . , x2

n − xn),

CSdeg (F , x21 − x1, . . . , x2

n − xn) ≤ 3n

TheoremIf the algorithm returns a Boolean solution, then it is a solution ofF = 0.

Equivalently, if VB(F) = ∅, the algorithm finds no solution.

If VB(F) 6= ∅, the algorithm computes a Boolean solution ofF = 0 with probability ≥ 1− ε.

The complexity is O(n2.5(n + TF )κ2 log 1/ε)

κ is the maximal condition number of the Macaulay matrices.

TF =∑

i #fi , ε ∈ (0,1), VB(F) = VC(F , x21 − x1, . . . , x2

n − xn),

CSdeg (F , x21 − x1, . . . , x2

n − xn) ≤ 3n

TF =∑

i #fi , ε ∈ (0,1), VB(F) = VC(F , x21 − x1, . . . , x2

n − xn),

CSdeg (F , x21 − x1, . . . , x2

n − xn) ≤ 3n

Comparing with HHL

A ∈ CM×N , s-sparse matrix, condition number κ.Let ε ∈ (0,1) be an error bound.

Theorem (HHL Algorithm)

For linear system A|x〉 = |b〉, there exist quantum algorithmscomputing a solution state |x〉 with error bounded by ε and in timeO(log(N + M)sκ2/ε)

Several Subtle Properties:The algorithm does not give a solution of Ax = b, but a state |x〉.Measure of |x〉 gives |x1| : |x2| : · · · : |xn|.The algorithm gives a state even if Ax = b has no solution.The algorithm works over C not F2.

The nice property of our algorithm mainly due to the Booleansolutions.

Comparing with HHL

Several Subtle Properties:The algorithm does not give a solution of Ax = b, but a state |x〉.Measure of |x〉 gives |x1| : |x2| : · · · : |xn|.

The algorithm gives a state even if Ax = b has no solution.The algorithm works over C not F2.

Comparing with HHL

Several Subtle Properties:The algorithm does not give a solution of Ax = b, but a state |x〉.Measure of |x〉 gives |x1| : |x2| : · · · : |xn|.The algorithm gives a state even if Ax = b has no solution.

The algorithm works over C not F2.

Comparing with HHL

Equation Solving and Optimizationover Finite Fields

Main Result

An optimization problem over Fp = {0, . . . ,p − 1}minX∈Fn

p,Y∈Zm o(X,Y), subject to

fj(X) = 0, j = 1, . . . , r ; over Fp

0 ≤ gi(X,Y) ≤ bi , i = 1, . . . , s;0 ≤ yl ≤ ul , l = 1, . . . ,m

where fi ∈ Fp[X], o,gi ∈ Z[X,Y], and u,bi ,ui ∈ N.

We give a quantum algorithm with complexity polynomial inthe input size and κ (the condition number of certain matrix)

Achieved exponential speedup if κ is small.Include many NP hard problems as special cases:Equation Solving over finite field, Boolean equation solving, SAT,Polynomial systems with noise, Short integer solution problem(0,1)-programming, knapsack problem

Main Result

fj(X) = 0, j = 1, . . . , r ; over Fp

0 ≤ gi(X,Y) ≤ bi , i = 1, . . . , s;0 ≤ yl ≤ ul , l = 1, . . . ,m

Achieved exponential speedup if κ is small.

Include many NP hard problems as special cases:Equation Solving over finite field, Boolean equation solving, SAT,Polynomial systems with noise, Short integer solution problem(0,1)-programming, knapsack problem

Main Result

fj(X) = 0, j = 1, . . . , r ; over Fp

0 ≤ gi(X,Y) ≤ bi , i = 1, . . . , s;0 ≤ yl ≤ ul , l = 1, . . . ,m

Achieved exponential speedup if κ is small.Include many NP hard problems as special cases:Equation Solving over finite field, Boolean equation solving, SAT,Polynomial systems with noise, Short integer solution problem(0,1)-programming, knapsack problem

Solving Boolean Equations

Example (A Boolean equation may have no complex solution)

Let f = x1 + x2 + 1. Then VF2(f ) = {(0,1), (1,0)}.

But Boolean solution VB(f ) = ∅.

So we cannot use our QA over C to solve Boolean equations directly.

Reduce f to an equivalent polynomial C(f ) = f − 2 = x1 + x2 − 1.

Then, Boolean solution VB(C(f )) = {(0,1), (1,0)}.

Solving Boolean Equations

Example (A Boolean equation may have no complex solution)

Let f = x1 + x2 + 1. Then VF2(f ) = {(0,1), (1,0)}.

But Boolean solution VB(f ) = ∅.

So we cannot use our QA over C to solve Boolean equations directly.

Reduce f to an equivalent polynomial C(f ) = f − 2 = x1 + x2 − 1.

Then, Boolean solution VB(C(f )) = {(0,1), (1,0)}.

Reduction 1: Integer interval {0,1, . . . ,b}

b ∈ N+, s = blog2(b)cBbit = {B0, . . . ,Bs} Boolean variablesInspired by b = (2s − 1) + (b + 1− 2s), we introduce

θb(Bbit) =s−1∑i=0

2iBi + (b + 1− 2s)Bs.

θb : {0,1}s+1 ⇒ {0,1, . . . ,b}.

Reduction 2: Solving Equations over Finite Fields

Let F ⊂ Fp[X] and X = {x1, . . . , xn}Reduce to poly in Boolean variables over C: C(F) ⊂ C[Xbit]:

Reduce F to Multivariate Quadratic Polynomials (MQ) over Fp

Reduce MQ over Fp to MQ in Boolean variables over Fp

Since xi ∈ Fp,xi = θp−1(xij) =

∑blog2 pc−1j=0 xij2j + (p − 2blog2 pc)xiblog2 pc,

xij Boolean variables

Reduce MQ over Fp ⇒ Equations over C

f ⇒ f − pθ#f (ufj) over C

Then, we have

VFp(F) = VB(C(F))The size of C(F) is nicely controlled.

We can solve F = 0 in O(n3.5T 3.5F log8 pκ2

Then, we have

Example

For f = x1 + x2 + 1, we considerC(f ) = f − 2θ3(ufj) = (x1 + x2 + 1)− 2(uf1 + 2uf2).C(f ) = 0 has only two Boolean solution x1 = uf1 = 0, x2 = uf1 = 1and x2 = uf1 = 0, x1 = uf1 = 1, which is coincident toVF2(f ) = {(0,1), (1,0)}.

Reduction 3: Inequality over Finite Fields

Inequality: I : 0 ≤ g ≤ u,g ∈ Z[y1, . . . , yn], and 0 ≤ yi ≤ bi

Reduce to poly in Boolean variables: I(I) ⊂ C[Ybit]:

The inequality I is equivalent to

an equation in Boolean variables:g(θb1(y1j), . . . , θbn(ynj))− θu(uj) = 0

Reduction 3: Inequality over Finite Fields

Inequality: I : 0 ≤ g ≤ u,g ∈ Z[y1, . . . , yn], and 0 ≤ yi ≤ bi

Reduce to poly in Boolean variables: I(I) ⊂ C[Ybit]:

The inequality I is equivalent to

an equation in Boolean variables:g(θb1(y1j), . . . , θbn(ynj))− θu(uj) = 0

Reduction 4: The Objective Function

The objective function: minX o(X) under assumption 0 ≤ o(X) ≤ h

Reduce o(X) ∈ [α, α+ 2β) to find Boolean solutions over CCheck ∃X s.t. o(X) ∈ [α, α+ 2β) by solving the equation

Eα,β = o(X)− (α+∑β−1

i=0 Ei2i), where Ei are Boolean variables

Find minX o(X) for 0 ≤ o(X) ≤ h

Set α = 0, β = blog(h)c − 1.Solve Eα,β = 0 to find a value of o(X) in [α, α+ 2β).

Obtain minimal value of o(X) in [0,h] by dividing [0,h] intointervals of the form [α, α+ 2β) for at most log h times and bysolving equations Eα,β .

Reduction 4: The Objective Function

The objective function: minX o(X) under assumption 0 ≤ o(X) ≤ h

Reduce o(X) ∈ [α, α+ 2β) to find Boolean solutions over CCheck ∃X s.t. o(X) ∈ [α, α+ 2β) by solving the equation

Eα,β = o(X)− (α+∑β−1

i=0 Ei2i), where Ei are Boolean variables

Find minX o(X) for 0 ≤ o(X) ≤ h

Set α = 0, β = blog(h)c − 1.Solve Eα,β = 0 to find a value of o(X) in [α, α+ 2β).

Obtain minimal value of o(X) in [0,h] by dividing [0,h] intointervals of the form [α, α+ 2β) for at most log h times and bysolving equations Eα,β .

Summary

An optimization problem over Fp

minX∈Fnp,Y∈Zm o(X,Y), subject to 0 ≤ o(X) ≤ h

fj(X) = 0, j = 1, . . . , r ; over Fp

0 ≤ gi(X,Y) ≤ bi , i = 1, . . . , s;0 ≤ yk ≤ ul , l = 1, . . . ,m

Solution procedure to the optimization problemReduce equality constraints fj(X) = 0 over Fq to a polynomialsystem F1 over C.

Reduce inequalities 0 ≤ gi(X,Y) ≤ bi to a polynomial system F2over C.

Divide [0,h] into intervals of form [α, α+ 2β) and compute theBoolean solutions of F1 ∪ F2 ∪ {Eα,β} for at most log h times tofind the minimal value for o(X,Y)

Applications

Solving Boolean MQ and Cryptanalysis

Analysis of many cryptosystems⇒ solving Boolean MQ.

Stream cipher Trivum (ISO/IEC standard)Block cipher AES (NIST standard)Hash function SHA-3/Keccak (NIST standard)

Ciphers #Vars(n) #Eqs TF Bezout B. QComplexityAES-128 4288 10616 252288 2n 273.80cκ2

AES-192 7488 18096 421248 2n 276.44cκ2

AES-256 11904 29520 696384 2n 279.04cκ2

Trivium 3543 4407 24339 2n 257.08cκ2

Trivium 6999 9015 49683 2n 260.74cκ2

Keccak 76800 77160 611023 2n 278.04cκ2

Keccak 76800 77288 611540 2n 278.04cκ2

These cryptosystems are secure under QA only if the conditionnumbers of their corresponding equation systems are large.

Solving Boolean MQ and Cryptanalysis

Analysis of many cryptosystems⇒ solving Boolean MQ.

Stream cipher Trivum (ISO/IEC standard)Block cipher AES (NIST standard)Hash function SHA-3/Keccak (NIST standard)

Ciphers #Vars(n) #Eqs TF Bezout B. QComplexityAES-128 4288 10616 252288 2n 273.80cκ2

AES-192 7488 18096 421248 2n 276.44cκ2

AES-256 11904 29520 696384 2n 279.04cκ2

Trivium 3543 4407 24339 2n 257.08cκ2

Trivium 6999 9015 49683 2n 260.74cκ2

Keccak 76800 77160 611023 2n 278.04cκ2

Keccak 76800 77288 611540 2n 278.04cκ2

These cryptosystems are secure under QA only if the conditionnumbers of their corresponding equation systems are large.

(0,1)-Programming

minxi∈{0,1} o(X) = c1x1 + · · ·+ cnxn,

subject to

ai1x1 + · · ·+ ainxn ≤ bi , i = 1, . . . , s

Quantum Complexity: O(n4.5s3.5 log8 hκ2), whereu = max{bi ,

∑j cj}

Include many famous NP-hard optimization problems

Subset sum problem: (0,1) solution of one linear equation∑i aixi = b.

Complexity: O(n3.5κ2).

Knapsack problem (s = 1)

(0,1)-Programming

minxi∈{0,1} o(X) = c1x1 + · · ·+ cnxn,

subject to

ai1x1 + · · ·+ ainxn ≤ bi , i = 1, . . . , s

∑j cj}

(0,1)-Programming

minxi∈{0,1} o(X) = c1x1 + · · ·+ cnxn,

subject to

ai1x1 + · · ·+ ainxn ≤ bi , i = 1, . . . , s

∑j cj}

Polynomial System Solving with Noise (PSWN)

For an over-determined polynomial system F = {f1, . . . , fr} ⊂ Fp[X](r � n), the PSWN problem is to find an X ∈ Fn

p satisfies the maximalnumber of equations in F .

PSWN can be solved with O(r3.5T 3.5F (log p)8κ2)

Linear System with Noise (LWN) AX = b is NP-hard

can be solved in time O((n + r log p)2.5(TA + r log2 p) log3.5 pκ2),A ∈ Cr×n,TA is the number of nonzero entries in A

Conclusion

1 We give a quantum algorithm to solve polynomial systems andoptimization over finite fields, whose complexity is polynomial inthe input size and the condition numbers of certain Macaulaymatrices.

2 The quantum algorithm achieves exponential speedup if thecondition number is small.

3 The quantum algorithm applies to cryptanalysis of importantcryptosystems and show that these cryptosystems are safe onlyif their condition numbers are large.

Thanks !

Chen, Y.A. and Gao, X.S., Quantum Algorithms for BooleanEquation Solving and Quantum Algebraic Attack onCryptosystems, ArXiv1712.06239v3, 2017.

Chen, Y.A., Gao, X.S., Yuan, C.M., Quantum Algorithms forOptimization and Polynomial Systems Solving over Finite Fields,ArXiv1802.03856v2, 2018.

How about the condition number κ?

κ(n,D)

For the field equations HX = {x21 − x1, . . . , x2

n − xn}, denote thecondition number of MHX,D by κ(n,D), and we have

Theorem

κ(1,D) = cot π2D = O(D), κ(2,D) ≤ 8D − 20 = O(D).

Theorem

For n ≥ D − 1, κ(n,D) = κ(D − 1,D).

Conjecture

For fixed n ≥ 3, κ(n,D) = O(D1.5).

κ(n,D)

Theorem

κ(1,D) = cot π2D = O(D), κ(2,D) ≤ 8D − 20 = O(D).

Theorem

For n ≥ D − 1, κ(n,D) = κ(D − 1,D).

Conjecture

κ(n,D)

Theorem

κ(1,D) = cot π2D = O(D), κ(2,D) ≤ 8D − 20 = O(D).

Theorem

For n ≥ D − 1, κ(n,D) = κ(D − 1,D).

Conjecture

κ(n,D)

Theorem

κ(1,D) = cot π2D = O(D), κ(2,D) ≤ 8D − 20 = O(D).

Theorem

For n ≥ D − 1, κ(n,D) = κ(D − 1,D).

Conjecture

Pascal’s simplex

κ(n,D) is related to the algebraic connectivity of the graph Pascal’ssimplex.

Figure: G(1, 3) Figure: G(2, 4)

Figure: G(3, 4)

To compute the algebraic connectivity for a random graph is NP-hard.

Thanks !

One more time!

quantum algorithms for equation solving and optimization ... · quantum algorithm for linear...

Documents