Welcome to the resource topic for
**2020/693**

**Title:**

Tight Quantum Time-Space Tradeoffs for Function Inversion

**Authors:**
Kai-Min Chung, Siyao Guo, Qipeng Liu, Luowen Qian

**Abstract:**

In function inversion, we are given a function f: [N] \mapsto [N], and want to prepare some advice of size S, such that we can efficiently invert any image in time T. This is a well studied problem with profound connections to cryptography, data structures, communication complexity, and circuit lower bounds. Investigation of this problem in the quantum setting was initiated by Nayebi, Aaronson, Belovs, and Trevisan (2015), who proved a lower bound of ST^2 = \tilde\Omega(N) for random permutations against classical advice, leaving open an intriguing possibility that Grover’s search can be sped up to time \tilde O(\sqrt{N/S}). Recent works by Hhan, Xagawa, and Yamakawa (2019), and Chung, Liao, and Qian (2019) extended the argument for random functions and quantum advice, but the lower bound remains ST^2 = \tilde\Omega(N). In this work, we prove that even with quantum advice, ST + T^2 = \tilde\Omega(N) is required for an algorithm to invert random functions. This demonstrates that Grover’s search is optimal for S = \tilde O(\sqrt{N}), ruling out any substantial speed-up for Grover’s search even with quantum advice. Further improvements to our bounds would imply new classical circuit lower bounds, as shown by Corrigan-Gibbs and Kogan (2019). To prove this result, we develop a general framework for establishing quantum time-space lower bounds. We further demonstrate the power of our framework by proving the following results. * Yao’s box problem: We prove a tight quantum time-space lower bound for classical advice. For quantum advice, we prove a first time-space lower bound using shadow tomography. These results resolve two open problems posted by Nayebi et al (2015). * Salted cryptography: We show that “salting generically provably defeats preprocessing,” a result shown by Coretti, Dodis, Guo, and Steinberger (2018), also holds in the quantum setting. In particular, we prove quantum time-space lower bounds for a wide class of salted cryptographic primitives in the quantum random oracle model. This yields a first quantum time-space lower bound for salted collision-finding, which in turn implies that {PWPP}^{O} \not\subseteq {FBQP}^{O}{/qpoly} relative to a random oracle O.

**ePrint:**
https://eprint.iacr.org/2020/693

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

**Example resources include:**
implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .