Almost tight bound on the query complexity of generalized Simon's problem
Simon's problem played an important role in the history of quantum algorithms, as it inspired Shor to discover the celebrated quantum algorithm solving integer factorization in polynomial time. Besides, the quantum algorithm for Simon's problem has been recently applied to break symmetric cryptosystems. Generalized Simon's problem is a natural extension of Simon's problem: Given a function f:{0,1}^n →{0,1}^m with n < m and the promise that there exists a subgroup S <Z_2^n of rank k s.t. for any s, x∈{0,1}^n, f(x) = f(x⊕ s) iff s∈ S, the goal is to find S. It is not difficult to design a quantum algorithm for solving this problem exactly with query complexity of O(n-k). However, so far it is not clear what is the classical deterministic query complexity of this problem. Therefore, it is interesting and nontrivial to consider that, not only for clarifying the gap between quantum and classical computing on this problem, but also from the viewpoint of classical computing. In this paper, we first prove that any classical deterministic algorithm solving generalized Simon's problem has to query at least Ω(√(k · 2^n-k)) values, clarifying the gap between quantum and classical computing on this problem. On the other hand, we devise a deterministic algorithm with query complexity of O(√(k · 2^n - k)) in most cases. Therefore, the obtained bound Θ(√(k · 2^n-k)) is almost optimal, which fills the blank of classical deterministic query complexity for generalized Simon's problem.
READ FULL TEXT