ABSTRACT

The hidden subgroup problem (HSP) plays an important role in quantum computing because many quantum algorithms that are exponentially faster than classical algorithms are special cases of the HSP. In this paper we show that there exists a new efficient quantum algorithm for the HSP on groups ${\mathbb{Z}}_N⋊{\mathbb{Z}}_{q^s}$ where N is an integer with a special prime factorization, q prime number and s any positive integer.

Keywords:
Quantum Algorithms; Hidden Subgroup Problem; Quantum Computational Group Theory

RESUMO

O problema do subgrupo oculto (PSO) tem um papel importante na computação quântica pois muitos algoritmos quânticos que são exponencialmente mais rápidos que seus equivalentes clássicos são casos especiais do PSO. Neste artigo nós mostramos a existência de um novo algoritmo quântico eficiente para o PSO sobre grupos da forma ${\mathbb{Z}}_N⋊{\mathbb{Z}}_{q^s}$, onde N é um número inteiro positivo com uma particular decomposição em fatores primos, q um número primo e s um inteiro positivo qualquer.

Palavras-chave:
Algoritmos quânticos; problema do subgrupo oculto; teoria de grupos computacional

1 INTRODUCTION

The most important problem in group theory in terms of quantum algorithms is called hidden subgroup problem (HSP)¹⁴14 C. Lomont. “The Hidden Subgroup Problem - Review and Open Problems”. Quantum Physics,Abstract quant-ph/0411037, (2004).. The HSP can be described as follows: given a group G and a function f: G → X on some set X such that f(x) = f(y) iff x ∙ H = y ∙ H for some subgroup H, the problem consists in determining a generating set for H by querying the function f. We say that the function f hides the subgroup H in G or that f separates the cosets of H in G. A quantum algorithm for the HSP is said to be efficient when the running time is O(poly(log|G|)). There are many examples of efficient quantum algorithms for the HSP in particular groups¹⁷17 D.R. Simon. “On the Power of Quantum Computation”. Proceedings of the 35th Annual Symposium on Foundations of Computer Science, pages 116-123, (1994).^{), (18}18 P.W. Shor. “Algorithms for quantum computation: discrete logs and factoring”. Proc. of the 35th Ann. IEEE Symp. on the Foundation of Computer Science, pages 124-134, (1994).. It is known that for finite abelian groups, the HSP can be solved efficiently on a quantum computer¹⁴14 C. Lomont. “The Hidden Subgroup Problem - Review and Open Problems”. Quantum Physics,Abstract quant-ph/0411037, (2004).. On the other hand, an efficient solution for a generic non-abelian group is not known. Two important groups in this context are the symmetric and the dihedral groups. An efficient algorithm for solving the HSP for the former group would imply in an efficient solution for the graph isomorphism problem¹1 R. Beals. “Quantum computation of Fourier transforms over symmetric groups”. Proc. 29th ACM Symp. on Theory of Computing, pages 48-53, New York, (1997).^{), (2}2 D. Boneh & R.J. Lipton. “Quantum cryptanalysis of hidden linear functions”, In Lecture Notes in Computer Science, volume 963, pages 424-437, Berlin, (1995).^{), (12}12 P. Hoyer. “Efficient quantum transforms”. arXiv:quant-ph/9702028, (1997).^{), (8}8 M. Ettinger & P. Høyer. “A quantum observable for the graph isomorphism problem”, arXiv:quant-ph/9901029, (1999). and for the latter one would solve instances of the problem of finding the shortest vector in a lattice, which has applications in cryptography¹⁶16 O. Regev. Quantum Computation and Lattice Problems. SIAM Journal on Computing, 33(3) (2004), 738-760..

One way to design new quantum algorithms for the HSP is to investigate the structures of all subgroups of a given group, and then to find a quantum algorithm applicable to each subgroup structure. Following this, Inui & Le Gall presented an efficient quantum algorithm for the HSP on groups of the form ${\mathrm{\mathbb{Z}}}_{p^r}⋊{\mathrm{\mathbb{Z}}}_p$ with prime p and positive integer r¹³13 Y. Inui & F. Le Gall. An efficient quantum algorithm for the hidden subgroup problem over a class of semi-direct product groups. Quantum Information and Computation, (2005).. Later, Cosme⁶6 C.M.M. Cosme. “Algoritmos Quânticos para o Problema do Subgrupo Oculto não Abeliano”. Tese de Doutorado, LNCC, Petrópolis, RJ, (2008).⁾ presented an efficient quantum algorithm for the HSP in ${\mathbb{Z}}_{p^r}{⋊}_{\varphi }{\mathbb{Z}}_{p^s}$ where p is any odd prime number, r and s are positives integers and the homomorphism ϕ is given by the root ^{_{t p-} - s + l} + 1 such that r ≥ 2s - l. Subsequently, in¹⁰10 D.N. Gonçalves, R. Portugal & C.M.M. Cosme. “Solutions to the hidden subgroup problem on some metacylic groups”. Proc. 4th Worshop on Theory of Quantum Computation, Communication and Cryptography, LNCS, Springer-Verlag, (2009). the authors presented an efficient quantum algorithm for the HSP in ${\mathbb{Z}}_p⋊{\mathbb{Z}}_{q^s}$, with p/q = poly(log p), where p, q are distinct odd prime numbers and s is an arbitrary positive integer. The case ${\mathbb{Z}}_{p^r}⋊{\mathbb{Z}}_{q^s}$ with p, q distinct odd prime numbers and r, s > 0 such that _^pr / _^qt = poly(_{^{log pr}} ) was discussed in¹¹11 D.N. Gonçalves & R. Portugal. “Solution to the Hidden Subgroup Problem for a Class of Noncommutative Groups”. Quantum Physics, Abstract quant-ph/1104.1361, (2011).. The parameter t ∊ {0, 1,…, s} characterizes the group. The case t = 0 reduces to the abelian group ${\mathbb{Z}}_{p^r}\times {\mathbb{Z}}_{q^s}$ and the case t = 1 was addressed by the authors, with unsuccessful results. This work established, for the first time, a complete description of the structure of the subgroups of ${\mathbb{Z}}_{p^r}⋊{\mathbb{Z}}_{q^s}$. Recently, using the algebraic structure of the subgroups of ${\mathbb{Z}}_{p^r}⋊{\mathbb{Z}}_{q^s}$, van Dam & Dey⁷7 W. van Dam & S. Dey. “Hidden Subgroup Quantum Algorithms for a Class of Semi-Direct Product Groups”. Proc. of 9th Conference on the Theory of Quantum Computation, Communication and Cryptography, TQC’14, pages 110-117, (2014). presented a new quantum algorithm for the HSP over ${\mathbb{Z}}_{p^r}⋊{\mathbb{Z}}_{q^s}$ for all possible values of t ∊ {0, 1,…, s} by imposing a restriction on the parameters p and q: the relative sizes of subgroups are bounded by _^pr / _^qt-j ∊ O(poly(log _^pr )), where j ∊ {0,..., t - 1}.

In this article, we describe a new efficient quantum algorithm to solve the HSP in the specific class of non-abelian groups, i.e., the semi-direct product groups of the form $G={\mathbb{Z}}_N⋊{\mathbb{Z}}_{q^s}$, where, N is factorized as $p_1^{r_1}\dots p_n^{r_n}$ and there exists a 1≤ k ≤ n such that _^qt (q odd prime) divides _^pk - 1 and q does not divide _^pi - 1 for all I ≠ k. The parameter t is related to the type of the homomorphism that describes the group, as can be checked in Section 3. Using a similar approach presented in⁵5 D.P. Chi, J.S. Kim & S. Lee. Quantum algorithms for the hidden subgroup problem on some semi-direct product groups by reduction to Abelian cases. Physics Letters A, pages 114-116, (2006)., we define an isomorphism between ${\mathbb{Z}}_N⋊{\mathbb{Z}}_{q^s}$ and the direct product of ${\mathbb{Z}}_{p^r}{⋊}_{\psi }{\mathbb{Z}}_{q^s}$ with cyclic groups, reducing the HSP in G to similar HSPs, solutions which are already known.

This work is organized as follows: In Section 2, we review some fundamental notations and definitions of finite groups. In Section 3, we give the relevant definitions and results concerning the semi-direct product groups and explain its homomorphisms and their properties. In Section 4, we present our main result and we show that there exist an efficient quantum algorithm for the HSP in the groups. In Section 5, we draw our conclusions.

2 PRELIMINARIES

We begin by reviewing some fundamental notations and definitions of finite groups that will be used throughout the text. More details can be found in lots of textbooks of abstract algebra such as in³3 W. Burniside. Theory of Groups of Finite order, Dover Publication, Inc. - New York, (1955).^{), (9}9 A. Garcia & Y. Lequain. Elementos de Álgebra, 3.ed. Rio de Janeiro: IMPA, 325 p. (Projeto Euclides), (2005)..

Let G be a finite group. We use |G| to denote the order of G. A nonempty subset H of a group G is called a subgroup of G, denoted by H≤ G, if H ² ⊆ H and H ^-1 ⊆ H , where H ² = {h ₁ h ₂\h ₁, h ₂ ∊ H} and H ^-1 = {h ^-1|h ∊ H}. For a subgroup H of G and every group element g ∊ G, the left coset of H determined by g is the set g H={gh, h ∊ H}.

Let M be a set of elements in G. The intersection of all subgroups of G containing M is called the subgroup generated by M, denoted by 〈M〉. If 〈M〉=G, M is said to be a generating set of G or G is generated by M. A group generated by one element is called a cyclic group. For an element g ∊ G, we call the order of the subgroup 〈g〉 the order of g, denoted by ord(g), that is, ord(g) = |〈g〉|. One can show that ord (g) is the smallest positive integer n satisfying _^gn = 1.

Given two groups G and H, a map α: G → H is called a homomorphism of G into H if

If the homomorphism α is a bijection, then α is an isomorphism from G onto H. In this case, G and H are said to be isomorphic, denoted by G ≅ H. An isomorphism from G to itself is called an automorphism of G. We use Aut(G) to denote the set of automorphism of G. For the composition of maps, Aut(G) is a group, called the automorphism group of G.

A subgroup N of a group G is called normal, denoted by N ⊴ G if Ng = gN, ∀g ∊ G. The group nℤ, for any integer n, is a normal subgroup of the integer group ℤ. The factor group ℤ_n = ℤ/nℤ = {0, 1,..., n -1} is called the (additive) group of integers modulo n. In this group, (nℤ)a.(nℤ)b = (nℤ)c if and only if a + b = c (mod n). The unit group, denoted by ${\mathbb{Z}}_n^{*}$, for any positive integer n, is the group of invertible integers mod n (i.e, those α ∊ ℤ_n with gcd(a, n)=1).

The direct product of two groups G and H, denoted by G × H, is the set {(g, h)|g ∊ G, h ∊ H}, where the multiplication operation is defined by (g, h)(g', h') = (gg', hh') for all g, g' ∊ G and h, h' ∊ H. In the same way, one may define the direct product of n groups G ₁,..., ^_Gn as G = G ₁ × ... × ^_Gn .

3 SEMI-DIRECT PRODUCT GROUPS

The semi-direct product of two groups G and H is defined by a homomorphism ϕ :H → Aut(G). The semi-direct product G ⋊_ϕ H is the set {(g, h) : g ∊ G, h ∊ H} with the group operation defined as (g, h)(g', h') = (g + ϕ(h)(g'), h + h'). One can easily check that the group inversion operation satisfies (g, h)^-1 = (ϕ(-h)(-h), -h).

In this paper we consider the HSP on the semi-direct product groups $G={\mathbb{Z}}_N{⋊}_{\varphi }{\mathbb{Z}}_{q^s}$ for positive integers N and s and odd prime number q. We assume that the prime factorization of N is $p_1^{r_1}\dots p_n^{r_n}$ and there exists a 1≤ k ≤ n such that _^qt divides _^pk - 1 and q does not divide _^pi - 1 for all i ≠ k. The parameter t ∊ {0, 1,…,s} characterizes the group as shown in the following.

The elements x=(1, 0) and y=(0, 1) generate the groups ${\mathbb{Z}}_N{⋊}_{\varphi }{\mathbb{Z}}_{q^s}$. Since Aut(ℤ_N ) is isomorphic to ${\mathbb{Z}}_N^{*}$, the homomorphism ϕ is completely determined by $\alpha :=\varphi \left(1\right)\left(1\right)\in {\mathbb{Z}}_N^{*}$ and ϕ(b)(a) =^_aαb for all a ∊ ℤ_N and $b\in {\mathbb{Z}}_{q^s}$. Now, note that ϕ(0) = ϕ(^_qs ) : ℤ_N → ℤ_N is the identity element of the group Aut(ℤ_N ). Then $\mathrm{a\alpha }{q}^s=\varphi \left(q^s\right)\left(1\right)=1$. If the element $\alpha \in {\mathbb{Z}}_N^{*}$ satisfies the congruence relation $X^{q^s}=1$ mod N, then it defines the semi-direct product ${\mathbb{Z}}_N{⋊}_{\alpha }{\mathbb{Z}}_{q^s}$. In this case, we must have ord(α) = ^_qt for some integer 0 ≤ t ≤ s. The case t = 0 reduces to the direct product ${\mathbb{Z}}_N\times {\mathbb{Z}}_{q^s}$, which is an abelian group. An efficient solution for the HSP is known for this case¹⁴14 C. Lomont. “The Hidden Subgroup Problem - Review and Open Problems”. Quantum Physics,Abstract quant-ph/0411037, (2004).. Since $\alpha \in {\mathbb{Z}}_N^{*}$, ^_qt divides $\left|{\mathbb{Z}}_N^{*}\right|=\phi \left(N\right)$, where φ is the Euler phi-function⁹9 A. Garcia & Y. Lequain. Elementos de Álgebra, 3.ed. Rio de Janeiro: IMPA, 325 p. (Projeto Euclides), (2005).. Since $\phi \left(N\right)=p_1^{r_1-1}\dots p_n^{r_n-1}(p_1-1)\dots (p_n-1)$, we can choose the option ^_qt | ^_pn - 1 with no loss of generality.

For instance, let $G={\mathbb{Z}}_N{⋊}_{\varphi }{\mathbb{Z}}_{q^s}$, with N=45125, q=3 and s=4. The homomorphism ϕ can be described by an element $\alpha =2626\in {\mathbb{Z}}_N^{*}$ with order 3². Since 45125 = 19².5³, the order of α satisfies 3²|(19 - 1) and 3 ∤ (5 - 1). Then G is an example of group for which the Theorem 4.1 holds.

Let us consider the usual decomposition ${\mathbb{Z}}_N\cong {\mathbb{Z}}_{p_1^{r_1}}\times \dots \times {\mathbb{Z}}_{p_n^{r_n}}$, which can be found in quantum polynomial time⁴4 K.K.H. Cheung & M. Mosca. Decomposing Finite Abelian Groups. Quantum Information and Computation, 1(3) (2001), 23-32.. Thus, the following isomorphism holds

The elements of $({\mathbb{Z}}_{p_1^{r_1}}\times \dots \times {\mathbb{Z}}_{p_n^{r_n}}){⋊}_{\varphi }{\mathbb{Z}}_{q^s}$ have the form ((a ₁,...,^_an ), b), where (a ₁,...,^_an ) ∊ ${\mathbb{Z}}_{p_1^{r_1}}\times \dots \times {\mathbb{Z}}_{p_n^{r_n}}$ and $b\in {\mathbb{Z}}_{q^s}$. For each b in $Z_{q^s}$ the element ϕ(b) is an automorphism on ${\mathbb{Z}}_{p_1^{r_1}}\times \dots \times {\mathbb{Z}}_{p_n^{r_n}}$ such that α = ϕ (1)(1) is an element in ${\mathbb{Z}}_{p_1^{r_1}}^{*}\times \dots \times {\mathbb{Z}}_{p_n^{r_n}}^{*}$ of order ^_qt . Note that ${\mathbb{Z}}_{p_i^{r_i}}$ is isomorphic to the subgroup ${\mathcal{I}}_1\times {\mathbb{Z}}_{p_i^{r_i}}\times {\mathcal{I}}_2$ of ${\mathbb{Z}}_{p_1^{r_1}}\times \dots \times {\mathbb{Z}}_{p_n^{r_n}}$, where ℐ₁ is the identity on ${\mathbb{Z}}_{p_1^{r_1}}\times \dots \times {\mathbb{Z}}_{p_{i-1}^{r_{i-1}}}$ and ℐ₂ is the identity on

Thus, we can identify an element _^ai in ${\mathbb{Z}}_{p_i^{r_i}}$ with the point $\overline{a_i}$ in ${\mathcal{I}}_1\times {\mathbb{Z}}_{p_i^{r_i}}\times {\mathcal{I}}_2$ such that it has an integer value _^ai in the i-th coordinate and 0's elsewhere.

Now we are ready to state the following results.

Lemma 3.1.Let${\mathbb{Z}}_{p_1^{r_1}}\times \dots \times {\mathbb{Z}}_{p_n^{r_n}}$and${\mathbb{Z}}_{q^s}$be finite abelian groups with distinct odd prime numbers p_{1^{,..., pn}} , q and positive integers r _{1 ^{,..., rn and s. Define the semi-direct product group}}$({\mathbb{Z}}_{p_1^{r_1}}\times \dots \times {\mathbb{Z}}_{p_n^{r_n}}){⋊}_{\varphi }{\mathbb{Z}}_{q^s}$. Then, for each$b\in {\mathbb{Z}}_{q^s}$and$a_i\in {\mathbb{Z}}_{p_i^{r_i}}$there exists a$c_i\in {\mathbb{Z}}_{p_i^{r_i}}$such that$\varphi \left(b\right)\left(\overline{a_i}\right)=\overline{c_i}$.

Proof. Let _^ei be elements in ${\mathbb{Z}}_{p_1^{r_1}}\times \dots \times {\mathbb{Z}}_{p_n^{r_n}}$ with all components equal zero except the i-th one which is 1. Because ϕ(b) ∊ Aut(ℤ_N ), it is enough to show that $\varphi \left(b\right)\left(e_i\right)=\overline{d_i}$, for some $d_i\in {\mathbb{Z}}_{p_i^{r_i}}$. In fact, $\varphi \left(b\right)\left(\overline{a_i}\right)=\varphi \left(b\right)\left(a_i{e}_i\right)=a_i\varphi \left(b\right)\left(e_i\right)=a_i\overline{d_i}=\overline{c_i}$, for some $c_i\in {\mathbb{Z}}_{p_i^{r_i}}$.

Now let us suppose that ϕ(b) (_^ei ) = (d ₁, ..., _^dn ). Note that

Then, for all j=1,…,n we have $p_i^{r_i}{d}_j\equiv 0\mathrm{mod}{p}_j^{r_j}$ and this implies that $d_j\equiv 0\mathrm{mod}{p}_j^{r_j}$ for all j ≠ i. Hence, ϕ(b) (_^ei ) = (0…,_^di , 0, …, 0) =$\overline{d_i}$ as was to be shown.

The next lemma shows that there exists an isomorphism between ${\mathbb{Z}}_N{⋊}_{\alpha }{\mathbb{Z}}_{q^s}$ and the non-abelian group ${\mathbb{Z}}_{p_n^{r_n}}⋊{\mathbb{Z}}_{q^s}$ with cyclic groups.

Lemma 3.2Let N be a positive integer with prime factorization$p_1^{r_1}\dots p_n^{r_n}$and q an odd prime such that q ≠ _{^{pi and s a positive integer. Define the semi-direct product group}}$G={\mathbb{Z}}_N{⋊}_{\alpha }{\mathbb{Z}}_{q^s}$for an$\alpha \in {\mathbb{Z}}_N^{*}$. Let t ∊ {1,…,s} be the smallest positive integer such that${\alpha }^{q^t}$ = 1. Let us assume that there exists a 1≤ k ≤ _{^{n such that qt | pk -}} 1 and q ∤ _^pi - 1 for all i ≠ k. By choosing k = n (WLOG) we have

for some homomorphism ψ from ${\mathbb{Z}}_{q^s}$ into the group of automorphisms of ${\mathbb{Z}}_{p^r}$ _{^{and p = pn and r =rn.}}

Proof. Note that ϕ(_^qs ) is the identity map ℐ on ${\mathbb{Z}}_{p_1^{r_1}}\times \dots \times {\mathbb{Z}}_{p_n^{r_n}}$. For all i = 1,…,n - 1 , follows from Lemma 3.1 that $e_i=\varphi \left(q^s\right)\left(e_i\right)=(0\dots ,{c_i}^{q^s},\dots ,0)$. Then ${c_i}^{q^s}=1\mathrm{\backslash textup}\mathrm{mod}{p}_i^{r_i}$, which implies that _^ci is an element in ${\mathbb{Z}}_{p_i^{r_i}}^{*}$ with order _^qt' , for some t' ∊ {1,…,s}. Let us suppose _^ci ≠ 1. Since _^qt' divides the order of ${\mathbb{Z}}_{p_i^{r_i}}^{*}$ and gcd(_^pi , q) = 1, we have that _^qt' divides _^pi - 1. But that leads to an absurd, hence _^ci must be 1 and ϕ acts trivially on ${\mathbb{Z}}_{p_1^{r_1}}\times \dots \times {\mathbb{Z}}_{p_{n-1}^{r_{n-1}}}$. Thus, there exists a homomorphism ψ from ${\mathbb{Z}}_{q^s}$ into the group of automorphisms of ${\mathbb{Z}}_{p^r}$ (p = _^pn and r = _^rn ), such that for all $b\in {\mathbb{Z}}_{q^s}$ and all $(a_1,\dots ,a_n)\in {\mathbb{Z}}_{p_1^{r_1}}\times \dots \times {\mathbb{Z}}_{p_n^{r_n}}$ we have

Now for two elements g = ((a ₁...,^_an ), b) and $g\text{'}=\left(\right(a_1\text{'}\dots ,a_n\text{'}),b\text{'})$ in $({\mathbb{Z}}_{p_1^{r_1}}\times \dots \times {\mathbb{Z}}_{p_n^{r_n}}){⋊}_{\varphi }{\mathbb{Z}}_{q^s}$, the group operation is defined by

Define the map

such that Γ(a ₁,...,^_an , b)) = ((a ₁,...,_{^an - 1}), (^_an , b)). The group operation in ${\mathbb{Z}}_{p^r}{⋊}_{\psi }{\mathbb{Z}}_{q^s}$ is (a,b)(c,d)=(a+ ψ(b)(c),b+d) for all a, c ∊ ${\mathbb{Z}}_{p^r}$ and b, d ∊ ${\mathbb{Z}}_q^s$. Note that

Thus, Γ is an group homomorphism. One can easily see that Γ is injective and from the fact that $|{\mathbb{Z}}_N{⋊}_{\varphi }{\mathbb{Z}}_{q^s}|=\left|\right({\mathbb{Z}}_{p_1^{r_1}}\times \dots \times {\mathbb{Z}}_{p_{n-1}^{r_{n-1}}})\times ({\mathbb{Z}}_{p^r}{⋊}_{\psi }{\mathbb{Z}}_{q^s}\left)\right|=N{q}^s$ we have that Γ is an isomorphism.

Lemma 3.3Let G₁and G₂be finite groups with relatively prime orders. If H is a subgroup of G then H = H₁ × H ₂ for some subgroups H ₁ of G ₁ and H ₂ of G ₂ .

Proof. Let _{^{πi : G} 1} × G ₂ → Gi such that _^πi (g ₁, g ₂) = _^gi , i = 1, 2, i=1,2. For any subgroup H of G ₁ × G ₂ define H ₁= π ₁(H) ≤ G ₁ and H ₂= π ₂(H) ≤ G ₂. Then H ≤ H ₁ × H ₂. We claim that H = H ₁ × H ₂. In fact, if (h ₁, h ₂) ∊ H ₁ × H ₂ it follows from definition of H ₁ and H ₂ that there exists h' ₁ ∊ G ₁ and h' ₂ ∊ G ₂ such that (h ₁, h' ₂), (h' _1, h ₂) ∊ H From the fact that gcd(|G ₁|, |G ₂|) = 1 and by the Chinese remainder theorem ⁹9 A. Garcia & Y. Lequain. Elementos de Álgebra, 3.ed. Rio de Janeiro: IMPA, 325 p. (Projeto Euclides), (2005)., there exist integers r ₁ and r ₂ such that

It follows from (3.7) that there are integers k ₁, k ₂, k ₃, k ₄ such that

Thus,

where e ₁ and e ₂ are the identities elements in the groups G ₁ and G ₂, respectively. Hence, (h ₁, h ₂) =(h ₁, e ₂)(e ₁, h ₂) ∊ H.

4 QUANTUM ALGORITHM FOR HSP IN ${\mathbb{Z}}_N{⋊}_{\varphi }{\mathbb{Z}}_{q^s}$

In this section we present an efficient quantum algorithm that can solve the HSP in ${\mathbb{Z}}_N{⋊}_{\varphi }{\mathbb{Z}}_{q^s}$, where N is factorized as $N=p_1^{r_1}\dots p_n^{r_n}$ and given a 1≤ t ≤ s, there exists a 1≤ k ≤ n such that _^qt | _^pk - 1 and q∤_^pi - 1 for all i ≠ k.

Before stating our main theorem, let us introduce the last two intermediate results.

Proposition 4.1Let G be a finite group, H a subgroup of G and f : G → X the oracle function that hides H in G. For any subgroup$\tilde{G}$of G we have$\tilde{f}=f{|}_{\tilde{G}}:\tilde{G}\to X$hides$\tilde{H}=H\cap \tilde{G}$in$\tilde{G}$.

Proof. We must show that $\tilde{f}\left(a\right)=\tilde{f}\left(b\right)$ if and only if a$\tilde{H}=b\tilde{H}$, for all a, b ∊ $\tilde{G}$. In fact, let a, b ∊ $\tilde{G}$ such that $\tilde{f}\left(a\right)=\tilde{f}\left(b\right)$. Since f hides H in G, aH = bH which implies a = bh, for some h ∊ H. Since a, b ∊ $\tilde{G}$, we have h = b ^-1 a ∊ $\tilde{G}$ which implies h ∊ $\tilde{H}$, hence $a\tilde{H}=b\tilde{H}$. Conversely, if $a\tilde{H}=b\tilde{H}$, since $a\tilde{H}\subset aH$ and $b\tilde{H}\subset bH$ we have aH ∩ bH ≠ Ø which implies aH = bH, or equivalently $\tilde{f}\left(a\right)=\tilde{f}\left(b\right)$.

Although the Proposition 4.1 establish a very simple result to be verified, it has important applications in solving the HSP. In fact, if there exists a subgroup $\tilde{G}$ of G where the HSP can solved efficiently by a quantum computer, the Proposition 4.1 shows that is possible to obtain information about H by using the restriction of the hiding function f to the subgroup $\tilde{H}=H\cap \tilde{G}$. Note that if $H\subset \tilde{G}$ then the problem is completely solved.

An important consequence of the Proposition 4.1 follows below:

Corollary 4.1Let G₁and G₂be finite groups with relatively prime orders. Then, an efficient solution to the HSP over G₁and G₂implies in an efficient solution to the HSP over the direct product G₁ × G ₂ .

Proof. By Lemma 3.3 if H is a subgroup of G ₁ × G ₂ then H = H ₁ × H ₂ for some subgroup H ₁ of G ₁ and subgroup H ₂ of G ₂. Let f be the oracle function that hides H in G ₁ × G ₂. By Proposition 4.1, the restrictions of f to G ₁ and G ₂ hide, respectively, H ₁ and H ₂. Since the HSP can solved efficiently over the groups G ₁ and G ₂ one can efficiently find generators to H ₁ and H ₂, or equivalently, generators to H ₁ × H ₂.

Now we are able to state and prove our main result.

Theorem 4.1Let N be a positive integer with prime factorization$p_1^{r_1}\dots p_n^{r_n}$, q an odd prime such that q ≠ _{^{pi and s a positive integer. Define the semi-direct product group}}$G={\mathbb{Z}}_N{⋊}_{\alpha }{\mathbb{Z}}_{q^s}$for an$\alpha \in {\mathbb{Z}}_N^{*}$. Let t ∊ {1,…,s} be the smallest positive integer such that${\alpha }^{q^t}=1$. Let us assume that there exists a 1 ≤ k ≤ _{^{n such that qt | pk -}} 1 and q ∤_{^{pi -}} 1 for all i ≠ k. Then there exists an efficient quantum algorithm that solves the HSP in the semi-direct product groups${\mathbb{Z}}_N{⋊}_{\alpha }{\mathbb{Z}}_{q^s}$.

Proof. Define $N\text{'}=N/p_n^{r_n}$ then ${\mathbb{Z}}_{p_1^{r_1}}\times \dots \times {\mathbb{Z}}_{p_{n-1}^{r_{n-1}}}\cong {\mathbb{Z}}_{N\text{'}}$. By Lemma 3.2,

The group ℤ_N' is an abelian and the HSP can be solved efficiently for abelian groups by quantum computers¹⁴14 C. Lomont. “The Hidden Subgroup Problem - Review and Open Problems”. Quantum Physics,Abstract quant-ph/0411037, (2004).. On the other hand, the group ${\mathbb{Z}}_{p^r}{⋊}_{\psi }{\mathbb{Z}}_{q^s}$ was addressed in¹⁰10 D.N. Gonçalves, R. Portugal & C.M.M. Cosme. “Solutions to the hidden subgroup problem on some metacylic groups”. Proc. 4th Worshop on Theory of Quantum Computation, Communication and Cryptography, LNCS, Springer-Verlag, (2009).^{), (11}11 D.N. Gonçalves & R. Portugal. “Solution to the Hidden Subgroup Problem for a Class of Noncommutative Groups”. Quantum Physics, Abstract quant-ph/1104.1361, (2011). and recently generalized by⁷7 W. van Dam & S. Dey. “Hidden Subgroup Quantum Algorithms for a Class of Semi-Direct Product Groups”. Proc. of 9th Conference on the Theory of Quantum Computation, Communication and Cryptography, TQC’14, pages 110-117, (2014).. Since the order of ℤ_N' is relatively prime to order of the group ${\mathbb{Z}}_{p^r}{⋊}_{\psi }{\mathbb{Z}}_{q^s}$, by Corollary 4.1, the HSP over ${\mathbb{Z}}_N⋊{\mathbb{Z}}_{q^s}$ can be solved efficiently on a quantum computer.

A series of efficient quantum algorithms for the non-abelian HSP over semi-direct product groups have been discovered. Among these, is the algorithm presented by Inui & Le Gall for groups of the form ${\mathrm{\mathbb{Z}}}_{p^r}⋊{\mathrm{\mathbb{Z}}}_p$ with prime p and positive integer r, which uses enumeration of subgroups and blackbox techniques. Chi, Kim & Lee ⁵5 D.P. Chi, J.S. Kim & S. Lee. Quantum algorithms for the hidden subgroup problem on some semi-direct product groups by reduction to Abelian cases. Physics Letters A, pages 114-116, (2006). extended the algorithm to the case ℤ_N ⋊ ℤ_p , where N is factored as $N=p_1^{r_1}\dots p_n^{r_n}$, and p prime does not divide each _^pj - 1. The idea is to use a factorization of N to factor out the group and then apply Inui & Le Gall’s algorithm. Later, Cosme ⁶6 C.M.M. Cosme. “Algoritmos Quânticos para o Problema do Subgrupo Oculto não Abeliano”. Tese de Doutorado, LNCC, Petrópolis, RJ, (2008). solved the case ${\mathbb{Z}}_{p^r}{⋊}_{\varphi }{\mathbb{Z}}_{p^s}$ where p is any odd prime number, r and s are positives. Using a similar approach of ⁵5 D.P. Chi, J.S. Kim & S. Lee. Quantum algorithms for the hidden subgroup problem on some semi-direct product groups by reduction to Abelian cases. Physics Letters A, pages 114-116, (2006)., they extended their algorithm to the class ${\mathbb{Z}}_N{⋊}_{\varphi }{\mathbb{Z}}_{p^s}$. In ¹⁰10 D.N. Gonçalves, R. Portugal & C.M.M. Cosme. “Solutions to the hidden subgroup problem on some metacylic groups”. Proc. 4th Worshop on Theory of Quantum Computation, Communication and Cryptography, LNCS, Springer-Verlag, (2009)., the authors presented an efficient quantum algorithm for the HSP over certain metacyclic groups ${\mathbb{Z}}_p⋊{\mathbb{Z}}_{q^s}$, with p/q=poly(log p), where p, q are distinct odd prime numbers and s is an arbitrary positive integer. This work was extended in ⁷7 W. van Dam & S. Dey. “Hidden Subgroup Quantum Algorithms for a Class of Semi-Direct Product Groups”. Proc. of 9th Conference on the Theory of Quantum Computation, Communication and Cryptography, TQC’14, pages 110-117, (2014)., which developed an efficient HSP algorithm in ${\mathbb{Z}}_{p^r}⋊{\mathbb{Z}}_{q^s}$, with p,q distinct odd prime numbers and r,s positive integers.

All those class of groups are special cases of the semi-direct products, ℤ_M ⋊ ℤ_N for any positive integers M and N. In this sense, our result increases the number of groups in this family for which efficient solutions are known.

We hope that these ideas will be useful for the understanding of the complexity of the HSP over semi-direct product groups and lead to new algorithms for other non-Abelian HSP instances.

5 CONCLUSION

We have addressed the HSP on the semi-direct product groups $G={\mathbb{Z}}_N⋊{\mathbb{Z}}_{q^s}$ where N is factorized as $N=p_1^{r_1}\dots p_n^{r_n}$ and given a 1 ≤ t ≤ s, there exists a 1≤ k ≤ n such that _^qt divides _^pk - 1 q ∤_^pi - 1 for all i ≠ k. By employing an isomorphism between ${\mathbb{Z}}_N⋊{\mathbb{Z}}_{q^s}$ and the direct product of ${\mathbb{Z}}_{p^r}{⋊}_{\psi }{\mathbb{Z}}_{q^s}$ with cyclic groups we have shown that the HSP can be reduced to similar HSPs the solutions of which are already known. This provides a new efficient solution for the HSP on G.

ACKNOWLEDGEMENTS

We would like to tank the anonymous reviewers for their valuable comments and suggestions to improve the manuscript.

References

Publication Dates

History