The discrete-logarithm concept class and its secret-homogeneity #
The genuine heart of Liu, Arunachalam, Temme (2021) Theorem 1. On a finite cyclic group
G with generator g, the half-interval discrete-log labeling f_s is secret-homogeneous:
its uniform learning accuracy is independent of the secret s. This is exactly why a learner
for one secret breaks every secret (and hence the discrete-log problem). Pure finite-group
theory; no Haar / complexity assumptions.
The discrete-log isomorphism induced by the generator g
(Multiplicative (ZMod (Nat.card G)) ≃* G, sending ofAdd 1 ↦ g).
Equations
- QuantumAlg.dlogEquiv g hg = zmodMulEquivOfGenerator hg ⋯
Instances For
Discrete logarithm base g.
Equations
- QuantumAlg.dlog g hg x = Multiplicative.toAdd ((QuantumAlg.dlogEquiv g hg).symm x)
Instances For
g raised to a ZMod (Nat.card G) exponent.
Equations
- QuantumAlg.gpow g hg t = (QuantumAlg.dlogEquiv g hg) (Multiplicative.ofAdd t)
Instances For
The half-interval discrete-log concept f_s: label x by whether dlog x - s lies in
the lower half of ZMod (Nat.card G).
Equations
- QuantumAlg.dlogConcept g hg s x = decide ((QuantumAlg.dlog g hg x - s).val < Nat.card G / 2)
Instances For
Shift-equivariance (workhorse): translating the data by gᵗ shifts the secret by t.
Reduction corollary: shifting by g^{s-1} maps the secret-s concept to the fixed
secret-1 concept.
Uniform (counting) accuracy of a Boolean predictor p against the concept f_s.
Equations
- QuantumAlg.acc g hg p s = ↑{x : G | p x = QuantumAlg.dlogConcept g hg s x}.card / ↑(Nat.card G)
Instances For
Accuracy-level secret-homogeneity (load-bearing): the accuracy of any predictor on
the secret-s concept equals the accuracy of the shifted predictor on the fixed secret-1
concept. So breaking any secret is equivalent to breaking the single fixed concept.