Zulip Chat Archive

Stream: maths

Topic: Quantum algorithms for LWE

---

Wrenna Robson (Apr 16 2024 at 08:27):

Is anyone looking into verifying key components of this paper? https://eprint.iacr.org/2024/555.pdf

For context: this is a recent preprint that claims an effective polynomial-time quantum algorithm for solving the "learning with errors" problem.

Frédéric Dupuis (Apr 16 2024 at 14:52):

I think step one is to wait a bit for people to actually read the paper! There's already an erratum on the author's website after it was pointed out that there is an impossible choice of parameters going on in the paper.

Wrenna Robson (Apr 16 2024 at 14:53):

That is fair! Mainly I was wondering what role verification systems can have at this sort of early stage when everyone is wondering "does this work".

Frédéric Dupuis (Apr 16 2024 at 14:57):

Right now I would say it's just too early. Formalization would start to make sense when we reach the stage "looks pretty solid, but there's still some lingering doubt".

Wrenna Robson (Apr 16 2024 at 14:57):

Fair :)

Frédéric Dupuis (Apr 20 2024 at 19:29):

...and now it turns out there's a bug in the paper that the author doesn't know how to fix.

Gareth Ma (Apr 30 2024 at 12:58):

Even if it’s correct, I don’t think Lean has any/much cryptography yet?

Shreyas Srinivas (Apr 30 2024 at 13:39):

This is a result which also requires algorithms and complexity

Wrenna Robson (Apr 30 2024 at 14:17):

I wouldn't say it's necessarily a result about cryptography so much as one with cryptographic consequence.

Frédéric Dupuis (Apr 30 2024 at 14:22):

Right, formalizing this wouldn't really require much background in cryptography per se.

Wrenna Robson (Apr 30 2024 at 14:23):

Though it would require reasoning about quantum algorithms, which Lean is also not equipped for yet I think.

Frédéric Dupuis (Apr 30 2024 at 14:26):

True, but that's not really crypto :-) Ironically, it might actually be the case that the hardest part would be formalizing the fact that the classical parts of the algorithm run in polynomial time.

Shreyas Srinivas (Apr 30 2024 at 17:01):

Lean is not equipped for reasoning with algorithms.

Shreyas Srinivas (Apr 30 2024 at 17:03):

To be fair the LWE result was a godel prize winner. So it would be a non-trivial breakthrough if this paper could be formalised, even if only to identify the errors. The effort-reward tradeoff is more even on this one

---

Last updated: May 02 2025 at 03:31 UTC