Quantum algorithms for highly non-linear Boolean functions

Attempts to separate the power of classical and quantum models of computation have a long history. The ultimate goal is to find exponential separations for computational problems. However, such separations do not come a dime a dozen: while there were some early successes in the form of hidden subgroup problems for abelian groups–which generalize Shor’s factoring algorithm perhaps most faithfully–only for a handful of non-abelian groups efficient quantum algorithms were found. Recently, problems have gotten increased attention that seek to identify hidden sub-structures of other combinatorial and algebraic objects besides groups. In this paper we provide new examples for exponential separations by considering hidden shift problems that are defined for several classes of highly non-linear Boolean functions. These so-called bent functions arise in cryptography, where their property of having perfectly flat Fourier spectra on the Boolean hypercube gives them resilience against certain types of attack. We present new quantum algorithms that solve the hidden shift problems for several well-known classes of bent functions in polynomial time and with a constant number of queries, while the classical query complexity is shown to be exponential. Our approach uses a technique that exploits the duality between bent functions and their Fourier transforms.

💡 Research Summary

The paper investigates a class of hidden‑shift problems defined on highly non‑linear Boolean functions known as bent functions, and demonstrates a provable exponential separation between quantum and classical query complexities for these problems. Bent functions are Boolean functions whose Fourier spectra are perfectly flat: every Fourier coefficient has the same absolute value (±1 after appropriate normalization). This flatness makes them maximally non‑linear and valuable in cryptography, but it also means that classical algorithms gain almost no information about a hidden shift from any single query.

The authors define the hidden‑shift problem as follows: an oracle O provides black‑box access to two Boolean functions f and g, where g is promised to be a shifted version of f, i.e., g(x)=f(x⊕s) for an unknown shift s∈{0,1}ⁿ. The goal is to recover s using as few queries as possible. For linear functions this problem is trivial quantumly (a single query suffices), but for non‑linear functions it is generally hard. The paper shows that for several well‑studied families of bent functions—Maiorana‑McFarland, Dillon’s partial‑spread, and Dobbertin’s Kloosterman‑sum based constructions—a quantum algorithm can recover s with only a constant number of queries (one to f and one to its dual bent function e_f) and in overall polynomial time O(n). The algorithm proceeds by:

1. Preparing a uniform superposition over all inputs using the Hadamard transform (H^{⊗n}).
2. Querying the oracle to imprint the phase (−1)^{f(x)} (or (−1)^{g(x)}) onto the state.
3. Applying another Hadamard transform to move into the Fourier domain.
4. Multiplying the two Fourier spectra pointwise, which, thanks to the flatness of bent functions, yields a phase factor exactly equal to (−1)^{⟨s,·⟩}.
5. Performing an inverse Hadamard transform and measuring, which directly outputs the hidden shift s.

Because the Fourier spectra of bent functions consist only of ±1 values, step 4 implements a perfect correlation (de‑convolution) of the shifted function with the reference function, extracting the linear phase that encodes s. The algorithm’s query complexity is therefore constant, and its gate complexity is linear in n, as the only non‑trivial quantum operation required is the Hadamard transform.

On the classical side, the authors prove an information‑theoretic lower bound: any classical randomized algorithm that queries f and g must make Ω(2^{n/2}) queries to determine s with non‑negligible success probability. The proof uses Yao’s minimax principle and the fact that each query reveals at most one bit of information about s, while the flat Fourier spectrum ensures that the distribution of outputs under different shifts is statistically indistinguishable without an exponential number of samples.

The paper also explores a variant where the oracle supplies the dual bent function e_f in addition to f. In this setting, the quantum algorithm needs only one query to f and one to e_f, still achieving the same constant‑query recovery of s. The authors give explicit constructions and proofs for each of the three bent‑function families, showing that the algorithm works uniformly across them.

Significantly, this work provides the first exponential quantum‑classical separation for a problem defined purely on Boolean functions, rather than on group‑theoretic structures such as hidden subgroup or hidden shift problems over groups. It highlights how the duality between a bent function and its Fourier transform can be leveraged to perform exact correlation using only the standard Hadamard transform, without any need for more exotic quantum operations. The results suggest that similar techniques could be applied to other highly non‑linear structures, potentially impacting quantum cryptanalysis of symmetric‑key primitives that employ bent functions or related constructions.

In conclusion, the authors deliver a simple yet powerful quantum algorithm that solves hidden‑shift problems for several major classes of bent functions with constant query complexity, while proving that any classical approach requires exponential queries. This establishes a new, robust example of quantum advantage in the query‑complexity model and opens avenues for further exploration of quantum algorithms on non‑linear Boolean landscapes.