Quantum Algorithm for the Multicollision Problem

The current paper presents a new quantum algorithm for finding multicollisions, often denoted by $\ell$-collisions, where an $\ell$-collision for a function is a set of $\ell$ distinct inputs that are mapped by the function to the same value. The tight bound of quantum query complexity for finding a $2$-collisions of a random function has been revealed to be $\Theta(N^{1/3})$, where $N$ is the size of the range of the function, but neither the lower nor upper bounds are known for general $\ell$-collisions. The paper first integrates the results from existing research to derive several new observations, e.g.,~$\ell$-collisions can be generated only with $O(N^{1/2})$ quantum queries for any integer constant $\ell$. It then provides a quantum algorithm that finds an $\ell$-collision for a random function with the average quantum query complexity of $O(N^{(2^{\ell-1}-1) / (2^{\ell}-1)})$, which matches the tight bound of $\Theta(N^{1/3})$ for $\ell=2$ and improves upon the known bounds, including the above simple bound of $O(N^{1/2})$. More generally, the algorithm achieves the average quantum query complexity of $O\big(c_N \cdot N^{({2^{\ell-1}-1})/({ 2^{\ell}-1})}\big)$ and runs over $\tilde{O}\big(c_N \cdot N^{({2^{\ell-1}-1})/({ 2^{\ell}-1})}\big)$ qubits in $\tilde{O}\big(c_N \cdot N^{({2^{\ell-1}-1})/({ 2^{\ell}-1})}\big)$ expected time for a random function $F\colon X\to Y$ such that $|X| \geq \ell \cdot |Y| / c_N$ for any $1\le c_N \in o(N^{{1}/({2^\ell - 1})})$. With the same complexities, it is actually able to find a multiclaw for random functions, which is harder to find than a multicollision.