# Hidden-Shift problem for bent functions using the classiq platform

Here we implement the hidden shift algorithm for the familty of boolean bent functions.

First, make sure we have all necessary packages:

In [None]:
%%capture
!pip install galois

On the first part, we assume we know how to implement the dual of $f$, and get $s$ according to the algorithm in [[1](#first)]:![Screen Shot 2023-06-27 at 18.05.48.png](attachment:663333d5-eb52-4150-a00d-8683e816d860.png)

In [None]:
from functools import reduce

import numpy as np

from classiq import Model, QReg, RegisterUserInput, execute, synthesize
from classiq.builtin_functions import ArithmeticOracle, HGate
from classiq.model import Constraints

formula = "(((x1 and x2) ^ (x3 and x4)))==1"

formula_shifted = "((((x1^1) and x2) ^ (x3 and (x4)))) == 1"

NUM_VARIABLES = 4

oracle1 = ArithmeticOracle(
    expression=formula_shifted,
    definitions={f"x{i+1}": RegisterUserInput(size=1) for i in range(NUM_VARIABLES)},
    uncomputation_method="optimized",
)

oracle2 = ArithmeticOracle(
    expression=formula,
    definitions={f"x{i+1}": RegisterUserInput(size=1) for i in range(NUM_VARIABLES)},
    uncomputation_method="optimized",
)


constraints = Constraints(optimization_parameter="width")

# The model
model = Model(constraints=constraints)
# Transforming to a loop format

regs = []
for i in range(NUM_VARIABLES):
    regs.append(model.HGate(HGate())["TARGET"])

out_oracle = model.ArithmeticOracle(
    params=oracle1, in_wires={f"x{i+1}": regs[i] for i in range(NUM_VARIABLES)}
)

for i in range(NUM_VARIABLES):
    regs[i] = model.HGate(HGate(), in_wires={"TARGET": out_oracle[f"x{i+1}"]})["TARGET"]

out_oracle = model.ArithmeticOracle(
    params=oracle2, in_wires={f"x{i+1}": regs[i] for i in range(NUM_VARIABLES)}
)

for i in range(NUM_VARIABLES):
    regs[i] = model.HGate(HGate(), in_wires={"TARGET": out_oracle[f"x{i+1}"]})["TARGET"]

# Setting the Outputs
model.set_outputs({"s": reduce(QReg.concat, regs)})
model.sample()
qmod = model.get_model()

In [None]:
with open("hidden_shift_simple.qmod", "w") as f:
    f.write(qmod)

In [None]:
from classiq import show

qprog = synthesize(qmod)
show(qprog)

In [None]:
from classiq.execution import ExecutionDetails

res = execute(qprog).result()
sample_results = res[0].value
sample_results.counts_of_output("s")

# More complex functions

We take a Maiorana-McFarland function with random permutation on the `y` and `h` function is the `and` operation between all the y-variables.

In [None]:
import random

import numpy as np

NUM_VARIABLES = 16

# Define the list
my_list = list(range(NUM_VARIABLES // 2))

# Get a random permutation
random.shuffle(my_list)

# Create a permutation dict and its inverse
perm_dict = {i: my_list[i] for i in range(NUM_VARIABLES // 2)}
inverse_perm_dict = {v: k for k, v in perm_dict.items()}


def h(y):
    return " and ".join(f"{y[i]}" for i in range(NUM_VARIABLES // 2))


def h_dual(x):
    return " and ".join(f"{x[inverse_perm_dict[i]]}" for i in range(NUM_VARIABLES // 2))


def f(x, y):
    return (
        "("
        + " ^ ".join(
            f"({x[i]} and {y[perm_dict[i]]})" for i in range(NUM_VARIABLES // 2)
        )
        + ")"
        + " ^ ("
        + h(y)
        + ") == 1"
    )


def f_dual(x, y):
    return (
        "("
        + " ^ ".join(
            f"({x[inverse_perm_dict[i]]} and {y[i]})" for i in range(NUM_VARIABLES // 2)
        )
        + ")"
        + " ^ ("
        + h_dual(x)
        + ") == 1"
    )


def shifted(x, y, bits):
    x = x.copy()
    for bit in bits:
        if bit < NUM_VARIABLES >> 2:
            x[bit] = f"({x[bit]}^1)"
        else:
            bit = bit - NUM_VARIABLES // 2
            y[bit] = f"({y[bit]}^1)"
    return f(x, y)

In [None]:
x = [f"x{i+1}" for i in range(NUM_VARIABLES // 2)]
y = [f"x{i+1}" for i in range(NUM_VARIABLES // 2, NUM_VARIABLES)]

f_dual_formula = f_dual(x, y)
f_formula = f(x, y)


shifted_bits = [1, 3, 9]
g_formula = shifted(x, y, shifted_bits)

In [None]:
print("g:", g_formula)
print("\nf:", f_formula)
print("\nf dual:", f_dual_formula)

## Now create the ciruit:

In [None]:
oracle1 = ArithmeticOracle(
    expression=g_formula,
    definitions={f"x{i+1}": RegisterUserInput(size=1) for i in range(NUM_VARIABLES)},
    uncomputation_method="optimized",
)

oracle2 = ArithmeticOracle(
    expression=f_dual_formula,
    definitions={f"x{i+1}": RegisterUserInput(size=1) for i in range(NUM_VARIABLES)},
    uncomputation_method="optimized",
)

constraints = Constraints(optimization_parameter="width")

# The model
model = Model(constraints=constraints)

regs = []
for i in range(NUM_VARIABLES):
    regs.append(model.HGate(HGate())["TARGET"])

out_oracle = model.ArithmeticOracle(
    params=oracle1, in_wires={f"x{i+1}": regs[i] for i in range(NUM_VARIABLES)}
)

for i in range(NUM_VARIABLES):
    regs[i] = model.HGate(HGate(), in_wires={"TARGET": out_oracle[f"x{i+1}"]})["TARGET"]

out_oracle = model.ArithmeticOracle(
    params=oracle2, in_wires={f"x{i+1}": regs[i] for i in range(NUM_VARIABLES)}
)

for i in range(NUM_VARIABLES):
    regs[i] = model.HGate(HGate(), in_wires={"TARGET": out_oracle[f"x{i+1}"]})["TARGET"]

# Setting the Outputs
model.set_outputs({"s": reduce(QReg.concat, regs)})

model.sample()
qmod = model.get_model()

In [None]:
with open("hidden_shift_complex.qmod", "w") as f:
    f.write(qmod)

In [None]:
qprog = synthesize(qmod)
show(qprog)

In [None]:
from classiq.execution import ExecutionDetails

res = execute(qprog).result()
sample_results = res[0].value
sample_results.counts_of_output("s")

In [None]:
expected_s = "".join("1" if i in shifted_bits else "0" for i in range(NUM_VARIABLES))
assert list(sample_results.counts_of_output("s").keys())[0] == expected_s

And indeed we got the correct shift!

# Hidden Shift without the dual function

We now use the second algorithm described in [[2](#second)]. This algorithm only requires to implement $f$ and not its dual, however requires $O(n)$ samples from the circuit.
![Screen Shot 2023-06-27 at 18.08.23.png](attachment:e8a93a2f-8965-4181-9083-78e12dc0f48b.png)

In [None]:
from classiq.builtin_functions import Arithmetic, ZGate

oracle1 = Arithmetic(
    expression=f_formula,
    definitions={f"x{i+1}": RegisterUserInput(size=1) for i in range(NUM_VARIABLES)},
    uncomputation_method="optimized",
    inputs_to_save=[f"x{i+1}" for i in range(NUM_VARIABLES)],
)

oracle2 = Arithmetic(
    expression=g_formula,
    definitions={f"x{i+1}": RegisterUserInput(size=1) for i in range(NUM_VARIABLES)},
    uncomputation_method="optimized",
    target=RegisterUserInput(size=1),
    inputs_to_save=[f"x{i+1}" for i in range(NUM_VARIABLES)],
)

constraints = Constraints(optimization_parameter="width")

# The model
model = Model(constraints=constraints)

regs = []
for i in range(NUM_VARIABLES):
    regs.append(model.HGate(HGate())["TARGET"])

out_oracle = model.Arithmetic(
    params=oracle1,
    in_wires={f"x{i+1}": regs[i] for i in range(NUM_VARIABLES)},
)
expression_result = out_oracle.pop("expression_result")

out_z = model.ZGate(ZGate(), in_wires={"TARGET": expression_result})["TARGET"]

out_oracle.update({"arithmetic_target": out_z})
out_oracle = model.Arithmetic(params=oracle2, in_wires=out_oracle)
expression_result = out_oracle.pop("expression_result")

for i in range(NUM_VARIABLES):
    regs[i] = model.HGate(HGate(), in_wires={"TARGET": out_oracle[f"x{i+1}"]})["TARGET"]

# Setting the Outputs
model.set_outputs({"u": reduce(QReg.concat, regs), "b": expression_result})
model.sample()
qmod = model.get_model()

In [None]:
with open("hidden_shift_no_dual.qmod", "w") as f:
    f.write(qmod)

In [None]:
qprog = synthesize(qmod)
show(qprog)

In [None]:
show(qprog)

In [None]:
from classiq.execution import ExecutionDetails

res = execute(qprog).result()
sample_results = res[0].value

Out of the sampled results, we look for $n$ independent samples, from which we can extract s.
1000 samples should be enough with a very high probability.

In [None]:
# The galois library is a package that extends NumPy arrays to operate over finite fields.
# we wlll use it as our equations are binary equations
import galois

# here we work over boolean arithmetics - F(2)
GF = galois.GF(2)


def is_independent_set(vectors):
    matrix = GF(vectors)
    rank = np.linalg.matrix_rank(matrix)
    if rank == len(vectors):
        return True
    else:
        return False


samples = [
    ([int(i) for i in u], int(b))
    for u, b in sample_results.counts_of_multiple_outputs(["u", "b"]).keys()
]

ind_v = []
ind_b = []
for v, b in samples:
    if is_independent_set(ind_v + [v]):
        ind_v.append(v)
        ind_b.append(b)
        if len(ind_v) == len(v):
            # reached max set
            break

assert len(ind_v) == len(v)

We now left with solving the equation and extracting $s$:

In [None]:
A = np.array(ind_v)
b = np.array(ind_b)

# Solve the linear system
s = np.linalg.solve(GF(A), GF(b))
s

And we got successfully the same shift.

In [None]:
assert "".join(str(i) for i in s) == expected_s

## References

<a id='first'>[1]</a>: [Quantum algorithms for highly non-linear Boolean functions](https://arxiv.org/abs/0811.3208)

<a id='second'>[2]</a>: [Quantum algorithm for the Boolean hidden shift problem](https://arxiv.org/abs/1103.3017)
