An average-case variant of the k-SUM conjecture asserts that finding k numbers that sum to 0 in a list of r random numbers, each of the order r^k, cannot be done in much less than r^⌈k/2⌉ time. On the other hand, in the dense regime of parameters, where the list contains more numbers and many solutions exist, the complexity of finding one of them can be significantly improved by Wagner’s k-tree algorithm. Such algorithms for k-SUM in the dense regime have many applications, notably in cryptanalysis.

In this paper, assuming the average-case k-SUM conjecture, we prove that known algorithms are essentially optimal for k = 3, 4, 5. For k > 5, we prove the optimality of the k-tree algorithm for a limited range of parameters. We also prove similar results for k-XOR, where the sum is replaced with exclusive or.

Our results are obtained by a self-reduction that, given an instance of k-SUM which has a few solutions, produces from it many instances in the dense regime. We solve each of these instances using the dense k-SUM oracle, and hope that a solution to a dense instance also solves the original problem. We deal with potentially malicious oracles (that repeatedly output correlated useless solutions) by an obfuscation process that adds noise to the dense instances. Using discrete Fourier analysis, we show that the obfuscation eliminates correlations among the oracle’s solutions, even though its inputs are highly correlated.

k -SUM 猜想的平均情况变体断言，在r个随机数列表中找到总和为 0 的k 个数字（每个阶数为r ^k）不可能在远小于r ^{⌈ k /2⌉}的时间内完成。另一方面，在参数密集的情况下，列表包含更多的数字并且存在许多解决方案，通过瓦格纳的k树算法可以显着提高找到其中一个解决方案的复杂性。这种密集状态下的k -SUM算法有很多应用，特别是在密码分析中。

在本文中，假设平均情况k -SUM 猜想，我们证明已知算法对于k = 3, 4, 5 本质上是最优的。对于k > 5，我们证明k树算法在有限范围内的最优性参数。我们还证明了k -XOR 的类似结果，其中和被替换为异或。

我们的结果是通过自归约获得的，给定一个具有几个解的k -SUM 实例，可以从中产生密集区域中的许多实例。我们使用密集k -SUM 预言来解决每个实例，并希望密集实例的解决方案也能解决原始问题。我们通过向密集实例添加噪音的混淆过程来处理潜在的恶意预言（反复输出相关的无用解决方案）。使用离散傅里叶分析，我们表明混淆消除了预言机解决方案之间的相关性，即使其输入高度相关。