I am reading (and quoting) Andrew Child's notes, and I'm trying to understand the HSP for abelian groups, and in particular why the quantum algorithm doesn't shed any light on a potential classical algorithm.
The quantum algorithm prepares the superposition $\frac{1}{\sqrt{|G|}}\sum_{x \in G}|x\rangle$, then computes the function in the second register $\frac{1}{\sqrt{|G|}}\sum_{x \in G}|x\rangle|f(x) \rangle$. Discarding the second register gives a coset state $|x+H\rangle = \frac{1}{\sqrt{|H|}}\sum_{h \in H}|x+h\rangle$ since $f(x)$ is identical on cosets of $H$. Apply the QFT over $G$ to obtain $|\widehat{x+H}\rangle = \sqrt{\frac{|H|}{|G|}}\sum_{y \in \hat{G}}\chi_y(x)\chi_y(H)|y\rangle = \sqrt{\frac{|H|}{|G|}}\sum_{y: \chi_y(H)=1}\chi_y(x)|y\rangle$ where $\chi_y(H)=\frac{1}{|H|}\sum_{h \in H}\chi_y(h)$.
Next we measure in the computational basis to obtain a character $\chi_y$ that is trivial on the hidden subgroup $H$. Thus we only need to focus on elements $g$ such that $\chi_y(g)=1$. This is $\ker \chi_y = \{g \in G| \chi_y(g)=1\}$. Taking sufficiently many intersections of such kernels yields $H$ with high probability.
In Simon's problem (the HSP with $G=(\mathbb{Z}/2\mathbb{Z})^n$ and $H=\{0,s\}$ for some $s \in G$) it's possible to show that any classical algorithm must make exponentially many (in $n$) queries to the hiding function. A proof relies on having a large number of trivially intersecting subgroups of $G$.
He also states "The gist of the argument is that, since the set $S$ is unstructured, we can do no better than querying random group elements so long as we do not know two elements $x,y$ for which $f(x) = f(y)$."
For the case $G=\mathbb{Z}/N\mathbb{Z}$, $H=\mathbb{Z}/r\mathbb{Z}$, $S=(\mathbb{Z}/N\mathbb{Z})^\times$ (factoring) are there not a large number of trivially intersecting subgroups, so that the above argument does not apply, and we can't rule out a classical algorithm? It also seems like one could equip $S$ with more structure by embedding it into a field like $\mathbb{C}$ or $\mathbb{F}_q$.
