Loading in 5 sec....

Short course on quantum computingPowerPoint Presentation

Short course on quantum computing

- 164 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about 'Short course on quantum computing' - donald

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

### Lecture 2

Quantum algorithms and factoring

Factoring

- Input: composite N.
- Output: p, q {2, …, N-1} s.t. pq=N.
- Hard for classical computers.
- Factoring large integers would break RSA.

Factoring

- Quantum computers can factor integers in polynomial (quadratic) time [Shor’94].
- Similar approach also solves discrete logarithm by quantum algorithm.
- Today: Shor’s algorithm.

Outline

1) Computational model.

2) Quantum parallelism and quantum interference.

3) Simon’s algorithm.

4) Shor’s algorithm.

Basic ideas

- State space consisting of n (quantum) bits.
- Elementary gates on 1 or 2 (qu)bits.
- Efficiently computable = poly-size circuits.

Elementary gates (1)

- Hadamard gate
- Phase shift

Elementary gates (2)

- Rotation by angle
- Controlled NOT

Universality

- Any quantum computation can be performed by a circuit consisting of Hadamard, phase, rotation by /8 and controlled NOT gates.

Classical vs. quantum circuits

- We have a classical circuit.
- Can we construct a quantum circuit that computes the same function?

Reversibility

- Assume f(x)=f(y)=z.
- If
then

- U not unitary.

Reversibility

We can transform a classical circuit

for F to quantum circuit.

|x>

|x>

F

|0>

|F(x)>

Add extra input initialized to 0.

Quantum parallelism

- By linearity,
- Many evaluations of f in unit time.

|x>

|x>

|0>

|f(x)>

|x> |f(x)>

|x> |0>

x

x

Quantum parallelism

- Once we measure
we get one particular x and f(x).

- Same as if we evaluated f on a random x.

|x> |f(x)>

x

Quantum parallelism

- Is it useful?
- We cannot obtain all values f(x) from
because quantum states cannot be measured completely.

- We can obtain quantities that depend on many f(x).

|x> |f(x)>

x

Quantum interference

- Hadamard transform:

Quantum interference

- Negative interference: |1> and -|1> cancel out one another.
- Positive interference: |0> and |0> add up to a higher probability.

Parallelism+interference

- Use quantum parallelism to compute many f(x).
- Use interference to obtain information that depends on many values f(x).
- Requires algebraic structure.
- Ideal for number-theoretic problems (factoring).

Order finding

- The order of aZN * modulo N is the smallest integer r>0 such that
ar1 (mod N)

- For example, order of 4 mod 7 is 3:
41 4, 42 =162, 43 =641 (mod 7).

- Factoring reduces to order-finding.

Reduction

- If ar1(mod N), then N divides ar-1.
- If r even, ar-1=(ar/2-1)(ar/2+1).
- If N is product of two or more primes,
gcd(ar/2-1, N)

is a nontrivial factor of N with probability at least 1/2.

Shor’s algorithm

Repeat O(log n) times:

- Generate random a{1, …, N-1};
- Check if (a, N)=1;
- r = order(a);
- If r even, check (ar/2-1, N).

Period finding

- Function F:NN
such that F(x)=F(x+r) for all x.

- Find smallest r.

|x>

|x>

F

|0>

|F(x)>

Simon’s problem

- Function F:{0, 1}n {0, 1}n.
- F(x+y)=F(x) for all x, + bitwise addition.
- Find y.

|x>

|x>

F

|0>

|F(x)>

Algorithm [Simon, 1994]

H

H

|0>

|y>

F

H

H

H

H

|f(x)>

|0>

Repeat n times and combine results y1,..., yn.

Measuring F(x)

- Partial measurement.
- We get some value y=F(x).
- The state
- collapses to part consistent with y=F(x).

Last step

- We now have the state
- How do we get z?
- Measuring the first register would give only one of x and x+z.

Hadamard transform

Signs are the same iff zi yi= 0 mod 2.

Summary

- Measuring the final state gives a vector y such that
- n-1 such constraints uniquely determine z, with high probability.

Summary

- Quantum parallelism: computing F for many values simultaneously.
- Quantum interference: Hadamard transform.

Shor’s algorithm step by step

- Measuring the second register leaves the first register in a state consisting of all x with the same F(x):
|d>+|d+r>+…+|d+ir>

Quantum Fourier transform

If M=2, this is Hadamard transform.

QFT detects periods

- Assume r divides M.
- Then,
- If j relatively prime with r,

QFT detects periods

- Assume r does not divide M.
- Then, most of T| consists of |k> with

Continued fraction expansion

- Number theory algorithm.
- Given k, M, finds j, r such that
is smallest among all j and r r0.

- If M=(r2), correct w.h.p.

Summary of Shor’s factoring

- Reduce factoring to period-finding.
- Generate a quantum state with period r.
- In the easy case, QFT transforms a state with period r into multiples of M/r.
- General case: same but approximately.
- Continued fraction algorithm finds the closest multiple of M/r.

Hidden subgroup

- Captures a lot of problems.
- Simon’s problem: G={0, 1}n, H={0n, z}.
- Shor’s period-finding: G=Z, H=rZ (multiples of r).
- Discrete logarithm: G=Z2.
- Pell’s equation [Hallgren, 2002]: G=R.

Discrete log

- Given N, g and x, compute r such that
grx (mod N).

- Another hard problem relevant to crypto (Diffie-Hellman).

Discrete log

- Define F(y, z)=gyxz mod N.
- G=Z2.
- H={y,z | y+zr =0 mod N-1} because gyxz=gy+rz and gN-1=1.

Status of hidden subgroup

- Quantum polynomial time for Abelian G.
- Open for non-Abelian G (except a few groups G with simple structure).

Graph Isomorphism

- G: all permutations of vertices.
- F() = (G).
- H - permutations that fix G.

Hidden subgroup

- Graph Isomorphism reduces to hidden subgroup for non-Abelian groups.
- Approximating shortest vector in lattice also reduces to HSP.
- Solving HSP by quantum algorithm remains open for almost all non-Abelian groups.

Download Presentation

Connecting to Server..