Short course on quantum computing
Download
1 / 57

Short course on quantum computing - PowerPoint PPT Presentation


  • 166 Views
  • Uploaded on

Short course on quantum computing. Andris Ambainis University of Latvia. Lecture 2. Quantum algorithms and factoring. Factoring. Input: composite N. Output: p, q  {2, …, N-1} s.t. pq=N. Hard for classical computers. Factoring large integers would break RSA. Factoring.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Short course on quantum computing' - donald


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Short course on quantum computing

Short course on quantum computing

Andris Ambainis

University of Latvia


Lecture 2

Lecture 2

Quantum algorithms and factoring


Factoring
Factoring

  • Input: composite N.

  • Output: p, q  {2, …, N-1} s.t. pq=N.

  • Hard for classical computers.

  • Factoring large integers would break RSA.


Factoring1
Factoring

  • Quantum computers can factor integers in polynomial (quadratic) time [Shor’94].

  • Similar approach also solves discrete logarithm by quantum algorithm.

  • Today: Shor’s algorithm.


Outline
Outline

1) Computational model.

2) Quantum parallelism and quantum interference.

3) Simon’s algorithm.

4) Shor’s algorithm.


Basic ideas
Basic ideas

  • State space consisting of n (quantum) bits.

  • Elementary gates on 1 or 2 (qu)bits.

  • Efficiently computable = poly-size circuits.


Classical circuits
Classical circuits

X1

X2

X3

X5

^

^

Result


Quantum circuit
Quantum circuit

H

H

H

H

Gates on quantum bits


Elementary gates 1
Elementary gates (1)

  • Hadamard gate

  • Phase shift


Elementary gates 2
Elementary gates (2)

  • Rotation by angle 

  • Controlled NOT


Universality
Universality

  • Any quantum computation can be performed by a circuit consisting of Hadamard, phase, rotation by /8 and controlled NOT gates.


Classical vs quantum circuits
Classical vs. quantum circuits

  • We have a classical circuit.

  • Can we construct a quantum circuit that computes the same function?


Reversibility
Reversibility

  • Assume f(x)=f(y)=z.

  • If

    then

  • U not unitary.


Reversibility1
Reversibility

We can transform a classical circuit

for F to quantum circuit.

|x>

|x>

F

|0>

|F(x)>

Add extra input initialized to 0.


Example

|a>

|a(xy)>

Example

Quantum

Classical

x

y

|x>

|x>

|y>

|y>

^

|0>

|xy>

Toffoli gate.


Quantum parallelism
Quantum parallelism

  • By linearity,

  • Many evaluations of f in unit time.

|x>

|x>

|0>

|f(x)>

 |x> |f(x)>

 |x> |0>

x

x


Quantum parallelism1
Quantum parallelism

  • Once we measure

    we get one particular x and f(x).

  • Same as if we evaluated f on a random x.

 |x> |f(x)>

x


Quantum parallelism2
Quantum parallelism

  • Is it useful?

  • We cannot obtain all values f(x) from

    because quantum states cannot be measured completely.

  • We can obtain quantities that depend on many f(x).

 |x> |f(x)>

x


Quantum interference
Quantum interference

  • Hadamard transform:


Quantum interference1
Quantum interference

  • Negative interference: |1> and -|1> cancel out one another.

  • Positive interference: |0> and |0> add up to a higher probability.


Parallelism interference
Parallelism+interference

  • Use quantum parallelism to compute many f(x).

  • Use interference to obtain information that depends on many values f(x).

  • Requires algebraic structure.

  • Ideal for number-theoretic problems (factoring).


Order finding
Order finding

  • The order of aZN * modulo N is the smallest integer r>0 such that

    ar1 (mod N)

  • For example, order of 4 mod 7 is 3:

    41 4, 42 =162, 43 =641 (mod 7).

  • Factoring reduces to order-finding.


Reduction
Reduction

  • If ar1(mod N), then N divides ar-1.

  • If r even, ar-1=(ar/2-1)(ar/2+1).

  • If N is product of two or more primes,

    gcd(ar/2-1, N)

    is a nontrivial factor of N with probability at least 1/2.


Shor s algorithm
Shor’s algorithm

Repeat O(log n) times:

  • Generate random a{1, …, N-1};

  • Check if (a, N)=1;

  • r = order(a);

  • If r even, check (ar/2-1, N).


Period finding
Period finding

  • Function F:NN

    such that F(x)=F(x+r) for all x.

  • Find smallest r.

|x>

|x>

F

|0>

|F(x)>


Simon s problem
Simon’s problem

  • Function F:{0, 1}n {0, 1}n.

  • F(x+y)=F(x) for all x, + bitwise addition.

  • Find y.

|x>

|x>

F

|0>

|F(x)>


Algorithm simon 1994
Algorithm [Simon, 1994]

H

H

|0>

|y>

F

H

H

H

H

|f(x)>

|0>

Repeat n times and combine results y1,..., yn.




Simon s algorithm step by step
Simon’s algorithm step-by-step

H

H

|0>

|y>

F

H

H

H

H

|F(x)>

|0>


Measuring f x
Measuring F(x)

  • Partial measurement.

  • We get some value y=F(x).

  • The state

  • collapses to part consistent with y=F(x).


Last step
Last step

  • We now have the state

  • How do we get z?

  • Measuring the first register would give only one of x and x+z.


Simon s algorithm
Simon’s algorithm

H

H

|0>

|y>

F

H

H

H

H

|f(x)>

|0>



Hadamard transform2
Hadamard transform

|x1>

H

|x2>

H

...

...

...

|xn>

H


Hadamard transform3
Hadamard transform

Signs are the same iff zi yi= 0 mod 2.


Summary
Summary

  • Measuring the final state gives a vector y such that

  • n-1 such constraints uniquely determine z, with high probability.


Summary1
Summary

  • Quantum parallelism: computing F for many values simultaneously.

  • Quantum interference: Hadamard transform.


Period finding1
Period finding

  • Function F:NN

    such that F(x)=F(x+r) for all x.

  • Find r.

|x>

|x>

F

|0>

|F(x)>


Algorithm simon 19941
Algorithm [Simon, 1994]

H

H

|0>

H

H

F

H

H

|0>

Repeat n times and combine results y1,..., yn.


Algorithm shor 1994
Algorithm [Shor, 1994]

QFT

QFT

|0>

F

|0>

Find factor by continued fraction expansion.



Shor s algorithm step by step1
Shor’s algorithm step by step

  • Measuring the second register leaves the first register in a state consisting of all x with the same F(x):

    |d>+|d+r>+…+|d+ir>


Quantum fourier transform
Quantum Fourier transform

If M=2, this is Hadamard transform.


Qft detects periods
QFT detects periods

  • Assume r divides M.

  • Then,

  • If j relatively prime with r,


Qft detects periods1
QFT detects periods

  • Assume r does not divide M.

  • Then, most of T| consists of |k> with


Qft detects periods2
QFT detects periods

r does not

divide M

r divides M

0

0

Can we find r?


Continued fraction expansion
Continued fraction expansion

  • Number theory algorithm.

  • Given k, M, finds j, r such that

    is smallest among all j and r  r0.

  • If M=(r2), correct w.h.p.


Summary of shor s factoring
Summary of Shor’s factoring

  • Reduce factoring to period-finding.

  • Generate a quantum state with period r.

  • In the easy case, QFT transforms a state with period r into multiples of M/r.

  • General case: same but approximately.

  • Continued fraction algorithm finds the closest multiple of M/r.


Hidden subgroup
Hidden subgroup

  • Function F:GS

    such that F(g)=F(hg) iff hH.

  • Find H.

|x>

|x>

F

|0>

|F(x)>


Hidden subgroup1
Hidden subgroup

  • Captures a lot of problems.

  • Simon’s problem: G={0, 1}n, H={0n, z}.

  • Shor’s period-finding: G=Z, H=rZ (multiples of r).

  • Discrete logarithm: G=Z2.

  • Pell’s equation [Hallgren, 2002]: G=R.


Discrete log
Discrete log

  • Given N, g and x, compute r such that

    grx (mod N).

  • Another hard problem relevant to crypto (Diffie-Hellman).


Discrete log1
Discrete log

  • Define F(y, z)=gyxz mod N.

  • G=Z2.

  • H={y,z | y+zr =0 mod N-1} because gyxz=gy+rz and gN-1=1.


Status of hidden subgroup
Status of hidden subgroup

  • Quantum polynomial time for Abelian G.

  • Open for non-Abelian G (except a few groups G with simple structure).


Graph isomorphism
Graph Isomorphism

G2

G1

?


Graph isomorphism1
Graph Isomorphism

  • G: all permutations of vertices.

  • F() = (G).

  • H - permutations that fix G.


Hidden subgroup2
Hidden subgroup

  • Graph Isomorphism reduces to hidden subgroup for non-Abelian groups.

  • Approximating shortest vector in lattice also reduces to HSP.

  • Solving HSP by quantum algorithm remains open for almost all non-Abelian groups.


ad