1 / 57

Short course on quantum computing

Short course on quantum computing. Andris Ambainis University of Latvia. Lecture 2. Quantum algorithms and factoring. Factoring. Input: composite N. Output: p, q  {2, …, N-1} s.t. pq=N. Hard for classical computers. Factoring large integers would break RSA. Factoring.

donald
Télécharger la présentation

Short course on quantum computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Short course on quantum computing Andris Ambainis University of Latvia

  2. Lecture 2 Quantum algorithms and factoring

  3. Factoring • Input: composite N. • Output: p, q  {2, …, N-1} s.t. pq=N. • Hard for classical computers. • Factoring large integers would break RSA.

  4. Factoring • Quantum computers can factor integers in polynomial (quadratic) time [Shor’94]. • Similar approach also solves discrete logarithm by quantum algorithm. • Today: Shor’s algorithm.

  5. Outline 1) Computational model. 2) Quantum parallelism and quantum interference. 3) Simon’s algorithm. 4) Shor’s algorithm.

  6. Basic ideas • State space consisting of n (quantum) bits. • Elementary gates on 1 or 2 (qu)bits. • Efficiently computable = poly-size circuits.

  7. Classical circuits X1 X2 X3 X5  ^ ^  Result

  8. Quantum circuit H H H H Gates on quantum bits

  9. Elementary gates (1) • Hadamard gate • Phase shift

  10. Elementary gates (2) • Rotation by angle  • Controlled NOT

  11. Universality • Any quantum computation can be performed by a circuit consisting of Hadamard, phase, rotation by /8 and controlled NOT gates.

  12. Classical vs. quantum circuits • We have a classical circuit. • Can we construct a quantum circuit that computes the same function?

  13. Reversibility • Assume f(x)=f(y)=z. • If then • U not unitary.

  14. Reversibility We can transform a classical circuit for F to quantum circuit. |x> |x> F |0> |F(x)> Add extra input initialized to 0.

  15. |a> |a(xy)> Example Quantum Classical x y |x> |x> |y> |y> ^ |0> |xy> Toffoli gate.

  16. Quantum parallelism • By linearity, • Many evaluations of f in unit time. |x> |x> |0> |f(x)>  |x> |f(x)>  |x> |0> x x

  17. Quantum parallelism • Once we measure we get one particular x and f(x). • Same as if we evaluated f on a random x.  |x> |f(x)> x

  18. Quantum parallelism • Is it useful? • We cannot obtain all values f(x) from because quantum states cannot be measured completely. • We can obtain quantities that depend on many f(x).  |x> |f(x)> x

  19. Quantum interference • Hadamard transform:

  20. Quantum interference • Negative interference: |1> and -|1> cancel out one another. • Positive interference: |0> and |0> add up to a higher probability.

  21. Parallelism+interference • Use quantum parallelism to compute many f(x). • Use interference to obtain information that depends on many values f(x). • Requires algebraic structure. • Ideal for number-theoretic problems (factoring).

  22. Order finding • The order of aZN * modulo N is the smallest integer r>0 such that ar1 (mod N) • For example, order of 4 mod 7 is 3: 41 4, 42 =162, 43 =641 (mod 7). • Factoring reduces to order-finding.

  23. Reduction • If ar1(mod N), then N divides ar-1. • If r even, ar-1=(ar/2-1)(ar/2+1). • If N is product of two or more primes, gcd(ar/2-1, N) is a nontrivial factor of N with probability at least 1/2.

  24. Shor’s algorithm Repeat O(log n) times: • Generate random a{1, …, N-1}; • Check if (a, N)=1; • r = order(a); • If r even, check (ar/2-1, N).

  25. Period finding • Function F:NN such that F(x)=F(x+r) for all x. • Find smallest r. |x> |x> F |0> |F(x)>

  26. Simon’s problem • Function F:{0, 1}n {0, 1}n. • F(x+y)=F(x) for all x, + bitwise addition. • Find y. |x> |x> F |0> |F(x)>

  27. Algorithm [Simon, 1994] H H |0> |y> F H H H H |f(x)> |0> Repeat n times and combine results y1,..., yn.

  28. Hadamard transform

  29. Hadamard on n qubits |0> H |0> H

  30. Simon’s algorithm step-by-step H H |0> |y> F H H H H |F(x)> |0>

  31. Measuring F(x) • Partial measurement. • We get some value y=F(x). • The state • collapses to part consistent with y=F(x).

  32. Last step • We now have the state • How do we get z? • Measuring the first register would give only one of x and x+z.

  33. Simon’s algorithm H H |0> |y> F H H H H |f(x)> |0>

  34. Hadamard transform

  35. Hadamard transform |x1> H |x2> H ... ... ... |xn> H

  36. Hadamard transform Signs are the same iff zi yi= 0 mod 2.

  37. Summary • Measuring the final state gives a vector y such that • n-1 such constraints uniquely determine z, with high probability.

  38. Summary • Quantum parallelism: computing F for many values simultaneously. • Quantum interference: Hadamard transform.

  39. Period finding • Function F:NN such that F(x)=F(x+r) for all x. • Find r. |x> |x> F |0> |F(x)>

  40. Algorithm [Simon, 1994] H H |0> H H F H H |0> Repeat n times and combine results y1,..., yn.

  41. Algorithm [Shor, 1994] QFT QFT |0> F |0> Find factor by continued fraction expansion.

  42. Shor’s algorithm step-by-step QFT QFT |0> F |0>

  43. Shor’s algorithm step by step • Measuring the second register leaves the first register in a state consisting of all x with the same F(x): |d>+|d+r>+…+|d+ir>

  44. Quantum Fourier transform If M=2, this is Hadamard transform.

  45. QFT detects periods • Assume r divides M. • Then, • If j relatively prime with r,

  46. QFT detects periods • Assume r does not divide M. • Then, most of T| consists of |k> with

  47. QFT detects periods r does not divide M r divides M 0 0 Can we find r?

  48. Continued fraction expansion • Number theory algorithm. • Given k, M, finds j, r such that is smallest among all j and r  r0. • If M=(r2), correct w.h.p.

  49. Summary of Shor’s factoring • Reduce factoring to period-finding. • Generate a quantum state with period r. • In the easy case, QFT transforms a state with period r into multiples of M/r. • General case: same but approximately. • Continued fraction algorithm finds the closest multiple of M/r.

  50. Hidden subgroup • Function F:GS such that F(g)=F(hg) iff hH. • Find H. |x> |x> F |0> |F(x)>

More Related