1 / 14

Shor’s Algorithm

Shor’s Algorithm. quantum integer factorization by Peter Shor (1994) (quantum) polynomial time: O(log 3 N) Tools: quantum Fourier transform modular exponentiation by squaring In practice: in 2012, can factor 21 (it is 3*7 ). Exponent Factorization Method. Suppose a r ´ 1 (mod N).

efortenberry
Télécharger la présentation

Shor’s Algorithm

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Shor’s Algorithm • quantum integer factorization by Peter Shor (1994) • (quantum) polynomial time: O(log3 N) • Tools: • quantum Fourier transform • modular exponentiation by squaring • In practice: • in 2012, can factor 21 (it is 3*7 )

  2. Exponent Factorization Method • Suppose ar´ 1 (mod N). • Define: • r=2km, where m is odd • b0´ am (mod N) • bu+1´ bu2 (mod N), for 0· u· k-1 • If b0´ 1 (mod N), or if bu´ -1 (mod N) for some u, return Failure (to factor N). • If bu+1´ 1 (mod N) and bu§ 1 (mod N), then gcd(bu-1,n) gives a non-trivial factor of N. • What does this remind you of?

  3. ar´ 1 (mod N) • Goal: find a,r, such that ar´ 1 (mod N) • Idea: • Choose a random a • Consider the sequence 1,a,a2,a3, … (mod N) • If ar´ 1 (mod N), then the sequence is periodic with period r • Goal: given a periodic sequence, measure its period • Caveat: the sequence is too long to compute all of it!

  4. Discrete Fourier Transform (not quantum) • Goal: find a,r, such that ar´ 1 (mod N) • Suppose have sequence: • a0,a1,a2,…,{M-1}, where M=2m for some integer m • Define Fourier transform: • F(x) = 1/√M c=0M-1 e2¼icx/M ac, where 0·x·M-1 • Example: • sequence 1,3,7,2,1,3,7,2 (period ___) • we get F(0) = 26/√8, F(2) = (-12+2i)/√8, F(4) = 6/√8, F(6) = (-12-2i)/√8, and F(1)=F(3)=F(5)=F(7)=0

  5. Discrete Fourier Transform (not quantum) • If period divides M (the length): • Define frequency: length/period • Nonzero values at multiples of the frequency (though there could be 0s at those positions, too) • Otherwise, peaks at approximately the positions that are multiples of the frequency (not an integer in this case) – other values are close to 0. • Example: 1,0,0,1,0,0,1,0 • Length: • Period: • Frequency: • Figure shows the abs.value of F.

  6. Discrete Fourier Transform (not quantum) • If period divides M (the length): • Define frequency: length/period • Nonzero values at multiples of the frequency (though there could be 0s at those positions, too) • Otherwise, peaks at approximately the positions that are multiples of the frequency (not an integer in this case) – other values are close to 0. • Example: 1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1 • Length: • Period: • Frequency: • Figure shows the abs.value of F.

  7. Shor’s Algorithm Choose m, N2· 2m· 2N2. Start with m qubits, each in state 1/√2(|0i+|1i) Together, they are in state:

  8. Shor’s Algorithm Choose m, N2· 2m· 2N2. Start with m qubits, each in state 1/√2(|0i+|1i) Together, they are in state: 1/√(2m)(|00…000i+|00…001i+|00…0010i+|00…0011i+ |00…0100i+…+|11..1111i) To simplify notation, write: 1/√(2m)(|0i+|1i+|2i+|3i+|4i+…+|2m-1i) Choose a random a, 1<a<N. Assume gcd(a,N)=1. Why?

  9. Shor’s Algorithm Compute f(x) = ax mod N (done “quantum-ly”). 1/√(2m)(|0,a0i+|1,a1i+|2,a2i+|3,a3i+|4,a4i+…+|2m-1,aM-1i), where M=2m So far… not good, if we measure, get |y,ayi for some y (we cannot specify which y). Then, the rest of the computation is lost.

  10. Shor’s Algorithm Compute f(x) = ax mod N (done “quantum-ly”). 1/√(2m)(|0,a0i+|1,a1i+|2,a2i+|3,a3i+|4,a4i+…+|2m-1,aM-1i), where M=2m Notice: ax mod N < n < 2m/2 – need m/2 bits for ax Idea: measure only the last m/2 bits. Then: 1/C  0· x· M-1 |x,ui ax´ u (mod N) where C scales the vector to length 1.

  11. Shor’s Algorithm Compute f(x) = ax mod N (done “quantum-ly”). 1/√(2m)(|0,a0i+|1,a1i+|2,a2i+|3,a3i+|4,a4i+…+|2m-1,aM-1i), where M=2m Notice: ax mod N < n < 2m/2 – need m/2 bits for ax Idea: measure only the last m/2 bits. Then: 1/C  0· x· M-1 |x,ui ax´ u (mod N) Now: want to measure y,z, then ay´ az´ u (mod N) How does that help?

  12. Shor’s Algorithm Compute f(x) = ax mod N (done “quantum-ly”). 1/√(2m)(|0,a0i+|1,a1i+|2,a2i+|3,a3i+|4,a4i+…+|2m-1,aM-1i), where M=2m Notice: ax mod N < n < 2m/2 – need m/2 bits for ax Idea: measure only the last m/2 bits. Then: 1/C  0· x· M-1 |x,ui ax´ u (mod N) Now: want to measure y,z, then ay´ az´ u (mod N) What is the problem?

  13. Shor’s Algorithm Quantum Fourier Transform to the rescue! Let |xi be a basic state, i.e., 0·x· M-1. Define: QFT(|xi) = 1/√M c=0M-1 e2¼icx/M |ci For a linear combination of states: QFT(a1|x1i+…+at|xti) = a1QFT(|x1i)+…+ atQFT(|xti) Apply QFT to 1/C 0· x· M-1 |x,ui ax´ u (mod N) Then, measure. (Recall, non-zero values are at multiples of the frequency.)

  14. Shor’s Algorithm • Suppose we measure c. • Then, c ¼ jf0, for some j, where f0 is the frequency. • We have rf0¼ M. • Then, c/M ¼ j/r. • We want to find r, we know c, M. • Shor showed: • With high chance, get c/M with |c/M-j/r|<1/(2M)<1/(2N2) • Finding unique j/r where r<N by method of continued fractions • If something fails, try again with a new a.

More Related