Lecture note 8: Quantum Algorithms

Transcription

1 Lecture note 8: Quantum Algorithms Jian-Wei Pan Physikalisches Institut der Universität Heidelberg Philosophenweg 12, Heidelberg, Germany

2 Outline Quantum Parallelism Shor s quantum factoring algorithm Grover s quantum search algorithm

3 Quantum Parallelism Quantum Algorithm - Fundamental feature of many quantum algorithms - it allows a quantum computer to evaluate a function f(x) for many different values of x simultaneously. - This is what makes famous quantum algorithms, such as Shor s algorithm for factoring, or Grover s algorithm for searching. U a i = au i i i i i

4 RSA encryption and factoring RSA is named after Riverst, Shamir and Adleman, who came up with the scheme m1 m2 = N, (with m1 and m2 primes) Based on the ease with which N can be calculated from m1 and m2. And the difficulty of calculating m1 and m2 from N. N is made public available and is used to encrypt data. m1 and m2 are the secret keys which enable one to decrypt the data. To crack a code, a code breaker needs to factor N.

5 RSA encryption and factoring Problem: given a number, what are its prime factors? e.g. a 129-digit odd number which is the product of two large primes, = x Best factoring algorithm requires sources that grow exponentially in the size of the number 1/3 2/3 - exp( O( n log n)), with n the length of N Difficulty of factoring is the basis of security for the RSA encryption scheme used.

6 Shor s algorithm Algorithms for quantum computation: discrete logarithms and factoring - Foundations of Computer Science, 1994 Proceedings., 35th Annual Symposium on Publication Date: Nov On pages: Shor, P.W. AT&T Bell Labs., Murray Hill, NJ;

7 Shor s algorithm Shor s code-breaking Quantum Algorithm -How fast can you factor a number? - Quantum computer advantage Code-breaking can be done in minutes, not in millennia Public key encryption, based on factoring, will be vulnerable!!! E.g. factor a 300-digit number Classical THz computer 24 - steps ,000 years Quantum THz computer steps - 1 second

8 How to factor an odd number a little number theory Modular Arithmetic simply means where k is an integer. Consider x r a= bmod N b= amod N a = b + = 1mod N kn - where x and N are co-primes, i.e. greatest common divisor gcd(a,n)=1. No factors in common. It will be demonstrated in the following that finding r is equivalent to factoring N

9 A little number theory m1 m r 2 = N x = 1mod N Consider the equations then we have y y 2 2 = 1mod N 1= 0modN ( y+ 1)( y 1) = 0modN ( y+ 1)( y 1) = 0modmm 1 2 y+ 1= 0modm1 y+ 1= 0modN ;or y 1= 0modm2 y 1= 0mod1

10 A little number theory We acquire a trivial solution gcd( y+ 1, N) = N, gcd( y 1, N) = 1. and the desired solution gcd( y + 1, N) = m1, gcd( y 1, N) = m2. Note that gcd can be calculated efficiently. 2 r /2 2 If we can find r, and r is even y = ( x ) = 1modN Then m = x + N 1 2 r /2 gcd( 1, ) m = x N r /2 gcd( 1, ) provided we don t get trivial solutions. If r is an odd number, change x, try again.

11 A little number theory Finding r is equivalent to factoring N - It takes O( 2 n ) operations to find r using classical computer. (n the digits of N) An important result from number theory, r f() r = x modn is a periodic function. E.g. N=15, x=7. period r= 4 Factoring reduces to period finding. r x r mod N

12 Shor algorithm Using quantum computer to find the period r. The algorithm is dependent on Modular Arithmetic Quantum Parallelism Quantum Fourier Transform Illustration To factor an odd integer, N=15 Choose a random integer x satisfying gcd(x,n)=1, x=7 in our case.

13 Shor s algorithm Create two quantum registers, - input registers: contain enough qubits to represent r, ( 8 qubits up to 255) - output registers: contain enough qubits to represent f() r = x r modn < N(we need 4 qubits ) Load the input registers an equally weighted superposition state of all integers (0-255). The output registers are zero.

14 Shor s algorithm ψ = a,0 256 a a input register, 0- output register Apply a controlled unitary transformation to the input register U a,0 = a, x a modn, storing the results in the output registers. From quantum Parallelism, this unitary transformation can be implemented on all the states simultaneously a U ψ = U a,0 = a, x modn = 0 a= 0 a= 0

15 Shor s algorithm The unitary transformation U consists of a series of elementary quantum gates, single-, two-qubit... The sequence of these quantum gates that are applied to the quantum input depends on the classical variables x and N complicatedly. We need a classical computer processes the classical variables and produces an output that is a program for the quantum computer, i.e. the number and sequence of elementary quantum operations. This can be performed efficiently on a classical computer. (see details, PRA, 54, 1034, (1996);

16 Shor s algorithm Assume we applied U on the quantum registers. in out U ψ = [( ) ( ) 7 + ( ) 4 + ( ) 13 ] Now we measure the output registers, this will collapse the superposition state to one of the outputs 1>, 7> 4>, 13>, for example 1>.

17 Shor s algorithm Measure the output register will collapse the input register into an equal superposition state. which is a periodic function of period r=4. M / r 1 1 φ = ( ) 64 We now apply a quantum Fourier transform on the collapsed input register to increase the probability of some states. k = 0 j= 0 M 1 ak 1 2π i M T a >= e k >, (M=256) M jr

18 Shor s algorithm M / r 1 M / r 1M 1 jr k 2π i M T φ T jr = e k > j= 0 j= 0 k= 0 M 1 M / r 1 jr k 2π i M 1 M = ( e ) k > = f( k) k > k= 0 j= 0 k= 0 Here f(k) can be easily calculated 2πik M / r 1 1 e 2 π ijkr/ M = 0, kr / M integer 2 πikr / M f( k) = e = 1 e j= 0 M / r, kr/ M=integer For simplicity, we have assumed M/r is an integer

19 M 1 r 1 k= 0 j= 0 Shor s algorithm >= = T φ f( k) k jm / r The QFT essentially peaks the probability amplitudes at integer multiples of M/r. When we measure the input registers, we randomly get c=jm/r, with 0 j r 1. If gcd(j,r)=1, we can determine r by canceling = to M r an irreducible fraction. From number theory, the probability that a number chosen randomly from 1 r is coprime to r is greater than 1/logr. Thus we repeat the computation O(logr)<O(logN) times, we will find the period r with probability close to 1. This gives an efficient determination of r. (see more details in Rev. Mod. Phys., 68, 733 (1996) c j

20 Shor s algorithm In our case, c=0, 64, 128,192, M=256; then c/m=0, ¼, ½, ¾. We can obtain the correct period r=4 from ¼ and ¾ and incorrect period r=2 from ½. The results can be easily checked from r x mod N = 1 Now that we have the period r=4, the factors of N=15 can be determined. This computation will be done on a classical computer. m m 1 2 = gcd( x = gcd( x r / 2 r / 2 + 1, N) = gcd(7 1, N) = gcd(7 4/ 2 4/ 2 + 1,15) = 5 1,15) = 3

21 Shor s algorithm Generate random x {1,, N-1}; Check if gcd(x, N)=1; r = period(x); (The period can be evaluated in polynomial time on a quantum computer.) - Prime factors are calculated by classical computer r / 2 m = gcd( x + 1, N) m 1 2 = gcd( x r / 2 1, N)

22 Shor s algorithm N=15=5 3, the simplest meaningful instance of Shor s algorithm Input register 3 qubits output register 4 qubits (Nature 414, 883, 2001)

23 Grover s algorithm Classical search How quickly can you find a needle in a haystack - sequentially try all N possibilities - average search takes N/2 steps Quantum search - simultaneously try all possibilities - refining process reveals answer - average search takes 1/2 N steps

24 Grover s search algorithm L.K. Grover, Phys. Rev. Lett., 79,325, (1997)

25 Grover s search algorithm Problem : given a Quantum oracle, 1, 2... i... x,... N try to find one specific state, satisfying R is a N N diagonal matrix, satisfying Rii=-1, if i=x; Rii =1, other diagonal elements. To find x is equivalent to find which diagonal element of R is -1, i.e. x. Classically, we have to go through every diagonal element. We expect to find the -1 term after N/2 queries to all the diagonal elements. x i, i = x R i = { i, otherwise

26 Grover s algorithm Take a m-qubit register, assume 2 m = N Prepare the registers in an equal superposition state of all the N states. N 1 1 ψ = i N Iterations of Rotate Phase and Diffusion operator Measure the register to get the specific state i= 0 x

27 In fact, R is a phase rotate operator i, i = x R i = { i, otherwise e.g. Grover s algorithm ψ x = R ψ

28 Grover s algorithm Diffusion operator N N N D = N N N M M O M N N N DR ψ The successive operation of Rotate phase and Diffusion operator will increase the probability amplitude of the desired state.

29 Grover s algorithm Initial state N 1 N ψ = i = x + i α + β N N N i= 0 i= 0 ( i x ) n ψ = ( DR) ψ, n ˆˆ 2 2 DR α = 1 α β N N ˆˆ 2 2 DR β = 2 α + 1 β N N After n iteration, we have ψ = a α + b β, n n n 2 a n 1, 2 ε an 1 a0 1 N = =, with bn bn 1 b0 = 1 ε, 1 ε Considering N 1

30 Grover s algorithm Finally, we get ψ n 2n cos 2n N sin x + N N The probability to collapse into the x 2n Pn = sin N We choose iteration steps the probability of failure 2 π 1 1 ( ) 2 N 1 i= 0 ( i x) i π n= [ N] 4 N 1 p n cos O 0 2 = N N

31 Grover s algorithm Can we do better than a quadratic speed up for Quantum Searches. No! Grover algorithm is optimal. Any quantum algorithm, with respect to an Oracle, can not do better that Quadratic time. Good and Bad Good: Grover s is Optimal Bad: No logarithmic time algorithm :Limits of Black-Box quantum computing

32 Grover s algorithm Experiment realization -Nuclear magnetic resonance I. L.Chuang et. al. PRL, 80, 3408 (1998). - Linear optics P.G. Kwait et. al. J. Mod. Opt. 47, 257 (2000). - individual atom J. Ahn et. al. Science, 287, 463 (2000). -trapped ion M. Feng, PRA, 63, (2001).