Classical RSA algorithm

Size: px
Start display at page:

Download "Classical RSA algorithm"

Transcription

1 Classical RSA algorithm We need to discuss some mathematics (number theory) first Modulo-NN arithmetic (modular arithmetic, clock arithmetic) 9 (mod 7) (mod 7) congruent (I will also use = instead of ) Usual operations: addition and multiplication (ring), we need only multiplication Definition: Order of aa is the smallest rr, for which aa rr 1 (mod NN) Why important: if ff xx = aa xx (mod NN), then rr is the period of ff(xx). Check: ff xx + rr = aa xx+rr = aa xx aa rr = aa xx = ff(xx) mod NN Fermat s little theorem (simple proof, any number theory course) If pp is prime and aa is not divisible by pp, then aa pp 1 1 (mod pp) Fermat 1640 (letter, no proof) Leibniz 1683 (unpublished) Euler 1736 (first published proof) (e.g., proof via the product aa aa 3aa pp 1 aa = aa pp 1 pp 1! = pp 1! mod pp, since all nnnn should be different mod pp)

2 RSA mathematics Fermat s little theorem: If pp is prime and aa is not divisible by pp, then aa pp 1 1 (mod pp) Lemma If pp and qq are primes and aa is not divisible by pp or qq, then aa (pp 1)(qq 1) 1 (mod pppp) Proof aa (pp 1) aa (qq 1) (qq 1) (pp 1) 1 (mod pp) 1 (mod qq) aa (pp 1)(qq 1) 1 is a multiple of both pp and qq, therefore multiple of pppp. QED Lemma If pp and qq are primes and ss is an integer, then aa 1+ss(pp 1)(qq 1) aa (mod pppp) Note: works even if aa is divisible by pp or qq (trivial if a multiple of pppp; if only aa = kkkk, then Fermat: aa ss qq 1 (pp 1) = 1 + nnnn, so aa ss qq 1 pp 1 +1 = aa + aaaaaa = aa + nnnnnnnn ) Theorem If cccc 1 [mod (pp 1)(qq 1)] and pp & qq are primes, then aa cccc aa (mod pppp)

3 RSA algorithm Rivest, Shamir, Adlerman, 1977, authors from MIT Clifford Cocks, 1973, British Intelligence, secret until 1997 Alice public key message Bob (in Mermin s book roles of Alice and Bob are exchanged) Alice Pick large primes pp and qq, calculate NN = pppp Pick cc < NN [coprime with (pp 1)(qq 1)] Find dd, for which cccc 1 [mod pp 1 qq 1 ] Public key: NN and cc Private key: NN and dd (easy to find dd using Euclidean algorithm for cc and pp 1 qq 1 ) Bob Wants to send message aa (aa < NN) Encoding: aa aa = aa cc (mod NN) Alice Decoding: aa dd mod NN = aa cccc mod NN = aa

4 RSA algorithm (cont.) Remarks - Typically NN bits long - Computation of aa cc (mod NN) and aa dd (mod NN) is fast: aa aa aa 4 aa 8..., then products (all mod NN ) - Eve knows NN. If she can factor NN = pppp, then she can do the same as Alice, so she can decode. This is why factoring is so important. - NN can be factored via finding the period of the function ff xx = aa xx (mod NN), where aa is any number (will discuss in more detail later). Idea: if aa rr 1 (mod NN) and rr is even, then aa rr 1 aa rr (mod NN) - RSA can be also broken directly with a period-finding algorithm. aa, aa, aa 3,... aa rr = 1, aa rr+1 = aa (mod N) (if aa is not coprime with NN, then factor immediately). Then aa rr 1 (mod NN) also (because subgroups aa kk and aa kk coincide since aa cc aa, and aa dd aa, so the same order.) Then if we find ddd so that ccdd 1 (mod rr), then aa dd aa ccdd aa 1+mmmm = aa aa rr mm = aa, so direct decoding.

5

6 Classical algorithm for factoring via period finding NN = pppp can be factored via period of ff xx = aa xx (mod NN) 1. Pick a random number aa (aa < NN). Check that coprime with NN (if not, then great luck!).. Find smallest rr, for which aa rr 1 (mod NN) (i.e., rr is the order of aa). 3. If rr is odd, choose another aa and repeat (go back to Step 1). Probability of going back is 50%. 4. If rr is even, then aa rr 1 aa rr + 1 = aa rr 1 0 (mod NN). aa rr 1 cannot be 0 (mod NN), since rr is the smallest period. If aa rr (mod NN), choose another aa and repeat (go back to Step 1; this is very rare). 5. Since NN = pppp and pp & qq are primes, then aa rr 1 is a multiple of pp, and aa rr + 1 is a multiple of qq (or vice versa). Find the greatest common divisor (GCD) of NN and aa rr ± 1, they will be pp and qq. Remarks - If pp and qq are not prime, then similar algorithm. - If rr is not the smallest period, then check that aa rr 1 is not 0 (mod N), otherwise choose another aa (very rare)

7 General idea of period finding by a QC (Shor s algorithm) 0 nn nn qubits 0 nn 0 qubits 1 nn xx=0 xx yy UU ff ff xx = aa xx (mod NN) xx yy ff xx mm 1 After meas. of output register, the input reg. is ψψ nn = 1 mm kk=0 meas. QFT NN has nn 0 bits Output register has nn 0 qubits Input register has nn nn 0 qubits xx 0 + kkkk nn Key: Quantum Fourier transform (QFT) can be done very efficiently For MM nn, usual Fourier transform needs MM nn operations, Fast Fourier Transform (FFT) needs MM nn operations (actually nn nn ), QFT needs log MM nn operations. (Calculation of ff(xx) needs nn 3 operations.) measure nn 1 xx nn 0 nn0 1 nn nn xx=0 1 xx nn ff(xx) nn0 ff xx = aa xx (mod NN) not needed, but easier to think where rr is the period of ff(xx) (i.e., order of aa), mm = int[ nn rr] or int nn rr + 1 rr < NN < nn 0, so mm > nn 0 (very many states in superposition) Idea: Input register state is periodic (rr) Fourier transform finds this period

8 Calculation of ff xx = aa xx (mod NN) Fast classical algorithm quantum algorithm of the same complexity Prepare aa, aa, aa 4, aa 8,... (mod NN), then multiply some of them, depending on the corresponding bits of xx = xx nn 1... xx 1 xx 0 input register (nn qubits) work register (nn 0 qubits) output register (nn 0 qubits) xx aa aa aa 4 1 aa or 1, depending aa or 1, depending on xx 0 on xx 1 Complexity: nn steps, each contains multiplication (mod NN) requiring nn steps, so overall nn 3 steps (nn 0 nn) By the way, in this algorithm the work register remains unentangled with input and output registers, so no global garbage collection is needed (garbage collection at each step is still necessary)

9 Quantum Fourier Transform (QFT) Discrete Fourier transform (DFT) xx = 0, 1,,... MM 1 gg xx gg(xx) gg xx = 1 MM yy=0 MM 1 ee ππππ xxxx MM gg(yy) Inverse DFT: the same with ii ii In QC, MM = nn (nn qubits), and we do discrete Fourier transform of amplitudes: nn 1 gg xx xx nn 1 xx=0 gg xx xx xx=0 UU QQQQQQ Therefore UU QQQQQQ xx = 1 nn nn yy=0 1 ee ππππ xxxx nn yy - Check that unitary. For basis vectors xx ll and xx mm, the inner product after QFT is xx ll UU QQQQQQ UU QQQQQQ xx mm = 1 nn nn yy=0 1 ee ππππ( xx ll+xx mm ) yy nn yy yy = 1 nn nn δδ llll = δδ llll. So, the orthonormal basis is transformed into an orthonormal basis unitary. - Somewhat similar to nn-fold Hadamard: transforms each basis vector into equal-weight superposition of all basis vectors (but instead of ±1 for Hadamard, many phases in QFT)

10 Quantum Fourier Transform (cont.) UU QQQQQQ xx = 1 nn nn yy=0 1 ee ππππ xxxx nn yy A very simple quantum circuit exits for QFT UU QQQQQQ xx = 1 nn yy nn 1, yy 0 ee ππππ xx(yy nn 1 nn 1 +yy nn nn +...+yy 0 0 ) nn yy nn 1 yy nn... yy 0 = ee ππππππ nn 1 nn ee ππππππ nn nn ee ππππππ 0 nn nn For xx = xx nn 1 nn 1 + xx nn nn +... xx 0 0, many digits are not important UU QQQQQQ xx = xx 0 eeππππ ee ππππ(xx 1 + xx 0 ) ee ππππ(xx nn 1 +xx nn +...+xx 0 nn ) ee ππππxx 0 First (most significant) qubit: = 1 ( xx 0) = xx 0 (only in computational basis) So, if we use reverse order (most significant least significant), then the only necessary operation is acting on qubit xx 0. Second qubit: needs acting on xx 1 and also exp(ππ ii ) if xx 0 = 1.

11 Quantum Fourier Transform (cont.) UU QQQQQQ xx = 1 nn nn yy=0 1 ee ππππ xxxx nn yy = xx 0 eeππππ ee ππππ(xx 1 + xx 0 ) ee ππππ(xx nn 1 +xx nn +...+xx 0 nn ) Let us introduce rotation operator Two qubits RR kk exp(ππ ii kk ) (Mermin: RR kk = VV kk 1 ) xx 1 xx 0 RR yy 0 yy 1 (reverse order) Three qubits xx xx 1 RR RR 3 RR yy 0 = e ππππ xx +xx 1 +xx 0 yy 1 = e ππππ xx 1 + xx 0 3 xx 0 yy = e ππππ xx 0 again, output order is reversed

12 UU QQQQQQ xx = xx 0 eeππππ Four qubits Quantum Fourier Transform (cont.) = 1 nn nn yy=0 1 ee ππππ xxxx nn yy ee ππππ(xx 1 + xx 0 ) ee ππππ(xx nn 1 +xx nn +...+xx 0 nn ) RR kk = exp(ππ ii kk ) xx 3 xx xx 1 RR RR 4 RR 3 RR 3 RR yy 0 yy 1 yy RR yy 3 xx 0 reversed order Similar for nn qubits: need nn Hadamard gates and nn(nn 1) controlled-r gates. Each c-r gate can be realized with CNOTs, so nn CNOTs. (With superconducting qubits, c-r gate can be realized directly.) c-r gates with extreme precision ( nn ) are actually not needed. Crude precision is sufficient (will discuss later), so gates c-rr kk with kk > 0 are not needed. Then only 0nn c-r gates are needed.

13 Another representation of the same circuit for QFT yy 5 yy 4 yy 3 yy yy 1 yy 0 c-r c-r 3 c-r 4 c-r 5 c-r 6 RR kk exp(ππ ii kk ) Symmetry of c-r gates and reversed order are naturally represented Inverse QFT: time-reverse the sequence and conjugate gates ( =, so only replace c-rr kk c-rr kk )

14 Inverse QFT in this representation yellow: blue: c-rr kk green: c-rr kk

15 Inverse QFT using the first circuit xx 3 xx xx 1 RR RR 4 RR 3 RR 3 RR yy 0 yy 1 yy RR yy 3 QFT xx 0 Inverse QFT: ii ii, so we would expect yy 3 yy yy 1 yy 0 RR RR 3 RR 4 RR RR 3 xx 0 xx 1 RR xx xx 3 QFT 1 On the other hand, we know that for inverse, the circuit should be time-reversed and gates should be conjugated. Does not look the same! But actually is. yy 3 yy RR yy 1 RR 3 RR yy 0 RR 4 xx 0 xx 1 xx RR 3 RR xx 3 QFT 1 use symmetry of c-rr kk, then shift gates

16 yy 3 yy RR yy 1 RR 3 Inverse QFT (cont.) RR yy 0 RR 4 RR 3 RR xx 3 use symmetry of c-rr kk xx 0 xx 1 xx yy 3 yy yy 1 RR RR 3 RR RR 4 RR 3 RR xx 0 xx 1 xx yy 0 xx 3 shift some gates to the left yy 3 yy yy 1 RR RR 3 RR 4 RR RR 3 RR xx 0 xx 1 xx yy 0 xx 3

17 Measurement-based realization of QFT In Shor s algorithm, all qubits are measured after QFT. In this case QFT can be realized with classically-controlled RR kk gates. Usual QFT xx 3 xx xx 1 RR RR 4 RR 3 RR 3 RR yy 0 yy 1 yy RR yy 3 xx 0 Step 1 Since c-rr kk gates are symmetric, exchange control and target xx 3 xx RR xx 1 RR 3 RR xx 0 RR 4 RR 3 RR yy 3 yy 0 yy 1 yy

18 Step 1 xx 3 Measurement-based realization of QFT (cont.) xx RR xx 1 RR 3 RR xx 0 RR 4 RR 3 RR yy 0 yy 1 yy yy 3 meas. result yy 0 meas. result yy 1 meas. result yy meas. result yy 3 Step Measure and control classically RR kk exp(ππ ii kk ) xx 3 xx xx 1 result yy 0 meas. RR yy 0 RR 3 yy 0 result yy 1 meas. yy xx 0 RR 0 yy 4 RR RR yy 1 RR 3 yy 1 result yy meas. result yy 3 meas. Because of spooky action, measurement acts back in time, so we can exchange in time measurement and control So far we assume that gates are perfect (it is not possible experimentally for RR kk with exponentially small angles). We will discuss later that precision is not a problem.

19 Back to Shor s algorithm (period finding) 0 nn nn qubits 0 nn 0 qubits xx yy UU ff ff xx = aa xx (mod NN) xx yy ff xx meas. QFT measure measure second register, result ff(xx 0 ) period we want to find 1 nn xx=0 UU ff nn 1 xx nn 0 nn0 1 nn nn xx=0 1 xx nn ff(xx) nn0 1 mm kk=0 Measure first register, probability of result yy is mm 1 xx 0 + kkkk nn UU QFT mm 1 ee ππππ xx 0+kkkk mm = int[ nn rr] 1 nn 1 1 nn yy=0 mm kk=0 yy nn yy nn = 1 1mm nn nn yy=0 1 ee ππππxx 0 yy nn mm 1 ππππ kkkk kk=0 ee yy nn yy nn pp yy = ψψ yy = 1 mm 1 nn mm ππππ kkkk ee yy nn kk=0 xx 0 is not important, just a phase factor No more QM, let us see how result is related to rr

20 Shor s algorithm (cont.) pp yy = ψψ yy = 1 mm 1 nn mm ππππ kkkk ee yy nn kk=0 Significant pp(yy) only if all terms are in phase: Understanding via Fourier transform ψψ = 1 mm kk=0 mm 1 xx 0 + kkkk nn rr QFT 0 xx 0 comb with period rr nn 1 Measurement randomly picks one of the peaks of pp yy, while we need rr. ψψ yy 0 yy nn rr jj integer nn rr # of peaks: rr, height: mm mm nn = mm nn = 1 rr Peaks should be at integers, while rr rr is not an integer Two steps next: 1) Show that with a significant probability (>40%) the measured number is the closest (<1/) to one of multiples of nn rr. ) Show that in this case, from the measured number we can obtain rr. nn 1 nn rr jj

21 pp yy = 1 mm 1 nn mm ππππ kkkk ee yy nn kk=0 Shor s algorithm (cont.) pp(yy) 1) Show that with a significant probability (>40%) the measured number is the closest (<1/) to one of multiples of nn rr. Denote the closest integer as yy jj = jj nn rr + δδ jj, δδ jj Sum geometric series for pp(yy jj ) pp yy jj = 1 mm 1 nn mm ee ππππππππ δδ jj nn = 1 kk=0 nn mm 1 nn mm sin (ππδδ jj ) sin (ππππ δδ jj nn ) 1 rr sin ππδδ jj ππ δδ jj 0 1 ee ππππππππ δδ jj nn 1 ee ππππππ δδ jj nn 1 1 rr 4 ππ nn rr = 1 nn mm very small, rr < nn 0 4 nn rr nn at δδ jj = ± 1 nn 1 nn rr jj nn sin (ππππππ δδ jj nn ) sin (ππππ δδ jj nn ) rr peaks (jj nn /rr, jj = 1,,... rr 1), so total probability that measured result is within 1 from jj nn /rr is 4 ππ > 40%. Not always but quite likely. Actually, if try both neighbors, then probability to be within 1 from jj nn /rr is > 80%, if try 4 closest neighbors, then > 90%.

22 Shor s algorithm (cont.) ) How to find period rr from yy = jj nn rr + δδ, where δδ 1 Rewrite we know yy nn jj rr 1 nn+1 nn is a parameter we can choose. For large enough nn, the result yy nn will be very close to the rational number jj rr. So, if want to find Remember rr < NN < nn 0 integer to factor Rational numbers with denominators < NN are not closer to each other than 1 NN (because aa bb cc dd 1 bbbb) 1 nn+1 1 How to find jj rr: continued fractions NN, then the closest to yy nn rational number with denominator NN is jj rr. yy nn = 1 1 zz 0 + zz zz +... jj rr, xx, # of bits in NN This is why we need nn nn 0. This expansion will go through jj rr Theorem: If xx is an estimate of jj rr 1/(rr ), then continued fractions go through jj rr (proven in N-C book, not a very short proof) Continued fractions is a fast classical algorithm, OO(nn 3 0 ) operations

23 Shor s algorithm (cont.) Finding period rr So, we will find jj/rr with a significant probability (> 40%). It is still possible that we will not find correct rr if jj and rr have common divisors. Then we will find a divisor of rr instead of rr itself. However, the probability of finding rr (not its divisor) is 50%, and if it is not rr, then it is most likely rr or rr 3 (not large denominator). So, after finding rr 0, we can try rr 0, rr 0, 3rr 0, etc. It is important that it is easy to check classically if kkkk 0 is a period of ff(xx) or not. If the procedure is unsuccessful, we can run the algorithm again (with the same aa). If find another divider of rr, we can calculate Least Common Multiple (LCM); most likely if will be rr. Still possible that yy/ nn was not the closest jj rr, so need several trials. So, 3 10 runs of the quantum algorithm will give us the period rr.

24

25 Required precision of gates c-rr kk in QFT RR kk = exp(ππ ii kk ) For kk > 10 it is very difficult to realize c-rr kk accurately, for kk > 0 practically impossible. Is this precision (very small angles) really necessary? No! General idea If a gate is imprecise, then ψψ ψψ. But if the imprecision is not too big, then the states ψψ and ψψ are still close, ψψ ψψ = 1 εε with εε 1. Then they are not well-distinguishable (independently of what we measure). So, probability of measuring what we want does not change much. In some sense, the operation is digital, and therefore insensitive to small analog errors.

26 Required precision of gates c-rr kk in QFT (cont.) Estimate of phase accuracy needed for QFT Ideally, pp yy = 1 nn mm kk=0 mm 1 ee ππππππππ yy nn Suppose there are phase errors pp φφ yy = 1 mm 1 nn mm ee ππππππππ kk=0 Assume φφ kk (yy) φφ 1 As before, yy jj = jj nn rr + δδ jj with δδ jj 1 pp φφ yy jj 1 nn mm kk=0 mm 1 ee ππππππππ δδ jj nn 1 + iiφφ kk,jj pp yy jj + Re ( nn mm kk=0 ideal mm 1 ee ππππππππ yy nn ee iiφφ kk(yy) for yy = yy jj δδ jj nn iiφφ kk,jj )( kk =0 1 + iiφφ kk (yy) in linear order can depend on both kk and yy mm 1 ee ππππkk rr δδ jj nn ) Even in the worst case: mm 1 kk=0 ee ππππππππ δδ jj nn iiφφ kk,jj mmmm, kk =0 So difference is limited: pp φφ yy jj pp(yy jj ) nn mm mm 1 ee ππππkk rr δδ jj nn mmmm mm = mm nn φφ rr φφ Total difference rr pp φφ yy jj pp yy jj φφ 1 Small! mm

27 Required precision of gates c-rr kk in QFT (cont.) pp yy = 1 nn mm kk=0 mm 1 ee ππππππππ yy nn ideally pp φφ yy = 1 nn mm kk=0 mm 1 ee ππππππππ yy nn ee iiφφ kk(yy) φφ kk (yy) φφ 1 with phase errors Total probability difference rr pp φφ yy jj pp yy jj φφ Therefore, the probability of success (i.e. the measured yy is the closest integer to jj nn /rr) is not 40%, but 40% φφ. Therefore the precision φφ 10% is sufficient! (digital computation) We still cannot say that all gates with 3% accuracy is OK, because many gates for each wire Inaccuracy scales (at most) linearly with the number of gates. In QFT, there are nn gates RR kk. The gates RR kk can be completely neglected if nn ππ kk < 0.1 Therefore kk mmmmmm log nn is sufficient Then the number of gates in QFT is not ~ nn but only nn log(nn)

28 Precision of gates (more general discussion) Introduce operator norm OO max = sup ψψ 0 OO ψψ ψψ It is really a norm (satisfies triangle inequality) Imprecision of a gate = sup ψψ 0 ψψ OO OO ψψ ψψ ψψ Suppose a unitary UU is replaced with a slightly imprecise unitary UUU. The imprecision can be characterized by the norm of the difference: Δ = UU UUU. Then for an imprecise sequence of gates (composition of operations), UU kk... UU UU 1 UU kk... UU UU 1, we can show Δ ii Δ ii The proof is step-by-step, using triangle inequality and norm-preservation by a unitary UU UU 1 ψψ UU UU 1 ψψ = UU UU 1 ψψ UU UU 1 ψψ ) + UU UU 1 ψψ UU UU 1 ψψ ) = Therefore = (UU UU )UU 1 ψψ UU (UU 1 UU 1 ) ψψ UU UU 1 UU UU 1 UU UU + UU 1 UU 1 So, we proved that the imprecision Δ accumulates at most linearly with the number of gates

29 Precision of gates (cont.) We proved that the imprecision Δ accumulates at most linearly with the number of gates. Two more important properties: For an overall imprecision Δ, the difference in the probability of obtaining a certain result for a measurement is less than Δ (simple proof in N-C book, Sec ). If a 1-qubit or -qubit gate UU has imprecision Δ, then the same imprecision for this gate acting on many-qubit state (i.e., gate UU 1). Proof (for a -qubit gate) A multi-qubit entangled state can always be represented as Ψ = αα Φ 00 + αα Φ 01 + αα Φ 10 + αα Φ 11, where Φ iiii are normalized states of other qubits, αα 00 + αα 01 + αα 10 + αα 11 = 1. A gate UU acts only on αα iiii, an imprecise UUU produces αα iiii,in αα iiii instead of αα iiii,in αα iiii. Then UU UUU = max Ψ Ψ = max αα 00 αα Φ αα 01 αα Φ 01 + αα 10 αα Φ 10 + αα 11 αα Φ 11 = = max αα 00 αα 00 + αα 01 αα 01 + αα 10 αα 10 + αα 11 αα 11, which is the same as when this gate acts only on two qubits. QED

30

31 Phase estimation algorithm (Kitaev) Consider a toy problem, which can be used in serious problems (period finding, etc.) UU Suppose we know an eigenstate uu, but do not know the corresponding eigenvalue ee ππππππ (since UU is unitary, absolute value of eigenvalue is 1) Goal: find φφ First idea: meas. uu UU uu uu does not change, since eigenstate = eeππππππ c-uu uu eeππππππ eeππππππ uu eeππππππ uu uu = Measure many times, find probabilities pp(0) and pp(1) pp 0 pp 1 = cos(ππππ)

32 Phase estimation algorithm (cont.) uu meas. UU uu pp 0 pp 1 = cos(ππππ) Now add S-gate SS = ii SS meas. uu UU uu pp 0 pp 1 = sin(ππππ) Measuring many times, we can find φφ accurately, but this is not fast (to find nn bits of φφ, we need nn measurements) Main idea: use c-uu, c-uu 4, c-uu 8, etc. to find φφ bit-by-bit (Kitaev) Even better to use (inverse) QFT after that

33 Phase estimation algorithm (cont.) nn bits QFT 1 QF = QFT measurement uu UU UU... UU nn 1 uu State of the input register after c-uu kk gates: 1 nn ( 0 + eeππππnn 1φφ 1 )( 0 + ee ππππnn φφ 1 )... ( 0 + ee ππππππ 1 ) = nn 1 = 1 nn yy=0 ee ππππππππ yy This is just Fourier transform of nn φφ So, apply inverse QFT to get nn φφ Exact result if φφ has nn-bit representation 0.φφ nn 1 φφ nn... φφ 0 lower upper If nn φφ is not integer, then some errors. Result: to find mm bits of φφ with probability 1 εε, we need nn = mm + log( + 1 ) qubits εε

34 Phase estimation algorithm (cont.) Relation to period finding ff xx = aa xx (mod NN) Define UU as multiplication by aa (mod N): UU yy = aaaa mod NN. Then UU rr = 1 for the period rr, which we want to find. Therefore eigenvalues of UU are ee ππππ jj rr for integer jj. So, finding the phase, we learn jj rr (as in Shor s algorithm) Therefore, phase estimation algorithms can be used for factoring integers. (unitary because aa is coprime with NN) It seems that for this algorithm we need to prepare an eigenstate uu. However, any state is a linear combination of eigenstates, so it does not matter (the algorithm will randomly find one of eigenstates of UU). Natural to start with 1 (we need to avoid 0 ). If output register starts with , then after c-uu kk 1 gates: nn nn xx=0 1 xx ff xx

Grover s algorithm. We want to find aa. Search in an unordered database. QC oracle (as usual) Usual trick

Grover s algorithm. We want to find aa. Search in an unordered database. QC oracle (as usual) Usual trick Grover s algorithm Search in an unordered database Example: phonebook, need to find a person from a phone number Actually, something else, like hard (e.g., NP-complete) problem 0, xx aa Black box ff xx

More information

Lesson 1: Successive Differences in Polynomials

Lesson 1: Successive Differences in Polynomials Lesson 1 Lesson 1: Successive Differences in Polynomials Classwork Opening Exercise John noticed patterns in the arrangement of numbers in the table below. 2.4 3.4 4.4 5.4 6.4 5.76 11.56 19.36 29.16 40.96

More information

EPR paradox, Bell inequality, etc.

EPR paradox, Bell inequality, etc. EPR paradox, Bell inequality, etc. Compatible and incompatible observables AA, BB = 0, then compatible, can measure simultaneously, can diagonalize in one basis commutator, AA, BB AAAA BBBB If we project

More information

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation Quantum logic gates Logic gates Classical NOT gate Quantum NOT gate (X gate) A NOT A α 0 + β 1 X α 1 + β 0 A N O T A 0 1 1 0 Matrix form representation 0 1 X = 1 0 The only non-trivial single bit gate

More information

Shor s Prime Factorization Algorithm

Shor s Prime Factorization Algorithm Shor s Prime Factorization Algorithm Bay Area Quantum Computing Meetup - 08/17/2017 Harley Patton Outline Why is factorization important? Shor s Algorithm Reduction to Order Finding Order Finding Algorithm

More information

Mathematics Ext 2. HSC 2014 Solutions. Suite 403, 410 Elizabeth St, Surry Hills NSW 2010 keystoneeducation.com.

Mathematics Ext 2. HSC 2014 Solutions. Suite 403, 410 Elizabeth St, Surry Hills NSW 2010 keystoneeducation.com. Mathematics Ext HSC 4 Solutions Suite 43, 4 Elizabeth St, Surry Hills NSW info@keystoneeducation.com.au keystoneeducation.com.au Mathematics Extension : HSC 4 Solutions Contents Multiple Choice... 3 Question...

More information

Worksheets for GCSE Mathematics. Algebraic Expressions. Mr Black 's Maths Resources for Teachers GCSE 1-9. Algebra

Worksheets for GCSE Mathematics. Algebraic Expressions. Mr Black 's Maths Resources for Teachers GCSE 1-9. Algebra Worksheets for GCSE Mathematics Algebraic Expressions Mr Black 's Maths Resources for Teachers GCSE 1-9 Algebra Algebraic Expressions Worksheets Contents Differentiated Independent Learning Worksheets

More information

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya BBM 205 Discrete Mathematics Hacettepe University http://web.cs.hacettepe.edu.tr/ bbm205 Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya Resources: Kenneth Rosen,

More information

Shor s Algorithm. Elisa Bäumer, Jan-Grimo Sobez, Stefan Tessarini May 15, 2015

Shor s Algorithm. Elisa Bäumer, Jan-Grimo Sobez, Stefan Tessarini May 15, 2015 Shor s Algorithm Elisa Bäumer, Jan-Grimo Sobez, Stefan Tessarini May 15, 2015 Integer factorization n = p q (where p, q are prime numbers) is a cryptographic one-way function Classical algorithm with best

More information

P.3 Division of Polynomials

P.3 Division of Polynomials 00 section P3 P.3 Division of Polynomials In this section we will discuss dividing polynomials. The result of division of polynomials is not always a polynomial. For example, xx + 1 divided by xx becomes

More information

Hilbert Space, Entanglement, Quantum Gates, Bell States, Superdense Coding.

Hilbert Space, Entanglement, Quantum Gates, Bell States, Superdense Coding. CS 94- Bell States Bell Inequalities 9//04 Fall 004 Lecture Hilbert Space Entanglement Quantum Gates Bell States Superdense Coding 1 One qubit: Recall that the state of a single qubit can be written as

More information

Discrete Structures Lecture Solving Congruences. mathematician of the eighteenth century). Also, the equation gggggg(aa, bb) =

Discrete Structures Lecture Solving Congruences. mathematician of the eighteenth century). Also, the equation gggggg(aa, bb) = First Introduction Our goal is to solve equations having the form aaaa bb (mmmmmm mm). However, first we must discuss the last part of the previous section titled gcds as Linear Combinations THEOREM 6

More information

(1) Introduction: a new basis set

(1) Introduction: a new basis set () Introduction: a new basis set In scattering, we are solving the S eq. for arbitrary VV in integral form We look for solutions to unbound states: certain boundary conditions (EE > 0, plane and spherical

More information

Eureka Math. Algebra II Module 1 Student File_A. Student Workbook. This file contains Alg II-M1 Classwork Alg II-M1 Problem Sets

Eureka Math. Algebra II Module 1 Student File_A. Student Workbook. This file contains Alg II-M1 Classwork Alg II-M1 Problem Sets Eureka Math Algebra II Module 1 Student File_A Student Workbook This file contains Alg II- Classwork Alg II- Problem Sets Published by the non-profit GREAT MINDS. Copyright 2015 Great Minds. No part of

More information

Ma/CS 6a Class 4: Primality Testing

Ma/CS 6a Class 4: Primality Testing Ma/CS 6a Class 4: Primality Testing By Adam Sheffer Reminder: Euler s Totient Function Euler s totient φ(n) is defined as follows: Given n N, then φ n = x 1 x < n and GCD x, n = 1. In more words: φ n is

More information

CS483 Design and Analysis of Algorithms

CS483 Design and Analysis of Algorithms CS483 Design and Analysis of Algorithms Lectures 2-3 Algorithms with Numbers Instructor: Fei Li lifei@cs.gmu.edu with subject: CS483 Office hours: STII, Room 443, Friday 4:00pm - 6:00pm or by appointments

More information

F.3 Special Factoring and a General Strategy of Factoring

F.3 Special Factoring and a General Strategy of Factoring F.3 Special Factoring and a General Strategy of Factoring Difference of Squares section F4 233 Recall that in Section P2, we considered formulas that provide a shortcut for finding special products, such

More information

F.1 Greatest Common Factor and Factoring by Grouping

F.1 Greatest Common Factor and Factoring by Grouping section F1 214 is the reverse process of multiplication. polynomials in algebra has similar role as factoring numbers in arithmetic. Any number can be expressed as a product of prime numbers. For example,

More information

MATH 1080: Calculus of One Variable II Fall 2018 Textbook: Single Variable Calculus: Early Transcendentals, 7e, by James Stewart.

MATH 1080: Calculus of One Variable II Fall 2018 Textbook: Single Variable Calculus: Early Transcendentals, 7e, by James Stewart. MATH 1080: Calculus of One Variable II Fall 2018 Textbook: Single Variable Calculus: Early Transcendentals, 7e, by James Stewart Unit 2 Skill Set Important: Students should expect test questions that require

More information

Shor s Algorithm. Polynomial-time Prime Factorization with Quantum Computing. Sourabh Kulkarni October 13th, 2017

Shor s Algorithm. Polynomial-time Prime Factorization with Quantum Computing. Sourabh Kulkarni October 13th, 2017 Shor s Algorithm Polynomial-time Prime Factorization with Quantum Computing Sourabh Kulkarni October 13th, 2017 Content Church Thesis Prime Numbers and Cryptography Overview of Shor s Algorithm Implementation

More information

Discrete Mathematics GCD, LCM, RSA Algorithm

Discrete Mathematics GCD, LCM, RSA Algorithm Discrete Mathematics GCD, LCM, RSA Algorithm Abdul Hameed http://informationtechnology.pk/pucit abdul.hameed@pucit.edu.pk Lecture 16 Greatest Common Divisor 2 Greatest common divisor The greatest common

More information

Power of Adiabatic Quantum Computation

Power of Adiabatic Quantum Computation Power of Adiabatic Quantum Computation Itay Hen Information Sciences Institute, USC Physics Colloquium, USC February 10, 2014 arxiv preprints: 1207.1712, 1301.4956, 1307.6538, 1401.5172 Motivation in what

More information

Figure 1: Circuit for Simon s Algorithm. The above circuit corresponds to the following sequence of transformations.

Figure 1: Circuit for Simon s Algorithm. The above circuit corresponds to the following sequence of transformations. CS 94 //09 Fourier Transform, Period Finding and Factoring in BQP Spring 009 Lecture 4 Recap: Simon s Algorithm Recall that in the Simon s problem, we are given a function f : Z n Zn (i.e. from n-bit strings

More information

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm Review CS311H: Discrete Mathematics Number Theory Instructor: Işıl Dillig What does it mean for two ints a, b to be congruent mod m? What is the Division theorem? If a b and a c, does it mean b c? What

More information

SECTION 7: FAULT ANALYSIS. ESE 470 Energy Distribution Systems

SECTION 7: FAULT ANALYSIS. ESE 470 Energy Distribution Systems SECTION 7: FAULT ANALYSIS ESE 470 Energy Distribution Systems 2 Introduction Power System Faults 3 Faults in three-phase power systems are short circuits Line-to-ground Line-to-line Result in the flow

More information

7.3 The Jacobi and Gauss-Seidel Iterative Methods

7.3 The Jacobi and Gauss-Seidel Iterative Methods 7.3 The Jacobi and Gauss-Seidel Iterative Methods 1 The Jacobi Method Two assumptions made on Jacobi Method: 1.The system given by aa 11 xx 1 + aa 12 xx 2 + aa 1nn xx nn = bb 1 aa 21 xx 1 + aa 22 xx 2

More information

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS Modular arithmetics that we have discussed in the previous lectures is very useful in Cryptography and Computer Science. Here we discuss several

More information

Quantum Gates, Circuits & Teleportation

Quantum Gates, Circuits & Teleportation Chapter 3 Quantum Gates, Circuits & Teleportation Unitary Operators The third postulate of quantum physics states that the evolution of a quantum system is necessarily unitary. Geometrically, a unitary

More information

First, let's review classical factoring algorithm (again, we will factor N=15 but pick different number)

First, let's review classical factoring algorithm (again, we will factor N=15 but pick different number) Lecture 8 Shor's algorithm (quantum factoring algorithm) First, let's review classical factoring algorithm (again, we will factor N=15 but pick different number) (1) Pick any number y less than 15: y=13.

More information

Secondary 3H Unit = 1 = 7. Lesson 3.3 Worksheet. Simplify: Lesson 3.6 Worksheet

Secondary 3H Unit = 1 = 7. Lesson 3.3 Worksheet. Simplify: Lesson 3.6 Worksheet Secondary H Unit Lesson Worksheet Simplify: mm + 2 mm 2 4 mm+6 mm + 2 mm 2 mm 20 mm+4 5 2 9+20 2 0+25 4 +2 2 + 2 8 2 6 5. 2 yy 2 + yy 6. +2 + 5 2 2 2 0 Lesson 6 Worksheet List all asymptotes, holes and

More information

. Here we are using the standard inner-product over C k to define orthogonality. Recall that the inner-product of two vectors φ = i α i.

. Here we are using the standard inner-product over C k to define orthogonality. Recall that the inner-product of two vectors φ = i α i. CS 94- Hilbert Spaces, Tensor Products, Quantum Gates, Bell States 1//07 Spring 007 Lecture 01 Hilbert Spaces Consider a discrete quantum system that has k distinguishable states (eg k distinct energy

More information

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL NUMBER THEORY AND CODES Álvaro Pelayo WUSTL Talk Goal To develop codes of the sort can tell the world how to put messages in code (public key cryptography) only you can decode them Structure of Talk Part

More information

Compute the Fourier transform on the first register to get x {0,1} n x 0.

Compute the Fourier transform on the first register to get x {0,1} n x 0. CS 94 Recursive Fourier Sampling, Simon s Algorithm /5/009 Spring 009 Lecture 3 1 Review Recall that we can write any classical circuit x f(x) as a reversible circuit R f. We can view R f as a unitary

More information

Quantum Error Correcting Codes and Quantum Cryptography. Peter Shor M.I.T. Cambridge, MA 02139

Quantum Error Correcting Codes and Quantum Cryptography. Peter Shor M.I.T. Cambridge, MA 02139 Quantum Error Correcting Codes and Quantum Cryptography Peter Shor M.I.T. Cambridge, MA 02139 1 We start out with two processes which are fundamentally quantum: superdense coding and teleportation. Superdense

More information

Physics ; CS 4812 Problem Set 4

Physics ; CS 4812 Problem Set 4 Physics 4481-7681; CS 4812 Problem Set 4 Six problems (six pages), all short, covers lectures 11 15, due in class 25 Oct 2018 Problem 1: 1-qubit state tomography Consider a 1-qubit state ψ cos θ 2 0 +

More information

Encryption: The RSA Public Key Cipher

Encryption: The RSA Public Key Cipher Encryption: The RSA Public Key Cipher Michael Brockway March 5, 2018 Overview Transport-layer security employs an asymmetric public cryptosystem to allow two parties (usually a client application and a

More information

Math 171 Spring 2017 Final Exam. Problem Worth

Math 171 Spring 2017 Final Exam. Problem Worth Math 171 Spring 2017 Final Exam Problem 1 2 3 4 5 6 7 8 9 10 11 Worth 9 6 6 5 9 8 5 8 8 8 10 12 13 14 15 16 17 18 19 20 21 22 Total 8 5 5 6 6 8 6 6 6 6 6 150 Last Name: First Name: Student ID: Section:

More information

Support Vector Machines. CSE 4309 Machine Learning Vassilis Athitsos Computer Science and Engineering Department University of Texas at Arlington

Support Vector Machines. CSE 4309 Machine Learning Vassilis Athitsos Computer Science and Engineering Department University of Texas at Arlington Support Vector Machines CSE 4309 Machine Learning Vassilis Athitsos Computer Science and Engineering Department University of Texas at Arlington 1 A Linearly Separable Problem Consider the binary classification

More information

Course Business. Homework 3 Due Now. Homework 4 Released. Professor Blocki is travelling, but will be back next week

Course Business. Homework 3 Due Now. Homework 4 Released. Professor Blocki is travelling, but will be back next week Course Business Homework 3 Due Now Homework 4 Released Professor Blocki is travelling, but will be back next week 1 Cryptography CS 555 Week 11: Discrete Log/DDH Applications of DDH Factoring Algorithms,

More information

TEXT AND OTHER MATERIALS:

TEXT AND OTHER MATERIALS: 1. TEXT AND OTHER MATERIALS: Check Learning Resources in shared class files Calculus Wiki-book: https://en.wikibooks.org/wiki/calculus (Main Reference e-book) Paul s Online Math Notes: http://tutorial.math.lamar.edu

More information

Worksheets for GCSE Mathematics. Quadratics. mr-mathematics.com Maths Resources for Teachers. Algebra

Worksheets for GCSE Mathematics. Quadratics. mr-mathematics.com Maths Resources for Teachers. Algebra Worksheets for GCSE Mathematics Quadratics mr-mathematics.com Maths Resources for Teachers Algebra Quadratics Worksheets Contents Differentiated Independent Learning Worksheets Solving x + bx + c by factorisation

More information

SECTION 5: POWER FLOW. ESE 470 Energy Distribution Systems

SECTION 5: POWER FLOW. ESE 470 Energy Distribution Systems SECTION 5: POWER FLOW ESE 470 Energy Distribution Systems 2 Introduction Nodal Analysis 3 Consider the following circuit Three voltage sources VV sss, VV sss, VV sss Generic branch impedances Could be

More information

Public Key Cryptography

Public Key Cryptography Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood

More information

Phase estimation. p. 1/24

Phase estimation. p. 1/24 p. 1/24 Phase estimation Last time we saw how the quantum Fourier transform made it possible to find the period of a function by repeated measurements and the greatest common divisor (GCD) algorithm. We

More information

Lesson 8: Complex Number Division

Lesson 8: Complex Number Division Student Outcomes Students determine the modulus and conjugate of a complex number. Students use the concept of conjugate to divide complex numbers. Lesson Notes This is the second day of a two-day lesson

More information

Ma/CS 6a Class 4: Primality Testing

Ma/CS 6a Class 4: Primality Testing Ma/CS 6a Class 4: Primality Testing By Adam Sheffer Send anonymous suggestions and complaints from here. Email: adamcandobetter@gmail.com Password: anonymous2 There aren t enough crocodiles in the presentations

More information

Shor Factorization Algorithm

Shor Factorization Algorithm qitd52 Shor Factorization Algorithm Robert B. Griffiths Version of 7 March 202 References: Mermin = N. D. Mermin, Quantum Computer Science (Cambridge University Press, 2007), Ch. 3 QCQI = M. A. Nielsen

More information

Advanced Cryptography Quantum Algorithms Christophe Petit

Advanced Cryptography Quantum Algorithms Christophe Petit The threat of quantum computers Advanced Cryptography Quantum Algorithms Christophe Petit University of Oxford Christophe Petit -Advanced Cryptography 1 Christophe Petit -Advanced Cryptography 2 The threat

More information

Robust Characterization of Quantum Processes

Robust Characterization of Quantum Processes Robust Characterization of Quantum Processes Shelby Kimmel Center for Theoretical Physics, MIT Marcus da Silva, Colm Ryan, Blake Johnson, Tom Ohki Raytheon BBN Technologies JQI Monday Dec. 16 Why don t

More information

Rational Expressions and Functions

Rational Expressions and Functions Rational Expressions and Functions In the previous two chapters we discussed algebraic expressions, equations, and functions related to polynomials. In this chapter, we will examine a broader category

More information

The domain and range of lines is always R Graphed Examples:

The domain and range of lines is always R Graphed Examples: Graphs/relations in R 2 that should be familiar at the beginning of your University career in order to do well (The goal here is to be ridiculously complete, hence I have started with lines). 1. Lines

More information

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2006 Contents 9 Introduction to Number Theory and Cryptography 1 9.1 Subgroups

More information

Number theory (Chapter 4)

Number theory (Chapter 4) EECS 203 Spring 2016 Lecture 12 Page 1 of 8 Number theory (Chapter 4) Review Compute 6 11 mod 13 in an efficient way What is the prime factorization of 100? 138? What is gcd(100, 138)? What is lcm(100,138)?

More information

Uncertain Compression & Graph Coloring. Madhu Sudan Harvard

Uncertain Compression & Graph Coloring. Madhu Sudan Harvard Uncertain Compression & Graph Coloring Madhu Sudan Harvard Based on joint works with: (1) Adam Kalai (MSR), Sanjeev Khanna (U.Penn), Brendan Juba (WUStL) (2) Elad Haramaty (Harvard) (3) Badih Ghazi (MIT),

More information

Topics in Cryptography. Lecture 5: Basic Number Theory

Topics in Cryptography. Lecture 5: Basic Number Theory Topics in Cryptography Lecture 5: Basic Number Theory Benny Pinkas page 1 1 Classical symmetric ciphers Alice and Bob share a private key k. System is secure as long as k is secret. Major problem: generating

More information

Math 3 Unit 3: Polynomial Functions

Math 3 Unit 3: Polynomial Functions Math 3 Unit 3: Polynomial Functions Unit Title Standards 3.1 End Behavior of Polynomial Functions F.IF.7c 3.2 Graphing Polynomial Functions F.IF.7c, A.APR3 3.3 Writing Equations of Polynomial Functions

More information

10.4 The Cross Product

10.4 The Cross Product Math 172 Chapter 10B notes Page 1 of 9 10.4 The Cross Product The cross product, or vector product, is defined in 3 dimensions only. Let aa = aa 1, aa 2, aa 3 bb = bb 1, bb 2, bb 3 then aa bb = aa 2 bb

More information

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2000 2013 Contents 9 Introduction to Number Theory 63 9.1 Subgroups

More information

Math 3 Unit 3: Polynomial Functions

Math 3 Unit 3: Polynomial Functions Math 3 Unit 3: Polynomial Functions Unit Title Standards 3.1 End Behavior of Polynomial Functions F.IF.7c 3.2 Graphing Polynomial Functions F.IF.7c, A.APR3 3.3 Writing Equations of Polynomial Functions

More information

Transition to College Math and Statistics

Transition to College Math and Statistics Transition to College Math and Statistics Summer Work 016 due date: third day of class estimated time: 10 hours (for planning purposes only; work until you finish) Dear College Algebra Students, This assignment

More information

basics of security/cryptography

basics of security/cryptography RSA Cryptography basics of security/cryptography Bob encrypts message M into ciphertext C=P(M) using a public key; Bob sends C to Alice Alice decrypts ciphertext back into M using a private key (secret)

More information

CS Lecture 8 & 9. Lagrange Multipliers & Varitional Bounds

CS Lecture 8 & 9. Lagrange Multipliers & Varitional Bounds CS 6347 Lecture 8 & 9 Lagrange Multipliers & Varitional Bounds General Optimization subject to: min ff 0() R nn ff ii 0, h ii = 0, ii = 1,, mm ii = 1,, pp 2 General Optimization subject to: min ff 0()

More information

Angular Momentum, Electromagnetic Waves

Angular Momentum, Electromagnetic Waves Angular Momentum, Electromagnetic Waves Lecture33: Electromagnetic Theory Professor D. K. Ghosh, Physics Department, I.I.T., Bombay As before, we keep in view the four Maxwell s equations for all our discussions.

More information

Cryptography: A Comparison of Public Key Systems

Cryptography: A Comparison of Public Key Systems Algorithms Research 2012, 1(5): 31-42 DOI: 10.5923/j.algorithms.20120105.01 Cryptography: A Comparison of Public Key Systems Tzvetalin S. Vassilev *, Andrew Twizell Department of Computer Science and Mathematics,

More information

Quadratic Equations and Functions

Quadratic Equations and Functions 50 Quadratic Equations and Functions In this chapter, we discuss various ways of solving quadratic equations, aaxx 2 + bbbb + cc 0, including equations quadratic in form, such as xx 2 + xx 1 20 0, and

More information

F.1 Greatest Common Factor and Factoring by Grouping

F.1 Greatest Common Factor and Factoring by Grouping 1 Factoring Factoring is the reverse process of multiplication. Factoring polynomials in algebra has similar role as factoring numbers in arithmetic. Any number can be expressed as a product of prime numbers.

More information

Simple Math: Cryptography

Simple Math: Cryptography 1 Introduction Simple Math: Cryptography This section develops some mathematics before getting to the application. The mathematics that I use involves simple facts from number theory. Number theory is

More information

Quantum Computing. 6. Quantum Computer Architecture 7. Quantum Computers and Complexity

Quantum Computing. 6. Quantum Computer Architecture 7. Quantum Computers and Complexity Quantum Computing 1. Quantum States and Quantum Gates 2. Multiple Qubits and Entangled States 3. Quantum Gate Arrays 4. Quantum Parallelism 5. Examples of Quantum Algorithms 1. Grover s Unstructured Search

More information

Factoring on a Quantum Computer

Factoring on a Quantum Computer Factoring on a Quantum Computer The Essence Shor s Algorithm Wolfgang Polak wp@pocs.com Thanks to: Eleanor Rieffel Fuji Xerox Palo Alto Laboratory Wolfgang Polak San Jose State University, 4-14-010 - p.

More information

due date: third day of class estimated time: 10 hours (for planning purposes only; work until you finish)

due date: third day of class estimated time: 10 hours (for planning purposes only; work until you finish) Honors PreCalculus Summer Work 016 due date: third day of class estimated time: 10 hours (for planning purposes only; work until you finish) Dear Honors PreCalculus Students, This assignment is designed

More information

Short Course in Quantum Information Lecture 5

Short Course in Quantum Information Lecture 5 Short Course in Quantum Information Lecture 5 Quantum Algorithms Prof. Andrew Landahl University of New Mexico Course Info All materials downloadable @ website http://info.phys.unm.edu/~deutschgroup/deutschclasses.html

More information

Locality in Coding Theory

Locality in Coding Theory Locality in Coding Theory Madhu Sudan Harvard April 9, 2016 Skoltech: Locality in Coding Theory 1 Error-Correcting Codes (Linear) Code CC FF qq nn. FF qq : Finite field with qq elements. nn block length

More information

QFT, Period Finding & Shor s Algorithm

QFT, Period Finding & Shor s Algorithm Chapter 5 QFT, Period Finding & Shor s Algorithm 5 Quantum Fourier Transform Quantum Fourier Transform is a quantum implementation of the discreet Fourier transform You might be familiar with the discreet

More information

Introduction to Cryptography. Lecture 6

Introduction to Cryptography. Lecture 6 Introduction to Cryptography Lecture 6 Benny Pinkas page 1 Public Key Encryption page 2 Classical symmetric ciphers Alice and Bob share a private key k. System is secure as long as k is secret. Major problem:

More information

Cryptography CS 555. Topic 22: Number Theory/Public Key-Cryptography

Cryptography CS 555. Topic 22: Number Theory/Public Key-Cryptography Cryptography CS 555 Topic 22: Number Theory/Public Key-Cryptography 1 Exam Recap 2 Exam Recap Highest Average Score on Question Question 4: (Feistel Network with round function f(x) = 0 n ) Tougher Questions

More information

(2) Orbital angular momentum

(2) Orbital angular momentum (2) Orbital angular momentum Consider SS = 0 and LL = rr pp, where pp is the canonical momentum Note: SS and LL are generators for different parts of the wave function. Note: from AA BB ii = εε iiiiii

More information

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy Symmetric Cryptography Review Alice Bob Public Key x e K (x) y d K (y) x K K Instructor: Dr. Wei (Lisa) Li Department of Computer Science, GSU Two properties of symmetric (secret-key) crypto-systems: The

More information

National 5 Mathematics. Practice Paper E. Worked Solutions

National 5 Mathematics. Practice Paper E. Worked Solutions National 5 Mathematics Practice Paper E Worked Solutions Paper One: Non-Calculator Copyright www.national5maths.co.uk 2015. All rights reserved. SQA Past Papers & Specimen Papers Working through SQA Past

More information

Module 7 (Lecture 25) RETAINING WALLS

Module 7 (Lecture 25) RETAINING WALLS Module 7 (Lecture 25) RETAINING WALLS Topics Check for Bearing Capacity Failure Example Factor of Safety Against Overturning Factor of Safety Against Sliding Factor of Safety Against Bearing Capacity Failure

More information

10.1 Three Dimensional Space

10.1 Three Dimensional Space Math 172 Chapter 10A notes Page 1 of 12 10.1 Three Dimensional Space 2D space 0 xx.. xx-, 0 yy yy-, PP(xx, yy) [Fig. 1] Point PP represented by (xx, yy), an ordered pair of real nos. Set of all ordered

More information

Radicals and Radical Functions

Radicals and Radical Functions 0 Radicals and Radical Functions So far we have discussed polynomial and rational expressions and functions. In this chapter, we study algebraic expressions that contain radicals. For example, + 2, xx,

More information

Proofs. Methods of Proof Divisibility Floor and Ceiling Contradiction & Contrapositive Euclidean Algorithm. Reading (Epp s textbook)

Proofs. Methods of Proof Divisibility Floor and Ceiling Contradiction & Contrapositive Euclidean Algorithm. Reading (Epp s textbook) Proofs Methods of Proof Divisibility Floor and Ceiling Contradiction & Contrapositive Euclidean Algorithm Reading (Epp s textbook) 4.3 4.8 1 Divisibility The notation d n is read d divides n. Symbolically,

More information

R.3 Properties and Order of Operations on Real Numbers

R.3 Properties and Order of Operations on Real Numbers 1 R.3 Properties and Order of Operations on Real Numbers In algebra, we are often in need of changing an expression to a different but equivalent form. This can be observed when simplifying expressions

More information

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL THE MATHEMATICAL BACKGROUND OF CRYPTOGRAPHY Cryptography: used to safeguard information during transmission (e.g., credit card number for internet shopping) as opposed to Coding Theory: used to transmit

More information

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2 Contents 1 Recommended Reading 1 2 Public Key/Private Key Cryptography 1 2.1 Overview............................................. 1 2.2 RSA Algorithm.......................................... 2 3 A Number

More information

Quantum algorithms for computing short discrete logarithms and factoring RSA integers

Quantum algorithms for computing short discrete logarithms and factoring RSA integers Quantum algorithms for computing short discrete logarithms and factoring RSA integers Martin Ekerå, Johan Håstad February, 07 Abstract In this paper we generalize the quantum algorithm for computing short

More information

COMPRESSION FOR QUANTUM POPULATION CODING

COMPRESSION FOR QUANTUM POPULATION CODING COMPRESSION FOR QUANTUM POPULATION CODING Ge Bai, The University of Hong Kong Collaborative work with: Yuxiang Yang, Giulio Chiribella, Masahito Hayashi INTRODUCTION Population: A group of identical states

More information

Tutorial on Quantum Computing. Vwani P. Roychowdhury. Lecture 1: Introduction

Tutorial on Quantum Computing. Vwani P. Roychowdhury. Lecture 1: Introduction Tutorial on Quantum Computing Vwani P. Roychowdhury Lecture 1: Introduction 1 & ) &! # Fundamentals Qubits A single qubit is a two state system, such as a two level atom we denote two orthogonal states

More information

Chem 263 Winter 2018 Problem Set #2 Due: February 16

Chem 263 Winter 2018 Problem Set #2 Due: February 16 Chem 263 Winter 2018 Problem Set #2 Due: February 16 1. Use size considerations to predict the crystal structures of PbF2, CoF2, and BeF2. Do your predictions agree with the actual structures of these

More information

Number theory (Chapter 4)

Number theory (Chapter 4) EECS 203 Spring 2016 Lecture 10 Page 1 of 8 Number theory (Chapter 4) Review Questions: 1. Does 5 1? Does 1 5? 2. Does (129+63) mod 10 = (129 mod 10)+(63 mod 10)? 3. Does (129+63) mod 10 = ((129 mod 10)+(63

More information

(1) Correspondence of the density matrix to traditional method

(1) Correspondence of the density matrix to traditional method (1) Correspondence of the density matrix to traditional method New method (with the density matrix) Traditional method (from thermal physics courses) ZZ = TTTT ρρ = EE ρρ EE = dddd xx ρρ xx ii FF = UU

More information

Lecture 6: Quantum error correction and quantum capacity

Lecture 6: Quantum error correction and quantum capacity Lecture 6: Quantum error correction and quantum capacity Mark M. Wilde The quantum capacity theorem is one of the most important theorems in quantum hannon theory. It is a fundamentally quantum theorem

More information

THE KENNESAW STATE UNIVERSITY HIGH SCHOOL MATHEMATICS COMPETITION PART II Calculators are NOT permitted Time allowed: 2 hours

THE KENNESAW STATE UNIVERSITY HIGH SCHOOL MATHEMATICS COMPETITION PART II Calculators are NOT permitted Time allowed: 2 hours THE 018-019 KENNESAW STATE UNIVERSITY HIGH SCHOOL MATHEMATICS COMPETITION PART II Calculators are NOT permitted Time allowed: hours 1 Let m be a three-digit integer with distinct digits Find all such integers

More information

ON A CONTINUED FRACTION IDENTITY FROM RAMANUJAN S NOTEBOOK

ON A CONTINUED FRACTION IDENTITY FROM RAMANUJAN S NOTEBOOK Asian Journal of Current Engineering and Maths 3: (04) 39-399. Contents lists available at www.innovativejournal.in ASIAN JOURNAL OF CURRENT ENGINEERING AND MATHS Journal homepage: http://www.innovativejournal.in/index.php/ajcem

More information

Now, suppose that the signal is of finite duration (length) NN. Specifically, the signal is zero outside the range 0 nn < NN. Then

Now, suppose that the signal is of finite duration (length) NN. Specifically, the signal is zero outside the range 0 nn < NN. Then EE 464 Discrete Fourier Transform Fall 2018 Read Text, Chapter 4. Recall that for a complex-valued discrete-time signal, xx(nn), we can compute the Z-transform, XX(zz) = nn= xx(nn)zz nn. Evaluating on

More information

Goppa Codes and Their Use in the McEliece Cryptosystems

Goppa Codes and Their Use in the McEliece Cryptosystems Syracuse University SURFACE Syracuse University Honors Program Capstone Projects Syracuse University Honors Program Capstone Projects Spring 5-1-2015 Goppa Codes and Their Use in the McEliece Cryptosystems

More information

Definition: A sequence is a function from a subset of the integers (usually either the set

Definition: A sequence is a function from a subset of the integers (usually either the set Math 3336 Section 2.4 Sequences and Summations Sequences Geometric Progression Arithmetic Progression Recurrence Relation Fibonacci Sequence Summations Definition: A sequence is a function from a subset

More information

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II CS 5319 Advanced Discrete Structure Lecture 9: Introduction to Number Theory II Divisibility Outline Greatest Common Divisor Fundamental Theorem of Arithmetic Modular Arithmetic Euler Phi Function RSA

More information

Chapter 10. Quantum algorithms

Chapter 10. Quantum algorithms Chapter 10. Quantum algorithms Complex numbers: a quick review Definition: C = { a + b i : a, b R } where i = 1. Polar form of z = a + b i is z = re iθ, where r = z = a 2 + b 2 and θ = tan 1 y x Alternatively,

More information

CHAPTER 5 Wave Properties of Matter and Quantum Mechanics I

CHAPTER 5 Wave Properties of Matter and Quantum Mechanics I CHAPTER 5 Wave Properties of Matter and Quantum Mechanics I 1 5.1 X-Ray Scattering 5.2 De Broglie Waves 5.3 Electron Scattering 5.4 Wave Motion 5.5 Waves or Particles 5.6 Uncertainty Principle Topics 5.7

More information