Quantum computing. Shor s factoring algorithm. Dimitri Petritis. UFR de mathématiques Université de Rennes CNRS (UMR 6625) Rennes, 30 novembre 2018

Similar documents
Quantum Computing. 6. Quantum Computer Architecture 7. Quantum Computers and Complexity

Introduction to Quantum Computing

Ph 219b/CS 219b. Exercises Due: Wednesday 4 December 2013

Shor s Prime Factorization Algorithm

Quantum Phase Estimation using Multivalued Logic

Fourier Sampling & Simon s Algorithm

Simulating classical circuits with quantum circuits. The complexity class Reversible-P. Universal gate set for reversible circuits P = Reversible-P

Introduction to Quantum Computing

Chapter 10. Quantum algorithms

ROM-BASED COMPUTATION: QUANTUM VERSUS CLASSICAL

Introduction to Quantum Algorithms Part I: Quantum Gates and Simon s Algorithm

Quantum algorithms (CO 781, Winter 2008) Prof. Andrew Childs, University of Waterloo LECTURE 1: Quantum circuits and the abelian QFT

Lecture 3: Constructing a Quantum Model

Phase estimation. p. 1/24

QUANTUM CRYPTOGRAPHY QUANTUM COMPUTING. Philippe Grangier, Institut d'optique, Orsay. from basic principles to practical realizations.

Introduction to Quantum Computing

Ph 219b/CS 219b. Exercises Due: Wednesday 22 February 2006

Complex numbers: a quick review. Chapter 10. Quantum algorithms. Definition: where i = 1. Polar form of z = a + b i is z = re iθ, where

Compute the Fourier transform on the first register to get x {0,1} n x 0.

Introduction to Quantum Information Processing

Ph 219b/CS 219b. Exercises Due: Wednesday 20 November 2013

QUANTUM COMPUTING. Part II. Jean V. Bellissard. Georgia Institute of Technology & Institut Universitaire de France

Extended Superposed Quantum State Initialization Using Disjoint Prime Implicants

Simon s algorithm (1994)

Measuring progress in Shor s factoring algorithm

Lecture 2: From Classical to Quantum Model of Computation

Calculating with the square root of NOT

Advanced Cryptography Quantum Algorithms Christophe Petit

Ph 219b/CS 219b. Exercises Due: Wednesday 11 February 2009

ADVANCED QUANTUM INFORMATION THEORY

Shor s Algorithm. Elisa Bäumer, Jan-Grimo Sobez, Stefan Tessarini May 15, 2015

Factoring on a Quantum Computer

Single qubit + CNOT gates

Quantum Computation. Michael A. Nielsen. University of Queensland

Introduction to Quantum Computing

Figure 1: Circuit for Simon s Algorithm. The above circuit corresponds to the following sequence of transformations.

arxiv:quant-ph/ Nov 2000

QLang: Qubit Language

Simulation of quantum computers with probabilistic models

Chapter 11 Evolution by Permutation

Quantum Computer Simulation Using CUDA (Quantum Fourier Transform Algorithm)

Lecture Examples of problems which have randomized algorithms

QUANTUM COMPUTATION. Lecture notes. Ashley Montanaro, University of Bristol 1 Introduction 2

Quantum Computers. Peter Shor MIT

Introduction to Quantum Computing

Introduction into Quantum Computations Alexei Ashikhmin Bell Labs

C/CS/Phys C191 Quantum Gates, Universality and Solovay-Kitaev 9/25/07 Fall 2007 Lecture 9

CSE 20 DISCRETE MATH. Fall

Quantum algorithms (CO 781/CS 867/QIC 823, Winter 2013) Andrew Childs, University of Waterloo LECTURE 13: Query complexity and the polynomial method

C/CS/Phys 191 Quantum Gates and Universality 9/22/05 Fall 2005 Lecture 8. a b b d. w. Therefore, U preserves norms and angles (up to sign).

Quantum Searching. Robert-Jan Slager and Thomas Beuman. 24 november 2009

Lecture 3: Hilbert spaces, tensor products

Lecture note 8: Quantum Algorithms

Lecture 22: Quantum computational complexity

Quantum Computation. Yongjian Han. Fall Key Lab. of Quantum Information, CAS, USTC. uantum Entanglement Network Group (USTC) Fall / 88

Seminar 1. Introduction to Quantum Computing

Chapter 1. Introduction

Quantum gate. Contents. Commonly used gates

Tutorial on Quantum Computing. Vwani P. Roychowdhury. Lecture 1: Introduction

Introduction to Quantum Information Processing QIC 710 / CS 768 / PH 767 / CO 681 / AM 871

Quantum Information & Quantum Computing

Unitary Dynamics and Quantum Circuits

First, let's review classical factoring algorithm (again, we will factor N=15 but pick different number)

Quantum computing! quantum gates! Fisica dell Energia!

Quantum Computing Lecture 6. Quantum Search

A field F is a set of numbers that includes the two numbers 0 and 1 and satisfies the properties:

6.896 Quantum Complexity Theory September 18, Lecture 5

C/CS/Phys 191 Shor s order (period) finding algorithm and factoring 11/01/05 Fall 2005 Lecture 19

Register machines L2 18

The Deutsch-Josza Algorithm in NMR

Grover s algorithm. We want to find aa. Search in an unordered database. QC oracle (as usual) Usual trick

arxiv:quant-ph/ v5 6 Apr 2005

Chapter 2 Algorithms and Computation

Quantum Information & Quantum Computing

Concepts and Algorithms of Scientific and Visual Computing Advanced Computation Models. CS448J, Autumn 2015, Stanford University Dominik L.

- Why aren t there more quantum algorithms? - Quantum Programming Languages. By : Amanda Cieslak and Ahmana Tarin

QUANTUM COMPUTATION. Exercise sheet 1. Ashley Montanaro, University of Bristol H Z U = 1 2

Introduction to Quantum Computing. Lecture 1

Classical simulations of non-abelian quantum Fourier transforms

. Here we are using the standard inner-product over C k to define orthogonality. Recall that the inner-product of two vectors φ = i α i.

Quantum Algorithms. 1. Definition of the Subject and Its Importance. 4. Factoring, Discrete Logarithms, and the Abelian Hidden Subgroup Problem

The Classification of Clifford Gates over Qubits

A Glimpse of Quantum Computation

Short Course in Quantum Information Lecture 5

Quadratic reciprocity (after Weil) 1. Standard set-up and Poisson summation

Quantum Arithmetic on Galois Fields

Lecture 4: Elementary Quantum Algorithms

Shor s Algorithm. Polynomial-time Prime Factorization with Quantum Computing. Sourabh Kulkarni October 13th, 2017

Quantum Computation 650 Spring 2009 Lectures The World of Quantum Information. Quantum Information: fundamental principles

How behavior of systems with sparse spectrum can be predicted on a quantum computer

Quantum Computing and Shor s Algorithm

THE RESEARCH OF QUANTUM PHASE ESTIMATION

Quantum Computing Lecture 8. Quantum Automata and Complexity

Some Recent Research Issues in Quantum Logic

Boolean State Transformation

Quantum Computing: Foundations to Frontier Fall Lecture 3

Unitary evolution: this axiom governs how the state of the quantum system evolves in time.

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

Randomized Complexity Classes; RP

MAA509: Quantum Computing and Information Introduction

Transcription:

Shor s factoring algorithm Dimitri Petritis UFR de mathématiques Université de Rennes CNRS (UMR 6625) Rennes, 30 novembre 2018

Classical Turing machines Theoretical model of classical computer = classical Turing machine (deterministic, non-deterministic, probabilistic). Complexity classes (P,NP,BPP). Practical computation performed on logical gates acting on binary representations of numbers. b N, Z b = {0,..., b 1}. n 1 Z n b (x 0,, x n 1) x = x k b k = x n 1 x 0 b N. If b = 2, b =. Any function expessible by Boolean functions. Logical gates = elementary Boolean functions. Basis for computation = complete set of gates. Eg. {NOT, OR, AND} complete but redundante; {NOT, OR}, {NOT, AND}, {AND, XOR} complete and minimale. k=0

Example: addition with carry Example x = x 1 x 0, y = y 1 y 0. z = x + y = z 2 z 1 z 0 within basis B = {XOR, AND} = {, }. x 1 x 0 y 1 y 0 z 2 z 1 z 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 1 0 0 0 0 1 0 1 1 0 0 0 1 1 0 0 0 1 0 0 1 0 1 0 1 0 1 0 1 0 0 1 0 1 1 1 1 0 1 1 0 0 0 0 1 0 0 1 0 0 1 1 0 0 1 1 1 0 1 0 1 0 0 1 1 1 0 1 0 1 0 0 1 1 0 1 1 0 1 1 1 1 0 0 1 0 1 1 1 0 1 1 1 1 1 1 1 0 z 0 = x 0 y 0 z 1 = (x 0 y 0) (x 1 y 1) z 2 = (x 1 y 1) [(x 1 y 1) (x 0 y 0)]

Quantum operations In quantum mechanics: 2 types of transformations: isolated evolution (unitary hence invertible), measurement (projective hence non-invertible). Non-degenerate mesurement projects onto 1-dimensional Hilbert space. Quantum phenomena manifest themselves starting at dimension 2. Once a measurement performed, quantum system becomes classical. Conclusion: quantum computer must compute all time with invertible gates (unitaries); at the end of the computation perform measurement (that reveals the result). Consequence: no knowledge of intermediate resutls; special care for halting condition.

A reversible gate Fredkin 1982 Input Output a b c a b c 0 0 0 0 0 0 0 0 1 0 0 1 0 1 0 0 1 0 0 1 1 1 0 1 1 0 0 1 0 0 1 0 1 0 1 1 1 1 0 1 1 0 1 1 1 1 1 1 { c a = a, b = b if c = 0 = c et a = b, b = a otherwise. Fredkin s gate equivalent to (0, x, y) (x y, x y, y) (1, x, y) (x y, x y, y). hence universal since it can simulate AND and NOT.

Reversible gates Implement arbitrary Boolean functions Arbitrary Boolean function F : B m B n can be extended into F : B m+n B m+n, defined by F (x, y) = (x, y F (x)), where is bitwise addition modulo 2. F is a permutation: F 2 (x, y) = F (x, y F (x)) = (x, y F (x) F (x)) = (x, y). F (x, 0) = (x, F (x)). Permutation 2-bit gates not enough to implement F. But B = {NOT, Λ } where Λ : B 3 B 3 the Toffoli gate, defined by Λ (x, y, z) = (x, y, z (x y)), is a basis. Notice that Λ (Lambda) is different from (conjunction).

Quantum logical gates Fundamental requirements Classically: Bits: elements of B = {0, 1}. Base: complete family B of logical gates acting on small number of bits, eg. B = {XOR, NOT}. Logical circuit: allows computation of any Boolean function f : B n B n, n arbitrary. Quantically: Qubits: unit vectors of B = H = C 2. Base: complete family B of unitary operators acting on small number of qubits. Logical circuit: allows computation of any unitary operator U : H n H n, n arbitrary.

Standard quantum logical gates Controlled and multiply controlled gates Definition With every unitary U : H n H n, are associated a family of unitary operators C k (U) : H k H n H H n, k 1 defined for ξ H n by C k (U) b 1 b k ξ = { b1 b k ξ if b 1 b k = 0 b 1 b k U ξ if b 1 b k = 1 Example σ 1 = ( 0 1 1 0 ) unitary. : B B the bit-flip operation 0 = 1, 1 = 0 (corresponds to classical gate NOT). σ 1 b = b, C 2 (σ 1 ) = ˆΛ.

Standard quantum logical gates Hadamard and phase gates Definition ( ) Hadamard gate: H = 1 1 1 2. 1 1 ( ) 1 0 Phase gate: Φ(φ) =. 0 exp(iφ) ( ) 1 0 Enough to consider K = Φ(π/2) = for the phase gate. 0 i Definition Basis B = {H, K, K 1, C(σ 1 ), C 2 (σ 1 )} is termed the standard basis.

Shor s algorithm (1994) Integer factoring Algorithm allowing factoring of a large integer n, with N = log n, in polynomial time temps in N. Decomposed into sub-routines: quantum Fourier transform, quantum phase estimation, quantum order finding, factoring.

Quantum Fourier transform (QFT) Generalisation of the discrete Fourier transform (DFT) N fixed > 0 integer. x : R C signal sampled at instants {0,..., N 1} becomes vector x = (x 0,..., x N 1 ) C N. Definition Discrete Fourier transform C N x = (x 0,..., x N 1 ) F(x) = y := (y 0,..., y N 1 ) C N, where y j = 1 N 1 N k=0 x k exp(2πik j N ), j {0,..., N 1}. By analogy: quantum Fourier transform on H N = C N : H N = C N j F j = 1 N 1 exp(2πik j N N ) k H N. k=0 For i = 0,..., N 1, abridge unit vector e i into i.

Quantum Fourier transform (QFT) Unitarity Recall Theorem F is unitary. F j = 1 N 1 exp(2πik j ) k. N N k=0 Proof. j F Fj = 1 N = 1 N N 1 k,l=0 N 1 k,l=0 exp( 2πik j N ) exp(2πil j N ) k l exp( 2πik (j j) N ) = δ jj.

Quantum Fourier transform N = 2 n, H = C 2, H = n 1 k=0 H. Basis vector j H, indexed by integer j = 0,..., 2 n 1. Identify {0,..., 2 n 1} j j = (j 1,... j n ) B n : j = j 1 2 n 1 +... + j n 2 0 = 2 n ( j 1 2 1 +... + j n 2 n ) = 2 n 0.j 1 j n 2 = j 1 j n 2 = j 2. j = j 1 j n F 1 2 n 1 exp(2πij k 2 n/2 2 n ) k = 1 2 n/2 = 1 2 n/2 n l=1 k=0 exp(2πij 0.k 1 k n 2 ) k 1 k n (k 1 k n) B n ( 0 + exp(2πij/2 l ) 1 ) = 1 2 n/2 [ 0 + exp(2πij/2) 1 ] [ 0 + exp(2πij/2n ) 1 ].

Quantum Fourier transform Logical circuit H Φ 2 H Φ 2 Φ 3 j 1 j 2 j 3 Φ n 2 ψ j Φ n 3... Φ n 2... Φ n 1 Φ n 1 Φ n.... j n 2 H Φ 2 j n 1 j n Theorem ψ j = F j. F implemented by reverting the circuit (reading from left to right).

Quantum phase estimation Statement of the problem Definition U : H n H n unitary, u H n eigenvector of U (assumed known by some other source of information). Phase estimation: estimation of φ u [0, 1] s.t. U u = exp(2πiφ u ) u. Assume we have black boxes U 2j, j = 0,..., t 1 and eigenvector u. Immédiat to construct controlled gates C(U 2j ).

Quantum phase estimation Quantum circuit H H 0 0 ˆφ u F. H H 0 0... u U 2t 1.... U 21. U 20. u D C B A

Quantum phase estimation Functioning principle of the quantum circuit Content of registers ψ u H t H n defore action of the operator F : ψ u = 1 2 [ 0 + t/2 exp(2πi2t 1 φ u) 1 ] [ 0 + exp(2πi2 0 φ u) 1 ] u = 1 exp(2πiφ u k 2 t/2 t1 k 0 ) k t 1 k 0 u k 0 k t 1 B t F on 1 φ u. Theorem = 1 2 t 1 exp(2πiφ uk) k u. 2 t/2 2 t/2 2 t 1 k=0 k=0 exp(2πiφ uk) k : good rational approximation b/2 t of For every ε > 0, there exists integer p = p(ε) > 0 s.t. t = n + p P F ψ( b 2 t φ u < 1 2 n ) 1 ε.

Quantum phase estimation Algorithm Algorithm Require: Black boxes C(U 2j ), eigenvector u o U, precision level ε, t = n + log(2 + 1 2ε qubits initialised at 0. Ensure: Estimation of φ u precise up to t bits. Initialise 0 t u. Act as in figure. Apply F on register of t first qubits to obtain φ u. Measure register of t first qubits to obtain estimation φ u.

Order finding Definition x, N fixed > 1 integer verifying pgcd(x, N) = 1. Order: ord(x, N) = inf{r > 0 : x r = 1 mod N}. Example (ord(x = 5, N = 7) = 6) r 1 2 3 4 5 6 5 r 5 25 125 625 3125 15625 5 r mod 7 5 4 2 6 3 1 Order finding, conjectured to be algorithmically hard. If L = log N, no known classical algorithm solving the problem in polynomial time in L. Define unitary U y = xy mod N. For y B L, N y 2 L 1, xy on 0 y N 1. mod N = y U acts non trivially solely

Order finding Principle of the algorithm Lemma Let r := ord(x, N) N. For s = 0,..., r 1, U u s = exp(2πi s r ) u s, where u s = 1 r r 1 k=0 exp( 2πik s r ) x k mod N. Problem: vector u s needed in previous lemma is an eigenvector of U but its construction presupposes knowledge of r.

Order finding Essential technical lemma Lemma 1 r 1 u s = 1. r s=0 Instead of initialising circuit with u s, initialise with 1.

Order finding Continued fraction expansion Associate with every α R + sequence o (a 0 ; a 1, a 2, ) α = [a 0 ; a 1, a 2, a 3,...] = a 0 + 1 a 1 + 1 1 a 2 + a 3 +. 1... If α Q +, then α = [a 0 ; a 1..., a M ]. If α (R + \ Q), ithen α = [a 0 ; a 1, a 2, a 3,...], with a i > 0 for all i 1.

Continued fraction expansion If α = [a 0 ; a 1, a 2,...], then truncated (at order m) expansion [a 0 ; a 1..., a m ] is a rational approximation of α. [a 0 ; a 1..., a m ] = p m(α) q m (α), p m = a m p m 1 + p m 2 and q m = a m q m 1 + q m 2, m 1, and p 0 = a 0, q 0 = 1, p 1 = 1, and q 1 = 0. Lemma let α m = [a 0 ; a 1..., a m ] = p m /q m the sequence of principal convergents. 1 α 0 α 2m α 2m+2... α... α 2m+1 α 2m 1... α 1 and p lim m α m := lim m(α) m q = α. m(α) 2 Let p q be an irreducible fraction with q > 0. If α p q 1 2q 2 then exists an M s.t. α pm q m 1 2q 2 m for m N >.

Order finding Continued fraction expansion routine Algorithm Continued fraction expansion (CFE) Require: real α > 0, integer M > 0. Ensure: a 0,..., a M with a i > 0 for 1 i M. Initialise m 0. repeat a m α. β {α}. m m + 1. if β 0 then α 1 β else α = 0 end if until m > M.

Order finding Main programme Algorithm Order finding algorithm (OFA) Require: Integer N with L bits, x comprime with N, precision threshold ε, t = L + log 2 ε qubits initialised at 0, L qubits initialised at 1, implementation of unitary U N,x : H t H L H t H L, CFE algorithm. Ensure: ord(x, N) with probability 1 ε within O(L 3 ) steps. Act as in figure to get state ψ D. Measure in state ψ D to get L-bit approximation θ of the phase. a := [a 0; a 1,..., a n] CFE(θ). s r pn(a) qn(a). if x r mod N = 1 then return r else The algorithm fails. end if

Achievement of order finding algorithm Theorem Let r be the value returned by the OFA. Then P(r is the correct order ) 1 4.

Factoring Shor s algorithm Algorithm Require: Integer N of L bits, x coprime with N, precision level ε, t = 2L + 1 + log(2 + 1 2ε qubits initialised at 0, U N,x : H t H L H t H L unitary, FractionContinue. Ensure: ord(x, N) with probability 1 ε in O(L 3 ) steps. Let H t I L act on 0 1 H t H L. Act as in figure. Apply F on register of t first qubits to obtain φ u. Measure register of t first qubits to obtain estimation φ u.

Factoring Idea of the algorithm Theorem Suppose N is an L-bit composite integer and x a non-trivial a solution to the equation x 2 = 1 mod N for 1 x N. Then at least one of gcd(x 1, N), gcd(x + 1, N) is a non-trivial factor of N. a i.e. neither x = 1 mod N nor x = (N 1) mod N = 1 mod N. Theorem Suppose N = p α1 1 pαm m and x an integer randomly chosen in 1 x N 1 that is coprime with N. Let r = ord(x, N). Then P(r is even and x r/2 = 1 mod N) 1 1 2 m. Combine two theorems to give algorithm returning with high probability a non-trivial factor of N. All steps can be performed efficiently on a classical computer except the order finding.

Shor s algorithm Scalability arguments Resource scaling O(L 3 ) provided flawless functioning of quantum gates. To factor an L-bit integer N with error corrections 5L + 1 qubits, 72L 3 quantum gates. A simple numerical application: L = 4: 21 qubits, 4608 gates, L = 100: 501 qubits, 7.2 10 7 gates, L = 4096: 20481 qubits, 4.95 10 12 gates.

Shor s algorithm Achievements Shor s algorithm: Optimisation: 15 = 3 5 (k = 4). Factored by using 7 qubits. 21 = 3 7 (k = 5). Factored by using 10 qubits. 143 = 11 13 (with 4 qubits) and 56153 = 233 241 (with 4 qubits). Foreseen not yet implemented factoring of 291311 = 523 557 with 6 qubits.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback