Shor s Quantum Factorization Algorithm

Similar documents
Shor s Prime Factorization Algorithm

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Factoring on a Quantum Computer

Shor Factorization Algorithm

Some Introductory Notes on Quantum Computing

Shor s Algorithm. Elisa Bäumer, Jan-Grimo Sobez, Stefan Tessarini May 15, 2015

Basic elements of number theory

Basic elements of number theory

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Number Theory and Group Theoryfor Public-Key Cryptography

CPSC 467: Cryptography and Computer Security

Introduction to Quantum Information Processing QIC 710 / CS 768 / PH 767 / CO 681 / AM 871

Introduction to Quantum Information Processing CS 467 / CS 667 Phys 667 / Phys 767 C&O 481 / C&O 681

A. Algebra and Number Theory

Shor s Algorithm. Polynomial-time Prime Factorization with Quantum Computing. Sourabh Kulkarni October 13th, 2017

Numbers. Çetin Kaya Koç Winter / 18

Number Theory A focused introduction

Number Theory. Modular Arithmetic

Quantum algorithms for computing short discrete logarithms and factoring RSA integers

Introduction to Quantum Computing

Theoretical Cryptography, Lecture 13

Lecture note 8: Quantum Algorithms

QFT, Period Finding & Shor s Algorithm

Introduction to Quantum Information Processing QIC 710 / CS 768 / PH 767 / CO 681 / AM 871

Mathematics for Cryptography

[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

3 The fundamentals: Algorithms, the integers, and matrices

CPSC 467b: Cryptography and Computer Security

Lecture 4: Number theory

Richard Cleve David R. Cheriton School of Computer Science Institute for Quantum Computing University of Waterloo

Topics in Cryptography. Lecture 5: Basic Number Theory

2 A Fourier Transform for Bivariate Functions

Public Key Cryptography

CPSC 467b: Cryptography and Computer Security

Quantum Computing. 6. Quantum Computer Architecture 7. Quantum Computers and Complexity

. Here we are using the standard inner-product over C k to define orthogonality. Recall that the inner-product of two vectors φ = i α i.

Discrete Mathematics GCD, LCM, RSA Algorithm

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Public-key Cryptography: Theory and Practice

Chapter 8. Introduction to Number Theory

Quantum Mechanics- I Prof. Dr. S. Lakshmi Bala Department of Physics Indian Institute of Technology, Madras

Ma/CS 6a Class 4: Primality Testing

Quantum Computation 650 Spring 2009 Lectures The World of Quantum Information. Quantum Information: fundamental principles

Commutative Rings and Fields

Mathematics of Cryptography

Factoring. there exists some 1 i < j l such that x i x j (mod p). (1) p gcd(x i x j, n).

Lecture 3: Hilbert spaces, tensor products

4 Number Theory and Cryptography

Lecture 14: Hardness Assumptions

Chapter 5. Modular arithmetic. 5.1 The modular ring

Figure 1: Circuit for Simon s Algorithm. The above circuit corresponds to the following sequence of transformations.

Unitary evolution: this axiom governs how the state of the quantum system evolves in time.

CSCI 2570 Introduction to Nanocomputing. Discrete Quantum Computation

a the relation arb is defined if and only if = 2 k, k

Classical RSA algorithm

CSC 474 Information Systems Security

Number Theory Proof Portfolio

Discrete Mathematics with Applications MATH236

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Dixon s Factorization method

Quantum Computation. Alessandra Di Pierro Computational models (Circuits, QTM) Algorithms (QFT, Quantum search)

Introduction to Quantum Computing

Beautiful Mathematics

Know the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.

COMP424 Computer Security

Public Key Encryption

download instant at

Lecture 6: Introducing Complexity

5 Group theory. 5.1 Binary operations

Ph 219b/CS 219b. Exercises Due: Wednesday 20 November 2013

A Parallel Processing Algorithms for Solving Factorization and Knapsack Problems

CS257 Discrete Quantum Computation

Phase estimation. p. 1/24

Lecture 1: Introduction to Public key cryptography

Short Course in Quantum Information Lecture 5

CSC 5930/9010 Modern Cryptography: Number Theory

Quantum Computing. Thorsten Altenkirch

Solutions to Practice Final 3

Quantum Computing Lecture Notes, Extra Chapter. Hidden Subgroup Problem

Exercises Exercises. 2. Determine whether each of these integers is prime. a) 21. b) 29. c) 71. d) 97. e) 111. f) 143. a) 19. b) 27. c) 93.

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Quantum Computer Simulation Using CUDA (Quantum Fourier Transform Algorithm)

A Few Primality Testing Algorithms

Mathematical Foundations of Public-Key Cryptography

Factoring integers with a quantum computer

COMS W4995 Introduction to Cryptography September 29, Lecture 8: Number Theory

6.080/6.089 GITCS May 13, Lecture 24

Q: How can quantum computers break ecryption?

Lecture 8: Finite fields

CPSC 467: Cryptography and Computer Security

COMPUTER ARITHMETIC. 13/05/2010 cryptography - math background pp. 1 / 162

Applied Cryptography and Computer Security CSE 664 Spring 2018

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

Applied Cryptography and Computer Security CSE 664 Spring 2017

CSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Math Circles Cryptography

A polytime proof of correctness of the Rabin-Miller algorithm from Fermat s Little Theorem

Homework #2 solutions Due: June 15, 2012

Transcription:

Shor s Quantum Factorization Algorithm Tayeb Aïssiou Department of Mathematics and Statistics McGill University, Montreal, Quebec Canada H3A K6 e-mail: tayeb.aissiou@mail.mcgill.ca November, 5 Abstract In this paper, I will show Shor s [] analysis to find the period of a periodic function using quantum computers. Finding the period of the function: f(x = a x Mod(N where a is any integer relativly prime to the composed integer N, can lead us to factorize N. The use of Quantum Fourier Transform (QFT is essential to extract the period. The algorithm does the factorization in a very elegant way. Introduction The factorization of an integer is a big challenge that kept busy many mathematicians and computer scientists. There exists an algebraic algorithm that reduces the task of factorizing an integer to a period-finding. We have also a quantum algorithm developed by Shor that finds the period of any periodinc function fastly. This paper will explain both the algebraic and the quantum algorithms. The algebraic part uses some basic number theory topics that will be introduced briefly and the quantum part uses the Quantum Fourier Transform (QFT and its power to extract the period of any periodic function

Number Theory. Environnement.. Modular Arithmetic and Groups The ring Z/pZ that I will denote by Z p, where p is a prime number, is the set of numbers {,,,..., p } that satisfies some properties undersome operation []. Now, let me impose one more condition which is the fact that each element of the set has its inverse in the set: { x Z p, x Z p such that x x = (mod p}. The ring Z p becomes the group Z p which is the set {,,..., p }. The cardinality of this group is p. For the general case, the ring Z n where n is a composed integer contains n elements, but the group Z n doesn t contain n elements. For exemple, the group Z 6 contains only two elements: {, 5} because the elements {, 3, 4} of the ring Z 6 don t have an inverse under multiplication. Something interesting about the group Z p is the following equality: a p p a a p = (mod p where a Z and p a This last equation is knows as Fermat Little Theorem proved in most Abstract Algebra texts []... Euler phi (φ function Fermat Little Theorem works for the groups Z p where p is a prime number. How about the group Z n for a composed integer n? The answer was given by Euler when he defined the φ function. The Euler φ function is a function when applied on any integer n it returns the number of elements relativly prime to n. In other words the Euler φ function gives us the cardinality of the group Z n. Given this Euler φ function, there exists an equivalent theorem to Fermat Little Theorem known as Euler-Fermat Theorem that uses the Euler φ function and gives us the following equation: where a Z and gcd(a, n = a φ(n = (mod N, Here are some properties of the Euler φ funtion[]: φ(p = p φ(p α = p α p α

φ(p q = φ(p φ(q = (p (q where p and q are primes for a general n = p α p α... p αs s we have: φ(n = φ(p α p α... p αs s = φ(p α φ(p α... φ(p αs s..3 The Greatest Commun Divisor (GCD There exists a fast algorithm that calculates the Greatest Commun Divisor of the two integers a and b known as the Euclidean algorithm[]. This is an example of how to comupute gcd(356, : 356 = 3 + 56 = 56 + 44 56 = 44 + 44 = 3 + 8 = 8 + 4 The gcd(356, is 4 8 = 4 +. Application for factoring an integer It is finally the time to stick togather all these amazing topics in mathematics to get something useful. Let n be the integer we want to factorize. Assume n = p q where p and q are two very large primes and assume we have a magic box that gives us the φ function of that integer n. n MAGIC BOX φ(n Let a be a random integer relatively prime to n, according to Euler-Fermat Theorem we have: a φ(n = mod(n Now we have to assume that: a φ(n = mod(n (a φ(n/ + (a φ(n/ = mod(n (a φ(n/ mod(n and (a φ(n/ + mod(n 3

Otherwise, we must choose another random integer a relativly prime to n. Because none of (a φ(n/ and (a φ(n/ + is mod(n therefore: gcd(a φ(n/, n = p gcd(a φ(n/ +, n = q where p and q are the factors of n. In RSA cryptography system, we use integers that are product of two large primes because they are harder to factorize than integers composed of three or more big primes. Thus, this algorithm factorizes easily any integer n which is the product of two primes. The big advantage of this algebraic algorithm is the reduction of the factoring problem to the problem of order-finding. Actually, to factorize an integer n, we don t necessairly need φ(n; the only thing we need is the smallest even r such that a r = mod (n. Then, we factorize the equation a r = mod (n. The factors of n will be given by calculating the greatest common divisorof each factor of the following expression (a r/ (a r/ + = mod (n with n. 3 Quantum information In this part, I will explain the mechanism of the magic box used above to find the period of the function. This magic box is actually a quantum computer. Quantum computers are much more powerful than classical computers because they use quantum laws of physics instead of classical laws. Quantum computers exploit two features of quantum mechanics: superposition and parallelism. The following sections will shine some light on the mathematical aspect of quantum computers. 3. Formalism and linear algebra 3.. Definitions 3... Bits and Qubits Classically, computers use what we call bits to store data. A classical bit is a state of a classical system that might be represented by and. For integers, we convert them from base into base, the string of bits that represents the decimal 9 is:. 4

In the otherhand, a Qubit is a quantum system whose state lies in a two dimensional Hilbert Space H. In other words, a qubit is a vector in a two dimentional Hilbert space. 3... Hilbert Space A two dimensional Hilbert space is a two( dimensional vector ( space over C spanned by the orthonormal basis = and = with a complex valued inner product. 3...3 Bra c ket notation (Dirac notation The elements of the Hilbert space are presented by either bras or kets. Bras define elements that are( expressed as a column vector and kets define the row a vectors. The ket ψ = and the bra ψ = (a b, b where a is the complex conjugate of a. The inner product is defined ψ ψ = (a, b = ( a b ( ( a a ab a + b and the outer product ψ ψ = (a b, b =. ba b A quantum state ψ is a linear combination of the kets and : ψ = a + b In other words, the general quantum state ψ is the superposition of the pure states and. The coefficients a and b are complex numbers such that a + b =. This last condition is a the normalisation condition because we need the thing that might be a particle for example to be somewhere in space, thus the inner product: ( a ψ ψ = (a, b = a + b = b When we take a measurement on the quantum state of the particle ψ we can observe the state with probability a and the pure state with probability b, but only one of the states shows up at the time 3...4 Operators One can define a linear operator on a ket space H as a homomorphism 5

of H into H. For our purpose, we assume all operators O in H n to be n n invertible matrices. One nice property that links the ket space to bra space is: (O ψ = ψ O An interesting operator used a lot in computer science is known as Hadamard operator (Hadamard Quantum Gate. Hadamard gate in H n is the n ( n n matrix H = n. Notice that H = I. - Applying a Hadamard operator on a pure qubit expands this pure qubit which might be a system of n particles into a superposition with equal probability of all the n pure qubits formed by these n particles. Here is an example that shows the task of the Hadamrd gate. Let the pure qubit = H 4 = (H H = 4 = 4 = - - - - - - 4 ( - + 4 ( - = 4 4 = 4 4 + 4 4 - - 6

3.. Tensor product ( ( a a b b Given two matrices A = and B =, their tensor a 3 a 4 b 3 b ( 4 a B a B product written A B is the following 4 4 matrix a 3 B a 4 B A B = a ( b b b 3 b 4 a 3 ( b b b 3 b 4 a ( b b b 3 b 4 a 4 ( b b b 3 b 4 As an example, given the vector a = a b a b a b a b a = b 3 a b 4 a b 3 a b 4 a 3 b a 3 b a 4 b a 4 b a 3 b 3 a 3 b 4 a 4 b 3 a 4 b 4 ( ( and the vector b =, one can calculate the tensor product a b = and find the following vector 3..3 n-qubit system In the Dirac notation, the pure state is the state of one particle or thing. It can represent, for example, the spin up of an electron or the vertical polarization of light...etc. How about two particles? Given two particles that can both of them be in the state or the state, I will have 4 degrees of freedom,,,,. This implies that my vector space is a 4-dimensional Hilbert space: H 4 = H H = H. We have the two systems of one particle that become one system of two particles, i.e.: = = ( ( = = The 4-dimensional Hilbert space is spanned by the pure states (vectors: =, =, = and = 7

For the n -dimensional Hilbert space H n, its span would be the unit vectors:,,,...,..... 3. Quantum computer vs. classical computer Classical computers use bits to strore data. A string of n bits can store at most n informations; but n qubits can store up to n informations. The n-qubits system is a system in the superposition of the n different pure quantum states made of these n-qubits. For examples the system of 3-qubits φ is a vector with 8 complex valued entries: φ = a +a +a +a 3 +a 4 +a 5 +a 6 +a 7 φ = a + a + a + a 3 3 + a 4 4 + a 5 5 + a 6 6 + a 7 7 So the 3-qubits system can give us up to 8 informations. The most interesting thing about qubits is the fact that it is impossible according to quantum mechanics to know the 8 informations. The only thing we can do with these qubits is to manipulate them and extract some kinds of informations such as the period. 3.3 Fourier Transforms In the Shor s algorithm, the use of QFT (Quantum Fourier Transform is essential. What is a QFT? Quantum Fourier Transform is a Discrete Fourier Transform applied on qubits. For a n-qubits system we can apply the QFT on any pure qubit x : x QF T n xy e n y n y= Let N = n, x QF T N N y= xy e N y 8

Discrete Fourier transform maps uniform periodic states with period r, to a periodic states with period N. I will give an example to make clear the r previous affirmation. Consider f(x = Z 6 Z 6 Where Z 6 is the ring with elements {,,, 3, 4, 5} and R is the set of real numbers. Applying the Discrete Fourier Transform on f(x will give us these equations: f( e 6 f(+e 6 f(+e 6 f 3 (+e 6 f(3+e 4 6 f(4+e 5 6 f(5 f( e 6 f(+e 6 f(+e 6 f 3 (+e 6 f(3+e 4 6 f(4+e 5 6 f(5 f( e 6 f(+e 6 f(+e 6 f 3 (+e 6 f(3+e 4 6 f(4+e 5 6 f(5 3 f(3 e 6 f(+e 3 6 f(+e 3 6 f 3 3 (+e 6 f(3+e 3 4 6 f(4+e 3 5 6 f(5 4 f(4 e 6 f(+e 4 6 f(+e 4 6 f 4 3 (+e 6 f(3+e 4 4 6 f(4+e 4 5 6 f(5 5 f(5 e 6 f(+e 5 6 f(+e 5 6 f 5 3 (+e 6 f(3+e 5 4 6 f(4+e 5 5 6 f(5 If we assume the function f(x to be periodic with period, i.e., f( = f( = f(4 and f( = f(3 = f(5, the previous equations become: f( 3 f( + 3 f( f( f( + f( f( f( + f( f(3 3 f( 3 f( f(4 f( + f( f(5 f( + f( For a periodic function with period 3, i.e., f( = f(3, f( = f(4 and f( = f(5 the final output becomes: f( f( + f( + f( f( f( + f( + f( f( f( + e 3 f( + e 4πi 3 f( f(3 f( + f( + f( 9

f(4 f( + e 4πi 3 f( + e 3 f( f(5 f( + f( + f( As we can see in the previous sets of equations, for a periodic function of period, we have non-zero factors of probablity at f( = f( N = f( 6 r and f(3 = f( N = f( 6. Therefore the QFT extracts in some sens the r period of a periodic function. Discrete Fourier Transform transformation is a matrix: F ab = ab e N N 3.4 Shor s Analysis Given an integer N = pq we want to factorize, we let n = Log N be the number of qubits needed to store the integer N. We take two strings of n- qubits, the first string holds the value x S = {,,,..., n } in binary; the second string holds the value of f(x = a x mod(n in binary also. The two strings x and f(x have n-qubits each. The quantum parallelism is the property of distribution on matrices. Let A, B, B, B,..., B L be m m matrices: L A B k = k= L AB k k= For our purpose, A can be any operator or function f : S S and B x are x such that x S. I apply the Hadamed gate on N to obtain: N H n ψ = n k n i.e. a an equal probability superposition of all the pure states. After that, I use the quantum parallelism to calculate f(x for each x. I will introduce this notation x, f(x instead of x f(x. Thus my quantum system ψ will be: k= ψ U f(x ψ = n k, f(k n I take a measurement on the second qubit f(x, I will get some value y. k=

Quantum mechanics says that the first quantum system has to collapse into a superposition of all values of x such that f(x = y. Let K = N r where N is my integer I want to factorize and r the order of the periodic function f(x = a x mod(n, gcd(a, N =. After taking a measurement of the second string the last sum ψ becomes: ψ measure ψ 3 = K x + kr, y K where x < r. Let me keep the first string only, so that my superposition ψ 3 becomes: ψ 3 ψ 4 = K x + kr K At this moment, the QFT comes into play. Remember that the QFT does the following transformation x QF T n xy n y= e n y. When we apply it to ψ 4 we get: ψ 4 QF T ψ 5 = r e x l N r l r r We are almost done, all we have to do now is to take a measurement on the quantum system ψ 5 ; assume we get c as a value: l= k= k= c = l N r c N = l r for some < l < r. All we need is having gcd(l, r = so that we simpify the fraction c and read the value of the period r in the denominator. Otherwise, N we repeat the process again, take another measurement and get a new value of c that gives us l relatively prime to r. 4 Example Here is an example of how to factorize an integer. I would like to factorize the integer N = 57. Î choose a = randomly and I use the magic box to have the value of r = 6. I apply the algebraic algorithm a r = 6 = (a r/ (a r/ + = ( 3 ( 3 + = (a r/, (a r/ + mod N ( 3, ( 3 + mod 57

gcd((a r/ mod N, N = p gcd(( 3 mod 57, 57 = 9 gcd((a r/ + mod N, N = q gcd(( 3 + mod 57, 57 = 3 Finanlly we have our factors of N = 57 that are 3 and 9 Conclusion In this report, I present Shor s Quantum Factorization Algorithm. This very powerful algorithm, uses the laws of quantum mechanics and some topics of algebraic number theory. This quantum algorithm factorizes integers in a polynomial time []. The use of Quantum Fourier Transforms is crutial to get the period of the function f(x = a x mod(n.shor s algorithm destroys nicely the RSA cryptosystem. Unfortunately, we must build quantum computers to be able to use this algorithm, but many scientists work hardly on the question. Acknowledgements I have been studying this algorithm the whole summer 5. During the last four months, I studied and understood many theories related to quantum mechanics or algebraic number theory. Most of what I have learned is not presented in this report and I owe all what I have done to professor Henri Darmon the coordinator of this project who supported me and helped me during this last year. I would like to thank also my collegues and friends, they supported me a lot: Anne-Sophie Charest, Mathieu Guay-Paquet, Ilya Hekimi, Louis-Francois Preville-Ratelle and Mireille Schnitzer. My friends also Frédéric Caron and Leonid Chindelevitch. This experience thought me the way we do research and the art of proving theorems, unfortunately I wasn t able to prove by myself all the theorems I met during my project but I learned many tricks that might very useful in future. References [] Thomas W. Hungerford, Abstract Algebra [] P.W. Shor, Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer, 994

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback