Circuits for Shor Factorization

Similar documents
Unitary Dynamics and Quantum Circuits

Shor Factorization Algorithm

Stochastic Quantum Dynamics I. Born Rule

Quantum Error Correction

arxiv:quant-ph/ v3 21 Feb 2003

Quantum Information Types

Stochastic Processes

Lecture 1: Overview of quantum information

Quantum Computing: Foundations to Frontier Fall Lecture 3

Hardy s Paradox. Chapter Introduction

Singlet State Correlations

Checking Consistency. Chapter Introduction Support of a Consistent Family

LECTURE NOTES ON QUANTUM COMPUTATION. Cornell University, Physics , CS 483; Spring, 2005 c 2006, N. David Mermin

Seminar 1. Introduction to Quantum Computing

arxiv:quant-ph/ v3 11 Mar 2004

Quantum Mechanics- I Prof. Dr. S. Lakshmi Bala Department of Physics Indian Institute of Technology, Madras

Getting Started with Communications Engineering

Describing Quantum Circuits with Systolic Arrays

CSCI 2570 Introduction to Nanocomputing. Discrete Quantum Computation

Lecture 1: Introduction to Quantum Computing

Lecture 3: Superdense coding, quantum circuits, and partial measurements

Section 2.7 Solving Linear Inequalities

Finite Mathematics : A Business Approach

Quantum gate. Contents. Commonly used gates

Ordinary Differential Equations Prof. A. K. Nandakumaran Department of Mathematics Indian Institute of Science Bangalore

Quantum Algorithms. Andreas Klappenecker Texas A&M University. Lecture notes of a course given in Spring Preliminary draft.

Quantum Mechanics- I Prof. Dr. S. Lakshmi Bala Department of Physics Indian Institute of Technology, Madras

Lecture 22: Quantum computational complexity

Quantum Entanglement. Chapter Introduction. 8.2 Entangled Two-Particle States

Gates for Adiabatic Quantum Computing

Final Review Sheet. B = (1, 1 + 3x, 1 + x 2 ) then 2 + 3x + 6x 2

ROM-BASED COMPUTATION: QUANTUM VERSUS CLASSICAL

Talk by Johannes Vrana

Q: How can quantum computers break ecryption?

Compute the Fourier transform on the first register to get x {0,1} n x 0.

The goal differs from prime factorization. Prime factorization would initialize all divisors to be prime numbers instead of integers*

Basic counting techniques. Periklis A. Papakonstantinou Rutgers Business School

Quantum Mechanics-I Prof. Dr. S. Lakshmi Bala Department of Physics Indian Institute of Technology, Madras. Lecture - 21 Square-Integrable Functions

Ph 219b/CS 219b. Exercises Due: Wednesday 22 February 2006

Solving with Absolute Value

Lecture 4: Elementary Quantum Algorithms

1 Dirac Notation for Vector Spaces

Chapter 1 Review of Equations and Inequalities

arxiv: v2 [quant-ph] 1 Aug 2017

Quantum Carry-Save Arithmetic

arxiv:quant-ph/ v1 15 Jan 2006

Quantum algorithms (CO 781, Winter 2008) Prof. Andrew Childs, University of Waterloo LECTURE 1: Quantum circuits and the abelian QFT

Stochastic Histories. Chapter Introduction

Computation at a Distance

Introduction to Quantum Computing

Quantum Information & Quantum Computing

MAT2342 : Introduction to Applied Linear Algebra Mike Newman, fall Projections. introduction

Section 2.6 Solving Linear Inequalities

Discrete Mathematics and Probability Theory Summer 2014 James Cook Note 5

Quantum Arithmetic on Galois Fields

Uncertainty. Michael Peters December 27, 2013

1 Readings. 2 Unitary Operators. C/CS/Phys C191 Unitaries and Quantum Gates 9/22/09 Fall 2009 Lecture 8

Mathematics-I Prof. S.K. Ray Department of Mathematics and Statistics Indian Institute of Technology, Kanpur. Lecture 1 Real Numbers

Sums of Squares (FNS 195-S) Fall 2014

INTRODUCTORY NOTES ON QUANTUM COMPUTATION

Quantum Computing. Thorsten Altenkirch

Ph 219b/CS 219b. Exercises Due: Wednesday 20 November 2013

Incompatibility Paradoxes

arxiv:quant-ph/ v1 16 Nov 1995

Consistent Histories. Chapter Chain Operators and Weights

Bits. Chapter 1. Information can be learned through observation, experiment, or measurement.

Partial Fractions. June 27, In this section, we will learn to integrate another class of functions: the rational functions.

Lecture 19: The Determinant

Short introduction to Quantum Computing

Introduction to Algorithms

Discrete Mathematics and Probability Theory Fall 2018 Alistair Sinclair and Yun Song Note 6

The following are generally referred to as the laws or rules of exponents. x a x b = x a+b (5.1) 1 x b a (5.2) (x a ) b = x ab (5.

Quantum Error Correcting Codes and Quantum Cryptography. Peter Shor M.I.T. Cambridge, MA 02139

Quantum Cryptography

Quantum Mechanics - I Prof. Dr. S. Lakshmi Bala Department of Physics Indian Institute of Technology, Madras

with the ability to perform a restricted set of operations on quantum registers. These operations consist of state preparation, some unitary operation

Lecture 7: Quantum Fourier Transform over Z N

Communication Engineering Prof. Surendra Prasad Department of Electrical Engineering Indian Institute of Technology, Delhi

C/CS/Phy191 Problem Set 6 Solutions 3/23/05

C/CS/Phys 191 Quantum Gates and Universality 9/22/05 Fall 2005 Lecture 8. a b b d. w. Therefore, U preserves norms and angles (up to sign).

Lecture 6: Finite Fields

Shor s Prime Factorization Algorithm

EXAM 2 REVIEW DAVID SEAL

Introduction to Quantum Computing for Folks

Quantum Information & Quantum Computing

First, let's review classical factoring algorithm (again, we will factor N=15 but pick different number)

Q 2.0.2: If it s 5:30pm now, what time will it be in 4753 hours? Q 2.0.3: Today is Wednesday. What day of the week will it be in one year from today?

Introduction to Quantum Computing

How to use the simulator

Week 2: Defining Computation

AN ALGEBRA PRIMER WITH A VIEW TOWARD CURVES OVER FINITE FIELDS

Eigenvectors and Hermitian Operators

Physics 221A Fall 1996 Notes 14 Coupling of Angular Momenta

Log-mod-finding: A New Idea for Implementation of Shor's Algorithm

MITOCW ocw-18_02-f07-lec02_220k

arxiv:quant-ph/ v1 29 Jul 2004

15 Skepticism of quantum computing

Ph 219b/CS 219b. Exercises Due: Wednesday 21 November 2018 H = 1 ( ) 1 1. in quantum circuit notation, we denote the Hadamard gate as

Polynomials; Add/Subtract

The Integers. Peter J. Kahn

Transcription:

qitd521 Circuits for Shor Factorization Robert B. Griffiths Version of 22 March 2012 Contents 1 Introduction 1 2 Quantum Fourier Transform 2 3 Modular Exponentiation 5 1 Introduction ow can Shor s algorithm for factoring actually be realized? The first step in answering this question is to ask how the main quantum components, namely the F or modular exponentiation box and the Q or quantum Fourier transform box, can be represented in a quantum circuit involving relatively simple operations: one- two- and three-qubit gates. The final measurements, in this way of thinking about the problem, are only carried out after all the quantum unitary transformations have been completed. There is an alternative approach, measurementbased (or one-way) computation, in which measurement outcomes on parts of an initial entangled state are used to determine what other measurements should be carried out on another part, and so forth. This lies outside the purview of these notes (though there is a hint of it in our discussion of the Q circuit). Of course, designing circuits does not build a quantum computer, but it does give the engineers something to aim for. The Q box is fundamentally quantum mechanical in the sense that while it carries out an operation, the quantum Fourier transform, which has a classical analog, a discrete Fourier transform, it does it in a way which involves the quantum mysteries in a rather fundamental way: there is no genuinely analogous classical circuit. It is also relatively simple. The F box, on the other hand, has a simple classical analog: a reversible computation carried out on a collection bits using reversible (classical) gates, in such a way that extraneous information is cleaned up and not left around in the environment. Given the classical circuit, the quantum version is obtained by replacing every reversible classical gate with an obvious quantum counterpart that carries out a unitary operation. ence its design, apart from the requirements that all gates be reversible and all messes cleaned up before the day is done, requires no specifically quantum thinking. One wants an efficient algorithm using as few gates as possible, but an efficient quantum circuit corresponds to an efficient classical circuit, at least in a first approximation in which one supposes that all the gates are equally difficult. References: Quantum Fourier transform circuits are discussed in Sec. 5.1 of [1] and Secs. 3.5 and 3.6 of [2]. Replacing two-qubit gates with measurements: [3] and Sec. 3.6 of [2] A brief introduction to reversible classical computation will be found in Sec. 3.2.5 of [1] The following are serious discussions of quantum circuits for modular exponentiation: [4, 5, 6, 7] 1

2 Quantum Fourier Transform We want a circuit that will carry out the unitary operation Q = 1 M 1 M v=0 M 1 in the case in which M = 2 m is a power of 2, so Q is a unitary on m qubits. x=0 e 2πixv/M v x. (1) Let us start with m = 1, M = 2. The phase factor e 2πixv/M v x must be either 1 or 1, and a little thought, or guesswork, will show that in this case Q is nothing but the one-qubit adamard gate = 1 ( ) 1 1. (2) 2 1 1 Next consider m = 2. A direct calculation using (1) yields the results: ( ) ( ) 2Q 00 = 00 + 01 + 10 + 11 = 0 + 1 0 + 1 ( ) ( ) 2Q 01 = 00 + i 01 10 i 11 = 0 1 0 + i 1 ( ) ( ) 2Q 10 = 00 01 + 10 11 = 0 + 1 0 1 ( ) ( ) 2Q 11 = 00 i 01 10 + i 11 = 0 1 0 i 1 (3) Exercise. Work this out yourself starting with (1). it will give you some feel for the phase factors. Exercise. Since Q is unitary, the kets formed by applying it to an orthonormal basis will form an orthonormal basis. Check that this is so for at least some of the outcomes in (3) What is remarkable about (3) is that when Q applied to one of the standard basis x states, the result is a product state on the two output or v qubits. Furthermore, the phases which appear inside each of the factors making up the product have a fairly simple connection with the bits x 1 and x 2 ( x = x 1 x 2 = x 1 x 2 ). The phase appearing in front of 1 for the first v qubit is ( 1) x2, whereas that in front of 1 for the second v qubit is i x = i (2x1+x2). These simplicities generalize to arbitrary m. To see that this is so, use the fact that v = v 1 v 2...v m can be written as m v = v j 2 m j (4) in order to obtain the expression 2 m/2 Q x = = 1 v 1=0 v 2=0 2 m 1 v=0 1 e 2πixv/2m v 1 v m=0 ( 1 ) = e πixv1 v 1 = v 1=0 j=1 j=1 )( (e πixv1 e πixv2/2) ( e πixvm/2m 1) v 1 v 2 v m ( 1 v 2=0 ) ( 1 e πixv2/2 v 2 j=1 v m=0 ) e πixvm/2m 1 v m m ( ) m 0 + e iφj(x) 1 = 2 m/2 φ j (x) (5) 2

where the phases are given by the formula φ j (x) = 2πx/2 j. (6) and we use the notation 2 φ := 0 + e iφ 1 (7) for an equatorial ket: in the polar coordinates of a Bloch sphere this corresponds to (θ = π/2, φ). Exercise. Check the algebra Exercise. Check that the right side of (5) along with (6) agree with the previous result in the case m = 2. Of course x as well as v can be written in binary form, see (4), and this will help us evaluate the phase factors φ j (x). Thus, for example, φ 1 (x) = π ( x 1 2 m 1 + x 2 2 m 2 + x m ), (8) where each x j is 0 or 1. But since we are only interested in the complex exponential e iφ1(x), it does not matter if we add to it arbitrary multiples of 2π. Thus we can throw away all the terms in (7) except for the last, and set φ 1 (x) equal to πx m. Using similar considerations we conclude that φ 2 (x) can be set equal to (π/2)x m + πx m 1, and in general (6) can be replaced with Exercise. Check it. φ j (x) = j (2 1 k π)x m+k j. (9) k=1 To summarize: the unitary Q acting on a state x in the standard basis yields a product state (5), where each v qubit is assigned an equatorial ket with a phase φ which depends on x in the manner indicated in (9). Thus a circuit to carry out Q will need to flip each of the x qubits, thought of as aligned along the ±z axis of the Bloch sphere, into the equatorial plane, and then adjust its direction in this plane by assigning a suitable phase. The flipping operation can be carried out by means of a adamard gate (though this is not the only possibility), whereas the phase will depend upon the other qubits. For the m = 2 case with Q given explictly in (3), a little guesswork shows that the following circuit will carry out the task: x 1 x 2 π/2 v 2 v 1 (10) Notice that the order of the qubits has been reversed on the right side, so that the v 2 qubit lies above the v 1 qubit, in contrast to x 1 above x 2 on the left. The order could be changed back again by adding additional elements to the circuit, but that would make it more complicated. The two-qubit gate in (10) is an example of a controlled phase gate CP(φ), defined for a general phase φ by: 00 00, 01 10 φ (11) 10 10, 11 e iφ 11 Thus in the standard basis, CP(φ) is 1 except if both qubits are in the 1 state, in which case it multiplies 11 by e iφ. In the customary representation of controlled gates one could place the box containing φ over either of the qubits, using the other as the control. Placing it between the two, as in (11), emphasizes the symmetrical role of each qubit. 3

The action of the circuit (10) can be understood in the following way. The first adamard, on the left, transforms 2 x 1 into 0 +( 1) x1 1. If x 2 = 0 the CP gate leaves this unchanged; if x 2 = 1 it produces a further phase shift to yield 0 + i( 1) x1 1, which is now the state of the second v qubit; don t forget that order of the v qubits is opposite to that of the x qubits in this circuit. After the second x qubit has produced the required phase change, it is transformed by the last adamard into 0 + ( 1) x2 1, and becomes the first v qubit. Exercise. Check for yourself that (10) actually carries out the unitary Q in (3). ere is the circuit that carries out Q for m = 3: x 1 x 2 π/2 π/2 π/4 v 3 v 2 (12) x 3 v 1 Much of it looks like a rather natural generalization of the m = 2 case in (10). In particular at times earlier than that at which gates involving x 3 come into play the circuit for x 1 and x 2 is the same as before. owever, a new feature appears with the CP(π/4) gate connecting the x 1 and x 3 lines. Again, the v qubits are in the opposite order to the x qubits. From (12) one can make a pretty good guess as to what the circuit will look like for general m, and the following fable helps to describe it. Once upon a time there was a carefully regimented society in which the most significant (qu)bit x 1 was accustomed to giving orders to the second most significant (qu)bit x 2, who in turn told the x 3 what to do, and so forth. But then came the Q revolution in which everything changed. First, x 1 was flipped into the equatorial plane (). Next he had to suffer the added indignity of having his former underling x 2 adjust his phase. But then x 2 was also flipped into the equatorial plane, and had to let x 3 adjust his phase along with the phase of the demoted x 1. Then x 3 got flipped.... By the end of the revolution the hierarchy was completely reversed, with the most significant x 1 now the least significant v m, and the least significant x m transformed into the most significant v 1. The phase shifts which different qubits inflict on each other in this fable are equal to π/2 j, where j is the difference in rank. For large j these phase shifts are extremely small, and at least in certain algorithms, including Shor factoring, the smallest shifts can be omitted without this having much effect. See Exercise 5.6 in [1] If Q is followed by a measurement of each of the v qubits in the standard basis it is possible to employ a modified circuit in which there are no two-qubit gates, only measurements followed by one-qubit gates with phase shifts depending on the outcome of previous measurements. In physical realizations of quantum computers two-qubit gates are expected to be harder to carry out than one-qubit gates. For example, if the qubits are photons it is very hard to get them to interact with each other, as required to produce a two-qubit gate. By contrast, altering the phase or polarization of a single photon is easily carried out by passing it through a macroscopic device. A measurement circuit that does the equivalent of (12) if each v qubit is measured place a measurement device D at the right end of each of the horizontal lines in (12) is the following: x 1 v 3 x 2 π/2 v 2 (13) x 3 φ 1 v 1 4

The idea is that if qubit v 3 in (12) is measured, the measurement reveals a property which it possessed before the measurement took place: either [0] or [1] for this qubit. But if it had this value just before the measurement took place, it also had it just after the gate acted on the input qubit x 1, since there is nothing in the intervening circuit which could change this property. Thus the measurement can very well have been done earlier, as shown in (13), and the output of the measurement a classical signal or bit, 0 or 1, indicated by a dashed line used to control the gates that come later. The first of these is the CP(π/2), the same as in (12), but now either actuated or not depending on the classical signal that emerges from the prior measurement. Similarly, the x 2 qubit can be measured right after it passes through its gate, and the classical signal used to apply a CP(π/2) to the x 3 qubit. But since a CP(π/4) gate may need to be applied, depending on the value of v 3, one can imagine combining the classical signals from the first two measurements to determine the phase of the gate to be applied to qubit x 3, as indicated in a schematic way using the last vertical dashed line in (13), before it passes through the final gate. Exercise. One can think of a phase gate followed by followed by a standard measurement as, in effect, a measurement of the original qubit before it reached the phase gate, but in a basis that depends on the choice of phase for the phase gate. Discuss. 3 Modular Exponentiation In Shor s algorithm the modular exponentiation step is a unitary operator F acts on two systems A B. The argument (data) register A consists of m qubits and the function register B consists of n qubits, and the action of F is: ( ) F x y = 1 = x f(x) ; f(x) = a x mod N, (14) where a is an integer (e.g., a = 2) relatively prime to N, the number to be factored, n is the smallest integer such that 2 n > N, and m should be at least twice n, say m = 2n + 1. Integers x between 0 and 2 n 1 label the standard orthonormal basis of A, while y, between 0 and 2 m 1, labels the basis of B. We use the bit representations of x in the form x = m 1 j=0 x j 2 j = x 0 + 2x 1 + 2 2 x 2 + + 2 m 1 x m 1 ; (15) which is to say x m 1 is the most significant bit and x 0 the least significant bit of x. The convention here, the opposite of that in (4), is convenient for describing the algorithm and is obviously not essential. The same convention is used for representing y. Setting y = 1, which means y 0 = 1, y 1 = y 2 = y n 1 = 0, for the initial state of the function register is also a matter of convenience. Some authors prefer y = 0, but this can be easily converted to y = 1 using a single X gate on the y 0 qubit. Equation (14) does not provide a unique definition of F, since it does not tell us what happens when B starts off in some state other than y = 1 Since for different x the states x f(x) are obviously orthogonal to each other, there is at least one unitary (and in fact there are many) for which (14) is satisfied. If we can construct a unitary circuit which satisfies (14) it will not matter what it does to other things. First step in constructing the algorithm. In view of (15) and the rules of modular arithmetic we can write f(x) = a x mod N = α x0 0 αx1 1 αxm 1 mod N, (16) where α j := a (2j) mod N. (17) Now given N and a, it is straightforward to calculate each of the α j using a classical computer, and as there are only m of them to be calculated (think of m as on the order of 1000), this can be done ahead of time, and these constants used when constructing the F box. 5

Given these α j, the desired F can be realized in the way shown schematically in Fig. 1. The thin horizontal lines are the qubits of the argument register, and the heavy horizontal line represents the collection of n qubits in the function register. Thus if x 1 = 1 the unitary U α1 acts, whereas if x 1 = 0 it does not act, which is to say it is replaced by the identity operator on B. x m 1 A x 1 x 0 B y U α0 U α1 U αm 1 Figure 1: Schematic circuit for modular exponentiation The unitaries in Fig. 1 carry out modular multiplication: U αj y = α j y mod N. (18) But we must be careful. Is there a unitary that will carry out (18)? In particular, the y are orthogonal for different y, but will this be the case for the α j y mod N? Should we worry about the fact that multiplication modn forms a group only when the two factors belong to ZN, i.e., integers relatively prime to N. The following exercise takes care of the problem. Exercise. Show that if b and N have no common factors, the operator U defined by is a unitary map of the space spanned by 0, 1,... N 1 onto itself. Exercise. ow do we know that all the α j are relatively prime to N? U y = by mod N (19) A worry remains. We want the unitary in (18) to act on the entire space b of dimension 2 n, with 2 n > N. If it does the right thing for y < N, it still has to do something to each y for y in the range N y < 2 n. What should it do these? Whatever it wants, as long as it is a unitary. If we construct something which is unitary on the full 2 n -dimensional space and satisfies (18) for y < N, it doesn t really concern us what it does to y for y N. Our next worry concerns what the vertical control lines in Fig. 1 actually mean. A controlled operation in which one bit determines whether or not a unitary occurs on one other bit is not difficult to imagine, and by now the experimentalists have developed various ways of constructing such things. But a single U αj box has to act not on one but on m qubits, and it is likely to involved a large number of one- or two- or threequbit gates, and possibly some ancillary registers as well. Can this whole complex machine be controlled by a single on-off switch? 6

A clever solution to this problem begins by noting that if (18) is satisfied for all y in the range from 0 to N 1, it will be the case that U αj 0 = 0. (20) ow can this help us? Construct an additional register of the same size as B, call it B, with n qubits, and let its initial state be y = 0. The circuit in Fig. 1 is then replaced by one of the sort indicated schematically in Fig. 2. The idea is that the bit x j does not control the unitary U αj directly, but instead controls two SWAP gates that interchange the contents of the B and B registers just before and again just after the U αj box, which is never actually turned off, but always acts on whatever input is fed to it. A x 1 x 0 B B y = 0 y = 1 U α0 U α1 SWAP SWAP SWAP SWAP Figure 2: The first few SWAP gates needed to turn on and off the U αj Thus suppose that x 0 = 0. Then the B and B registers will not be swapped and the y = 0 contents of register B will be fed to the U α0 box, which will output the same y = 0 state as per (20). On the other hand, if x 0 = 1 the swap will act and the y = 1 state will be fed to the U α0 box for a nontrivial multiplication, after which it will be swapped back to B. The same occurs for each U αj in turn, so at the end the B register will contain the desired f(x), while the B register will be left in the y = 0 state. The circuit in Fig. 2 can be further simplified by combining the two SWAP gates lying between U αj and U αj+1 into a single SWAP gate that only acts if x j x j+1. Exercise. Try and figure out how this last trick works before taking a peak at the literature, e.g., [7]. What is actually placed inside the SWAP gate? The desired result can be carried out by a set of n relatively simple operations: exchange qubit y 0 with qubit y 0, y 1 with qubit y 1, and so forth, as indicated in Fig. 3. Each exchange is a three-qubit gate, as it also involves the x 0 qubit: the exchange takes place if x 0 = 1, and not if x j = 0. The requisite 3-qubit gate is a Fredkin gate, see [1] pp. 156f; in their notation the c qubit controls whether or not a and b will be interchanged. One can also accomplish the swap in the present situation, where one of the two qubits-to-be swapped is known to be in the state 0, by using a Toffoli gate, defined on p. 159 of [1], and an additional two-qubit gate between the y and y qubits. Exercise. Or one can carry out a controlled SWAP between two qubits, controlled by the third, using three Toffoli gates. Construct the circuit. Thus to switch a U αj box on and off we need 2n 3-qubit gates. By the little efficiency noted in the previous exercise, we only need n such gates for each U αj, or a total of nm for the collection of boxes, which since m = 2n + 1 means O(n 2 ) gates for the switching operation. This is not too bad, as the F box overall involves O(n 3 ) gates. Our next task, now that we know how to switch them on and off, is to construct boxes which can carry out modular multiplication of the form (18). The α j are known in advance, and we can employ this knowledge to construct the boxes. To keep the notation a bit less awkward, let us focus on a particular j 7

A x 0 B y 0 y 1 B y 0 y 1 Figure 3: Details of a SWAP circuit and use the symbol b for α j. The numbers β k := 2 k b mod N. (21) can be easily found using a classical computer, so we can suppose they are available to us. Their utility arises from the fact that we can then express the desired modular multiplication by means of modular addition: n 1 n 1 by mod N = y k 2 k b modn = y k β k mod N (22) k=0 k=0 y n 1 B y 1 y 0 C z S β0 S β1 S βn 1 Figure 4: Schematic circuit for modular addition This modular addition can be carried out with the help of the circuit in Fig. 4, which is similar to Fig. 1 except that the y k qubits are acting as the controls for a set of modular adders, S βk z = (z + β k )mod N (23) 8

ere the z, with z between 0 and 2 n 1, form basis states of the ilbert space C of an auxiliary system C with n qubits, thus the same size as B. Once again we need to pay attention to whether and in what sense (23) represents a unitary operation. We shall assume that it does what it says for z in the range 0 to N 1. Since these integers form a group under addition modn, different kets on the left side get mapped by S βk to different kets on the right; no problem there. But what about z in the range from N to 2 n 1? A unitary circuit will have to do something to them, but we don t really care what it is, because if we initialize the circuit in Fig. 4 with the state z = 0, such numbers will never arise in the course of the computation. Note that if all of the y j are zero and the initial z in Fig. 4 is 0, the circuit will result in C being in the state z = 0. This means the overall circuit for U αj has the property of mapping y = 0 to y = 0, which we needed in order to get our switches to work properly. Again there are vertical control lines in Fig. 4 which can be implemented by using controlled-swap gates to act as switches, similar to Fig. 2. This will mean an additional O(n 3 ) gates, so it might be worthwhile finding some more clever way to do it. But at least we know one scheme that will work. There is an additional problem associated with the arrangement shown in Fig. 4. What the circuit does is carry out a unitary transformation: ) V b ( y z = y (z + by)modn, (24) where b = α j for the j under consideration. If we start with z = 0 the end result U b y is what we wanted, but it is in the auxiliary C (i.e. z) register, not in the B (i.e. y) register where it needs to be in order to make use of it in the circuit in Fig. 1. We can exchange these two registers bit by bit using a SWAP gate. That solves part of the problem, but leaves the auxiliary C register in the y state rather that in the 0 state we started with. One of the very strict rules of quantum computation is that, if you want to carry out a unitary transformation, you must not leave any information behind in the environment. Doing so ruins (decoheres) the computation. So after doing the exchange we still have to erase the y value from the C register. This turns out to be possible, but it is still a nontrivial part of the calculation. ere is how erasure works. First note that the unitary V b in (24) has an inverse, V 1 b = V b, and ( ) V 1 b y z = y (z by)modn, (25) as can be seen by applying V b to both sides and using (24). Next, let b 1 be the multiplicative inverse of b in Z N, bb 1 = 1 modn. Given b, b 1 can be efficiently computed on a classical computer, so we can assume we know what it is. Define another unitary operator W b := (V b 1) 1. (26) This W b is the same sort of thing as V b ; if one replaces V b by W b on the left side of (24), the right side will be correct if b replaced by some other integer b. ence since we know how to carry out V b we can also carry out W b. Exercise. What is b? Then one can show with a little algebra that if SWAP swaps the contents of the B and C (y and z) registers, it is the case that ) W b SWAP V b ( y 0 = by mod N 0. (27) Exercise. Check it Thus by carrying out three operations in a row on B C, our original V b, next SWAP, and then W b we achieve precisely what we want: by mod N in the B register and the C register erased back to its 9

original z = 0 state. The mess has been cleaned up, at the price of adding in the additional W b operation. But if it has to be done it has to be done. The final question is how to carry out the S βk operation in (23), modular addition of two numbers, one of which (β k ) we know in advance. The experts have identified various ways of doing this; see the references. They assure us that it can be done with O(n) gates, in a variety of different ways. Taking the experts word for it, we conclude that the overall complexity of the modular exponentiation step in Shor s algorithm is O(n 3 ): we need m = 2n+1 = O(n) modular multiplication boxes, Fig. 1, each of which can be constructed from O(n) modular addition boxes, each of which can be constructed using O(n) gates of a simple sort, typically two- and three-qubit gates. Thus the overall complexity measured by the number of (relatively simple) gates is O(n 3 ), which is what is usually quoted as the running time. One can obtain shorter running times by using more qubits and more gates and doing operations concurrently, but it is not clear (to the author of these notes) that this is a useful way to go. The field is still under development; for some recent thinking see [7]. References [1] Michael A. Nielsen and Isaac L. Chuang. Quantum Computation and Quantum Information. Cambridge University Press, Cambridge, 2000. [2] N. David Mermin. Quantum Computer Science. Cambridge University Press, New York, 2007. [3] Robert B. Griffiths and Chi-Sheng Niu. Semiclassical Fourier transform for quantum computation. Phys. Rev. Lett., 76:3228 3231, 1996. [4] Vlatko Vedral, Adriano Barenco, and Artur Ekert. Quantum networks for elementary arithmetic operations. Phys. Rev. A, 54:147 153, 1996. [5] David Beckman, Amalavoyal N. Chari, Srikrishna Devabhaktuni, and John Preskill. Efficient networks for quantum factoring. Phys. Rev. A, 54:1034 1063, 1996. [6] Rodney Van Meter and Kohei M. Itoh. Fast quantum modular exponentiation. Phys. Rev. A, 71:052320, 2005. [7] Igor L. Markov and Mehdi Saeedi. Constant-optimized quantum circuits for modular multiplication and exponentiation. Quantum Info. Comp., 12:361 394, 2012. arxiv:1202.6614v1 [cs.et]. 10

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback