Lecture 9: Shor s Algorithm

Similar documents
Lecture 8: Period Finding: Simon s Problem over Z N

Lecture 21. The Lovasz splitting-off lemma Topics in Combinatorial Optimization April 29th, 2004

DIFFERENTIAL EQUATIONS

Social Studies 201 Notes for November 14, 2003

Lecture 7: Testing Distributions

Social Studies 201 Notes for March 18, 2005

DIFFERENTIAL EQUATIONS Laplace Transforms. Paul Dawkins

Bogoliubov Transformation in Classical Mechanics

7.2 INVERSE TRANSFORMS AND TRANSFORMS OF DERIVATIVES 281

Chapter 4. The Laplace Transform Method

Codes Correcting Two Deletions

If Y is normally Distributed, then and 2 Y Y 10. σ σ

Chapter 13. Root Locus Introduction

Preemptive scheduling on a small number of hierarchical machines

Laplace Transformation

Singular perturbation theory

Given the following circuit with unknown initial capacitor voltage v(0): X(s) Immediately, we know that the transfer function H(s) is

Comparing Means: t-tests for Two Independent Samples

Control Systems Analysis and Design by the Root-Locus Method

March 18, 2014 Academic Year 2013/14

Clustering Methods without Given Number of Clusters

into a discrete time function. Recall that the table of Laplace/z-transforms is constructed by (i) selecting to get

Department of Mechanical Engineering Massachusetts Institute of Technology Modeling, Dynamics and Control III Spring 2002

Chapter 2 Sampling and Quantization. In order to investigate sampling and quantization, the difference between analog

CHAPTER 6. Estimation

Convex Hulls of Curves Sam Burton

Nonlinear Single-Particle Dynamics in High Energy Accelerators

ECE 3510 Root Locus Design Examples. PI To eliminate steady-state error (for constant inputs) & perfect rejection of constant disturbances

SOLUTIONS TO ALGEBRAIC GEOMETRY AND ARITHMETIC CURVES BY QING LIU. I will collect my solutions to some of the exercises in this book in this document.

Moment of Inertia of an Equilateral Triangle with Pivot at one Vertex

ON THE APPROXIMATION ERROR IN HIGH DIMENSIONAL MODEL REPRESENTATION. Xiaoqun Wang

Lecture 3. January 9, 2018

Problem Set 8 Solutions

UNIT 15 RELIABILITY EVALUATION OF k-out-of-n AND STANDBY SYSTEMS

(3) A bilinear map B : S(R n ) S(R m ) B is continuous (for the product topology) if and only if there exist C, N and M such that

Source slideplayer.com/fundamentals of Analytical Chemistry, F.J. Holler, S.R.Crouch. Chapter 6: Random Errors in Chemical Analysis

Lecture 17: Analytic Functions and Integrals (See Chapter 14 in Boas)

MATEMATIK Datum: Tid: eftermiddag. A.Heintz Telefonvakt: Anders Martinsson Tel.:

IEOR 3106: Fall 2013, Professor Whitt Topics for Discussion: Tuesday, November 19 Alternating Renewal Processes and The Renewal Equation

The machines in the exercise work as follows:

Introduction to Laplace Transform Techniques in Circuit Analysis

Practice Problems - Week #7 Laplace - Step Functions, DE Solutions Solutions

The Laplace Transform (Intro)

Fermi Distribution Function. n(e) T = 0 T > 0 E F

Lecture 10 Filtering: Applied Concepts

1.3 and 3.9: Derivatives of exponential and logarithmic functions

COHOMOLOGY AS A LOCAL-TO-GLOBAL BRIDGE

Electronic Theses and Dissertations

The Hassenpflug Matrix Tensor Notation

Solving Differential Equations by the Laplace Transform and by Numerical Methods

DYNAMIC MODELS FOR CONTROLLER DESIGN

Symmetric Determinantal Representation of Formulas and Weakly Skew Circuits

List coloring hypergraphs

Sampling and the Discrete Fourier Transform

New bounds for Morse clusters

Introduction to Quantum Information Processing QIC 710 / CS 768 / PH 767 / CO 681 / AM 871

SECTION x2 x > 0, t > 0, (8.19a)

THE SPLITTING SUBSPACE CONJECTURE

Theoretical Computer Science. Optimal algorithms for online scheduling with bounded rearrangement at the end

Exercises for lectures 19 Polynomial methods

Week 3 Statistics for bioinformatics and escience

ON TESTING THE DIVISIBILITY OF LACUNARY POLYNOMIALS BY CYCLOTOMIC POLYNOMIALS Michael Filaseta* and Andrzej Schinzel 1. Introduction and the Main Theo

Notes on Phase Space Fall 2007, Physics 233B, Hitoshi Murayama


Physics 741 Graduate Quantum Mechanics 1 Solutions to Final Exam, Fall 2014

Z a>2 s 1n = X L - m. X L = m + Z a>2 s 1n X L = The decision rule for this one-tail test is

arxiv: v4 [math.co] 21 Sep 2014

CS 170: Midterm Exam II University of California at Berkeley Department of Electrical Engineering and Computer Sciences Computer Science Division

Solutions. Digital Control Systems ( ) 120 minutes examination time + 15 minutes reading time at the beginning of the exam

SIMON FRASER UNIVERSITY School of Engineering Science ENSC 320 Electric Circuits II. Solutions to Assignment 3 February 2005.

Multicolor Sunflowers

LINEAR ALGEBRA METHOD IN COMBINATORICS. Theorem 1.1 (Oddtown theorem). In a town of n citizens, no more than n clubs can be formed under the rules

Learning Multiplicative Interactions

Riemann s Functional Equation is Not Valid and its Implication on the Riemann Hypothesis. Armando M. Evangelista Jr.

Avoiding Forbidden Submatrices by Row Deletions

AP Physics Charge Wrap up

arxiv: v2 [math.nt] 30 Apr 2015

Overflow from last lecture: Ewald construction and Brillouin zones Structure factor

Dimensional Analysis A Tool for Guiding Mathematical Calculations

A Study on Simulating Convolutional Codes and Turbo Codes

Suggested Answers To Exercises. estimates variability in a sampling distribution of random means. About 68% of means fall

Riemann s Functional Equation is Not a Valid Function and Its Implication on the Riemann Hypothesis. Armando M. Evangelista Jr.

Suggestions - Problem Set (a) Show the discriminant condition (1) takes the form. ln ln, # # R R

CHAPTER 4 DESIGN OF STATE FEEDBACK CONTROLLERS AND STATE OBSERVERS USING REDUCED ORDER MODEL

SOME RESULTS ON INFINITE POWER TOWERS

Adelic Modular Forms

Lecture 15 - Current. A Puzzle... Advanced Section: Image Charge for Spheres. Image Charge for a Grounded Spherical Shell

Stochastic Neoclassical Growth Model

TUTORIAL PROBLEMS 1 - SOLUTIONS RATIONAL CHEREDNIK ALGEBRAS

TMA4125 Matematikk 4N Spring 2016

Chapter 5 Consistency, Zero Stability, and the Dahlquist Equivalence Theorem

What lies between Δx E, which represents the steam valve, and ΔP M, which is the mechanical power into the synchronous machine?

CHAPTER 8 OBSERVER BASED REDUCED ORDER CONTROLLER DESIGN FOR LARGE SCALE LINEAR DISCRETE-TIME CONTROL SYSTEMS

Halliday/Resnick/Walker 7e Chapter 6

EE Control Systems LECTURE 14

ON A CERTAIN FAMILY OF QUARTIC THUE EQUATIONS WITH THREE PARAMETERS. Volker Ziegler Technische Universität Graz, Austria

arxiv: v1 [math.mg] 25 Aug 2011

Massachusetts Institute of Technology Dynamics and Control II

(f~) (pa) = 0 (p -n/2) as p

μ + = σ = D 4 σ = D 3 σ = σ = All units in parts (a) and (b) are in V. (1) x chart: Center = μ = 0.75 UCL =

Transcription:

Quantum Computation (CMU 8-859BB, Fall 05) Lecture 9: Shor Algorithm October 7, 05 Lecturer: Ryan O Donnell Scribe: Sidhanth Mohanty Overview Let u recall the period finding problem that wa et up a a function f : Z color, with the promie that f wa periodic. That i, there exit ome for which f(x + ) = f(x) (note that addition i done in Z ) for all x Z and that color in a block of ize were pairwie ditinct. Thi etup implie that, o that greatly narrow down what could be. Thi problem i not hard to do claically, but can be done better with a quantum computer. Slight variant of thi problem can be olved with a quantum computer too, and we hall explore uch a variant in thi lecture. Here i a ketch of the period finding algorithm that wa covered during lat lecture (ee the period finding lecture for a deeper treatment). We begin by preparing our favorite quantum tate We then tenor thi tate with 0 n. x We pa the tate (after tenoring) through an oracle for f and obtain the tate x=0 x f(x) x=0 We then meaure the qubit repreenting f(x) and obtain a random color c. Thi caue the overall tate to collape a uperpoition of tate where x i in the preimage of c. x 0 + k c k=0 The coefficient can be thought of a f c (x) where f c(x) = when f(x) = c and 0 otherwie.

We then apply the Quantum Fourier Tranform on thi tate to obtain a quantum tate where the coefficient are ˆf c (γ) where γ i a multiple of. From the previou lecture, we know that ˆf c ha a period of and hence γ for which ˆf c (γ) i nonzero i a multiple of. { } Meauring k give u a random γ in 0,,,, (S ). Take a contant number of ample and take the GCD of all thee ample. With high probability, you get, from which we can retrieve. Review of complexity of algorithm involving number In general, an efficient algorithm dealing with number mut run in time polynomial in n where n i the number of bit ued to repreent the number (number are of order n ) To refreh, let go over thing we can do in polynomial time with integer. Say P, Q and R are n bit integer. P Q can be computed in polynomial time. P Q and P mod Q can be computed in polynomial time. P Q i maive, and writing it out itelf would caue the time to go exponential. But P Q mod R can be done polynomially by computing p, p, p 4, p 8,..., p n for n Q. The GCD of P and Q can be done polynomially with Euclid algorithm. ow for omething more intereting: checking if P i prime. It can be done in Õ(n ) uing a randomized algorithm (Miller-Rabin) and in Õ(n6 ) uing a determinitic algorithm (AKS). ow, why not try to factor P? And uddenly we are tuck if we try to approach the problem claically. The bet known determinitic algorithm run in Õ(n 3 ) 3 Shor Algorithm There are three tep to undertanding Shor algorithm [Sho97].

. Factoring Order-finding: Factoring reduce to order-finding, which mean that if we have an algorithm to olve order-finding efficiently, we can efficiently olve the factoring problem a well by a polynomial time reduction from factoring to order-finding. ote that thi reduction can be made claically.. Order-finding Period-finding: Vaguely, order-finding i approximately the ame problem a period finding for a quantum computer. Thi will be expanded in more detail thi lecture. 3. Identifying imple fraction: Thi part i neceary in the order-finding algorithm that i crucial for Shor algorithm and can be done claically a well. The econd tep i the key tep in Shor algorithm. 3. What i order finding? We are given A, M (n-bit number) along with a promie that A and M are coprime. The objective i to find the leat ( M) uch that A mod M. i called the order of A. ote that divide ϕ(m), where ϕ i the Euler Totient function that give u the number of element le than M that are coprime with M. A another remark, ϕ(m) i the order of the multiplicative group Z m and divide ϕ(m). 3. Proof that Factoring Order-finding In thi ection, we hall aume that we have an efficient order-finding algorithm. Say M i a number that we want to factor. The key to olving the factoring problem uing order-finding lie in finding a nontrivial quare root of mod M, that i, a number r with r mod M and r ± mod M. Then we know that (r + )(r ) 0 mod M and both r + and r are nonzero mod M and are factor of ome multiple of M. (A nontrivial quare root may not alway exit, for intance, when M i a power of an odd prime, but we ll ee how to handle that cae) Computing the GCD of M and r would give u a nontrivial factor of M, called c. We can divide out c from M, check if c or M are prime and for each of c and M, if they are c c not prime, we recurively factor them, and if they are prime, we tore them a prime factor and wait until the ret of the term are factored. We then return the et of all prime factor. (Recall that we can efficiently tet primality.) ote that the number of recurive call made i logarithmic in M becaue there are at mot log M prime factor of M and each recurive call increae how many number we have not plit by. Hence, after log M recurive call, there are about log M number that we have not plit. Splitting further would force the number of prime factor to exceed log M, which i not poible. 3

ow, one might ak how one would go about finding a nontrivial quare root of mod M. We take a random A Z M, and find it order. Perhap, we get lucky and have be even, o we could et r A mod M (then r A mod M mod M). Maybe we could puh our luck a bit more and hope r mod M. But turn out, we can actually make thee two lucky thing happen, thank to a number theory lemma! Lemma 3.. Suppoe M ha ditinct odd prime factor. Then if we pick A Z M uniformly at random, the probability that the order of A i even and that A = i at leat. Proof. See Lemma 9. and Lemma 9.3 of Vazirani coure note [Vaz04] One can pick a uniformly random A Z M by randomly picking element A from Z M and computing GCD(M, A) until it we find A for which the GCD i. And with at leat chance, our lucky condition are atified. Repeatedly picking A boot thi probability further. If we cannot find uch a number A after picking randomly many time, then it mean that M i an odd prime power, in which cae, we factorize it by binary earching the k-th root of M where k i guaranteed to be an integer in [, log M]. 3.3 Quantum algorithm for Order-Finding By etablihing that Factoring Order-Finding, we howed that if we could omehow find the order of A Z M, we could then claically factorize M. ow, we hall ee how one actually find the order. Given n bit integer A and M, let = poly(n) >> M where poly(n) i omething ridiculouly large like n 0. Such a number can till be written in poly(n) bit. Define f : {0,,..., } Z M to be f(x) = A x mod M. otice that A 0 = A =, all power in between are ditinct and then it repeat. So it i almot -periodic, but not quite, becaue we do not know if divide. But we houldn t have much trouble modifying period-finding lightly to olve thi variant of the original problem. Jut like in period-finding, we tart with our favorite tate x {0,} n x And then we tenor thi tate with 0 n and pa the overall quantum tate through an oracle for f, O f and end up with the tate x {0,} n x f(x) 4

And we meaure the econd regiter, collaping the tate to a uperpoition of tate that involve x where f(x) i a random element c in the ubgroup generated by A. Thi i where order-finding tart getting different from period finding. ote that doe not divide, o we cannot be ure of the exact number of time each color c appear. Intead, we can ay that appear only D time where D i either or. We will now ee how taking a maive come in handy. We apply a Quantum Fourier Tranform on our tate to obtain the tate D γ=0 D ω γ j γ c j=0 In the above tate, ω = e πi. And ampling γ from thi tate give u ome fixed γ 0 with probability Pr[ampling γ 0 ] = D D D j=0 ω γ 0 j The reaon we eparate a D and move the denominator into the quare i that it D D i nice to think of the um being quared a an average. We want γ we elect by ampling to be of the form k (thi i notation for nearet integer) for k uniformly ditributed in {0,,..., }. The idea i that if γ i of the given form, then γ i a real number that i extremely cloe to the imple fraction k where it i known that both k and are n-bit integer. More formally, given γ within ± of k, we claim we can find k. ow, we call upon another lemma to how how uch a γ can be ampled. Lemma 3.. For each γ of the form k ampling γ. with 0 k <, there i 0.4 probability of Proof. A proof can be found in lemma 9.4 of Vazirani coure note [Vaz04]. We will now how how one can get k when they have. Continued fraction are a way γ to approximately decribe real number in term of integer. A real number r would look omething like a 0 + a + a +...+ a M We will ue a method involving continued fraction and go over a rough ketch of thi method in lecture to ue continued fraction to obtain k from γ. Firt, let u illutrate with an example how one can obtain the expanion of ome number with continued fraction. 5

Conider the fraction 4. We firt plit the fraction into it integer part and fractional 3 part and expre it a the um of both. 4 3 = + 9 3 We then expre the fraction a an inverion of it reciprocal. + 9 3 = + 3 9 ow, plit the denominator of the econd term into it integer part and fractional part and repeat. + + 4+ + 3 ow we will ee how one could ue continued fraction to compute k. The idea i to ue Euclid algorithm on and γ and top when we get ome value cloe to 0 rather than when we get exactly 0, and keep track of quotient of the form a whenever we compute a value b of the form a mod b. We will illutrate the method with another example. If k i, then γ. 5 5 ow, we take mod γ and get approximately 3 with a the quotient. A the 5 next tep, we take mod 3 and get roughly with 3 a the quotient. Then, we get 5 5 5 approximately 3 a the remainder from mod and get a the quotient. Finally, 5 5 5 in the lat tep, we get the remainder to be approximately 0 and the quotient to be when we take recurively apply Euclidean algorithm on term that are approximately and 5 Ṫhe 5 quotient at any given tep in the Euclidean algorithm could be thought of a the integral part, and finding the bigger element modulo the maller element help u obtain the fractional part. Uing the quotient we obtained, we get the continued fraction approximation for γ a + 3+ + = 5 To wrap up, we will how how we can eliminate poibilitie of failure. If k and have a common factor, then the fraction k returned by computing the continued fraction γ approximation of would be one of implet form, but with k k and. We will treat thi poibility by howing that we can alway find k with k and coprime by running the algorithm enough time. We claim that with probability, k and are coprime. poly(n) 6

Proof. ote that ha at mot log prime factor. By the prime number theorem, there are at leat prime number le than. The order of the number of prime number le log than that are coprime with i about the ame, becaue log i aymptotically much le than o excluding thoe prime without loing many element. Thu, when k i picked log uniformly at random between and, there i a chance that it i a prime that i coprime log to. i at mot n bit long, and hence the probability that k i a coprime to i at leat. poly(n) Repeat the algorithm until you get k k and in lowet term with GCD(k, k ) =. Once we accomplih thi, we can find, which i the order of element A. And by uing the reduction of factoring to order finding that we proved in the previou ection, we can efficiently olve the factoring problem! Reference [Sho97] Peter Shor. Polynomial-time algorithm for prime factorization and dicrete logarithm on a quantum computer. SIAM journal on computing, 6(5):484 509, 997. [Vaz04] Umeh Vazirani. Shor factoring algorithm. CS 94-, Fall 004. http://www.c.berkeley.edu/~vazirani/f04quantum/note/lec9.pdf. 7

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback