Lecture note 8: Quantum Algorithms

Similar documents
Shor s Prime Factorization Algorithm

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

Quantum Computation 650 Spring 2009 Lectures The World of Quantum Information. Quantum Information: fundamental principles

Shor s Algorithm. Polynomial-time Prime Factorization with Quantum Computing. Sourabh Kulkarni October 13th, 2017

Introduction to Quantum Computing

Shor s Algorithm. Elisa Bäumer, Jan-Grimo Sobez, Stefan Tessarini May 15, 2015

Factoring on a Quantum Computer

arxiv: v2 [quant-ph] 1 Aug 2017

Introduction to Quantum Computing

Quantum Computation and Communication

Introduction to Quantum Information Processing QIC 710 / CS 768 / PH 767 / CO 681 / AM 871

Experimental Realization of Shor s Quantum Factoring Algorithm

Quantum Computers. Peter Shor MIT

Security Implications of Quantum Technologies

C/CS/Phys 191 Shor s order (period) finding algorithm and factoring 11/01/05 Fall 2005 Lecture 19

Quantum Searching. Robert-Jan Slager and Thomas Beuman. 24 november 2009

Advanced Cryptography Quantum Algorithms Christophe Petit

CSE 521: Design and Analysis of Algorithms I

Discrete Mathematics GCD, LCM, RSA Algorithm

Figure 1: Circuit for Simon s Algorithm. The above circuit corresponds to the following sequence of transformations.

Concepts and Algorithms of Scientific and Visual Computing Advanced Computation Models. CS448J, Autumn 2015, Stanford University Dominik L.

Tutorial on Quantum Computing. Vwani P. Roychowdhury. Lecture 1: Introduction

Log-mod-finding: A New Idea for Implementation of Shor's Algorithm

First, let's review classical factoring algorithm (again, we will factor N=15 but pick different number)

Quantum algorithms for computing short discrete logarithms and factoring RSA integers

Shor s Quantum Factorization Algorithm

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

CIS 551 / TCOM 401 Computer and Network Security

C/CS/Phys C191 Grover s Quantum Search Algorithm 11/06/07 Fall 2007 Lecture 21

QUANTUM CRYPTOGRAPHY QUANTUM COMPUTING. Philippe Grangier, Institut d'optique, Orsay. from basic principles to practical realizations.

Qubit Recycling. Ran Chu. May 4, 2016

Number Theory. Modular Arithmetic

In fact, 3 2. It is not known whether 3 1. All three problems seem hard, although Shor showed that one can solve 3 quickly on a quantum computer.

QFT, Period Finding & Shor s Algorithm

Quantum Computing ~ Algorithms. HIO) 0 HIO) 010) = ~(l000) ) ) ))

[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives

cse 311: foundations of computing Fall 2015 Lecture 12: Primes, GCD, applications

Ph 219b/CS 219b. Exercises Due: Wednesday 4 December 2013

Introduction to Quantum Information Processing

Classical RSA algorithm

cse 311: foundations of computing Spring 2015 Lecture 12: Primes, GCD, applications

CPSC 467b: Cryptography and Computer Security

6.080/6.089 GITCS May 13, Lecture 24

Basic Algorithms in Number Theory

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

Mathematics of Public Key Cryptography

From the Shortest Vector Problem to the Dihedral Hidden Subgroup Problem

Shor Factorization Algorithm

Quantum Computing. 6. Quantum Computer Architecture 7. Quantum Computers and Complexity

Computing the RSA Secret Key is Deterministic Polynomial Time Equivalent to Factoring

Compute the Fourier transform on the first register to get x {0,1} n x 0.

Integers and Division

Introduction to Quantum Computing

Introduction to Cybersecurity Cryptography (Part 5)

Factoring integers with a quantum computer

Quantum Circuits and Algorithms

Short Course in Quantum Information Lecture 5

arxiv:quant-ph/ v3 21 Feb 2003

Public Key Algorithms

A New Attack on RSA with Two or Three Decryption Exponents

CPSC 467: Cryptography and Computer Security

Congruence of Integers

α x x 0 α x x f(x) α x x α x ( 1) f(x) x f(x) x f(x) α x = α x x 2

Chapter 10. Quantum algorithms

RSA. Ramki Thurimella

Quantum Computing 101. ( Everything you wanted to know about quantum computers but were afraid to ask. )

How behavior of systems with sparse spectrum can be predicted on a quantum computer

Imitating quantum mechanics: Qubit-based model for simulation

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

arxiv:quant-ph/ Nov 2000

Ma/CS 6a Class 4: Primality Testing

The Deutsch-Josza Algorithm in NMR

Quantum Computing Lecture Notes, Extra Chapter. Hidden Subgroup Problem

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Topics in Cryptography. Lecture 5: Basic Number Theory

Lecture 10: HMAC and Number Theory

A Gentle Introduction to Quantum Computing

1 Number Theory Basics

OWO Lecture: Modular Arithmetic with Algorithmic Applications

Public Key Cryptography

Quantum Algorithms Lecture #2. Stephen Jordan

CS257 Discrete Quantum Computation

Ph 219b/CS 219b. Exercises Due: Wednesday 11 February 2009

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Complex numbers: a quick review. Chapter 10. Quantum algorithms. Definition: where i = 1. Polar form of z = a + b i is z = re iθ, where

KTH, NADA , and D1449 Kryptografins grunder. Lecture 6: RSA. Johan Håstad, transcribed by Martin Lindkvist

QUANTUM COMPUTING. Part II. Jean V. Bellissard. Georgia Institute of Technology & Institut Universitaire de France

APPLYING QUANTUM COMPUTER FOR THE REALIZATION OF SPSA ALGORITHM Oleg Granichin, Alexey Wladimirovich

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

quantum mechanics is a hugely successful theory... QSIT08.V01 Page 1

Cryptography. pieces from work by Gordon Royle

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

Some Introductory Notes on Quantum Computing

1.0 Introduction to Quantum Systems for Information Technology 1.1 Motivation

Mathematical Foundations of Public-Key Cryptography

ENEE 457: Computer Systems Security. Lecture 5 Public Key Crypto I: Number Theory Essentials

Measuring progress in Shor s factoring algorithm

Quantum Cryptography. Marshall Roth March 9, 2007

Basic elements of number theory

What is The Continued Fraction Factoring Method

Transcription:

Lecture note 8: Quantum Algorithms Jian-Wei Pan Physikalisches Institut der Universität Heidelberg Philosophenweg 12, 69120 Heidelberg, Germany

Outline Quantum Parallelism Shor s quantum factoring algorithm Grover s quantum search algorithm

Quantum Parallelism Quantum Algorithm - Fundamental feature of many quantum algorithms - it allows a quantum computer to evaluate a function f(x) for many different values of x simultaneously. - This is what makes famous quantum algorithms, such as Shor s algorithm for factoring, or Grover s algorithm for searching. U a i = au i i i i i

RSA encryption and factoring RSA is named after Riverst, Shamir and Adleman, who came up with the scheme m1 m2 = N, (with m1 and m2 primes) Based on the ease with which N can be calculated from m1 and m2. And the difficulty of calculating m1 and m2 from N. N is made public available and is used to encrypt data. m1 and m2 are the secret keys which enable one to decrypt the data. To crack a code, a code breaker needs to factor N.

RSA encryption and factoring Problem: given a number, what are its prime factors? e.g. a 129-digit odd number which is the product of two large primes, 1143816257578888676692357799761466120102182967212423625625618429357 06935245733897830597123 63958705058989075147599290026879543541 =3490529510847650949147849619903898133417764638493387843990820577 x 32769132993266709549961988190834461413177642967992942539798288533 Best factoring algorithm requires sources that grow exponentially in the size of the number 1/3 2/3 - exp( O( n log n)), with n the length of N Difficulty of factoring is the basis of security for the RSA encryption scheme used.

Shor s algorithm Algorithms for quantum computation: discrete logarithms and factoring - Foundations of Computer Science, 1994 Proceedings., 35th Annual Symposium on Publication Date: 20-22 Nov 1994. On pages: 124-134 Shor, P.W. AT&T Bell Labs., Murray Hill, NJ;

Shor s algorithm Shor s code-breaking Quantum Algorithm -How fast can you factor a number? - Quantum computer advantage Code-breaking can be done in minutes, not in millennia Public key encryption, based on factoring, will be vulnerable!!! E.g. factor a 300-digit number Classical THz computer 24 - steps 10-150,000 years Quantum THz computer 10 10 - steps - 1 second

How to factor an odd number a little number theory Modular Arithmetic simply means where k is an integer. Consider x r a= bmod N b= amod N a = b + = 1mod N kn - where x and N are co-primes, i.e. greatest common divisor gcd(a,n)=1. No factors in common. It will be demonstrated in the following that finding r is equivalent to factoring N

A little number theory m1 m r 2 = N x = 1mod N Consider the equations then we have y y 2 2 = 1mod N 1= 0modN ( y+ 1)( y 1) = 0modN ( y+ 1)( y 1) = 0modmm 1 2 y+ 1= 0modm1 y+ 1= 0modN ;or y 1= 0modm2 y 1= 0mod1

A little number theory We acquire a trivial solution gcd( y+ 1, N) = N, gcd( y 1, N) = 1. and the desired solution gcd( y + 1, N) = m1, gcd( y 1, N) = m2. Note that gcd can be calculated efficiently. 2 r /2 2 If we can find r, and r is even y = ( x ) = 1modN Then m = x + N 1 2 r /2 gcd( 1, ) m = x N r /2 gcd( 1, ) provided we don t get trivial solutions. If r is an odd number, change x, try again.

A little number theory Finding r is equivalent to factoring N - It takes O( 2 n ) operations to find r using classical computer. (n the digits of N) An important result from number theory, r f() r = x modn is a periodic function. E.g. N=15, x=7. period r= 4 Factoring reduces to period finding. r x r 0 1 2 3 4 mod N 1 7 4 13 1

Shor algorithm Using quantum computer to find the period r. The algorithm is dependent on Modular Arithmetic Quantum Parallelism Quantum Fourier Transform Illustration To factor an odd integer, N=15 Choose a random integer x satisfying gcd(x,n)=1, x=7 in our case.

Shor s algorithm Create two quantum registers, - input registers: contain enough qubits to represent r, ( 8 qubits up to 255) - output registers: contain enough qubits to represent f() r = x r modn < N(we need 4 qubits ) Load the input registers an equally weighted superposition state of all integers (0-255). The output registers are zero.

Shor s algorithm 255 1 ψ = a,0 256 a a input register, 0- output register Apply a controlled unitary transformation to the input register U a,0 = a, x a modn, storing the results in the output registers. From quantum Parallelism, this unitary transformation can be implemented on all the states simultaneously. 255 255 1 1 a U ψ = U a,0 = a, x modn 256 256 = 0 a= 0 a= 0

Shor s algorithm The unitary transformation U consists of a series of elementary quantum gates, single-, two-qubit... The sequence of these quantum gates that are applied to the quantum input depends on the classical variables x and N complicatedly. We need a classical computer processes the classical variables and produces an output that is a program for the quantum computer, i.e. the number and sequence of elementary quantum operations. This can be performed efficiently on a classical computer. (see details, PRA, 54, 1034, (1996);

Shor s algorithm Assume we applied U on the quantum registers. in 0 1 2 3 4 5 6 7 8 9 10 11 12 out 1 7 4 13 1 7 4 13 1 7 4 13 1 1 U ψ = [( 0 + 4 + 8 + 12 +... 252 ) 1 256 + ( 1 + 5 + 9 + 13 +... 253 ) 7 + ( 2 + 6 + 10 + 14 +... 254 ) 4 + ( 3 + 7 + 11 + 15 +... 255 ) 13 ] Now we measure the output registers, this will collapse the superposition state to one of the outputs 1>, 7> 4>, 13>, for example 1>.

Shor s algorithm Measure the output register will collapse the input register into an equal superposition state. which is a periodic function of period r=4. M / r 1 1 φ = ( 0 + 4 + 8 + 12... + 252 ) 64 We now apply a quantum Fourier transform on the collapsed input register to increase the probability of some states. k = 0 j= 0 M 1 ak 1 2π i M T a >= e k >, (M=256) M jr

Shor s algorithm M / r 1 M / r 1M 1 jr k 2π i M T φ T jr = e k > j= 0 j= 0 k= 0 M 1 M / r 1 jr k 2π i M 1 M = ( e ) k > = f( k) k > k= 0 j= 0 k= 0 Here f(k) can be easily calculated 2πik M / r 1 1 e 2 π ijkr/ M = 0, kr / M integer 2 πikr / M f( k) = e = 1 e j= 0 M / r, kr/ M=integer For simplicity, we have assumed M/r is an integer

M 1 r 1 k= 0 j= 0 Shor s algorithm >= = + + + T φ f( k) k jm / r 0 64 128 192 The QFT essentially peaks the probability amplitudes at integer multiples of M/r. When we measure the input registers, we randomly get c=jm/r, with 0 j r 1. If gcd(j,r)=1, we can determine r by canceling = to M r an irreducible fraction. From number theory, the probability that a number chosen randomly from 1 r is coprime to r is greater than 1/logr. Thus we repeat the computation O(logr)<O(logN) times, we will find the period r with probability close to 1. This gives an efficient determination of r. (see more details in Rev. Mod. Phys., 68, 733 (1996) c j

Shor s algorithm In our case, c=0, 64, 128,192, M=256; then c/m=0, ¼, ½, ¾. We can obtain the correct period r=4 from ¼ and ¾ and incorrect period r=2 from ½. The results can be easily checked from r x mod N = 1 Now that we have the period r=4, the factors of N=15 can be determined. This computation will be done on a classical computer. m m 1 2 = gcd( x = gcd( x r / 2 r / 2 + 1, N) = gcd(7 1, N) = gcd(7 4/ 2 4/ 2 + 1,15) = 5 1,15) = 3

Shor s algorithm Generate random x {1,, N-1}; Check if gcd(x, N)=1; r = period(x); (The period can be evaluated in polynomial time on a quantum computer.) - Prime factors are calculated by classical computer r / 2 m = gcd( x + 1, N) m 1 2 = gcd( x r / 2 1, N)

Shor s algorithm N=15=5 3, the simplest meaningful instance of Shor s algorithm Input register 3 qubits output register 4 qubits (Nature 414, 883, 2001)

Grover s algorithm Classical search How quickly can you find a needle in a haystack - sequentially try all N possibilities - average search takes N/2 steps Quantum search - simultaneously try all possibilities - refining process reveals answer - average search takes 1/2 N steps

Grover s search algorithm L.K. Grover, Phys. Rev. Lett., 79,325, (1997)

Grover s search algorithm Problem : given a Quantum oracle, 1, 2... i... x,... N try to find one specific state, satisfying R is a N N diagonal matrix, satisfying Rii=-1, if i=x; Rii =1, other diagonal elements. To find x is equivalent to find which diagonal element of R is -1, i.e. x. Classically, we have to go through every diagonal element. We expect to find the -1 term after N/2 queries to all the diagonal elements. x i, i = x R i = { i, otherwise

Grover s algorithm Take a m-qubit register, assume 2 m = N Prepare the registers in an equal superposition state of all the N states. N 1 1 ψ = i N Iterations of Rotate Phase and Diffusion operator Measure the register to get the specific state i= 0 x

In fact, R is a phase rotate operator i, i = x R i = { i, otherwise e.g. Grover s algorithm ψ x = 1 0 1 2 3 4 5 R ψ 0 1 2 3 4 5

Grover s algorithm Diffusion operator 2 2 2 1 +... N N N 2 2 2 1 +... D = N N N M M O M 2 2 2... 1+ N N N DR ψ 0 1 2 3 4 The successive operation of Rotate phase and Diffusion operator will increase the probability amplitude of the desired state.

Grover s algorithm Initial state N 1 N 1 1 1 1 ψ = i = x + i α + β N N N i= 0 i= 0 ( i x ) n ψ = ( DR) ψ, n ˆˆ 2 2 DR α = 1 α β N N ˆˆ 2 2 DR β = 2 α + 1 β N N After n iteration, we have ψ = a α + b β, n n n 2 a n 1, 2 ε an 1 a0 1 N = =, with bn bn 1 b0 = 1 ε, 1 ε Considering N 1

Grover s algorithm Finally, we get ψ n 2n cos 2n N sin x + N N The probability to collapse into the x 2n Pn = sin N We choose iteration steps the probability of failure 2 π 1 1 ( ) 2 N 1 i= 0 ( i x) i π n= [ N] 4 N 1 p n cos O 0 2 = N N

Grover s algorithm Can we do better than a quadratic speed up for Quantum Searches. No! Grover algorithm is optimal. Any quantum algorithm, with respect to an Oracle, can not do better that Quadratic time. Good and Bad Good: Grover s is Optimal Bad: No logarithmic time algorithm :Limits of Black-Box quantum computing

Grover s algorithm Experiment realization -Nuclear magnetic resonance I. L.Chuang et. al. PRL, 80, 3408 (1998). - Linear optics P.G. Kwait et. al. J. Mod. Opt. 47, 257 (2000). - individual atom J. Ahn et. al. Science, 287, 463 (2000). -trapped ion M. Feng, PRA, 63, 052308 (2001).

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback