Shor s Prime Factorization Algorithm

Similar documents
Shor s Algorithm. Elisa Bäumer, Jan-Grimo Sobez, Stefan Tessarini May 15, 2015

Shor s Algorithm. Polynomial-time Prime Factorization with Quantum Computing. Sourabh Kulkarni October 13th, 2017

Introduction to Quantum Computing

Figure 1: Circuit for Simon s Algorithm. The above circuit corresponds to the following sequence of transformations.

Lecture note 8: Quantum Algorithms

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

Factoring on a Quantum Computer

Measuring progress in Shor s factoring algorithm

Shor Factorization Algorithm

Quantum Computing. Thorsten Altenkirch

QFT, Period Finding & Shor s Algorithm

Shor s Quantum Factorization Algorithm

Simon s algorithm (1994)

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Tutorial on Quantum Computing. Vwani P. Roychowdhury. Lecture 1: Introduction

Simplifying Rational Expressions and Functions

Phase estimation. p. 1/24

Short Course in Quantum Information Lecture 5

3 The fundamentals: Algorithms, the integers, and matrices

Quantum Computation 650 Spring 2009 Lectures The World of Quantum Information. Quantum Information: fundamental principles

Classical RSA algorithm

Math 109 HW 9 Solutions

Introduction to Quantum Computing

4 Number Theory and Cryptography

Attacking the ECDLP with Quantum Computing

A Gentle Introduction to Quantum Computing

For your quiz in recitation this week, refer to these exercise generators:

Introduction to Quantum Information Processing QIC 710 / CS 768 / PH 767 / CO 681 / AM 871

Basic elements of number theory

Basic elements of number theory

Quantum Computing. 6. Quantum Computer Architecture 7. Quantum Computers and Complexity

Introduction to Quantum Computing

Introduction into Quantum Computations Alexei Ashikhmin Bell Labs

MATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences.

CS257 Discrete Quantum Computation

cse 311: foundations of computing Fall 2015 Lecture 12: Primes, GCD, applications

C/CS/Phys 191 Shor s order (period) finding algorithm and factoring 11/01/05 Fall 2005 Lecture 19

Quantum Computer Simulation Using CUDA (Quantum Fourier Transform Algorithm)

Fourier Sampling & Simon s Algorithm

Ph 219b/CS 219b. Exercises Due: Wednesday 4 December 2013

Factoring integers with a quantum computer

Mathematics of Public Key Cryptography

Applied Cryptography and Computer Security CSE 664 Spring 2018

arxiv: v2 [quant-ph] 1 Aug 2017

Introduction to Quantum Computing

Solution Sheet (i) q = 5, r = 15 (ii) q = 58, r = 15 (iii) q = 3, r = 7 (iv) q = 6, r = (i) gcd (97, 157) = 1 = ,

2 A Fourier Transform for Bivariate Functions

Quantum Phase Estimation using Multivalued Logic

First, let's review classical factoring algorithm (again, we will factor N=15 but pick different number)

Log-mod-finding: A New Idea for Implementation of Shor's Algorithm

Theoretical Cryptography, Lecture 13

Solutions to Problem Set 4 - Fall 2008 Due Tuesday, Oct. 7 at 1:00

Quantum algorithms for computing short discrete logarithms and factoring RSA integers

Number theory (Chapter 4)

Ph 219b/CS 219b. Exercises Due: Wednesday 20 November 2013

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

CPSC 467b: Cryptography and Computer Security

arxiv:quant-ph/ v2 22 Jan 2004

QUANTUM COMPUTATION. Exercise sheet 1. Ashley Montanaro, University of Bristol H Z U = 1 2

Ma/CS 6a Class 4: Primality Testing

Qubit Recycling. Ran Chu. May 4, 2016

Quantum Computers. Peter Shor MIT

cse 311: foundations of computing Spring 2015 Lecture 12: Primes, GCD, applications

The Deutsch-Josza Algorithm in NMR

QUANTUM COMPUTATION. Lecture notes. Ashley Montanaro, University of Bristol 1 Introduction 2

Security Implications of Quantum Technologies

Quantum Computation and Communication

QUANTUM COMPUTING. Part II. Jean V. Bellissard. Georgia Institute of Technology & Institut Universitaire de France

How behavior of systems with sparse spectrum can be predicted on a quantum computer

Introduction to Quantum Computing

Quantum algorithms (CO 781, Winter 2008) Prof. Andrew Childs, University of Waterloo LECTURE 1: Quantum circuits and the abelian QFT

Discrete Mathematics GCD, LCM, RSA Algorithm

Mathematics for Cryptography

A Matlab Realization of Shor s Quantum Factoring Algorithm

Advanced Cryptography Quantum Algorithms Christophe Petit

8 Primes and Modular Arithmetic

Quantum Computing Lecture 7. Quantum Factoring

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

Chapter 4 Finite Fields

Introduction to Quantum Information Processing CS 467 / CS 667 Phys 667 / Phys 767 C&O 481 / C&O 681

A Parallel Processing Algorithms for Solving Factorization and Knapsack Problems

Senior Math Circles Cryptography and Number Theory Week 2

Simulating classical circuits with quantum circuits. The complexity class Reversible-P. Universal gate set for reversible circuits P = Reversible-P

Quantum Algorithms Lecture #2. Stephen Jordan

Simultaneous Linear, and Non-linear Congruences

CS280, Spring 2004: Prelim Solutions

Quantum Circuits and Algorithms

6.080/6.089 GITCS May 13, Lecture 24

CSE 311 Lecture 13: Primes and GCD. Emina Torlak and Kevin Zatloukal

QUANTUM CRYPTOGRAPHY QUANTUM COMPUTING. Philippe Grangier, Institut d'optique, Orsay. from basic principles to practical realizations.

Introduction to Quantum Information Processing

Q: How can quantum computers break ecryption?

arxiv:quant-ph/ v1 15 Jan 2006

Mathematical Foundations of Cryptography

Compute the Fourier transform on the first register to get x {0,1} n x 0.

cse 311: foundations of computing Fall 2015 Lecture 11: Modular arithmetic and applications

Lecture 4: Elementary Quantum Algorithms

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

Quantum computing. Shor s factoring algorithm. Dimitri Petritis. UFR de mathématiques Université de Rennes CNRS (UMR 6625) Rennes, 30 novembre 2018

1. Algebra 1.7. Prime numbers

Transcription:

Shor s Prime Factorization Algorithm Bay Area Quantum Computing Meetup - 08/17/2017 Harley Patton

Outline Why is factorization important? Shor s Algorithm Reduction to Order Finding Order Finding Algorithm Demo

Why Factorization Matters The time it takes for a classical computer to factor some number with n digits grows exponentially with n, meaning that numbers with many digits take a very long time for a classical computer to factor. RSA cryptography and other cryptography algorithms take advantage of this difficulty, and as a result a large amount of information is protected by large semi prime numbers (products of two primes). In 1994, mathematician Peter Shor formulated a quantum algorithm to factor an n-digit number with a time complexity polynomial in n.

Order Finding For coprime positive integers a and N, the order of a modulo N is defined as the first nonzero r such that a r = 1 modulo N. That s equivalent to finding the period of the following modular exponential function: This is a problem that can be efficiently solved on a quantum computer. Shor realized that if we can find the order r, we can use it to quickly factor N.

Reducing Factoring to Order Finding If integer a has order r modulo N, then: This can be rewritten as follows: Which implies that at least one of the following is a nontrivial factor of N: Unless r is odd, or the gcd calculation returns N.

Example: Factoring 15 As an example, consider when N = 15 and a = 7. This means we need to find the order of 7 (mod 15), which is the period of the following function: Analytically, we can find that the order r is equal to 4: Finally, we can use the order to calculate the factors of 15:

Shor s Algorithm Outline 1. Pick a random integer a < N 2. If gcd(a, N) > 1, then you have found a nontrivial factor of N. 3. Otherwise, find the order r of a modulo N. (This is the quantum step) 4. If r is odd or a^(r/2) is equivalent to -1 modulo N, go back to step 1. 5. Otherwise, calculate the following values. At least one of them will be a nontrivial factor of N.

Quantum Circuit for Order Finding Quantum circuit for Order Finding acts on two qubit registers, and has three steps: a. Use Hadamard transform to put first register into superposition over all bit strings. b. Apply unitary function f(x) = a^x (mod N) to second register. c. Apply Quantum Fourier Transform to first register and measure.

Step-by-Step Breakdown Initially, both registers are in the zero state: Next, apply Hadamard Transform to first register to create an even superposition over all bit strings x: Then, apply the unitary function f(x) = a^x (mod N) to the second register: Finally, apply the QFT and measure the first register. Why?

Fourier Transform Properties 1. Unitary: This means the Fourier Transform can be used as a quantum gate. 2. Period/Wavelength Relationship: If an M-dimensional vector is periodic with period r, then its Fourier Transform is only nonzero on multiples of M/r 3. Linear Shift: Linear shifts of state-vectors cause only phase shifts in their Fourier Transforms.

Explanation of Last Step Recall that we had the following wavefunction: Suppose that we measured the second register and got a value y. The superposition would collapse to only include bitstrings x in the first register such that f(x) = y But this is a periodic function, and so by the Period/Wavelength Relationship, its Fourier Transform can only be nonzero on multiples of M/r. Because of the Linear Shift property, it doesn t even matter what the value y obtained was, since after applying the Fourier Transform we end up with the same periodic wavefunction up to a phase:

Extracting the Order Recall that we end up with the following wavefunction across the first register: Measuring register 1 results in a multiple of M/r. Doing this multiple times and then taking the greatest common denominator of all the results will yield the value M/r with high probability. From there, the order r can be extracted.

ipython Demonstration To visualize how this algorithm works, I put together the following demo: http://localhost:8888/notebooks/shor_demo.ipynb

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback