algorithms artur ekert. our golden sequence h h circuit complexity n qubits b a a b b b b a # of...
TRANSCRIPT
AlgorithmsAlgorithms
Artur Ekert
Our golden sequence
0θ
1θ0
1
2 1 00 cos
2P
θ θ−⎛ ⎞= ⎜ ⎟⎝ ⎠
2 1 01 sin
2P
θ θ−⎛ ⎞= ⎜ ⎟⎝ ⎠
0
1
H H
1 0θ θ θ= −1
2
1
0
θ
( )0P θ
0
Circuit complexity
n
QU
BIT
S
B
A
A
B
B
B
BA
# of gates (n) = size of the circuit (n) # of parallel units (n) = depth of the circuit (n)
n qubit circuit
operation described by 2n x 2n unitary matrix
size and depth of circuits grow with n
Fix your building units, a finite set of adequate gates A, B, C…
Size 12 Depth 4
Asymptotic notation for comparisons
Asymptotic notation
( )cg n
( )f n
( )( ) ( )f n O g n=
( )cg n
( )f n
( )( ) ( )f n g n= Ω
5 10 15 20 25 30
500
1000
1500
2000
2500
3000
Asymptotic notation - example
3n 1 3 22
n n− 1 36
n
( )3O n ( )3nΩ1 3 22
n n− is both and hence it is ( )3nΘ
Quantifying growth
5 10 15 20 25 30
500
1000
1500
2000
2500
30002n 1 3
2n 25n
100 n
400 n
400 log n
( )2nO ( )3O n ( )2O n ( )O n
( )O n
( )logO n
exponential
quadratic or
polynomiallinear
root-n
logarithmic
cubic or
polynomial
Efficient quantum algorithms
B
B
A
A
B
BA
B
B
A
A
BA
Quantum Hadamard Transform
H0
H0
H0
H0
0 1+
0 1+
0 1+
0 1+
{ }/ 2
0,1
10
2 nn
x
x∈
→ ∑
H0
H1
H1
H1
0 1+
0 1−
0 1−
0 1−
( ){ }
/ 20,1
11
2 n
z x
nx
z x∈
→ −∑ g
1 2 1 0...n nz z z z z− −≡
1 2 1 0...n nx x x x x− −≡0 0 1 1 2 2 1 1... n nx z x z x z x z z x− −= + + +g
kR 2
2
0 0
1 1k
i
eπ⎛ ⎞
⎜ ⎟⎝ ⎠
→
→( )2 / 2
1 0
0kk i
Re
π
⎛ ⎞= ⎜ ⎟⎜ ⎟⎝ ⎠
Discrete set of phase gates
( )2 / 2
1 0 0 0
0 1 0 0
0 0 1 0
0 0 0k
k
i
c R
eπ
⎛ ⎞⎜ ⎟⎜ ⎟− = ⎜ ⎟⎜ ⎟⎜ ⎟⎝ ⎠
Control phase gates
kR
kR
=
Insidious phases…
Quantum Fourier Transform
H0x ( ) 02 0.0 1i xe π+
H
H0x
1x 2R
( ) 02 0.0 1i xe π+
( ) 1 02 0.0 1i x xe π+
H
H0x
1x 2R
( ) 02 0.0 1i xe π+
( ) 1 02 0.0 1i x xe π+
H2x ( ) 2 1 02 0.0 1i x x xe π+2R 3R
F1
F2
F3
( ){ }
/ 20,1
11
2 n
z x
nx
z x∈
→ −∑ g
Is also known as the quantum Fourier transform on group ( )2
nZ
2Z group
0,1{ }= the set with operation (addition mod 2) ⊕
( )2
nZ group
0,1{ }
n⊕= the set with operation (addition mod 2 bit by bit)
010101110010011
110101101011101
100000011001110
example for n=15⊕
Aside – Hadamard is Fourier
( ){ }
/ 20,1
11
2 n
z x
nx
z x∈
→ −∑ g
Quantum Fourier transform on group ( )2
nZ
21
/ 20
1
2
iN zxN
nx
z e xπ⎛ ⎞− ⎜ ⎟
⎝ ⎠
∈
→ ∑
Quantum Fourier transform on group NZ
Aside – Hadamard is Fourier
Quantum function evaluation
fy
x
{ } { }: 0,1 0,1n
f → Boolean function
0x1x2x3x4x
0x1x2x3x4x
x
( )y f x⊕
( )x y x y f x→ ⊕
Quantum function evaluation
1my −
x
{ } { }: 0,1 0,1n m
f → can be viewed as m Boolean functions
0x1x2x3x
0x1x2x3x
x
y
m−1 ⊕ f (x)⎡⎣ ⎤⎦m−1fm-1fm-22my −
0y f0
…
……
…
……
……
y
m−2 ⊕ f (x)⎡⎣ ⎤⎦m−2
y
0⊕ f (x)⎡⎣ ⎤⎦0
Query Scenario
f
{ } { }: 0,1 0,1n
f →
( )x y x y f x→ ⊕
very precious, you are charged fixed amount of money each time you use it
BLACK BOX, ORACLE
INPUT: is a function f given as an ORACLE
GOAL: is to determine some properties of f making as few queries to f as possible
Quantum interferometry revisited
H Hθ
H H
θ
Uu u
iU u e uθ=
Phases in a new way
θH H
Uu
0
u
cos 0 sin 12 2
iθ θ⎛ ⎞ ⎛ ⎞−⎜ ⎟ ⎜ ⎟
⎝ ⎠ ⎝ ⎠
( )10 1
21 1
0 12 2
u
u u
+ =
+ ( )
1 10 1
2 21
0 12
i
u U u
e uθ
+ =
+
Deutsch’s Problem
f0
David Deutsch
{ } { }: 0,1 0,1f →Given
( )1f x ( )2f x ( )3f x ( )4f xx
0
1
0 0
0 0
1
1 1
1
CONSTANT BALANCED
x x
( )f x
?is f constant or balanced
(0) (1) 0 or 1f f⊕ =
four possible oracles
Deutsch’s Problem
H H
f 0 1−
f (0) (1)f f⊕f0
0 1
00
1
CONSTANT
BALANCED
2 queries + 1 auxiliary operation
1 query + 2 auxiliary operations
Quantum
Classical
0 1−
Deutsch’s Problem – The Guts
H H
f1 0 1−H
00
1
1
20 + 1( ) 0 −1( )
Deutsch’s Problem – The Guts
H H
f1 0 1−H
00
1
12
0 0 ⊕ f(0) −1⊕ f(0)( )
+ 1 0⊕ f(1) −1⊕ f(1)( )
⎛
⎝⎜
⎞
⎠⎟
But…
0⊕0 −1⊕0 = 0 −1
0⊕1 −1⊕1 =− 0 −1( )
Deutsch’s Problem – The Guts
H H
f1 0 1−H
00
1
1
2(−1) f (0) 0 + (−1) f (1) 1( ) 0 −1( )
=12(−1) f (0) 0 + (−1) f (1)−f (0) 1( ) 0 −1( )
So, it is now clear what happens if f(0) and f(1) are the same or different….
Deutsch’s Problem Generalised
H H
f 0 1−
0
00000CONSTANT
any other output BALANCED
H
H
H
H
H
H
H
H
0
0
0
0
0 1−
0
0
0
0
0
INPUT:
either constant or balanced PROMISE: OUTPUT:
{ } { }: 0,1 0,1n
f →
determine whether constant or balanced
CLASSICAL COMPLEXITY:
12 1n− +queries
Deutsch’s Problem Generalised
0n⊗
0 1−
HH
f 0 1−
1
2nx
x={0,1}n∑
⎛
⎝⎜
⎞
⎠⎟ 0 −1( ) / 2
Deutsch’s Problem Generalised
0n⊗
0 1−
HH
f 0 1−
1
2n+1x 0⊕ f(x) −1⊕ f(x)( )
x={0,1}n∑
=1
2n+1(−1) f (x) x
x={0,1}n∑
⎛
⎝⎜
⎞
⎠⎟ 0 −1( )
Deutsch’s Problem Generalised
0n⊗
0 1−
HH
f 0 1−
=1
2n 2(−1) f (x )+ x• y y
x={0,1}n
∑⎛
⎝⎜
⎞
⎠⎟
y={0,1}n
∑ 0 − 1( )
Deutsch’s Problem Generalised
∑ ∑= =
•+
⎟⎟⎠
⎞⎜⎜⎝
⎛−
n ny x
yxxfn
y}1,0{ }1,0{
)()1(2
1
What is the amplitude for finding the register in the |0> state?
∑=
−nx
xfn
}1,0{
)()1(2
1
If f(x) constant, this has amplitude 1 i.e. it is guaranteed
If f(x) balanced, this has amplitude 0 i.e. it will never happen
Deutsch’s Problem Generalised
H H
f 0 1−
0
00000CONSTANT
any other output BALANCED
H
H
H
H
H
H
H
H
0
0
0
0
0 1−
0
0
0
0
0
INPUT:
either constant or balanced PROMISE: OUTPUT:
{ } { }: 0,1 0,1n
f →
determine whether constant or balanced
CLASSICAL COMPLEXITY:
12 1n− +queries
Fair comparison?
classical deterministic:
quantum : 1
12 1n− +
classical probabilistic with error prob. :ε2
1logO
ε⎛ ⎞⎛ ⎞
⎜ ⎟⎜ ⎟⎝ ⎠⎝ ⎠
Query in k places, if the queries had at least one 0 and one 1 then the function is balanced, otherwise assume it is constant. Probability that it is balanced whendeclared constant is
1
2
1 1log 1
2
k
kεε
−⎛ ⎞ ⎛ ⎞= ⇒ = +⎜ ⎟ ⎜ ⎟⎝ ⎠ ⎝ ⎠
FAIR COMPARISON
Bernstein-Vazirani Problem
H H
f 0 1−
0
H
H
H
H
H
H
H
H
0
0
0
0
0 1−
4a
3a
2a
1a
0a
INPUT:
is of the form PROMISE: OUTPUT:
{ } { }: 0,1 0,1n
f →
binary string
fa
xaxf •=)(
Search Problem
INPUT: PROMISE: OUTPUT:
{ } { }: 0,1 0,1n
f →
binary string
( ) 1 ( ) 0f a f x a= ≠ =a
Searching large and unsorted database containing 2n items
• Example of a sorted database: • a phone book if you are given a name and looking for a telephone number• n lookups suffice
• Example of an unsorted database:• a phone book if you are given a number and looking for a name• you need to check 2n items before you succeed with probability P=1• you need to check 2n-1 items before you succeed with probability P=0.5
Classical Complexity:
Grover’s algorithmIt is easy to recognize a solution, although hard to find it.
Grover’s algorithm
H H
f 0 1−
0
H
H
H
H
H
H
0
0
0
0 1−
3a
2a
1a
0a
INPUT: PROMISE: OUTPUT:
{ } { }: 0,1 0,1n
f →
binary string
( ) 1 ( ) 0f a f x a= ≠ =a
f0
H
H
H
H
H
f
H
H
H
f0
H
H
H
H
ITERATION 1 ITERATION 2
……………………………
Quantum Complexity:
Grover’s algorithm
H
f
H
H
H
0 1− f0
H
H
H
H
ITERATION
0 1−
0
0
( ) 0 for 0
(0) 1
f x x
f
= ≠=
( ) 0 for
( ) 1
f x x a
f a
= ≠=
Grover’s algorithm
H
f
H
H
H
0 1− f0
H
H
H
H
ITERATION
0 1−
x 0 −1( )→ −1( )
f (x)x 0 −1( )
x 0 −1( )→ −1( )
f0 (x) x 0 −1( )
Grover’s algorithm
H
f
H
H
H
0 1− f0
H
H
H
H
0 1−
( ) ( ) ( )( )0 1 1 0 1
f xx x− → − − ( ) ( ) ( )0 ( )
0 1 1 0 1f x
x x− → − −
,x x a a→ → − , 0 0x x→ → −
1 2U a a= −0 1 2 0 0U = −
Grover’s algorithm
H
H
H
H
H
H
H
H
1 2U a a= −
0 1 2 0 0HU H H H= −
is the state input at the start of the iterations0H
Grover’s algorithm
xxU 21−=
Geometric Interpretation: Reflects a state about the axis orthogonal to x
So, we need to consider the composed, repeated actions of
aa21−
HH 0021−and
Grover’s algorithm
aa21−
sin = |<a|H|0>|
n2
1=
Grover’s algorithm
HH 0021−
Overall action: Rotation by angle 2
Grover’s algorithm
2θH
H
H
H
H
H
H
H
a
a⊥
10 sin
2na H θ= =
Grover’s algorithm
H H
f 0 1−
0
H
H
H
H
H
H
0
0
0
0 1−
3a
2a
1a
0a
f0
H
H
H
H
H
f
H
H
H
f0
H
H
H
H
ITERATION 1 ITERATION 2
……………………………
θ θ2θ
θ2θ
0H
2θa
Grover’s algorithm
a
θ2θ
2θ
After r iterations, the state is rotated by
2rθ θ+a
⊥from the hyperplane
a⊥
for large n
We iterate until
nnHa
2
1 sin
2
10 ≈⇒== θθ
2)12(
πθ ≈+rnr 2
4
π≈
Query complexity
quantum :
classical probabilistic:
Quadratic speedup compared to classical search algorithms
Cryptanalysis: Attack on classical cryptographic schemes such as DES (the Data Encryption Standard) essentially requires a search among 256=7 £ 1016 possible keys. If these can be checked at a rate of, say,one million keys per second, a classical computer would need over athousand years to discover the correct key while a quantum computerusing Grover's algorithm would do it in less than four minutes.
Applications of Grover
• Most common example is an unsorted database. Not a common scenario!
• Finding most efficient route between two places on a map.
• Brute-force code breaking (such as the DES example we’ve just seen).
• Any classical algorithm with probabilistic outcome can be enhanced.
Simon’s Problem
INPUT: PROMISE: OUTPUT:
{ } { }: 0,1 0,1n n
f →
period
( ) ( ) , {0,1}nf x f x s x s= ⊕ ∈s
Example: s=110 is the period (in the group)
( )f xx
000001010011100101110111
111010100110100110111010
( )32Z
( ) ( )110f x f x⊕ =
( ) ( ) ( )( ) ( ) ( )( ) ( ) ( )( ) ( ) ( )
000 000 110 110 111
001 001 110 111 010
010 010 110 100 100
011 011 110 101 110
f f f
f f f
f f f
f f f
= ⊕ = =
= ⊕ = =
= ⊕ = =
= ⊕ = =
Classical Complexity:
Fields and vector spaces over them
{ }0,1 ,⊕g 2Z
° +,×
,+ ×£
0 1 0 0
1 1 1 01 0 1
1 0 0 1
1 1 1 0
⎛ ⎞ ⎛ ⎞ ⎛ ⎞ ⎛ ⎞⎜ ⎟ ⎜ ⎟ ⎜ ⎟ ⎜ ⎟⎜ ⎟ ⎜ ⎟ ⎜ ⎟ ⎜ ⎟+ + =⎜ ⎟ ⎜ ⎟ ⎜ ⎟ ⎜ ⎟⎜ ⎟ ⎜ ⎟ ⎜ ⎟ ⎜ ⎟⎝ ⎠ ⎝ ⎠ ⎝ ⎠ ⎝ ⎠
g g g
Binary vectors
1
21 2 3 4
3
4
1 0 0 0
0 1 0 0
0 0 1 0
0 0 0 1
a
aa a a a
a
a
⎛ ⎞⎛ ⎞ ⎛ ⎞ ⎛ ⎞ ⎛ ⎞⎜ ⎟⎜ ⎟ ⎜ ⎟ ⎜ ⎟ ⎜ ⎟⎜ ⎟⎜ ⎟ ⎜ ⎟ ⎜ ⎟ ⎜ ⎟+ + + =⎜ ⎟⎜ ⎟ ⎜ ⎟ ⎜ ⎟ ⎜ ⎟⎜ ⎟⎜ ⎟ ⎜ ⎟ ⎜ ⎟ ⎜ ⎟
⎝ ⎠ ⎝ ⎠ ⎝ ⎠ ⎝ ⎠ ⎝ ⎠
2n binary vectors
1 1
2 2
3 3
4 4
a b
a ba b
a b
a b
⎛ ⎞ ⎛ ⎞⎜ ⎟ ⎜ ⎟⎜ ⎟ ⎜ ⎟= =⎜ ⎟ ⎜ ⎟⎜ ⎟ ⎜ ⎟⎝ ⎠ ⎝ ⎠
1 1 2 2 3 3 4 4a b a b a b a b a b= + + +g
0 1
1 1
1 1
1 0
a b
⎛ ⎞ ⎛ ⎞⎜ ⎟ ⎜ ⎟⎜ ⎟ ⎜ ⎟= =⎜ ⎟ ⎜ ⎟⎜ ⎟ ⎜ ⎟⎝ ⎠ ⎝ ⎠
0 1 1 1 1 1 1 0 0a b = ⋅ + ⋅ + ⋅ + ⋅ =g
Inner product
Binary vectors
0
10
0
1
a a a
⎛ ⎞⎜ ⎟⎜ ⎟= =⎜ ⎟⎜ ⎟⎝ ⎠
g
0a x =g
1a x =g
12n− vectors x
12n− vectors x
a binary vector can be perpendicular to itself
Binary vectors
1 0y x =g 1 1y x =g
2 0y x =g 2 1y x =g
Quantum Hadamard Transform
H0
H0
H0
H0
0 1+
0 1+
0 1+
0 1+
{ }/ 2
0,1
10
2 nn
x
x∈
→ ∑
H0
H1
H1
H1
0 1+
0 1−
0 1−
0 1−
( ){ }
/ 20,1
11
2 n
x y
ny
x y∈
→ −∑ g
1 2 1 0...n ny y y y y− −≡
1 2 1 0...n nx x x x x− −≡0 0 1 1 2 2 1 1... n nx y x y x y x y x y− −= + + +g
Simon’s algorithm
0
{ } { }: 0,1 0,1n n
f →
0
f
n qubits
n qubits
H H y
f(x)
( ){ }
/ 20,1
11
2 n
x y
ny
x y∈
→ −∑ g
0 ( )x x f x→
Simon’s algorithm
0
{ } { }: 0,1 0,1n n
f →
0 such that
0
y
s y =g
f
n qubits
n qubits
H H
( )0 0 0x x
x x f x→ →∑ ∑
( ) ( )0 0 0measurement x x s f x→ + ⊕
0( )f x
( )
( ) 1
0 if 1
1if 0
2n
P y y s
P y y s−
= =
= =
g
g
Simon’s algorithm
0
{ } { }: 0,1 0,1n n
f →
0 such that
0
y
s y =g
f
n qubits
n qubits
H H
0( )f x
1
2
3
0
0
0
...
0n
y s
y s
y s
y s
===
=
g
g
g
g
Solve the system of linear equationsProbability of failure of generating linearly independent vectors y is less than 0.75
Needs roughly n queries. Quantum complexity
Classical Complexity Analysis
Classical approach:
1 2 3, , ,... kx x x x
( ) ( ) ( ) ( )1 2 3, , ,... kf x f x f x f x
( ) ( )if then i j i jf x f x x x s= ⊕ =
Randomly choose:
Evaluate:
Search for collisions:
( ) 2
1 2 3
1 1
21 2 3 ...
212 n n
kp p p
k k ⎛ ⎞⎜ ⎟−⎝ ⎠
<−
+ + =Average number of collisions:
( )2nk O=Number of queries in a classical probabilistic approach :
CLASSICAL
Probability of at leastone collision:
2
1 2 3 ...2n
kp p p+ + + <
Quantum Complexity Analysis 1
Quantum Complexity Analysis 2
Summary
HH
f
Deutsch (1985), Deutsch and Jozsa (92): The first indication that quantum computers can perform better
H
f
Grover: Polynomial separation
Simon: Exponential separation
H H
f
H
f0 f0
HH
f
classicalquantum
classical quantum
More general oracles
{ } { }: 0,1 0,1n m
f → Quantum oracles do not have to be of this form
xU
n qubits
m qubits
xx u x U u⎡ ⎤→ ⎣ ⎦
x
u
e.g. generalized controlled-U operation
x
xU u
Phase estimation problem
xU
n qubits
m qubits
x
u 2 i pxe uπ
x
Phase estimation algorithm
u
0n qubits
m qubits
H
xU
STEP 1:
1 2 02 (0. ... )2
1 10
2 21 1
2 2n n
x
n nx x
i p p p xi px
n nx x
u x u x U u
e x u e x uππ − −
⎡ ⎤→ → ⎣ ⎦
= =
∑ ∑
∑ ∑
( )1 2 0
22 0. ...2
1 1:
2 2
n n n
ipx i p p p x
n n nx x
F p e x e xπ
π − −→ =∑ ∑
Recall Quantum Fourier Transform:
Phase estimation algorithm
u
0n qubits
m qubits
H
xU
STEP 2: Apply the reverse of the Quantum Fourier Transform
Fy
u
0 1 2 1... np p p p −
But what if p has more than n bits in its binary representation ?
Arbitrary phases
1 1 0...np p p p−=1
1
2 2n n
pp δ δ += + ≤
bit approximation to n p−
1
2ne2π ip( )
xx
x=0
2n−1
∑ →
12n
e−2πixy 2n
e2πipx yx=0
2n−1
∑y=0
2n−1
∑
=
12n
e−2πixy 2n
e2πi p/ 2n+δ( )x y
x=0
2n−1
∑y=0
2n−1
∑
=
12n
e2π i p−y( )x 2n
e2πiδx
x=0
2n−1
∑ yy=0
2n−1
∑
Arbitrary phases
geometricseries!
Final state
Probability of result
1
2ne
2π i p−y( )x 2n
e2πiδx
x=0
2n−1
∑ yy=0
2n−1
∑ for y=p
P p( ) =12n
e2πiδx
x=0
2n−1
∑2
=12n
21−e2πiδ 2n
1−e2πiδ
2
=12n
22sinπδ2n
2sinπδ
2
=122n
sinπδ2n
sinπδ
2
p
eiθ
2sin
θ2
θ2
θ 1
Phase estimation algorithm 00
00
0001
0010
0011
0100
0101
0110
0111
1000
1001
1010
1011
1100
1101
1110
1111
Pro
babi
lity
Phase estimation - solution
u
0n qubits
m qubits
H
xU
Fy
u
0 1 2 1... np p p p −
Group
{ } ( ){ }1,2,3... 1 : , 1M x M GCD x M∗ = ∈ − =¢
This is a group under multiplication mod M
For example
{ }21 1, 2, 4,5,8,10,11,13,16,17,19, 20∗ =¢
M∗¢
Order-finding problem
0 1 2 3 4 5 6
for consider all powers
, , , , , , .
of
..
M
a a a a a a a
a a∗∈¢
For example
21
0 1 2
10
10 mod 21 1,10 mod 21 10,10 mod 21 16,.
1,10,16,13, 4,19,1,10,16,13,4,19,1,10,16...
..
a ∗= ∈
= = =
¢
( )MORD minimum 1 such that 1modra r a M= ≥ =
( )21ORD 10 6=
Order finding problem
Input: M (an m-bit integer) and a {1,2,…, M 1}
such that gcd(a, M ) = 1}
Output: ordM (a), which is the minimum r > 0 such
that ar = 1 (mod M )
No efficient classical algorithm is known for this problem
Order finding problem
10 mod 21x
x6 12 18 24
21
6
21 10
10 mod 21 1
correct answer 6
M a
r
∗= = ∈
==
¢
period 6
Solving order-finding via phase estimation
xU
n qubits
m qubits
x
y modxa y M
x
Suppose we can build a circuit that multiplies y by the powers of a, but what about the eigenvector u ?
xU
n qubits
m qubits
x
u2
qix
re uπ ⎛ ⎞
⎜ ⎟⎝ ⎠
x
( )
( )
1 2
0
1 2
0
1 2 2 11
0
12 2 1 21
0
mod
mod
mod
mod
qr i kkr
k
qr i kkr
k
q qr i i kkr r
k
q q qri i k ikr r r
k
U u U e a N
e aa N
e e a N
e e a N e u
π
π
π π
π π π
⎛ ⎞− − ⎜ ⎟⎝ ⎠
=
⎛ ⎞− − ⎜ ⎟⎝ ⎠
=
⎛ ⎞ ⎛ ⎞− − +⎜ ⎟ ⎜ ⎟ +⎝ ⎠ ⎝ ⎠
=
⎛ ⎞ ⎛ ⎞ ⎛ ⎞− − +⎜ ⎟ ⎜ ⎟ ⎜ ⎟+⎝ ⎠ ⎝ ⎠ ⎝ ⎠
=
=
=
=
= =
∑
∑
∑
∑
Sum over all possible values of k - the same Sum, different order of terms
Eigenvalues and eigenvectors of U
It seems that we need to know r - do we ?
1 2u uα β+
0 F
xU
FyEstimate of p1 with prob. |α|2
Estimate of p2 with prob. |β|2
1 1 2 2p u p uα β+( )1 20 u uα β+
Two or more eigenvectors…
Solving order-finding via phase estimation
1
0 F
xU
Fyq
r
Randomly chosen qCo-prime with r ?Continuous fractions
2m qubits
m qubits
We need to distinguish between 1/r and 1/(r+1)and r is of the order of M which is an m bit number
Solving order-finding via phase estimation
modxa M
Solving order-finding via phase estimation
The integer factorization problem
Input: M (m-bit integer; we can assume it is composite)
Output: p, q (each greater than 1) such that pq = M
No efficient (polynomial-time) classical algorithm is known for this problem. Important for public key
cryptosystems
Order finding and factoring have the same complexity. Any efficient algorithm for one is convertible into an efficient algorithm for the other.
Math behind quantum factoring
latter event occurs with probability ½
( )( )/ 2 / 2
1mod
1 0mod
1 1
r
r
r r
a M
a M kM
a a kM kpq
=
− = =
− + = =
( )/ 2 / 2thus either M divides 1 or gcd 1,
is a nontrivial factor of
r ra a M
M
± ±
Truth by example…
Proposed quantum algorithm (repeatedly do):
1. randomly choose a {2, 3, …, M1}
2. compute g = gcd(a,M )3. if g > 1 then
output g, M/g else
compute r = ordM(a) quantum part !
if r is even then
compute x = a r/2 +1 mod M
compute h = gcd(x,M )if h > 1 then output h, M/h
Quantum factoring
Hidden subgroup problem
2g K+
3g K+
K
1g K+
Given YGf a: constant and distinct on cosets of subgroub K
Find a generating set for K in polylog |G| steps
INPUT: PROMISE: OUTPUT:
{ } { }: 0,1 0,1n n
f →
period
( ) ( ) , {0,1}nf x f x s x s= ⊕ ∈s
Example: s=110 is the period (in the group)
( )f xx
000001010011100101110111
111010100110100110111010
( )32Z
( ) ( )110f x f x⊕ =
( ) ( ) ( )( ) ( ) ( )( ) ( ) ( )( ) ( ) ( )
000 000 110 110 111
001 001 110 111 010
010 010 110 100 100
011 011 110 101 110
f f f
f f f
f f f
f f f
= ⊕ = =
= ⊕ = =
= ⊕ = =
= ⊕ = =
Classical Complexity:
Simon’s algorithm revisited
Simon’s algorithm revisited
0
{ } { }: 0,1 0,1n n
f →
0 such that
0
y
s y =g
f
n qubits
n qubits
H H
( )0 0 0x x
x x f x→ →∑ ∑
( ) ( )0 0 0measurement x x s f x→ + ⊕
0( )f x
( )
( ) 1
0 if 1
1if 0
2n
P y y s
P y y s−
= =
= =
g
g
Simon’s Problem as HSP
( ) ( )110f g f g⊕ =
010,100
011,101
000,110
001,111
{ }000,110K =
010,100
011,101
000,110
001,111
( )g
g f g∑
( )k K
x k f x∈
+∑
2nx∈Z010x =
Simon’s Problem as HSP
010,100
011,101
000,110
001,111
( )k K
x k f x∈
+∑
010,100
011,101
000,110
001,111 k K
x k∈
+∑
Simon’s Problem as HSP
010,100
011,101
000,110
001,111 k K
x k∈
+∑
010,100
011,101
000,110
001,111
( ) ( )1 1x y k y
k K y Gk K
x k y⋅ ⋅
∈ ∈ ∈
+ → − −∑ ∑
( ) ( )1 1x y k y
y G k K
y⋅ ⋅
∈ ∈
⎛ ⎞− −⎜ ⎟
⎝ ⎠∑ ∑
( ) ( )2
Pr 1k y
k K
y⋅
∈
∝ −∑
Simon’s Problem as HSP
010,100
011,101
000,110
001,111
( ) ( )2
Pr 1k y
k K
y⋅
∈
∝ −∑
Sample from K ⊥
Reconstruct from log samplesK poly G
1
2
0
0
0n
y k
y k
y k
⋅ =⋅ =
⋅ =M
( ) ( )( ) ( )( ) ( )( ) ( )
000 110 0
110 110 0
001 110 0
111 110 0
⋅ =
⋅ =
⋅ =
⋅ =
Simon’s algorithm: G = (Z2)n K = {0,r}
Shor’s algorithm: G = Z and K = r Z
symmetric group
graph isomorphism
dihedral group
shortest vector in a lattice
D8A B C DS4
Examples
OPEN PROBLEMS QC NEEDS YOU
1 2 31 2 3Lattice ... nna v a v a v a v+ + + +r r r r
1 2 3Basis , , ,..., nv v v vr r r r
1 2 3 nIntegers , , ,...,a a a a
1v
2v
Find the shortest vector
Open problems
Graph isomorphism