lecture note 8: quantum algorithms jian-wei pan. outline quantum parallelism shor’s quantum...
TRANSCRIPT
Lecture note 8: Quantum Algorithms
Jian-Wei Pan
Outline
• Quantum Parallelism• Shor’s quantum factoring algorithm• Grover’s quantum search algorithm
Quantum Algorithm
• Quantum Parallelism
- Fundamental feature of many quantum algorithms- it allows a quantum computer to evaluate a function f(x) for many different values of x simultaneously.
- This is what makes famous quantum algorithms, such as Shor’s algorithm for factoring, or Grover’s algorithm for searching.
| |i ii i
U a i aU i
RSA encryption and factoring
• RSA is named after Riverst, Shamir and Adleman, who came up with the scheme m1×m2 = N, (with m1 and m2 primes)• Based on the ease with which N can be calculated
from m1 and m2.• And the difficulty of calculating m1 and m2 from N.• N is made public available and is used to encrypt
data.• m1 and m2 are the secret keys which enable one to
decrypt the data.• To crack a code, a code breaker needs to factor N.
RSA encryption and factoring
• Problem: given a number, what are its prime factors ? e.g. a 129-digit odd number which is the product of
two large primes,
114381625757888867669235779976146612010218296721242362562561842935706935245733897830597123 63958705058989075147599290026879543541
=3490529510847650949147849619903898133417764638493387843990820577
x 32769132993266709549961988190834461413177642967992942539798288533
• Best factoring algorithm requires sources that grow exponentially in the size of the number
- , with n the length of N• Difficulty of factoring is the basis of security for the
RSA encryption scheme used.
))log(exp( 3/23/1 nnO
Shor’s algorithm
Algorithms for quantum computation: discrete logarithms and factoring - Foundations of Computer Science, 1994 Proceedings., 35th Annual Symposium on Publication Date: 20-22 Nov
1994. On pages: 124-134
Shor, P.W. AT&T Bell Labs., Murray Hill, NJ;
Shor’s algorithm
• Shor’s code-breaking Quantum Algorithm
-How fast can you factor a number?
- Quantum computer advantage
• Code-breaking can be done in minutes, not in millennia
• Public key encryption, based on factoring, will be
vulnerable!!!
• E.g. factor a 300-digit number
• Classical THz computer
- steps - 150,000 years• Quantum THz
computer - steps - 1 second
2410
1010
How to factor an odd number – a little number theory
• Modular Arithmetic
simply means
where k is an integer.
• Consider - where x and N are co-primes, i.e. greatest
common divisor gcd(a,N)=1. No factors in common. It will be demonstrated in the following that finding
r is equivalent to factoring N
mod moda b N b a N
kNba
1modrx N
A little number theory
• Consider the equations
then we have
1 2 1modrm m N x N
2
2
1 2
1mod
1 0mod
( 1)( 1) 0mod
( 1)( 1) 0mod
y N
y N
y y N
y y m m
1
2
1 0 mod 1 0 mod;or
1 0 mod 1 0 mod1
y m y N
y m y
A little number theory
gcd( 1, ) ,
gcd( 1, ) 1.
y N N
y N
1
2
gcd( 1, ) ,
gcd( 1, ) .
y N m
y N m
Note that gcd can be calculated efficiently.If we can find r, and r is evenThen
provided we don’t get trivial solutions.If r is an odd number, change x, try again.
2 / 2 2( ) 1modry x N
/ 21
/ 22
gcd( 1, )
gcd( 1, )
r
r
m x N
m x N
We acquire a trivial solution
and the desired solution
A little number theory
• Finding r is equivalent to factoring N - It takes operations to find r using
classical computer. (n the digits of N)
• An important result from number theory,
is a periodic function. E.g. N=15, x=7. period r= 4
• Factoring reduces to period finding.
)2( nO
( ) modrf r x N
r 0 1 2 3 4
1 7 4 13 1modrx N
Shor algorithm
• Using quantum computer to find the period r.• The algorithm is dependent on
– Modular Arithmetic– Quantum Parallelism– Quantum Fourier Transform
• Illustration• To factor an odd integer, N=15• Choose a random integer x satisfying
gcd(x,N)=1, x=7 in our case.
Shor’s algorithm
• Create two quantum registers, - input registers: contain enough qubits to
represent r , ( 8 qubits up to 255) - output registers: contain enough qubits to
represent (we need 4 qubits )
• Load the input registers an equally weighted superposition state of all integers (0-255) .
The output registers are zero.
( ) modrf r x N N
Shor’s algorithm
a – input register, 0- output registerApply a controlled unitary transformation to
the input register , storing the results in the output registers.
• From quantum Parallelism, this unitary transformation can be implemented on all the states simultaneously.
255
0
1| | ,0
256 a
a
| , 0 | , modaU a a x N
255 255
0 0
1 1| | ,0 | , mod
256 256a
a a
U U a a x N
Shor’s algorithm
• The unitary transformation U consists of a series of elementary quantum gates, single-, two-qubit...
• The sequence of these quantum gates that are applied to the quantum input depends on the classical variables x and N complicatedly.
• We need a classical computer processes the classical variables and produces an output that is a program for the quantum computer, i.e. the number and sequence of elementary quantum operations. This can be performed efficiently on a classical computer.
(see details, PRA, 54, 1034, (1996);
Shor’s algorithm
Now we measure the output registers, this will collapse the superposition state to one of the outputs |1>,|7>|4>,|13>, for example |1>.
in 0 1 2 3 4 5 6 7 8 9 10 11 12 …out
1 7 4 13 1 7 4 13 1 7 4 13 1 …
1| [(| 0 | 4 | 8 |12 ... | 252 ) |1
256
(|1 | 5 | 9 |13 ... | 253 ) | 7
(| 2 | 6 |10 |14 ... | 254 ) | 4
(| 3 | 7 |11 |15 ... | 255 ) |13 ]
U
Assume we applied U on the quantum registers.
Shor’s algorithm
• Measure the output register will collapse the input register into an equal superposition state.
which is a periodic function of period r=4.
• We now apply a quantum Fourier transform on the collapsed input register to increase the probability of some states.
/ 1
0
1| (| 0 | 4 | 8 |12 ... | 252 ) |
64
M r
j
jr
1
0
21| | , (M=256)
akMM
k
iT a e k
M
Shor’s algorithm
Here f(k) can be easily calculated
For simplicity, we have assumed M/r is an integer
/ 1 / 1 1
0 0 0
1 / 1 1
0 0 0
2| | |
2( ) | = ( ) |
jr kM r M r MM
j j k
jr kM M r MM
k j k
iT T jr e k
ie k f k k
2/ 1
2 /
0
10, / integer2 / ( ) 1
/ , / =integer
ikM r
ikr M
j
ekr Mi jkr Mf k e e
M r kr M
Shor’s algorithm
• The QFT essentially peaks the probability amplitudes at integer multiples of M/r. When we measure the input registers, we randomly get c=jM/r, with .
• If gcd(j,r)=1, we can determine r by canceling to an irreducible fraction.
• From number theory, the probability that a number chosen randomly from 1…r is coprime to r is greater than 1/logr. Thus we repeat the computation O(logr)<O(logN) times , we will find the period r with probability close to 1.
• This gives an efficient determination of r. (see more details in Rev. Mod. Phys., 68, 733 (1996)
1 1
0 0
| ( ) | | / | 0 | 64 |128 |192M r
k j
T f k k jM r
0 1j r c j
M r
Shor’s algorithm
• In our case, c=0, 64, 128,192, M=256; then c/M=0, ¼, ½, ¾.
• We can obtain the correct period r=4 from ¼ and ¾ and incorrect period r=2 from ½ . The results can
be easily checked from • Now that we have the period r=4, the factors of
N=15 can be determined. This computation will be done on a classical computer.
3)15,17gcd(),1gcd(
5)15,17gcd(),1gcd(2/42/
2
2/42/1
Nxm
Nxmr
r
mod 1rx N
Shor’s algorithm
– Generate random x{1, …, N-1};– Check if gcd(x, N)=1;– r = period(x); (The period can be evaluated in
polynomial time on a quantum computer.)
- Prime factors are calculated by classical computer
),1gcd(
),1gcd(2/
2
2/1
Nxm
Nxmr
r
Shor’s algorithm
• N=15=5×3, the simplest meaningful instance of Shor’s algorithm
• Input register 3 qubits output register 4 qubits (Nature 414, 883, 2001)
Grover’s algorithm
• How quickly can you find a needle in a haystack
• Classical search - sequentially try all N
possibilities - average search takes
N/2 steps
• Quantum search - simultaneously try all
possibilities - refining process
reveals answer
- average search takes steps1/ 2N
Grover’s search algorithm
L.K. Grover, Phys. Rev. Lett., 79,325, (1997)
Grover’s search algorithm
• Problem : given a Quantum oracle, try to find one specific state , satisfying
R is a N×N diagonal matrix, satisfying Rii=-
1, if i=x; Rii =1, other diagonal elements. To find x is equivalent to find which diagonal element of R is -1, i.e. x .
• Classically, we have to go through every diagonal element. We expect to find the -1 term after N/2 queries to all the diagonal elements.
1,2... ... ,...i x N
x| ,
| {| , otherwise
i i xR i
i
Grover’s algorithm
• Take a m-qubit register, assume• Prepare the registers in an equal superposition
state of all the states.
• Iterations of Rotate Phase and Diffusion operator
• Measure the register to get the specific state
2m N
N1
0
1| |
N
i
iN
x
Grover’s algorithm
• In fact, R is a phase rotate operator
e.g.
| , | {
| , otherwise
i i xR i
i
1x 00 11 22 33 44 55
00 11 22 33 44 55
|
|R
Grover’s algorithm
• Diffusion operator
The successive operation of Rotate phase and Diffusion
operator will increase the probability amplitude of the desired state.
2 2 21 ...
2 2 21 ...
2 2 2... 1
N N N
D N N N
N N N
00 11 22 33 44
|DR
Grover’s algorithm
• Initial state
• After n iteration, we have
• Considering
| ( ) | ,nn DR
2 2ˆ ˆ 1
2 2ˆ ˆ 2 1
DRN N
DRN N
1 1
0 0( )
1 1 1|
N N
i ii x
i x iN N N
| | | ,n n na b 1 0
1 0
211 , 2
, with 1
, 1
n n
n n
a a aN
b b b
1N
Grover’s algorithm
• Finally, we get
• The probability to collapse into the x
• We choose iteration steps the probability of failure
1
0
2cos
2sin
N
nii x
nn Nx iN N
22
sinn
P nN
[ ]4
n N
2 1 11 cos 0
2Np n O
NN
Grover’s algorithm
• Can we do better than a quadratic speed up for Quantum Searches.
• No! Grover algorithm is optimal. Any quantum algorithm, with respect to an Oracle, can not do better that Quadratic time.
• Good and Bad– Good: Grover’s is Optimal– Bad: No logarithmic time algorithm
:Limits of “Black-Box” quantum computing
Grover’s algorithm
• Experiment realization - Nuclear magnetic resonance I. L .Chuang et. al. PRL, 80, 3408 (1998). - Linear optics P.G. Kwait et. al. J. Mod. Opt. 47, 257 (2000). - individual atom J. Ahn et. al. Science, 287, 463 (2000). - trapped ion M. Feng, PRA, 63, 052308 (2001).