Short course on quantum computing

1
Short course on quantum computing

• Andris Ambainis
• University of Latvia

2
Lecture 2

• Quantum algorithms and factoring

3
Factoring

• Input composite N.
• Output p, q ? 2, , N-1 s.t. pqN.
• Hard for classical computers.
• Factoring large integers would break RSA.

4
Factoring

• Quantum computers can factor integers in
  polynomial (quadratic) time Shor94.
• Similar approach also solves discrete logarithm
  by quantum algorithm.
• Today Shors algorithm.

5
Outline

• 1) Computational model.
• 2) Quantum parallelism and quantum interference.
• 3) Simons algorithm.
• 4) Shors algorithm.

6
Basic ideas

• State space consisting of n (quantum) bits.
• Elementary gates on 1 or 2 (qu)bits.
• Efficiently computable poly-size circuits.

7
Classical circuits
X1
X2
X5
X3
?


?
Result
8
Quantum circuit
H
H
H
H
Gates on quantum bits
9
Elementary gates (1)

• Hadamard gate
• Phase shift

10
Elementary gates (2)

• Rotation by angle ??
• Controlled NOT

11
Universality

• Any quantum computation can be performed by a
  circuit consisting of Hadamard, phase, rotation
  by ?/8 and controlled NOT gates.

12
Classical vs. quantum circuits

• We have a classical circuit.
• Can we construct a quantum circuit that computes
  the same function?

13
Reversibility

• Assume f(x)f(y)z.
• If
• then
• U not unitary.

14
Reversibility
We can transform a classical circuit for F to
quantum circuit.
xgt
xgt
F
0gt
F(x)gt
Add extra input initialized to 0.
15
Example
Quantum
Classical
y
x
xgt
xgt
ygt
ygt

0gt
x?ygt
Toffoli gate.
16
Quantum parallelism

• By linearity,
• Many evaluations of f in unit time.

xgt
xgt
0gt
f(x)gt
? xgt f(x)gt
? xgt 0gt
x
x
17
Quantum parallelism

• Once we measure
• we get one particular x and f(x).
• Same as if we evaluated f on a random x.

? xgt f(x)gt
x
18
Quantum parallelism

• Is it useful?
• We cannot obtain all values f(x) from
• because quantum states cannot be measured
  completely.
• We can obtain quantities that depend on many f(x).

? xgt f(x)gt
x
19
Quantum interference

• Hadamard transform

20
Quantum interference

• Negative interference 1gt and -1gt cancel out
  one another.
• Positive interference 0gt and 0gt add up to a
  higher probability.

21
Parallelisminterference

• Use quantum parallelism to compute many f(x).
• Use interference to obtain information that
  depends on many values f(x).
• Requires algebraic structure.
• Ideal for number-theoretic problems (factoring).

22
Order finding

• The order of a?ZN modulo N is the smallest
  integer rgt0 such that
• ar?1 (mod N)
• For example, order of 4 mod 7 is 3
• 41 ? 4, 42 16?2, 43 64?1 (mod 7).
• Factoring reduces to order-finding.

23
Reduction

• If ar?1(mod N), then N divides ar-1.
• If r even, ar-1(ar/2-1)(ar/21).
• If N is product of two or more primes,
• gcd(ar/2-1, N)
• is a nontrivial factor of N with probability at
  least 1/2.

24
Shors algorithm

• Repeat O(log n) times
• Generate random a?1, , N-1
• Check if (a, N)1
• r order(a)
• If r even, check (ar/2-1, N).

25
Period finding

• Function FN?N
• such that F(x)F(xr) for all x.
• Find smallest r.

xgt
xgt
F
0gt
F(x)gt
26
Simons problem

• Function F0, 1n ?0, 1n.
• F(xy)F(x) for all x, bitwise addition.
• Find y.

xgt
xgt
F
0gt
F(x)gt
27
Algorithm Simon, 1994
H
H
0gt
ygt
F
H
H
H
H
f(x)gt
0gt
Repeat n times and combine results y1,..., yn.
28
Hadamard transform
29
Hadamard on n qubits
H
0gt
H
0gt
30
Simons algorithm step-by-step
H
H
0gt
ygt
F
H
H
H
H
F(x)gt
0gt
31
Simons algorithm step-by-step

• Transformations on different qubits commute.
• We can first measure the last n qubits and then
  perform Hadamard on first n qubits.
• Makes calculations simpler.

32
Measuring F(x)

• Partial measurement.
• We get some value yF(x).
• The state
• collapses to part consistent with yF(x).

33
Last step

• We now have the state
• How do we get z?
• Measuring the first register would give only one
  of x and xz.

34
Simons algorithm
H
H
0gt
ygt
F
H
H
H
H
f(x)gt
0gt
35
Hadamard transform
36
Hadamard transform
x1gt
H
x2gt
H
...
...
...
xngt
H
37
Hadamard transform
Signs are the same iff ?zi yi 0 mod 2.
38
Summary

• Measuring the final state gives a vector y such
  that
• n-1 such constraints uniquely determine z, with
  high probability.

39
Summary

• Quantum parallelism computing F for many values
  simultaneously.
• Quantum interference Hadamard transform.

40
Period finding

• Function FN?N
• such that F(x)F(xr) for all x.
• Find r.

xgt
xgt
F
0gt
F(x)gt
41
Algorithm Simon, 1994
H
H
0gt
H
H
F
H
H
0gt
Repeat n times and combine results y1,..., yn.
42
Algorithm Shor, 1994
QFT
QFT
0gt
F
0gt
Find factor by continued fraction expansion.
43
Shors algorithm step-by-step
QFT
QFT
0gt
F
0gt
44
Shors algorithm step by step

• Measuring the second register leaves the first
  register in a state consisting of all x with the
  same F(x)
• dgtdrgtdirgt

45
Quantum Fourier transform
If M2, this is Hadamard transform.
46
QFT detects periods

• Assume r divides M.
• Then,
• If j relatively prime with r,

47
QFT detects periods

• Assume r does not divide M.
• Then, most of T?? consists of kgt with

48
QFT detects periods
r does not divide M
r divides M
0
0
Can we find r?
49
Continued fraction expansion

• Number theory algorithm.
• Given k, M, finds j, r such that
• is smallest among all j and r ? r0.
• If M?(r2), correct w.h.p.

50
Summary of Shors factoring

• Reduce factoring to period-finding.
• Generate a quantum state with period r.
• In the easy case, QFT transforms a state with
  period r into multiples of M/r.
• General case same but approximately.
• Continued fraction algorithm finds the closest
  multiple of M/r.

51
Hidden subgroup

• Function FG?S
• such that F(g)F(hg) iff h?H.
• Find H.

xgt
xgt
F
0gt
F(x)gt
52
Hidden subgroup

• Captures a lot of problems.
• Simons problem G0, 1n, H0n, z.
• Shors period-finding GZ, HrZ (multiples of
  r).
• Discrete logarithm GZ2.
• Pells equation Hallgren, 2002 GR.

53
Discrete log

• Given N, g and x, compute r such that
• gr?x (mod N).
• Another hard problem relevant to crypto
  (Diffie-Hellman).

54
Discrete log

• Define F(y, z)gyxz mod N.
• GZ2.
• Hy,z yzr 0 mod N-1 because gyxzgyrz and
  gN-11.

55
Status of hidden subgroup

• Quantum polynomial time for Abelian G.
• Open for non-Abelian G (except a few groups G
  with simple structure).

56
Graph Isomorphism
G2
G1
?
?
57
Graph Isomorphism

• G all permutations of vertices.
• F(?) ?(G).
• H - permutations that fix G.

58
Hidden subgroup

• Graph Isomorphism reduces to hidden subgroup for
  non-Abelian groups.
• Approximating shortest vector in lattice also
  reduces to HSP.
• Solving HSP by quantum algorithm remains open for
  almost all non-Abelian groups.