Quanum computing

1
Quanum computing
2
What is quantum computation?

• New model of computing based on quantum
  mechanics.
• Quantum circuits, quantum Turing machines
• More powerful than conventional models.

3
Quantum algorithms

• Factoring given Npq, find p and q.
• Best algorithm 2O(n1/3), n -number of digits.
• Many cryptosystems based on hardness of
  factoring.
• O(n2) time quantum algorithm Shor, 1994
• Similar quantum algorithm solves discrete log.

4
Quantum algorithms
...
0
1
0
0
x1
x2
xn
x3

• Find if there exists i for which xi1.
• Queries input i, output xi.
• Classically, n queries.
• Quantum, O(?n) queries Grover, 1996.
• Speeds up exhaustive search.

5
Quantum cryptography

• Key distribution two parties want to create a
  secret shared key by using a channel that can be
  eavesdropped.
• Classically secure if discrete log hard.
• Quantum secure if quantum mechanics valid
  Bennett, Brassard, 1984.
• No extra assumptions needed.

6
Quantum communication

• Dense coding 1 quantum bit can encode 2
  classical bits.
• Teleportation quantum states can be transmitted
  by sending classical information.
• Quantum protocols that send exponentially less
  bits than classical.

7
Experiments

• 10 different ideas how to implement QC.
• NMR, ion traps, optical, semiconductor, etc.
• 7 quantum bit QC Knill et.al., 2000.
• QKD has been implemented.

8
Outline

• Today basic notions, quantum key distribution.
• Tomorrow quantum algorithms, factoring.
• Friday current research in quantum cryptography,
  coin flipping.

9
Model

• Quantum states
• Unitary transformations
• Measurements

10
Quantum bit

• 2-dimensional vector of length 1.
• Basis states 0gt, 1gt.
• Arbitrary state ?0gt?1gt, ?, ?
  complex, ?2 ?21.

1gt
0gt
11
Physical quantum bits

• Nuclear spin orientation of atoms nucleus in
  magnetic field.
• ? 0gt, ? 1gt.
• Photons in a cavity.
• No photon 0gt, one photon 1gt

12
Physical quantum bits (2)

• Energy states of an atom
• Polarization of photon
• Many others.

0gt
1gt
ground state
excited state
13
General quantum states

• k-dimensional quantum system.
• Basis 1gt, 2gt, , kgt.
• General state
• ?11gt?22gt?kkgt,
• ?12 ?k21
• 2k dimensional system can be constructed as a
  tensor product of k quantum bits.

14
Unitary transformations

• Linear transformations that preserve vector norm.
• In 2 dimensions, linear transformations that
  preserve unit circle (rotations and reflections).

15
Examples

• Bit flip
• Hamamard transform

16
Linearity

• Bit flip
• 0gt?1gt
• 1gt?0gt

• By linearity,
• ?0gt?1gt? ?1gt?0gt
• Sufficient to specify U0gt, U1gt.

17
Examples
1gt
0gt
18
Measurements

• Measuring ?0gt?1gt in basis 0gt, 1gt gives
• 0 with probability ?2,
• 1 with probability ? 2.
• Measurement changes the state it becomes 0gt or
  1gt.
• Repeating measurement gives the same outcome.

19
Measurements
0gt
1gt
20
General measurements

• Let ?0gt, ?1gt be two orthogonal one-qubit
• states.
• Then,
• ?gt ?0?0gt ?1?1gt.
• Measuring ?gt gives ?igt with probability
  ?i2.
• This is equivalent to mapping ?0gt, ?1gt to 0gt,
  1gt and then measuring.

21
Measurements
Probability 1
22
Measurements
1gt
23
Measurements

• Measuring
• ?11gt?22gt?kkgt
• in the basis 1gt, 2gt, , kgt gives igt with
  probability ?i2.
• Any orthogonal basis can be used.

24
Partial measurements

• Example two quantum bits, measure first.

25
Classical vs. Quantum

• Classical bits
• can be measured completely,
• are not changed by measurement,
• can be copied,
• can be erased.

• Quantum bits
• can be measured partially,
• are changed by measurement,
• cannot be copied,
• cannot be erased.

26
Copying
One nuclear spin ? Two spins
?
Impossible!
Related to impossiblity of measuring a state
perfectly.
27
No-cloning theorem

• Imagine we could copy quantum states.
• Then, by linearity
• Not the same as two copies of 0gt1gt.

28
Key distribution

• Alice and Bob want to create a shared secret key
  by communicating over an insecure channel.
• Needed for symmetric encryption (one-time pad,
  DES etc.).

29
Key distribution

• Can be done classically.
• Needs hardness assumptions.
• Impossible classically if adversary has unlimited
  computational power.
• Quantum protocols can be secure against any
  adversary.
• The only assumption quantum mechanics.

30
BB84 states
?gt 1gt
? gt
? gt
?gt 0gt
31
BB84 QKD
...
Alice
Bob
32
BB84 QKD

• Alice sends n qubits.
• Bob chooses the same basis n/2 times.
• If there is no eavesdropping/transmission errors,
  they share the same n/2 bits.

33
Eavesdropping

• Assume that Eve measures some qubits in ???, ??
  basis and resends them.
• If the qubit she measures is ?gt or ?gt, Eve
  resends a different state (??? or ?? ).
• If Bob chooses ?gt, ?gt basis, he gets each
  answer with probability 1/2.
• With probability 1/2, Alice and Bob have
  different bits.

34
Eavesdropping

• Theorem Impossible to obtain information about
  non-orthogonal states without disturbing them.
• In this protocol

35
Check for eavesdropping

• Alice randomly chooses a fraction of the final
  string and announces it.
• Bob counts the number of different bits.
• If too many different bits, reject (eavesdropper
  found).
• If Eve measured many qubits, she gets caught.

36
Next step

• Alice and Bob share a string most of which is
  unknown to Eve.
• Eve might know a few bits.
• There could be differences due to transmission
  errors.

37
Classical post-processing

• Information reconciliation Alice and Bob apply
  error correcting code to correct transmission
  errors.
• They now have the same string but small number of
  bits might be known to Eve.
• Privacy amplification apply a hash function to
  the string.

38
QKD summary

• Alice and Bob generate a shared bit string by
  sending qubits and measuring them.
• Eavesdropping results in different bits.
• That allows to detect Eve.
• Error correction.
• Privacy amplification (hashing).

39
Eavesdropping models

• Simplest Eve measures individual qubits.
• Most general coherent measurements.
• Eve gathers all qubits, performs a joint
  measurement, resends.

40
Security proofs

• Mayers, 1998.
• Lo, Chau, 1999.
• Preskill, Shor, 2000.
• Boykin et.al., 2000.
• Ben-Or, 2000.

41
EPR state

• First qubit to Alice, second to Bob.
• If they measure, same answers.

• Same for infinitely many bases.

42
Bells theorem

• Alices basis
• Bobs basis y instead of x.

1gt
0gt
43
Bells theorem
Prb0
Prb1
Pra0
Pra1
44
Classical simulation

• Alice and Bob share random variables.
• Someone gives to them x and y.
• Can they produce the right distribution without
  communication?

45
Bells theorem

• Classical simulation impossible
• Bells inequality constraint satisfied by any
  result produced by classical randomness.

46
Ekerts QKD

• Alice generates n states
• sends 2nd qubits to Bob.
• They use half of states for Bells test.
• If test passed, they error-correct/amplify the
  rest and measure.

47
Equivalence

• In BB84 protocol, Alice could prepare the state
• keep the first register and send the second to
  Bob.

?
?
?
?
48
Ekert and BB84 states
?
?
?
?
49
QKD summary

• Key distribution requires hardness assumptions
  classically.
• QKD based on quantum mechanics.
• Higher degree of security.
• Showed two protocols for QKD.

50
QKD implementations

• First Bennett et.al., 1992.
• Currently 67km, 1000 bits/second.
• Commercially available Id Quantique, 2002.

51
Quantum Factoring
52
Quantum Algorithms

• Quantum Algorithms should exploit quantum
  parallelism and quantum interference.
• We have already seen some elementary algorithms.

53
Quantum Algorithms

• These algorithms have been computing essentially
  classical functions on quantum superpositions
• This encoded information in the phases of the
  basis states measuring basis states would
  provide little useful information
• But a simple quantum transformation translated
  the phase information into information that was
  measurable in the computational basis

54
Extracting phase information with the Hadamard
operation
55
Overview

• Quantum Phase Estimation
• Eigenvalue Kick-back
• Eigenvalue estimation and order-finding/factoring
• Shors approach
• Discrete Logarithm and Hidden Subgroup Problem
  (if theres time)

56
Quantum Phase Estimation

• Suppose we wish to estimate a number given
  the quantum state

• Note that in binary we can express

57
Quantum Phase Estimation

• Since for any integer k, we have

58
Quantum Phase Estimation

• If then we can do the following

59
Useful identity

• We can show that

60
Quantum Phase Estimation

• So if then we can do the following

61
Quantum Phase Estimation

• So if then we can do the following

62
Quantum Phase Estimation

• Generalizing this network (and reversing the
  order of the qubits at the end) gives us a
  network with O(n2) gates that implements

63
Discrete Fourier Transform

• The discrete Fourier transform maps vectors of
  dimension N by transforming the elementary
  vector according to

• The quantum Fourier transform maps vectors in a
  Hilbert space of dimension N according to

64
Discrete Fourier Transform

• Thus we have illustrated how to implement (the
  inverse of) the quantum Fourier transform in a
  Hilbert space of dimension 2n

65
Estimating arbitrary

• What if is not necessarily of the form for
  some integer x?

• The QFT will map to a superposition

where
66
Quantum Phase Estimation

• For any real

• With high probability

67
Eigenvalue kick-back

• Recall the trick

68
Eigenvalue kick-back

• Consider a unitary operation U with eigenvalue
  and eigenvector

69
Eigenvalue kick-back
70
Eigenvalue kick-back

• As a relative phase, becomes measurable

71
Eigenvalue kick-back

• If we exponentiate U, we get multiples of

72
Eigenvalue kick-back
73
Eigenvalue kick-back
74
Phase estimation
75
Eigenvalue estimation
76
Eigenvalue estimation
77
Eigenvalue estimation

• Given with eigenvector and eigenvalue we
  thus have an algorithm that maps

78
Eigenvalue kick-back

• Given with eigenvectors and respective
  eigenvalues we thus have an algorithm that
  maps

and therefore
79
Eigenvalue kick-back

• Measuring the first register of

is equivalent to measuring with probability
80
Example

• Suppose we have a group and we wish to find
  the order of (I.e. the smallest
  positive such that )
• If we can efficiently do arithmetic in the group,
  then we can realize a unitary operator
  that maps
• Notice that

• This means that the eigenvalues of are of
  the form where k is an integer

81
(Aside more on reversible computing)
If we know how to efficiently compute and
then we can efficiently and reversibly map
82
(Aside more on reversible computing)
And therefore we can efficiently map
83
Example

• Let
• Then
• We can easily implement, for example,

• The eigenvectors of include

84
Example
85
Example
86
Example
87
Example
88
Example
89
Eigenvalue Kickback
90
Eigenvalue Kickback
91
Eigenvalue Kickback
92
Eigenvalue Kickback
93
Quantum Factoring

• The security of many public key cryptosystems
  used in industry today relies on the difficulty
  of factoring large numbers into smaller factors.
• Factoring the integer N into smaller factors can
  be reduced to the following task

Given integer a, find the smallest positive
integer r so that
94
Example

• Let
• We can easily implement

• The eigenvectors of include

95
Example
96
Example
97
Eigenvalue kick-back

• Given with eigenvectors and respective
  eigenvalues we thus have an algorithm that
  maps

and therefore
98
Eigenvalue Estimation
99
Eigenvalue kick-back

• Measuring the first register of

is equivalent to measuring with probability
100
Finding r
For most integers k, a good estimate of (with
error at most ) allows us to determine r
(even if we dont know k). (using continued
fractions)
101
(aside how does factoring reduce to
order-finding??)

• The most common approach for factoring integers
  is the difference of squares technique
• Randomly find two integers x and y satisfying
• So N divides
• Hope that is non-trivial
• If r is even, then let
• so that

102
Shors approach

• This eigenvalue estimation approach is not the
  original approach discovered by Shor
• Kitaev developed an eigenvalue estimation
  approach (to the more general Hidden Stabilizer
  Problem)
• Weve presented the CEMM version here

103
Discrete Fourier Transform

• The discrete Fourier transform maps uniform
  periodic states, say with period r dividing N,
  and offset w, to a periodic state with period N/r.

104
Discrete Fourier Transform

• The quantum Fourier transform maps vectors in a
  Hilbert space of dimension N according to

105
Shors Factoring Algorithm
106
Network for Shors Factoring Algorithm
107
Eigenvalue Estimation Factoring Algorithm
108
Network for Eigenvalue Estimation Factoring
Algorithm
109
Equivalence of ShorCEMM

• Shor analysis CEMM analysis

110
Equivalence of ShorCEMM

• Shor analysis CEMM analysis

111

Discrete Logarithm Problem
Consider two elements from a group G
satisfying Find s.
112
Discrete Logarithm Problem
We know has eigenvectors
113
Discrete Logarithm Problem
Thus has the same eigenvectors but
with eigenvalues exponentiated to the power of s
114
Discrete Logarithm Problem
115
Discrete Logarithm Problem
Given k and ks, we can compute s mod r (provided
k and r are coprime)
116
Abelian Hidden Subgroup Problem
Find generators for
117
Network for AHS
118
AHS Algorithm in standard basis
119
AHS for in eigenbasis
(Simons Problem)
is an eigenvector of
120
Other applications of Abelian HSP

• Any finite Abelian group G is the direct sum of
  finite cyclic groups
• But finding generators
  satisfying is not always easy, e.g. for
  its as hard as factoring N
• Given any polynomial sized set of generators, we
  can use the Abelian HSP algorithm to find new
  generators that decompose G into a direct sum of
  finite cyclic groups.

121
Examples
Deutschs Problem
or
Order finding
any group
122
Example
Discrete Log of to base
any group
123
Examples
Self-shift equivalences
124
What about non-Abelian HSP

• Consider the symmetric group
• Sn is the set of permutations of n elements
• Let G be an n-vertex graph
• Let
• Define
• Then
• where

125
Graph automorphism problem

• So the hidden subgroup of is the
  automorphism group of G
• This is a difficult problem in NP that is
  believed not to be in BPP and yet not
  NP-complete.

126
Other

• Progress on the Hidden Subgroup Problem in
  non-Abelian groups (not an exhaustive list)
• Ettinger, Hoyer arxiv.gov/abs/quant-ph/9807029
• Roetteler,Beth quant-ph/9812070
• Ivanyos,Magniez,Santha arxiv.org/abs/quant-ph/0102
  014
• Friedl,Ivanyos,Magniez,Santha,Sen
  quant-ph/0211091 (Hidden Translation and Orbit
  Coset in Quantum Computing) they show e.g. that
  the HSP can be solved for solvable groups with
  bounded exponent and of bounded derived series
• Moore,Rockmore,Russell,Schulman, quant-ph/0211124

127
(No Transcript)