Quantum Algorithms I Andrew Chi-Chih Yao Tsinghua University & Chinese U. of Hong Kong
Quantum Computing: Confluence of deep ideas Physics Chemistry Computer Science Mathematics Also, Material Science, Engineering,...
Quantum Information Processing Research Underway on Many Fronts: u Build quantum computers, quantum sources u Develop quantum information theory, error correction methods u Develop quantum algorithms, comm. protocols (cryptography, teleportation, etc.)
Quantum Preliminaries: In the simplest case u A quantum state is a unit vector u in C 2 u A measurement is an orthogonal base {e 1, e 2 }. u = u 1 +u 2 will be measured as u 1 with prob |u 1 | 2 as u 2 with prob |u 2 | 2 u Features: If u is not known, then -- The result of a measurement cannot be predicted. -- A measurement can disturb the system. u In any physical process: -- U has to be a unitary operator (ie, a “rotation”)
Quantum Preliminaries: More generally u An n-qbit quantum state is a unit vector u in the Hilbert space u A measurement is a family of orthogonal linear subspaces decomposing H u A state will, upon meaurement M, become u i with prob |u i | 2 u Notation: Quantum states u often are written as |x> u Any physical process: where U is unitary
Outline of Talk I. What is a quantum computer ? II. Fast quantum algorithms -- Simon’s Problem III. Quantum cryptography -- Key distribution IV. Outlook
I. What is a quantum computer ? classical computer Q X= f(x)= Q’s state transition q0q0 q1q1 q T after time T... 2 m possible states each q i specified with m bits Can be implemented with m flip-flops
Classical Computer (continued) u Turing, Church (1930’s): formulate the models u von Neumann (1950’s): circuit-based architecture u Example: parity function x = , p(x) = 1 iff x has even number of 1’s moves from left to right, keeping track of current parity. q0q0
Quantum computer m spin- 1/2 particles represented by a Hilbert space of dimension 2 m, with a natural base |x>, x in { 0,1 } m x= v1v1... v0v0 vtvt after T steps perform a measurement on v t to get f(x)= determined by x
Quantum Computer (continued) u Benioff (1980) version of quantum Turing machine u Feymann (1985) version of quantum circuits u Deutsch (1985, 89) QTM, circuits, universal QTM u Bernstein, Vazirani (1993) efficient universal QTM for restricted classes u Solovay, Yao (1993) efficient universal QTM, equivalence of QTM & circuits
For our purpose: an array of m spin- 1/2 particles are processed left-to-right in each step. control unit with fixed number of bits m
Implementation of Quantum Computer: Quantum circuits can be built using Hadamard gates, pi/8-gates, and CNOT.
A Typical Quantum Circuit
II. Fast Quantum Algorithms - Simon’s Problem A black-box 2 to 1 mapping: there exists a secret with f(x) = f(x+s) Problem: determine s Note: classical algorithms must make an exponential number of queries f(x)=?
u Each hole x illuminates points (y, f(x)) on the screen with amplitudes u Write For any (y,z), the only amplitude contributions come from and, and is equal to 0 if since u Thus, all bright spots (y,z) satisfy. Finding n such columns y’s is sufficient to determine s
Hadmard’s Transform u For 1 bit u For n bits
Simon’s Algorithm
Now, Thus, Make a measurement on v, one sees only those |y>|z> satisfying. Repeat n times to solve for s as in the optical case. to Bob.
A very important result: Shor (1994) developed an efficient quantum algorithm for factoring large integers. His method uses an approach similar to Simon’s algorithm.t to Bob.
III. Quantum Cryptography -- key distribution Conjugate Coding (S. Wiesner 1970) u Two bases for a 2-state quantum system u A bit b can be stored as |b> p, where p is randomly chosen from {+, x} |1> + |0> + |1> x |0> x
Quantum Bank Note Method: An n-bit serial number b 1 b 2 …b n is stored on the bank note by conjugate coding each b i as a quantum object B i. The bank records what bases are used. When cashed, the bank measures B i by using the recorded bases to see if there is any discrepancy. Advantages: u cannot be copied u hard to counterfeit u tampering destroys the bank note But it’s not practical...
Key Distribution Problem Alice and Bob want a confidential communication. Is it possible to generate a key K by public discussions ? In the classical case … impossible information-theoretically; but feasible if assuming Eve cannot factor large integers. Alice Bob xy KK Eve
Observation : u It suffices to generate K A for Alice, K B for Bob that differ in at most 10% of the bits. It is possible to then use error correcting code to obtain a common K for both.
Quantum Key distribution (Bennett &Brassard 84) u Alice makes a random quantum bank note, and sends it to Bob. u Alice reveals all the n bases used on the bank note. u Then Bob can measure the B i using these bases to get the original bits b i.
Quantum Key distribution (Bennett &Brassard 84) u Alice makes a random quantum bank note, and sends it to Bob. Bob measures randomly n/2 of the B i ’s, each with a random base; then he checks with Alice for any inconsistency. u Alice reveals all the n bases used on the bank note. u Then Bob can measure the B i using these bases to get the original bits b i.
Heuristic Proof of Security: u After the test Alice and Bob have n/2-bit keys K A and K B u If Eve tampered with less than 5% of the original B i ’s, then K A and K B differ in at most 10% of their bits. This then gives a common key K. u If Eve tampered with more than 5% of the original B i ’s, then the test step would have caught it.
Remarks: Rigorous proof of security for quantum key distribution is often hard. Some strong results were first given by D. Mayers (1995). Also see Chau & Lo, Preskill & Shor.ee
IV. Outlook u Need more instances of fast quantum algorithms -- Graph isomorphism problem ? u Need more applications in quantum cryptography. Coin flipping with bounded bias can be done (Aharonov, Ta-Shma, Vazirani, Yao ‘ 00) -- What else can be accomplished ? u Beginning of a new interdisciplinary science between Physics and Computer Science.