Shor’s Factoring Algorithm David Poulin Institute for Quantum Computing & Perimeter Institute for Theoretical Physics Guelph, September 2003
Summary Some number theory Shor’s entire algorithm Quantum circuits Phase estimation Quantum Fourier transform Final circuit David Poulin, IQC & PI
A bit of number theory Theorem If a ±b (mod N) but a2 b2 (mod N) Then gcd(a+b,N) is a factor of N. Proof a2 - b2 0 (mod N) (a - b)(a+b) 0 (mod N) ( t) [ (a - b) (a+b) = tN ] gcd(a+b, N) is a non trivial factor of N. uN vN David Poulin, IQC & PI
Shor’s entire algorithm N is to be factored: Choose random x: 2 x N-1. If gcd(x,N) 1, Bingo! Find smallest integer r : xr 1 (mod N) If r is odd, GOTO 1 If r is even, a = xr/2 (mod N) If a = N-1 GOTO 1 ELSE gcd(a+1,N) is a non trivial factor of N. Easy Easy Hard Easy David Poulin, IQC & PI
Success probability Theorem If N has k different prime factors, probability of success for random x is 1- 1/2k-1. Add this step to Shor’s algorithm: 0. -Test if N=N’2l and apply Shor to N’ -Compute for 2 j ln2N. If one of these root is integer, apply Shor to this root. Probability of success ½. Easy David Poulin, IQC & PI
Classical computing Basic logical unit: the bit 0 or 1 Universal set: (Not-and, Swap, Copy) A B NAND (A B) 1 A Not-and(A B) B A B A Swap Copy A B A A David Poulin, IQC & PI
Bits and Qubits Classical Quantum | + |1 ||2 + ||2=1 0 or 1 | + |1 ||2 + ||2=1 1 qubit 0 or 1 n bits n qubits (|4- |7) = (|0100- |0111) = |01(|00- |11) 000...0 (0) 000...1 (1) … 111...1 (2n-1) Measure Measure i with probability |ci|2 b1b2b3...bn David Poulin, IQC & PI
Quantum gates Universal set: (C-not, U(2) on single qubit) |0 (|0+|1) Ex. One qubit gate: H |1 (|0-|1) Controlled not: |a |b |b if a=0 |b if a=1 David Poulin, IQC & PI
Composing Quantum gates Use linearity of quantum mechanics. |0 H (|0|0 +|1|1) |0 (|0+ |1) |0 = (|0|0 + |1|0) Any classical computation can be made reversibly (one to one) with poly overhead. Any reversible classical computation can be performed on a quantum computer with poly overhead. David Poulin, IQC & PI
Phase kick back What are the eigenstates of NOT? |+ = (|0+ |1) |+ = (|0+ |1) (|1+ |0) = |+ ± |± |- = (|0- |1) (|1- |0) = - |- |0 H |± |± = |0+ eix |1 |x s.t. eig. = eix (|0| ± + |1| ± ) (|0| ± ± |1| ± ) = (|0± |1) | ± David Poulin, IQC & PI
Phase estimation Hn U2 U In the previous slide, we were able to determine whether was 0 or . Q: Can me determine any ? A: We can get the best n bit estimation of /2. |0 |u U Hn U2 2 3 4 |0+ei2 |1 |0+ei |1 … | David Poulin, IQC & PI
Quantum Fourier Transform (binary extension of x/2n mod1) So applying F-1 to | will yield |x that is the best n bit estimation of /2. David Poulin, IQC & PI
QFT circuit F-1 Qubit n is |0+ |1 if x0 is |0 and |0- |1 if x0 is |1. (a phase 0 or - depending on x0) H |x0 Qubit n-1 depends on x0 with a phase 0 or -/2 and on x1 with a phase 0 or - |x0 H |x1 R1 H David Poulin, IQC & PI
QFT circuit H R1 R2 R3 H R1 R2 H R1 H We define the gate Rk as a -/2k phase gate. |x3 H R1 R2 R3 |x2 H R1 R2 |x1 H R1 |x0 H Note: H = R0 David Poulin, IQC & PI
Multiplication Consider UN,a : |x |ax mod N. Then, for k = 1,...,r are eigenstates of UN,a with eigenvalues UN,a If we could prepare such a state, we could obtain an estimation of k/r hence of r. It requires the knowledge of r. David Poulin, IQC & PI
Multiplication Consider the sum Since The state |1 is easy to prepare. In what follows, we show that it can be used to get an estimation of k/r for random k. David Poulin, IQC & PI
m m m Phase estimation Hn F-1 U2 U U2 U2 U2 |0 |1 This measurement is useless! No knowledge of r is needed! This measurement commutes with the Us so we can perform it after. m Make measurement here to collapse the state to a random |k : get an estimation of k/r for random k. m U2 2 3 4 |1 U U2 U2 U2 N,a N,a N,a N,a N,a David Poulin, IQC & PI