Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 667 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 2117 Lecture.

Published byHelena Wilcox Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 667 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 2117 Lecture."— Presentation transcript:

1 1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 667 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 2117 cleve@cs.uwaterloo.ca Lecture 11 (2011)

2 2 Order-finding via eigenvalue estimation

3 3 Order-finding problem Let M be an m -bit integer Def: Z M * = {x  {1,2,…, M  1} : gcd( x,M ) = 1 } (a group) Def: ord M ( a ) is the minimum r > 0 such that a r = 1 ( mod M ) Order-finding problem: given a and M, find ord M ( a ) Example: Z 21 * = { 1,2,4,5,8,10,11,13,16,17,19,20 } The powers of 10 are: 1, 10, 16, 13, 4, 19, 1, 10, 16, … Therefore, ord 21 (10) = 6 Note: no classical polynomial-time algorithm is known for this problem

4 4 Order-finding algorithm (1) Define: U (an operation on m qubits) as: U  y  =  a y mod M  Define: Then

5 5 Order-finding algorithm (2) U n qubits 2n qubits corresponds to the mapping:  x  y    x  a x y mod M  Moreover, this mapping can be implemented with roughly O( n 2 ) gates The phase estimation algorithm yields a 2 n - bit estimate of 1/ r From this, a good estimate of r can be calculated by taking the reciprocal, and rounding off to the nearest integer Problem: how do we construct state  1  to begin with? Exercise: why are 2 n bits necessary and sufficient for this?

6 6 Bypassing the need for   1  (1) Let Any one of these could be used in the previous procedure, to yield an estimate of k/r, from which r can be extracted What if k is chosen randomly and kept secret?

7 7 Bypassing the need for   1  (2) Note: If k and r have a common factor, it is impossible because, for example, 2/3 and 17/51 are indistinguishable What if k is chosen randomly and kept secret? Can still uniquely determine k and r, from a 2m -bit estimate of k/r, provided they have no common factors, using the continued fractions algorithm* * For a discussion of the continued fractions algorithm, please see Appendix A4.4 in [Nielsen & Chuang] So this is fine as long as k and r are relatively prime …

8 8 Bypassing the need for   1  (3) Recall that k is randomly chosen from {1,…, r} What is the probability that k and r are relatively prime? Therefore, the success probability is at least  ( 1 / log m) The probability that this occurs is  (r) / r, where  is Euler’s totient function It is known that  (r) =  (r / loglog r), which implies that the above probability is at least  ( 1 / loglog r) =  ( 1 / log m) Is this good enough? Yes, because it means that the success probability can be amplified to any constant < 1 by repeating O( log m) times (so still polynomial in m ) But we still need to generate a random  k  here …

9 9 Bypassing the need for   1  (4) Returning to the phase estimation problem, suppose that  1  and  2  have respective eigenvalues e 2  i  1 and e 2  i  2, and that  1  1  +  2  2  is used in place of an eigenvector: U 11 + 2211 + 22 H H H 00 00 00 F†MF†M What will the outcome be? It will be an estimate of  1 with probability |  1 | 2  2 with probability |  2 | 2 (Showing this is left as an exercise)

10 10 Bypassing the need for   1  (5) Along similar lines, the state Is it hard to construct the state ? yields results equivalent to choosing a  k  at random In fact, this is something that is easy, since This is how the previous requirement for  1  is bypassed

11 11 Quantum algorithm for order-finding U a,M H H H 00 00 00 00 00 11 H H 44 44 88 H measure these qubits and apply continued fractions algorithm to determine a quotient, whose denominator divides r U a,M  y  =  a y mod M  inverse QFT For constant success probability, repeat O( 1 / log m) times and take the smallest resulting r such that a r = 1 (mod M ) Number of gates for  ( 1 / log m) success probability is: O(m 2 log m loglog m)

12 12 Reduction from factoring to order-finding

13 13 The integer factorization problem Input: M ( n -bit integer; we can assume it is composite) Output: p, q (each greater than 1 ) such that pq = N Note 2: given any efficient algorithm for the above, we can recursively apply it to fully factor M into primes* efficiently * A polynomial-time classical algorithm for primality testing exists Note 1: no efficient (polynomial-time) classical algorithm is known for this problem

14 14 Factoring prime-powers There is a straightforward classical algorithm for factoring numbers of the form M = p k, for some prime p What is this algorithm? Therefore, the interesting remaining case is where M has at least two distinct prime factors

15 15 Proposed quantum algorithm (repeatedly do): 1.randomly choose a  {2, 3, …, M–1} 2.compute g = gcd (a,M ) 3. if g > 1 then output g, M/g else compute r = ord M ( a ) (quantum part) if r is even then compute x = a r /2 –1 mod M compute h = gcd (x,M ) if h > 1 then output h, M /h Numbers other than prime-powers so M | (a r /2 +1 )(a r /2  1 ) we have M | a r –1 thus, either M | a r /2 +1 or gcd (a r /2 +1,M ) is a nontrivial factor of M It can be shown that at least half of the a  {2, 3, …, M–1} are have order even and result in gcd(a r /2 +1,M ) being a nontrivial factor of M Analysis:

Download ppt "1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 667 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 2117 Lecture."

Similar presentations

Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Lecture 11 (2005) Richard Cleve DC 3524 cleve@cs.uwaterloo.ca.

Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Lecture 11 (2005) Richard Cleve DC 3524
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.

1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.
Bounds on Code Length Theorem: Let l ∗ 1, l ∗ 2,..., l ∗ m be optimal codeword lengths for a source distribution p and a D-ary alphabet, and let L ∗ be.

Bounds on Code Length Theorem: Let l ∗ 1, l ∗ 2,..., l ∗ m be optimal codeword lengths for a source distribution p and a D-ary alphabet, and let L ∗ be.
Agrawal-Kayal-Saxena Presented by: Xiaosi Zhou

Agrawal-Kayal-Saxena Presented by: Xiaosi Zhou
Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)

Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)
1 Introduction to Quantum Information Processing QIC 710 / CS 667 / PH 767 / CO 681 / AM 871 Richard Cleve DC 2117 / RAC 2211 Lecture.

1 Introduction to Quantum Information Processing QIC 710 / CS 667 / PH 767 / CO 681 / AM 871 Richard Cleve DC 2117 / RAC 2211 Lecture.
1 The RSA Algorithm Supplementary Notes Prepared by Raymond Wong Presented by Raymond Wong.

1 The RSA Algorithm Supplementary Notes Prepared by Raymond Wong Presented by Raymond Wong.
CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.

CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.
Probabilistic Complexity. Probabilistic Algorithms Def: A probabilistic Turing Machine M is a type of non- deterministic TM, where each non-deterministic.

Probabilistic Complexity. Probabilistic Algorithms Def: A probabilistic Turing Machine M is a type of non- deterministic TM, where each non-deterministic.
Superdense coding. How much classical information in n qubits? Observe that 2 n  1 complex numbers apparently needed to describe an arbitrary n -qubit.

Superdense coding. How much classical information in n qubits? Observe that 2 n  1 complex numbers apparently needed to describe an arbitrary n -qubit.
1 Quantum Computing: What’s It Good For? Scott Aaronson Computer Science Department, UC Berkeley January 10, 2002 www.cs.berkeley.edu/~aaronson  John.

1 Quantum Computing: What’s It Good For? Scott Aaronson Computer Science Department, UC Berkeley January 10,  John.
6/20/2015 5:05 AMNumerical Algorithms1 x0123456789 x1x1 1739.

6/20/2015 5:05 AMNumerical Algorithms1 x x1x
Quantum Computing Joseph Stelmach.

Quantum Computing Joseph Stelmach.
Chapter 8 – Introduction to Number Theory Prime Numbers  prime numbers only have divisors of 1 and self they cannot be written as a product of other numbers.

Chapter 8 – Introduction to Number Theory Prime Numbers  prime numbers only have divisors of 1 and self they cannot be written as a product of other numbers.
1 Recap (I) n -qubit quantum state: 2 n -dimensional unit vector Unitary op: 2 n  2 n linear operation U such that U † U = I (where U † denotes the conjugate.

1 Recap (I) n -qubit quantum state: 2 n -dimensional unit vector Unitary op: 2 n  2 n linear operation U such that U † U = I (where U † denotes the conjugate.
Shor’s Algorithm Osama Awwad Department of Computer Science Western Michigan University July 12, 2015.

Shor’s Algorithm Osama Awwad Department of Computer Science Western Michigan University July 12, 2015.
Chapter 8 – Introduction to Number Theory Prime Numbers

Chapter 8 – Introduction to Number Theory Prime Numbers
RSA Question 2 Bob thinks that p and q are primes but p isn’t. Then, Bob thinks ©Bob:=(p-1)(q-1) = Á(n). Is this true ? Bob chooses a random e (1 < e

RSA Question 2 Bob thinks that p and q are primes but p isn’t. Then, Bob thinks ©Bob:=(p-1)(q-1) = Á(n). Is this true ? Bob chooses a random e (1 < e
Tallinn University of Technology Quantum computer impact on public key cryptography Roman Stepanenko.

Tallinn University of Technology Quantum computer impact on public key cryptography Roman Stepanenko.
Foundations of Cryptography Lecture 2 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 2 Lecturer: Moni Naor.

Similar presentations

Ads by Google