Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Quantum Algorithms Winter School on Quantum Security, Darmstadt Michele Mosca 25 January 2016.

Published byCharla Singleton Modified over 8 years ago

Similar presentations

Presentation on theme: "Introduction to Quantum Algorithms Winter School on Quantum Security, Darmstadt Michele Mosca 25 January 2016."— Presentation transcript:

1 Introduction to Quantum Algorithms Winter School on Quantum Security, Darmstadt Michele Mosca 25 January 2016

2 A new paradigm for computation: quantum computation Y. Colombe/NIST© Harald Ritsch E. Lucero, D. Mariantoni, and M. Mariantoni

3 Quantum circuit model

4 Reversible computation l Note that irreversible gates are really just reversible gates where we hardwire some inputs and throw away some outputs Known as a Toffoli gate or controlled-controlled-NOT gate. It applies a NOT gate to the “target” bit if and only if both “control” bits are 1.

5 5 Making reversible circuits l Replace irreversible gates with their reversible counterparts

6 Bottom line: We don’t lose generality by restricting to reversible circuits

7 Moving towards a quantum computer… A small reversible computer (negligible coupling to the environment) l From classical reversible circuits to quantum circuits, we first imagine a single physical system with two discernable levels…an atom with its outer electron in either the ground or first excited state.

8 A small reversible computer (negligible coupling to the environment)

9 A small reversible computer

10 Aside: Is this realistic? l We do have a theory of classical linear error correction. But before we worry about stabilizing this system, let’s push forward its capabilities.

11 Quantum Mechanics and Information Processing l Since physics is quantum mechanical, we need to recast the theory of information processing in a quantum mechanical framework. Any physical medium capable of representing 0 and 1 is in principle capable of being in a state described by

12 A quantum gate

13 “Quantum Circuit Model” l This model closely resembles the model of reversible acyclic (deterministic) circuits, except we also have unitary quantum gates that create superpositions of two or more distinguishable states

14 Universal quantum computation

15 Definition A set of gates G is said to be universal if for any integer n>0, any n-qubit unitary operator can be approximated to arbitrary accuracy by a quantum circuit using only gates from G.

16 Definition A two-qubit gate is said to be entangling if for some input product state, the output of the gate is an entangled state. Entangled state Entangled state Entangling gate Input state

17 Theorem: A set composed of any two-qubit entangling gate, together with all one-qubit gates, is universal. … a bit of an overkill, since such a set allows one to achieve any unitary exactly. Also unrealistic, since one needs access to an infinite number of one-qubit gates. Can we achieve universality with a finite set of gates?

18 Theorem: The set is a universal set of gates. i.e. any n-qubit unitary operator U can be approximated with error, for any, using a finite circuit with gates from G.

19 N.B.: most quantum algorithms are not designed to be run directly on (noisy) physical qubits

20 noisy CNOT fault-tolerant CNOT Physical qubits and gates versus logical qubits and gates Logical layerPhysical layer

21 Quantum compilers

22 How close are we to implementing scalable fault-tolerant quantum computers?

23 23

24 24 Ongoing progress towards achieving stage 4. e.g. Nature 519, 66–69 (05 March 2015) doi:10.1038/nature14270

25 25 MM: [Oxford 1996]: “20 qubits in 20 years” [NIST April 2015, ISACA September 2015]: “1/7 chance of breaking RSA-2048 by 2026, ½ chance by 2031” NSA [August 2015]: NSA's Information Assurance Directorate “will initiate a transition to quantum resistant algorithms in the not too distant future.” IARPA [July 2015]: “BAA Summary – Build a logical qubit from a number of imperfect physical qubits by combining high- fidelity multi-qubit operations with extensible integration.”

26 How big of a quantum computer do we need to break RSA-2048?

27 What resources are required to break RSA-2048? A billion physical qubits and a trillion physical gates? A million qubits and 100 million gates? Something else? Asymptotic complexity estimates give a very coarse- grained approximation. To attempt to estimate this question, we need a more fine- grained study of the full tool chain between algorithms and physical qubits.

28 Examples of technical advances in quantum compilation Use number theory methods to bypass Solovay-Kitaev algorithm and achieve optimal synthesis of one-qubit unitaries (over Clifford and T gates) Use matroid partitioning to reduce T-complexity and T-depth Use channel representation of unitaries to find optimal T- depth

29 How do quantum algorithms work?

30 Several computational paths leading to the same outcome. Add up the probabilities. Classical randomized algorithm

31 Quantum algorithm

32 If we look at the state of the system at each step, it behaves like a classical randomized algorithm.

33 CC-BY-SA-3.0 J. Rathlin

34 The art of quantum algorithmics is to choreograph constructive interference on desirable outcomes and destructive interference on undesirable outcomes.

35 Some basic tools

36 The Hadamard basis change

37 The Hadamard transformation: summary

38 The Hadamard transformation: circuit notation

39 The Hadamard transformation on several bits

40 The Hadamard transformation: global view

41

42

43 The Hadamard transformation on several bits

44 The Hadamard transformation: global view

45

46 Looking at NOT and CNOT in Hadamard bases Consider applying a NOT gate to the following states

47 e.g. Now consider applying a controlled-NOT gate to the following states

48 e.g. Now consider applying a controlled-NOT gate to the following states

49 Computing functions into the phase Suppose we know how to compute a function

50 Generalization: Eigenvalue “kick-back” Suppose we know how to compute an operator Then the “controlled-U” gives us

51 How do we implement c-U? Replace every gate G in the circuit for U with a c-G. For example,

52 Deutsch’s problem Compute using only once

53 Deutsch algorithm

54 Garbage-free implementations of f(x) l Does the Deutsch algorithm work if when we implement we actually leave “junk” information in ancilla qubits? No!! We need a “clean” implementation of f(x).

55 Making reversible circuits (see Fig. 1.6 in KLM text) l One problem is that there will be junk left in the extra bits l Bennett showed how to “uncompute” the junk

56 Making reversible circuits l An irreversible circuit with space S and depth (or “time”) T can thus be simulated by a reversible circuit with space in O(S+T) and time O(T) l Bennett also showed how to implement a reversible version with time O(T 1+  ) and space O(S log(T)) or time O(T) and space O(ST  ).

57 Deutsch-Jozsa problem Suppose with the promise that f is either constant or “balanced”. Decide if f is constant or balanced. Equivalently, determine

58 Deutsch-Jozsa problem Probability of measuring is i.e. we measure iff is constant

59 Bernstein-Vazirani problem Suppose is of the form for some Given determine

60 Bernstein-Vazirani problem

61 Generally

62 Another property of Hadamard transformation Consider Let Then

63 Simon’s problem Suppose has the property that iff For some “hidden subgroup” Given find

64 Simon’s algorithm

65 Abelian Hidden subgroup problem Suppose has the property that iff for some “hidden subgroup” Given find

66 Hidden subgroup problem

67 Applications of Simon’s algorithm??

68

69

70

71

72

73 Denote W(x)=W(a||c)=s

74 Let Then where

75 So where (N.B. the “only if” part is critical) In other words, if W is based on the 3-round Feistel cipher, the derived function f will have the above property. Simon’s algorithm will randomly sample vectors orthogonal to (1||z).

76 In other words, if W is based on the 3-round Feistel cipher, the derived function f will have the above property, and Simon’s algorithm will randomly sample vectors orthogonal to (1||z). However, if W is based on a random permutation, no such pattern is likely to emerge. Thus, a quantum algorithm can efficiently distinguish a 3-round Feistel cipher with internal permutations from a random permutation.

77 A nice example of how to use a quantum algorithmic tool to attack a cryptographic primitive. Can you find a way to apply any of the tools you learn about this week to attack some cryptographic primitive?

78 78 Is the quantum-safe cybersecurity workforce ready? cryptoworks21.com

79 Thank you! Feedback welcome: mmosca@uwaterloo.cammosca@uwaterloo.ca

Download ppt "Introduction to Quantum Algorithms Winter School on Quantum Security, Darmstadt Michele Mosca 25 January 2016."

Similar presentations

Department of Computer Science & Engineering University of Washington

Department of Computer Science & Engineering University of Washington
Quantum Computation and Quantum Information – Lecture 2

Quantum Computation and Quantum Information – Lecture 2
Quantum Computation and Quantum Information – Lecture 3

Quantum Computation and Quantum Information – Lecture 3
University of Queensland

University of Queensland
Quantum Computing MAS 725 Hartmut Klauck NTU 20.2.2012.

Quantum Computing MAS 725 Hartmut Klauck NTU
Quantum Packet Switching A. Yavuz Oruç Department of Electrical and Computer Engineering University of Maryland, College Park.

Quantum Packet Switching A. Yavuz Oruç Department of Electrical and Computer Engineering University of Maryland, College Park.
Quantum Computing MAS 725 Hartmut Klauck NTU 12.3.2012.

Quantum Computing MAS 725 Hartmut Klauck NTU
Quantum Phase Estimation using Multivalued Logic.

Quantum Phase Estimation using Multivalued Logic.
Department of Computer Science & Engineering University of Washington

Department of Computer Science & Engineering University of Washington
Phase in Quantum Computing. Main concepts of computing illustrated with simple examples.

Phase in Quantum Computing. Main concepts of computing illustrated with simple examples.
University of Queensland

University of Queensland
Engineering Models and Design Methods for Quantum State Machines.

Engineering Models and Design Methods for Quantum State Machines.
“Both Toffoli and CNOT need little help to do universal QC” (following a paper by the same title by Yaoyun Shi) paper.

“Both Toffoli and CNOT need little help to do universal QC” (following a paper by the same title by Yaoyun Shi) paper.
Classical and Quantum Circuit Synthesis An Algorithmic Approach.

Classical and Quantum Circuit Synthesis An Algorithmic Approach.
Dirac Notation and Spectral decomposition Michele Mosca.

Dirac Notation and Spectral decomposition Michele Mosca.
CSEP 590tv: Quantum Computing

CSEP 590tv: Quantum Computing
Quantum Computing Joseph Stelmach.

Quantum Computing Joseph Stelmach.
Anuj Dawar.

Anuj Dawar.
1 Recap (I) n -qubit quantum state: 2 n -dimensional unit vector Unitary op: 2 n  2 n linear operation U such that U † U = I (where U † denotes the conjugate.

1 Recap (I) n -qubit quantum state: 2 n -dimensional unit vector Unitary op: 2 n  2 n linear operation U such that U † U = I (where U † denotes the conjugate.
An Arbitrary Two-qubit Computation in 23 Elementary Gates or Less Stephen S. Bullock and Igor L. Markov University of Michigan Departments of Mathematics.

An Arbitrary Two-qubit Computation in 23 Elementary Gates or Less Stephen S. Bullock and Igor L. Markov University of Michigan Departments of Mathematics.

Similar presentations

Ads by Google