Presentation is loading. Please wait.

Presentation is loading. Please wait.

Short course on quantum computing Andris Ambainis University of Latvia.

Published byDorthy Barnett Modified over 9 years ago

Similar presentations

Presentation on theme: "Short course on quantum computing Andris Ambainis University of Latvia."— Presentation transcript:

1 Short course on quantum computing Andris Ambainis University of Latvia

2 Lecture 2 Quantum algorithms and factoring

3 Factoring Input: composite N. Output: p, q  {2, …, N-1} s.t. pq=N. Hard for classical computers. Factoring large integers would break RSA.

4 Factoring Quantum computers can factor integers in polynomial (quadratic) time [Shor’94]. Similar approach also solves discrete logarithm by quantum algorithm. Today: Shor’s algorithm.

5 Outline 1) Computational model. 2) Quantum parallelism and quantum interference. 3) Simon’s algorithm. 4) Shor’s algorithm.

6 Basic ideas State space consisting of n (quantum) bits. Elementary gates on 1 or 2 (qu)bits. Efficiently computable = poly-size circuits.

7 Classical circuits X1X1 X2X2  ^ X5X5 X3X3 ^  Result

8 Quantum circuit H HH H Gates on quantum bits

9 Elementary gates (1) Hadamard gate Phase shift

10 Elementary gates (2) Rotation by angle  Controlled NOT

11 Universality Any quantum computation can be performed by a circuit consisting of Hadamard, phase, rotation by  /8 and controlled NOT gates.

12 Classical vs. quantum circuits We have a classical circuit. Can we construct a quantum circuit that computes the same function?

13 Reversibility Assume f(x)=f(y)=z. If then U not unitary.

14 Reversibility |x> |0> |x> |F(x)> F Add extra input initialized to 0. We can transform a classical circuit for F to quantum circuit.

15 Example yx ^ Classical Quantum |x> |y> |0> |x> |y> |x  y> |a> |a  (x  y)> Toffoli gate.

16 Quantum parallelism By linearity, Many evaluations of f in unit time. |x> |0> |x> |f(x)>  |x> |f(x)>  |x> |0> xx

17 Quantum parallelism Once we measure we get one particular x and f(x). Same as if we evaluated f on a random x.  |x> |f(x)> x

18 Quantum parallelism Is it useful? We cannot obtain all values f(x) from because quantum states cannot be measured completely. We can obtain quantities that depend on many f(x).  |x> |f(x)> x

19 Quantum interference Hadamard transform:

20 Quantum interference Negative interference: |1> and -|1> cancel out one another. Positive interference: |0> and |0> add up to a higher probability.

21 Parallelism+interference Use quantum parallelism to compute many f(x). Use interference to obtain information that depends on many values f(x). Requires algebraic structure. Ideal for number-theoretic problems (factoring).

22 Order finding The order of a  Z N * modulo N is the smallest integer r>0 such that a r  1 (mod N) For example, order of 4 mod 7 is 3: 4 1  4, 4 2 =16  2, 4 3 =64  1 (mod 7). Factoring reduces to order-finding.

23 Reduction If a r  1(mod N), then N divides a r -1. If r even, a r -1=(a r/2 -1)(a r/2 +1). If N is product of two or more primes, gcd(a r/2 -1, N) is a nontrivial factor of N with probability at least 1/2.

24 Shor’s algorithm Repeat O(log n) times: Generate random a  {1, …, N-1}; Check if (a, N)=1; r = order(a); If r even, check (a r/2 -1, N).

25 Period finding Function F:N  N such that F(x)=F(x+r) for all x. Find smallest r. |x> |0> |x> |F(x)> F

26 Simon’s problem Function F:{0, 1} n  {0, 1} n. F(x+y)=F(x) for all x, + bitwise addition. Find y. |x> |0> |x> |F(x)> F

27 Algorithm [Simon, 1994] |0> |y> |f(x)> H H H H H H F Repeat n times and combine results y 1,..., y n.

28 Hadamard transform

29 Hadamard on n qubits H H |0>

30 Simon’s algorithm step-by-step |0> |y> |F(x)> H H H H H H F

31 Simon’s algorithm step-by-step Transformations on different qubits commute. We can first measure the last n qubits and then perform Hadamard on first n qubits. Makes calculations simpler.

32 Measuring F(x) Partial measurement. We get some value y=F(x). The state collapses to part consistent with y=F(x).

33 Last step We now have the state How do we get z? Measuring the first register would give only one of x and x+z.

34 Simon’s algorithm |0> |y> |f(x)> H H H H H H F

35 Hadamard transform

36 H H H |x 1 > |x 2 > |x n >...

37 Hadamard transform Signs are the same iff  z i y i = 0 mod 2.

38 Summary Measuring the final state gives a vector y such that n-1 such constraints uniquely determine z, with high probability.

39 Summary Quantum parallelism: computing F for many values simultaneously. Quantum interference: Hadamard transform.

40 Period finding Function F:N  N such that F(x)=F(x+r) for all x. Find r. |x> |0> |x> |F(x)> F

41 Algorithm [Simon, 1994] |0> H H H F Repeat n times and combine results y 1,..., y n. H H H

42 Algorithm [Shor, 1994] |0> F Find factor by continued fraction expansion. QFT

43 Shor’s algorithm step-by-step |0> F QFT

44 Shor’s algorithm step by step Measuring the second register leaves the first register in a state consisting of all x with the same F(x): |d>+|d+r>+…+|d+ir>

45 Quantum Fourier transform If M=2, this is Hadamard transform.

46 QFT detects periods Assume r divides M. Then, If j relatively prime with r,

47 QFT detects periods Assume r does not divide M. Then, most of T|  consists of |k> with

48 QFT detects periods 00 r divides M r does not divide M Can we find r?

49 Continued fraction expansion Number theory algorithm. Given k, M, finds j, r such that is smallest among all j and r  r 0. If M=  (r 2 ), correct w.h.p.

50 Summary of Shor’s factoring Reduce factoring to period-finding. Generate a quantum state with period r. In the easy case, QFT transforms a state with period r into multiples of M/r. General case: same but approximately. Continued fraction algorithm finds the closest multiple of M/r.

51 Hidden subgroup Function F:G  S such that F(g)=F(hg) iff h  H. Find H. |x> |0> |x> |F(x)> F

52 Hidden subgroup Captures a lot of problems. Simon’s problem: G={0, 1} n, H={0 n, z}. Shor’s period-finding: G=Z, H=rZ (multiples of r). Discrete logarithm: G=Z 2. Pell’s equation [Hallgren, 2002]: G=R.

53 Discrete log Given N, g and x, compute r such that g r  x (mod N). Another hard problem relevant to crypto (Diffie-Hellman).

54 Discrete log Define F(y, z)=g y x z mod N. G=Z 2. H={y,z | y+zr =0 mod N-1} because g y x z =g y+rz and g N-1 =1.

55 Status of hidden subgroup Quantum polynomial time for Abelian G. Open for non-Abelian G (except a few groups G with simple structure).

56 Graph Isomorphism  ? G1G1 G2G2

57 G: all permutations of vertices. F(  ) =  (G). H - permutations that fix G.

58 Hidden subgroup Graph Isomorphism reduces to hidden subgroup for non-Abelian groups. Approximating shortest vector in lattice also reduces to HSP. Solving HSP by quantum algorithm remains open for almost all non-Abelian groups.

Download ppt "Short course on quantum computing Andris Ambainis University of Latvia."

Similar presentations

University of Queensland

University of Queensland
Quantum Computing MAS 725 Hartmut Klauck NTU 20.2.2012.

Quantum Computing MAS 725 Hartmut Klauck NTU
Integer Factorization By: Josh Tuggle & Kyle Johnson.

Integer Factorization By: Josh Tuggle & Kyle Johnson.
Notation Intro. Number Theory Online Cryptography Course Dan Boneh

Notation Intro. Number Theory Online Cryptography Course Dan Boneh
Umesh V. Vazirani U. C. Berkeley Quantum Algorithms: a survey.

Umesh V. Vazirani U. C. Berkeley Quantum Algorithms: a survey.
The Hidden Subgroup Problem. Problem of great importance in Quantum Computation Most Q.A. that run exponentially faster than their classical counterparts.

The Hidden Subgroup Problem. Problem of great importance in Quantum Computation Most Q.A. that run exponentially faster than their classical counterparts.
March 11, 2015CS21 Lecture 271 CS21 Decidability and Tractability Lecture 27 March 11, 2015.

March 11, 2015CS21 Lecture 271 CS21 Decidability and Tractability Lecture 27 March 11, 2015.
Quantum Speedups DoRon Motter August 14, 2001. Introduction Two main approaches are known which produce fast Quantum Algorithms The first, and main approach.

Quantum Speedups DoRon Motter August 14, Introduction Two main approaches are known which produce fast Quantum Algorithms The first, and main approach.
Department of Computer Science & Engineering University of Washington

Department of Computer Science & Engineering University of Washington
Shor Algorithm (continued) Anuj Dawar Use of number theory and reductions.

Shor Algorithm (continued) Anuj Dawar Use of number theory and reductions.
1 Quantum Computing: What’s It Good For? Scott Aaronson Computer Science Department, UC Berkeley January 10, 2002 www.cs.berkeley.edu/~aaronson  John.

1 Quantum Computing: What’s It Good For? Scott Aaronson Computer Science Department, UC Berkeley January 10,  John.
Quantum Computation and Error Correction Ali Soleimani.

Quantum Computation and Error Correction Ali Soleimani.
5 Qubits Error Correcting Shor’s code uses 9 qubits to encode 1 qubit, but more efficient codes exist. Given our error model where errors can be any of.

5 Qubits Error Correcting Shor’s code uses 9 qubits to encode 1 qubit, but more efficient codes exist. Given our error model where errors can be any of.
University of Queensland

University of Queensland
Oded Regev Tel-Aviv University On Lattices, Learning with Errors, Learning with Errors, Random Linear Codes, Random Linear Codes, and Cryptography and.

Oded Regev Tel-Aviv University On Lattices, Learning with Errors, Learning with Errors, Random Linear Codes, Random Linear Codes, and Cryptography and.
Shor Algorithm Anuj Dawar. Finding the eigenvalue is the same as finding its phase 

Shor Algorithm Anuj Dawar. Finding the eigenvalue is the same as finding its phase 
Quantum Computing Joseph Stelmach.

Quantum Computing Joseph Stelmach.
Anuj Dawar.

Anuj Dawar.
1 Recap (I) n -qubit quantum state: 2 n -dimensional unit vector Unitary op: 2 n  2 n linear operation U such that U † U = I (where U † denotes the conjugate.

1 Recap (I) n -qubit quantum state: 2 n -dimensional unit vector Unitary op: 2 n  2 n linear operation U such that U † U = I (where U † denotes the conjugate.
Quantum Algorithms II Andrew C. Yao Tsinghua University & Chinese U. of Hong Kong.

Quantum Algorithms II Andrew C. Yao Tsinghua University & Chinese U. of Hong Kong.

Similar presentations

Ads by Google