Quantum Factoring Michele Mosca The Fifth Canadian Summer School on Quantum Information August 3, 2005.

Slides:



Advertisements
Similar presentations
Quantum t-designs: t-wise independence in the quantum world Andris Ambainis, Joseph Emerson IQC, University of Waterloo.
Advertisements

The Future (and Past) of Quantum Lower Bounds by Polynomials Scott Aaronson UC Berkeley.
Umesh V. Vazirani U. C. Berkeley Quantum Algorithms: a survey.
1.  Detailed Study of groups is a fundamental concept in the study of abstract algebra. To define the notion of groups,we require the concept of binary.
The Hidden Subgroup Problem. Problem of great importance in Quantum Computation Most Q.A. that run exponentially faster than their classical counterparts.
Quantum Phase Estimation using Multivalued Logic.
Quantum Phase Estimation using Multivalued Logic Vamsi Parasa Marek Perkowski Department of Electrical and Computer Engineering, Portland State University.
Quantum Speedups DoRon Motter August 14, Introduction Two main approaches are known which produce fast Quantum Algorithms The first, and main approach.
CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.
Department of Computer Science & Engineering University of Washington
Phase in Quantum Computing. Main concepts of computing illustrated with simple examples.
Quantum Error Correction Michele Mosca. Quantum Error Correction: Bit Flip Errors l Suppose the environment will effect error (i.e. operation ) on our.
Quantum Computing Ambarish Roy Presentation Flow.
Quantum Algorithms Towards quantum codebreaking Artur Ekert.
Shor Algorithm (continued) Anuj Dawar Use of number theory and reductions.
Factoring 1 Factoring Factoring 2 Factoring  Security of RSA algorithm depends on (presumed) difficulty of factoring o Given N = pq, find p or q and.
1 Quantum Computing: What’s It Good For? Scott Aaronson Computer Science Department, UC Berkeley January 10,  John.
Quantum Computation and Error Correction Ali Soleimani.
Quantum Error Correction Codes-From Qubit to Qudit Xiaoyi Tang, Paul McGuirk.
“Both Toffoli and CNOT need little help to do universal QC” (following a paper by the same title by Yaoyun Shi) paper.
Shor Algorithm Anuj Dawar. Finding the eigenvalue is the same as finding its phase 
Introduction to Quantum Information Processing Lecture 4 Michele Mosca.
Dirac Notation and Spectral decomposition Michele Mosca.
Quantum Computing Joseph Stelmach.
Anuj Dawar.
1 Recap (I) n -qubit quantum state: 2 n -dimensional unit vector Unitary op: 2 n  2 n linear operation U such that U † U = I (where U † denotes the conjugate.
Shor’s Algorithm Osama Awwad Department of Computer Science Western Michigan University July 12, 2015.
Dirac Notation and Spectral decomposition
CSEP 590tv: Quantum Computing Dave Bacon Aug 3, 2005 Today’s Menu Public Key Cryptography Shor’s Algorithm Grover’s Algorithm Administrivia Quantum Mysteries:
Tallinn University of Technology Quantum computer impact on public key cryptography Roman Stepanenko.
Manindra Agrawal NUS / IITK
GROUPS & THEIR REPRESENTATIONS: a card shuffling approach Wayne Lawton Department of Mathematics National University of Singapore S ,
1 Introduction to Quantum Information Processing QIC 710 / CS 678 / PH 767 / CO 681 / AM 871 Richard Cleve DC 2117 / QNC 3129 Lectures.
Information Security and Management 4. Finite Fields 8
Quantum Computation for Dummies Dan Simon Microsoft Research UW students.
October 1 & 3, Introduction to Quantum Computing Lecture 2 of 2 Richard Cleve David R. Cheriton School of Computer Science Institute for Quantum.
Lecture note 8: Quantum Algorithms
Algorithms Artur Ekert. Our golden sequence H H Circuit complexity n QUBITS B A A B B B B A # of gates (n) = size of the circuit (n) # of parallel units.
October 1 & 3, Introduction to Quantum Computing Lecture 1 of 2 Introduction to Quantum Computing Lecture 1 of 2
Quantum One: Lecture Representation Independent Properties of Linear Operators 3.
NP Complexity By Mussie Araya. What is NP Complexity? Formal Definition: NP is the set of decision problems solvable in polynomial time by a non- deterministic.
Quantum Computing MAS 725 Hartmut Klauck NTU
Short course on quantum computing Andris Ambainis University of Latvia.
Math 3121 Abstract Algebra I Lecture 9 Finish Section 10 Section 11.
Quantum Computing MAS 725 Hartmut Klauck NTU
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.
Quanum computing. What is quantum computation? New model of computing based on quantum mechanics. Quantum circuits, quantum Turing machines More powerful.
Ryan Henry I 538 /B 609 : Introduction to Cryptography.
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 667 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 653 Lecture.
CS Lecture 14 Powerful Tools     !. Build your toolbox of abstract structures and concepts. Know the capacities and limits of each tool.
Capabilities and limitations of quantum computers Michele Mosca 1 November 1999 ECC ’99.
Multipartite Entanglement and its Role in Quantum Algorithms Special Seminar: Ph.D. Lecture by Yishai Shimoni.
Fidelity of a Quantum ARQ Protocol Alexei Ashikhmin Bell Labs  Classical Automatic Repeat Request (ARQ) Protocol  Quantum Automatic Repeat Request (ARQ)
9.1 Primes and Related Congruence Equations 23 Sep 2013.
Quantum Computation Stephen Jordan. Church-Turing Thesis ● Weak Form: Anything we would regard as “computable” can be computed by a Turing machine. ●
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 667 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 2117 Lecture.
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.
Introduction to Quantum Algorithms Winter School on Quantum Security, Darmstadt Michele Mosca 25 January 2016.
1 An Introduction to Quantum Computing Sabeen Faridi Ph 70 October 23, 2007.
Beginner’s Guide to Quantum Computing Graduate Seminar Presentation Oct. 5, 2007.
Introduction to Quantum Computing Lecture 1 of 2
Chap 5 Q Fourier Transform: p
Quantum Computing Dorca Lee.
A Ridiculously Brief Overview
Chap 4 Quantum Circuits: p
Quantum Computation and Information Chap 1 Intro and Overview: p 28-58
Quantum Computing Joseph Stelmach.
Presentation transcript:

Quantum Factoring Michele Mosca The Fifth Canadian Summer School on Quantum Information August 3, 2005

Quantum Algorithms l Quantum Algorithms should exploit quantum parallelism and quantum interference. l We have already seen some elementary algorithms.

Quantum Algorithms l These algorithms have been computing essentially classical functions on quantum superpositions l This encoded information in the phases of the basis states: measuring basis states would provide little useful information l But a simple quantum transformation translated the phase information into information that was measurable in the computational basis

Extracting phase information with the Hadamard operation

Overview l Quantum Phase Estimation l Eigenvalue Kick-back l Eigenvalue estimation and order- finding/factoring l Shor’s approach l Discrete Logarithm and Hidden Subgroup Problem (if there’s time)

Quantum Phase Estimation l Suppose we wish to estimate a number given the quantum state l Note that in binary we can express

Quantum Phase Estimation l Since for any integer k, we have

Quantum Phase Estimation l If then we can do the following

Useful identity l We can show that

Quantum Phase Estimation l So if then we can do the following

Quantum Phase Estimation l So if then we can do the following

Quantum Phase Estimation l Generalizing this network (and reversing the order of the qubits at the end) gives us a network with O(n 2 ) gates that implements

Discrete Fourier Transform l The discrete Fourier transform maps vectors of dimension N by transforming the elementary vector according to l The quantum Fourier transform maps vectors in a Hilbert space of dimension N according to

Discrete Fourier Transform l Thus we have illustrated how to implement (the inverse of) the quantum Fourier transform in a Hilbert space of dimension 2 n

Estimating arbitrary l What if is not necessarily of the formfor some integer x? l The QFT will mapto a superposition where

l For any real Quantum Phase Estimation l With high probability

l Recall the “trick”: Eigenvalue kick-back

l Consider a unitary operation U with eigenvalue and eigenvector Eigenvalue kick-back

l As a relative phase, becomes measurable

l If we exponentiate U, we get multiples of Eigenvalue kick-back

Phase estimation

Eigenvalue estimation

l Given with eigenvectorand eigenvalue we thus have an algorithm that maps

Eigenvalue kick-back l Given with eigenvectorsand respective eigenvalues we thus have an algorithm that maps and therefore

Eigenvalue kick-back l Measuring the first register of is equivalent to measuring with probability i.e.

Example l Suppose we have a group and we wish to find the order of (I.e. the smallest positive such that ) l If we can efficiently do arithmetic in the group, then we can realize a unitary operator that maps l Notice that l This means that the eigenvalues of are of the formwhere k is an integer

(Aside: more on reversible computing) If we know how to efficiently compute and then we can efficiently and reversibly map

(Aside: more on reversible computing) And therefore we can efficiently map

Example l Let l Then l We can easily implement, for example, l The eigenvectors of include

Example

Eigenvalue Kickback

Quantum Factoring l The security of many public key cryptosystems used in industry today relies on the difficulty of factoring large numbers into smaller factors. Factoring the integer N into smaller factors can be reduced to the following task: Given integer a, find the smallest positive integer r so that

Example l Let l We can easily implement l The eigenvectors of include

Example

Eigenvalue kick-back l Given with eigenvectorsand respective eigenvalues we thus have an algorithm that maps and therefore

Eigenvalue Estimation

Eigenvalue kick-back l Measuring the first register of is equivalent to measuring with probability

Finding r For most integers k, a good estimate of (with error at most ) allows us to determine r (even if we don’t know k). (using continued fractions)

(aside: how does factoring reduce to order-finding??) l The most common approach for factoring integers is the difference of squares technique: »“Randomly” find two integers x and y satisfying »So N divides »Hope that is non-trivial l If r is even, then let so that

Shor’s approach l This eigenvalue estimation approach is not the original approach discovered by Shor l Kitaev developed an eigenvalue estimation approach (to the more general “Hidden Stabilizer Problem”) l We’ve presented the CEMM version here

Discrete Fourier Transform l The discrete Fourier transform maps uniform periodic states, say with period r dividing N, and offset w, to a periodic state with period N/r.

Discrete Fourier Transform l The quantum Fourier transform maps vectors in a Hilbert space of dimension N according to

Shor’s Factoring Algorithm

Network for Shor’s Factoring Algorithm

Eigenvalue Estimation Factoring Algorithm

Network for Eigenvalue Estimation Factoring Algorithm

Equivalence of Shor&CEMM Shor analysisCEMM analysis

Equivalence of Shor&CEMM Shor analysisCEMM analysis

Consider two elementsfrom a group G satisfying Find s. Discrete Logarithm Problem

We know has eigenvectors

Discrete Logarithm Problem Thus has the same eigenvectors but with eigenvalues exponentiated to the power of s

Discrete Logarithm Problem

Given k and ks, we can compute s mod r (provided k and r are coprime)

Abelian Hidden Subgroup Problem Find generators for

Network for AHS

AHS Algorithm in standard basis

AHS for in eigenbasis is an eigenvector of (Simon’s Problem)

Other applications of Abelian HSP l Any finite Abelian group G is the direct sum of finite cyclic groups l But finding generators satisfying is not always easy, e.g. for it’s as hard as factoring N l Given any polynomial sized set of generators, we can use the Abelian HSP algorithm to find new generators that decompose G into a direct sum of finite cyclic groups.

Examples: Deutsch’s Problem: or Order finding: any group

Example: Discrete Log of to base : any group

Examples: Self-shift equivalences:

What about non-Abelian HSP l Consider the symmetric group l S n is the set of permutations of n elements l Let G be an n-vertex graph l Let l Define l Then where

Graph automorphism problem l So the hidden subgroup of is the automorphism group of G l This is a difficult problem in NP that is believed not to be in BPP and yet not NP- complete.

Other Progress on the Hidden Subgroup Problem in non-Abelian groups (not an exhaustive list) Ettinger, Hoyer arxiv.gov/abs/quant-ph/ Roetteler,Beth quant-ph/ Ivanyos,Magniez,Santha arxiv.org/abs/quant-ph/ Friedl,Ivanyos,Magniez,Santha,Sen quant-ph/ (Hidden Translation and Orbit Coset in Quantum Computing); they show e.g. that the HSP can be solved for solvable groups with bounded exponent and of bounded derived series Moore,Rockmore,Russell,Schulman, quant-ph/

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.