 # Quantum Computing and Qbit Cryptography

## Presentation on theme: "Quantum Computing and Qbit Cryptography"— Presentation transcript:

Quantum Computing and Qbit Cryptography
Patrick Lii 5 May 2009 Physics 138

Outline Motivation for Quantum Computing
A Review of Classical Computers Qbits and Quantum Algorithms Quantum Cryptography Conclusion Goal of this section is to answer the question: why do we need quantum computers?

What is a Quantum Computer?
A quantum computer (QC) is a computational device which operates on data using quantum algorithms QC in proof-of-concept stage Current motivations: Cryptography Factorization Database searching your laptop operates under all the laws of quantum mechanics, but that does not make it a quantum computer A quantum computer relies on quantum algorithms That is it employs purely quantum mechanical phenomena (such as superposition of states and entanglement) to process data Physicists at IBM have created 7-qbit computers and gotten them to perform tasks, but this is a far cry from our 32 and 64-bit computers; so it’s mostly proof of concept Much of the motivation for QC is based on the idea of exotic technologies Quantum cryptography – a theoretically unbreakable cryptography method Shor’s algorithm – used in prime factorization of large-value integers Grover’s algorithm – efficient searching of a large, unsorted database Quantum teleportation –replicate the state of entangled particles Guess and check – password crackers; solutions of differential equations Large-value problems Governmental interest in quantum computing was re-ignited in 1994 by Peter Shor who proposed a quantum algorithm which could be used to efficiently factor large numbers -> this has application in defeating all sorts of encryptions (specifically RSA)

Classical versus Quantum Computers
Example: Large number factorization QCs ->advantage of parallelism qbits are in superpositions of states ‘backwards compatible’ w/ classical algorithms In order to compare CCs and QCs, we use the example of large-value factorization this is one of the major problems in computation Classical computers (CCs) factor large numbers w/ brute force QCs technically do the same thing, however, they can do it in parallel because qbits are superpositions of states, as opposed to classical bits which are limited to 0, 1 a single thread in a quantum processor is equivalent to hundreds of threads in a classical processor QCs are backwards compatible w/ classical algorithms We can use qbit gates to emulate classical gates s.t. classical algorithms can run on a QC

classical: ~1-10 gflops of computing power quantum: ~10 tflops Factorization speed: for an integer N with size: the factorization time of a classical comp is: For a QC Classical 32bit computers in our homes have 1-10 gflops (manufacturers claim, gflops, but that’s not true) An eqivalent 32-qbit quantum computer has an estimated ~10 teraflops (2-3 order of mag improvement) a flop stands for FLOating Point Operations per Second – simply a measure of processing speed/capacity Aside: fastest computer in the world today: 1.64 petaflops at Oak Ridge National Lab (1.64 x 10^15 floating point operations per second!!) Going back to factorization example for an integer N w/ size n = log2N classical: scales like 2^sqrt(n) this is called super-polynomial time quantum: scales like n^3 polynomial time (for obvious reasons) there is also exponential time as problem size scales linearly, computation time scales polynomially or exponentially etc as such polynomial time is the fastest, exponential time is the slowest in these eqns, A and B are just scaling factors So why do we need quantum computers? for certain applications ORNL’s Jaguar Supercomputer

Speed Comparison Assume CC and QC can factor a 78 digit number (n = 256) in 1 hour Classical Computer Quantum Computer n = 256 (AES) n = 512 n = 1024 n = 2048 (RSA) 1 hr 4.11 days 7.47 years ~73000 years 1 hr 8 hrs 2.76 days 21.3 days Suppose we have a QC and CC that can both factor a 78 digit number (size = 256) in 1 hour contemporary supercomputers are capable of this That same classical computer would take 4.11 days to factor a size = 512 number, and over 73,000 years to factor a n = 2048 number however, as you can see, the quantum computer can do it in just 8hrs and 21.3 days (over 10-million-fold improvement) The RSA encryption is based on the idea that it is too computationally expensive to break the encryption; but a quantum computer can defeat it with relative ease as you can imagine, this has generated a lot of interest from the government Questions so far? QC easily defeats RSA encryption!

Outline Motivation for Quantum Computing
A Review of Classical Computers Qbits and Quantum Algorithms Quantum Cryptography Conclusion In this section I’m going to very quickly talk about classical computing (try to go through this quickly)

The Classical Computer
Classical bits (cbits): 0 or 1 2 cbits  4 states, 3 cbits  8 states n cbits  2n states data is represented in binary 138  q  Classical bits (cbits) can be in one of two states: 0 or 1 defined by bit states on the hard drive platter or voltages in the transistors of a processor pairs of cbits can have 4 states total: 00, 01, 10, or 11 in general, when you have n cbits, you are limited to 2^n states Data on a classical computer is represented in binary code (strings of bits) All just review

Classical Operations Based on logic gates Example: 1-bit gate
AND Gate Bit 1 Bit 2 Output 1 Based on logic gates Example: 1-bit gate NOT gate X:0  1 X:1  0 2-bit gates: AND/NAND OR/NOR XOR/XNOR All classical operations are based on logic gates; input bits and returns a bit and we have operations that take 1-bit, 2-bit, 3-bit, and on Example of 1-bit operation NOT gate: simply flips state of bit; 0 goes to 1, 1 goes to 2 2-bit operations AND: returns single bit with value of 1 iff both inputs are 1 (NAND does just the opposite, 1 as long as both inputs are not 1) OR: if either are 1 NOR: no inputs are 1 XOR: exclusive or; returns 1 iff one input is 0 and the other is 1 3-bit operations Toffoli and Fredkin gates More higher-order operations XOR Gate Bit 1 Bit 2 Output 1

Classical Algorithms All 1, 2, 3-cbit gates together form universal set classical algorithm: a complex operation that uses a sequence of classical gates Together all 1, 2 and 3-cbit gates form a universal set you can create (or at least approximate) every other higher-order gate using only 1, 2, and 3 bit gates A classical algorithm is a complex operation which utilizes a sequence of classical gates to perform a complex task Questions?

Outline Motivation for Quantum Computing
A Review of Classical Computers Qbits and Quantum Algorithms Quantum Cryptography Conclusion Now we get into quantum computing

The Quantum Bit (Qbit) Unlike cbits, state of a qbit is a superposition of 1 and 0: w/ normalization condition: In matrix form: n qbits are in superposition of 2n states qbits can be any two-level quantum system Like classical computers, quantum computers utilize bits to store data however, unlike a cbit which can only be in the 0 or 1 state, a quantum bit (qbit) can be in a superposition of both the 0 and 1 state described by this wavefunction with the usual normalization conditions can be described by this matrix (this is all the usual QM notation) If 1 qbit is in a superposition of 2 states (0 and 1) then n qbits are in a superposition of 2^n states (this is analogous to cbits) In principle, qbits can be any two level quantum system w/ orthogonal bases up/down spin of an electron 1st and 2nd energy lvls of an atom x, y polarization of light

The Quantum Bit In general, for n bits: w/ normalization:
In general we can represent the wavefunction of a qbit like this

Qbit Entanglement Purely quantum property of qbit
Two qbits are entangled if wavefunction cannot be written as product of 1 qbit states One of the intersting aspects of qbits is that they have the unique property of quantum entanglement and this is a purely quantum property (exclusive to quantum computers) Two qbits can be said to be entangled if their combined wave function cannot be written as a product of two one particle states you cannot measure state of one of the entangled qbits without implicitly measuring the other We can design 2 qbit gates that can act on entangled pairs as well as nonentangled pairs as opposed to a 2-bit classical gate which simply takes two bits which are in no way interacting You can also form a two qbit wavefuncton by multiplying two 1-qbit states together |Ψ⟩=α_0 β_0 |00⟩+ α_0 β_1 |01⟩+α_1 β_0 |10⟩+α_1 β_1 |11⟩ But these are not entangled

Quantum Logic Gates All quantum operations are unitary
UU† = U†U = 1 Gate can be any unitary quantum operator Ex: quantum NOT gate 2-bit gates can operate on entangled pairs Unlike a classical gate which takes an input and returns an output; a quantum gate manipulates the state of the qbit All quantum gates are unitary: preserves normality of the qbit they are all linear operators in the Hilbert space of the system Gate simply modifies amplitude of each state in principle, a quantum gate can be any unitary quantum operator In this example, the quantum not gate simply flips the 0 state into a 1 state Quantum logic gate using lasers

Important Quantum Gates
CNOT Gate Bit 1 In Bit 2 In Bit 1 Out Bit 2 Out 1 Conditional Not Hadamard Transformation π/8 Phase Gate CNOT – conditional not: classical analog is the exclusive or (XOR) gate shown earlier exclusively quantum gate because it utilizes some degree of entanglement between the two input qbits difference w/ classical XOR gate: input 2 AND returns 2 bits flips the second bit iff the first bit is on Hadamard Transformation hadamard matrices are a fascinating problem in math, generalized fourier transforms but for QC, they map the qbit basis states into equally weighted superpositions it is also self inversing (applying it to RHS of eqns returns 0 and 1 states) preserves amplitude physical example: if 0 and 1 are represented by orthogonal x, y polarization states of light Hadamard transform would be an optical rotator which rotates the x polarized light to 45 degree polarized light pretty easily implemented Phase Gate used to modify phase of 1 state; preserves normality because it only modifies phase click 3 gates form a universal set any higher order n-qbit gate can be approximated to any arbitrary accuracy using only these 3 gates These 3 gates form a universal set

The Measurement Gate Born’s Law M gate Most important gate in QC
Given qbit: Probability of measuring state = amplitude squared M gate Most important gate in QC Collapses qbit wavefunction Result based on probability We may not always get “correct” answer Irreversible! From QM, we know that for a given superposition of states, probability of measuring one of those states is given by the square of the amplitude coefficient this is just Born’s Law We must have some way of extracting information from our qbits -> m gate fulfills this purpose As such, the measurement gate is the most important gate in quantum computing it extracts information from the qbit by collapsing it’s wavefunction and taking a measurement of its state We can see the measurement gate in this quantum circuit diagram initially, the uncollapsed state contains amplitude information for all the orthogonal basis states however, once we measure it, it collapses to a single state (w/ probability proportional to the square of the amplitude) and we lose all that information Unlike a cbit, where we just measure the state w/o changing anything, collapsing the qbit wavefunction alters it also means that measuring the qbit is an irreversible process once we measure it, we destroy all other amplitude information it might contain a bit problematic as this means that we cannot recheck our calculation Example of a measurement gate is some sort of laser or photon probe

Quantum Algorithms Similarly to classical algorithms, quantum algorithms are sequences of quantum gates In general, QCs have a simple processing structure: Complex processing lies in the U Gates Like a classical algorithm, a quantum algorithm simply uses a sequence of quantum gates to perform a task or complex operation You can break down the processing strucutre of a QC into a simple diagram qbits are prepared and sent through multiple logical gates which alter the amplitudes of each state then they’re simply read out by an M gate However, this picture is misleading as all of the complex processing is done in the U gates stage

Shor’s Algorithm Developed by Peter Shor in 1994
Efficient factorization of large numbers RSA Encryption Based on multiplying 2 very large prime numbers (~200 digits each) CCs cannot factor this in a reasonable time However, using Shor’s algorithm, a QC can Lots of interest from government Shor’s algorithm was developed by Peter Shor in 1994—then a researcher at AT&T’s Bell Labs, now a math professor at MIT I’m not going to go too into depth on this as it’s a bit too involved for a talk (more like a class) Essentially, it is a proof-of-concept algorithm which allows a quantum computer to quickly and efficiently factor large integers into their prime factors the speeds that I quoted at the beginning of this talk were based on processing times using this algorithm Shor’s algorithm employs quantum fourier transform and a periodicity algorithm RSA encryption is based on multiplying two very large prime numbers together (like 200 digits each) to form an encryption key the actual encryption process is a little more complicated than that a classical computer cannot factor this ‘key’ in any reasonable amount of time (at beginning we found years) however, with Shor’s algorithm, a quantum computer can this has generated a lot of interest from the government If you want to learn more, check our Mermin’s book  whole chapter describing this

Physical Implementations of QCs
In 2001, a group at IBM led by Vandersypen created a 7-qbit QC NMR implementation Used it to demonstrate Shor’s algorithm by factoring 15 into 3 and 5 Other possibilities Optical lattices Polarized light Diamond based Superconductor (SQUIDs) Trapped ion any two level system w/ orthogonal bases I’ve already talked a little about physical implementations of QCs with photons as qbits in 2001, a group at IBM created a 7-qbit quantum computer using an NMR implemenation qbits were just the atoms in the magnetic field; energy splitting allowed them to be orthogonal used it to demonstrate Shor’s algorithm Other possibilities: optical lattices  isolate each atom and utilize energy levels as qbits diamond based quantum computers  crystalline carbon w/ nitrogen vacancies are stable (long coherence time) and are dense (many qbits) in general, we can create a quantum computer from any two level system with orthogonal bases The biggest problem in quantum computing is controlling the decoherence time of the qbits if the qbits interact with anything other the our intended quantum gates, our results become useless qbits must be shielded from external fields, other particles, photons The fundamental problem for quantum engineers trying to implement a QC: we need quantum bits that can be poked and prodded into performing calculations in concert with other qubits yet robust enough to maintain their states over long periods of time Questions? Biggest problem in implementation of QC: controlling decoherence of qbits

Outline Motivation for Quantum Computing
A Review of Classical Computers Qbits and Quantum Algorithms Quantum Cryptography Conclusion Now we’ll talk a little bit about quantum cryptography schemes and using qbits to securely transfer information

Quantum Cryptography (BB84)
Called BB84: Bennett and Brassard 1984 Method of secure key distribution Created using only 1-qbit gates Can be implemented using current tech (transmission w/ polarized light) interception can be detected BB84 is a quantum key distribution scheme proposed by Bennett and Brassard in 1984 Bascially allows for perfectly secure message transmissions generates a one time use key using 1-qbit gates and use it to encode a message can be implemented using polarized light and one huge advantage of this is that any interception of the key transmission can be detected

Message Security Say we want to transmit the number 83
In binary: (7-bits) We securely (and randomly) generate a key w/ equal bit-length take: We then use this key to encode the message “flip” message bits everywhere the key equals 1 Message becomes impossible for someone w/o a key to unencrypt this Cryptography comes down to: Random key generation Secure key distribution Say we want to transmit the number 83 in binary this is a 7-bit number We securely and randomly generate a key which has an equal number of bits as the message We then use this key to encode our message by flipping the message bits everywhere the key equals 1 this is equivalent to applying the CNOT or XOR gates to the two bit strings Since this is not pattern based and we only use the key once before discarding it, you cannot unencrypt it without a key so the problem of quantum cryptography comes down to randomly generating and securely distributing a key the BB84 method handles both of these simultaneously

Key Generation I −|<−<|<−
Alice sends Bob a long stream of photons (qbits) She randomly assigns each a type: circular or linear pol Then, randomly assigns a polarization sub-state based on the type LH or RH for circ X or Y for linear Example: Alice sends 8 qbits −|<−<|<− Legend: — X, 0 bit | Y, 1 bit > RHCP, 0 bit < LHCP, 1 bit Key distribution is at the crux of quantum cryptography— Let’s say Alice (who is an agent at the Pentagon) wishes to send Bob at Interpol headquarters a secure message. in order to do so, she and Bob must agree on a secure key w/o revealing it on a classical channel where it can be eavesdropped on we can assume that they have contact over the phone Alice and Bob decide to generate/distribute the key with photons transmitted over a fiber optic cable so Alice sends Bob a long stream of photons for each photon she randomly assigns a type: either circularly or linearly polarized then for each circular or linear type, she randomly assigns a polarization state (X, Y for linear, LH RH for circ) and records the pol state for each photon before transmitting it out they have agreed on what each polarization state represents X0, Y1, LH0, et cetera So in this example, Alice sends 8 randomly polarized qbits with these polarizations

Key Generation II O+O++OOO And he measures: <|<−−><>
Bob randomly decides on a linear or circular measurement of each incoming photon For measurement, Bob chooses: O+O++OOO Legend: + Linear O Circular And he measures: <|<−−><> for reference, Alice sent: −|<−<|<− At the other end of the fiber optic cable, Bob takes each photon and randomly puts it through either a linear polarizer or a circular analyzer at this point, Bob has no idea know which of his choices agree with Alice’s—for all he knows, his measurements are completely meaningless In our example, Bob randomly chooses: And measures:

Key Generation III Bob calls Alice and tells her his choice of measurement (circ or lin) for each photon Alice then tells Bob which of his types agree with her transmission types NYYYNNYN They then use the agreeing values as a key In example, A&B have 4 agreeing qbits: |<-< Their key is: 1101 Bob then calls Alice on an insecure phone and tells her which type of measurement he used to measure each incoming photon he does not reveal the values he measured, just what type of measurement he used Alice looks at her notepad and compares Bob’s choices with the types that she chose she then tells Bob which of his measurement types agree with the type she used for transmission in the example, we see that he got 4 right (which is what we expect because he is randomly choosing the measurement type) They both throw out the ones Bob didn’t get the right type for (about half of the transmitted qbits) and use the rest as a key since they’ve already agreed on what each polarization means, they can get a key from it So now they both have a randomly generated key; this satisfies the first condition of cryptography now we just have to worry about secure transmission and their key transmission being intercepted Questions?

Eavesdropping for ‘Eve’ to eavesdrop on A&B’s transmission, she must also randomly make circ or lin measurements of each photon This changes polarization of about half the qbits 1/4th of Bob’s result will not agree w/ Alice’s prep A&B can compare some ‘check bits’ over the phone to see if anyone is eavesdropping We can assume Alice and Bob are in secure facilities—once they get the key, it won’t leak the only way for someone to get the key is to eavesdrop on or intercept the transmission they have to do it in a way s.t. A&B don’t find out In order for a third party (who we’ll call Eve) to eavesdrop on Alice and Bob’s key transmission, Eve must also randomly make circular or linear measurements of each photon that Alice sends through the fiber since this is random, this changes the polarization state of about half of the photons This means that about 1/4th of the qbits which Alice and Bob measure the same way will not agree with each other they can find out if anyone is eavesdropping by sacrificing some of the bits in their key and comparing them over the phone

Qbit Interception Suppose Eve uses a more sophisticated attack:
intercepts the transmission processes it in a QC restores it to original state and sends it back off to Bob This is defeated by the no-cloning theorem Forbids creation of identical copy of an arbitrary state Eve gets no useful information from her interception Suppose Eve uses a more sophisticated attack in which she intercepts the transmission and puts it through a quantum computer to get information on the key and then she restores the original state and sends it back off to Bob click We’ll this doesn’t work. It turns out that the requirement for Alice’s qbit to be returned to its initial state prevents this the no cloning theorem which forbids the creation of an identical copy of an arbitrary state makes it impossible for Eve to extract useful information from the qbits So the BB84 scheme can neither be eavesdropped on or intercepted this takes care of our second cryptographic requirement that it is not only a random key generator, but also a secure distribution method In theory, cannot be defeated—this is a very powerful application of qbits A&B’s whole setup—sending device, fiber optic cable, and receiving device is really just one large quantum computer Questions?

Outline Motivation for Quantum Computing
A Review of Classical Computers Qbits and Quantum Algorithms Quantum Cryptography Conclusion Finally have come to the conclusion

Future Developments in QC
Largely in proof-of-concept stage formidable technological obstacles Still need to: discover more algorithms overcome decoherence of qbits Deeper understanding of QM may make it easier to do this We are decades away from truly powerful QC (~2050?) Quantum computers are still largely in the proof of concept stage Physicists and engineers must overcome formidable technological obstacles before quantum computers can be on par with classical computers however, once they do, we will literally be in a new era of computing  we don’t yet have the understanding of what potential QCs have We still need to work on finding algorithms which provide performance gains over CCs and we need to design physical implementations which can prevent the decoherence of quantum bits while allowing manipulation of the qbits If we can attain a deeper understanding of QM phenomena (especially measurement) we may be able to more quickly achieve these goals As of right now, we are still decades away from a quantum computer that’s on par with my laptop

Conclusion Quantum computers are based on enacting quantum operations on qbits Quantum operations are simply unitary operators in the Hilbert space of the system QCs have the potential to vastly outperform classical computers because of the QM nature of their operations QCs are still many years off; however, they will fundamentally change computation as we know it Qbits can also be employed in generating an undefeatable cryptography scheme which may prove useful once RSA encryption is defeated by QCs

References Quantum Computing (General) Kaye, Phillip, Raymond Laflamme, and Michele Mosca. An Introduction to Quantum Computing. 1st ed. Oxford: Oxford University Press, Print. Lieven M.K. Vandersypen et al. (1999). "Separability of Very Noisy Mixed States and Implications for NMR Quantum Computing". Phys. Rev. Lett 83: 1054–1057. Mermin, David. Quantum Computer Science. 1st Ed. Cambridge: Cambridge University Press, Print. [great introductory resource for Quantum Computers from a professor at Cornell, not rigorous however] Classical Computing [cool logic gate simulator] Quantum Cryptography C. H. Bennet and G. Brassard, “Quantum Cryptography: Public key distribution and coin tossing”, in Proceedings of the IEEE International Conference on Computers, Systems, and Signal Processing, Bangalore, p. 175 (1984) [BB84 transmission simulator] Shor’s Algorithm Shor, P. (1994) Algorithms for Quantum Computation: Discrete Logarithms and Factoring. Proceedings of the 35th Annual IEEE Symposium on Foundations of Computer Science, Santa Fe, NM, Nov , 1994.

Since qbit must emerge in original state:
Let: |Фμ>, μ = 0, …, 3 = four states of Alice’s qbits (X, Y, RH, LH) |ψ> = initial state of qbits on Eve’s QC Since qbit must emerge in original state: Eve must find a U that yields four distinct |ψμ>