1. Quantum Computing and Qbit Cryptography
Patrick Lii
5 May 2009
Physics 138

2. Outline Motivation for Quantum Computing
A Review of Classical Computers
Qbits and Quantum Algorithms
Quantum Cryptography
Conclusion
Goal of this section is to answer the question: why do we need quantum computers?

3. What is a Quantum Computer?
A quantum computer (QC) is a computational device which operates on data using quantum algorithms
QC in proof-of-concept stage
Current motivations:
Cryptography
Factorization
Database searching
your laptop operates under all the laws of quantum mechanics, but that does not make it a quantum computer
A quantum computer relies on quantum algorithms
That is it employs purely quantum mechanical phenomena (such as superposition of states and entanglement) to process data
Physicists at IBM have created 7-qbit computers and gotten them to perform tasks, but this is a far cry from our 32 and 64-bit computers; so it’s mostly proof of concept
Much of the motivation for QC is based on the idea of exotic technologies
Quantum cryptography – a theoretically unbreakable cryptography method
Shor’s algorithm – used in prime factorization of large-value integers
Grover’s algorithm – efficient searching of a large, unsorted database
Quantum teleportation –replicate the state of entangled particles
Guess and check – password crackers; solutions of differential equations
Large-value problems
Governmental interest in quantum computing was re-ignited in 1994 by Peter Shor who proposed a quantum algorithm which could be used to efficiently factor large numbers -> this has application in defeating all sorts of encryptions (specifically RSA)

4. Classical versus Quantum Computers
Example: Large number factorization
QCs ->advantage of parallelism
qbits are in superpositions of states
‘backwards compatible’ w/ classical algorithms
In order to compare CCs and QCs, we use the example of large-value factorization
this is one of the major problems in computation
Classical computers (CCs) factor large numbers w/ brute force
QCs technically do the same thing, however, they can do it in parallel
because qbits are superpositions of states, as opposed to classical bits which are limited to 0, 1
a single thread in a quantum processor is equivalent to hundreds of threads in a classical processor
QCs are backwards compatible w/ classical algorithms
We can use qbit gates to emulate classical gates s.t. classical algorithms can run on a QC

5. Performance Advantage of QCs
classical: ~1-10 gflops of computing power
quantum: ~10 tflops
Factorization speed:
for an integer N with size:
the factorization time of a classical comp is:
For a QC
Classical 32bit computers in our homes have 1-10 gflops (manufacturers claim, gflops, but that’s not true)
An eqivalent 32-qbit quantum computer has an estimated ~10 teraflops (2-3 order of mag improvement)
a flop stands for FLOating Point Operations per Second – simply a measure of processing speed/capacity
Aside: fastest computer in the world today: 1.64 petaflops at Oak Ridge National Lab (1.64 x 10^15 floating point operations per second!!)
Going back to factorization example
for an integer N w/ size n = log2N
classical: scales like 2^sqrt(n)
this is called super-polynomial time
quantum: scales like n^3
polynomial time (for obvious reasons)
there is also exponential time
as problem size scales linearly, computation time scales polynomially or exponentially etc
as such polynomial time is the fastest, exponential time is the slowest
in these eqns, A and B are just scaling factors
So why do we need quantum computers?
for certain applications
ORNL’s Jaguar Supercomputer

6. Speed Comparison
Assume CC and QC can factor a 78 digit number (n = 256) in 1 hour
Classical Computer
Quantum Computer
n = 256 (AES)
n = 512
n = 1024
n = 2048 (RSA)
1 hr
4.11 days
7.47 years
~73000 years
1 hr
8 hrs
2.76 days
21.3 days
Suppose we have a QC and CC that can both factor a 78 digit number (size = 256) in 1 hour
contemporary supercomputers are capable of this
That same classical computer would take 4.11 days to factor a size = 512 number, and over 73,000 years to factor a n = 2048 number
however, as you can see, the quantum computer can do it in just 8hrs and 21.3 days (over 10-million-fold improvement)
The RSA encryption is based on the idea that it is too computationally expensive to break the encryption; but a quantum computer can defeat it with relative ease
as you can imagine, this has generated a lot of interest from the government
Questions so far?
QC easily defeats RSA encryption!

7. Outline Motivation for Quantum Computing
A Review of Classical Computers
Qbits and Quantum Algorithms
Quantum Cryptography
Conclusion
In this section I’m going to very quickly talk about classical computing (try to go through this quickly)

8. The Classical Computer
Classical bits (cbits): 0 or 1
2 cbits  4 states,
3 cbits  8 states
n cbits  2n states
data is represented in binary
138 
q 
Classical bits (cbits) can be in one of two states: 0 or 1
defined by bit states on the hard drive platter or voltages in the transistors of a processor
pairs of cbits can have 4 states total: 00, 01, 10, or 11
in general, when you have n cbits, you are limited to 2^n states
Data on a classical computer is represented in binary code (strings of bits)
All just review

9. Classical Operations Based on logic gates Example: 1-bit gate
AND Gate
Bit 1
Bit 2
Output 1
Based on logic gates
Example: 1-bit gate
NOT gate
X:0  1
X:1  0
2-bit gates:
AND/NAND
OR/NOR
XOR/XNOR
All classical operations are based on logic gates; input bits and returns a bit
and we have operations that take 1-bit, 2-bit, 3-bit, and on
Example of 1-bit operation
NOT gate: simply flips state of bit; 0 goes to 1, 1 goes to 2
2-bit operations
AND: returns single bit with value of 1 iff both inputs are 1 (NAND does just the opposite, 1 as long as both inputs are not 1)
OR: if either are 1
NOR: no inputs are 1
XOR: exclusive or; returns 1 iff one input is 0 and the other is 1
3-bit operations
Toffoli and Fredkin gates
More higher-order operations
XOR Gate
Bit 1
Bit 2
Output 1

10. Classical Algorithms
All 1, 2, 3-cbit gates together form universal set
classical algorithm: a complex operation that uses a sequence of classical gates
Together all 1, 2 and 3-cbit gates form a universal set
you can create (or at least approximate) every other higher-order gate using only 1, 2, and 3 bit gates
A classical algorithm is a complex operation which utilizes a sequence of classical gates to perform a complex task
Questions?

11. Outline Motivation for Quantum Computing
A Review of Classical Computers
Qbits and Quantum Algorithms
Quantum Cryptography
Conclusion
Now we get into quantum computing

12. The Quantum Bit (Qbit)
Unlike cbits, state of a qbit is a superposition of 1 and 0:
w/ normalization condition:
In matrix form:
n qbits are in superposition of 2n states
qbits can be any two-level quantum system
Like classical computers, quantum computers utilize bits to store data
however, unlike a cbit which can only be in the 0 or 1 state, a quantum bit (qbit) can be in a superposition of both the 0 and 1 state
described by this wavefunction with the usual normalization conditions
can be described by this matrix (this is all the usual QM notation)
If 1 qbit is in a superposition of 2 states (0 and 1) then n qbits are in a superposition of 2^n states (this is analogous to cbits)
In principle, qbits can be any two level quantum system w/ orthogonal bases
up/down spin of an electron
1st and 2nd energy lvls of an atom
x, y polarization of light

13. The Quantum Bit In general, for n bits: w/ normalization:
In general we can represent the wavefunction of a qbit like this

14. Qbit Entanglement Purely quantum property of qbit
Two qbits are entangled if wavefunction cannot be written as product of 1 qbit states
One of the intersting aspects of qbits is that they have the unique property of quantum entanglement
and this is a purely quantum property (exclusive to quantum computers)
Two qbits can be said to be entangled if their combined wave function cannot be written as a product of two one particle states
you cannot measure state of one of the entangled qbits without implicitly measuring the other
We can design 2 qbit gates that can act on entangled pairs as well as nonentangled pairs
as opposed to a 2-bit classical gate which simply takes two bits which are in no way interacting
You can also form a two qbit wavefuncton by multiplying two 1-qbit states together
|Ψ⟩=α_0 β_0 |00⟩+ α_0 β_1 |01⟩+α_1 β_0 |10⟩+α_1 β_1 |11⟩
But these are not entangled

15. Quantum Logic Gates All quantum operations are unitary
UU† = U†U = 1
Gate can be any unitary quantum operator
Ex: quantum NOT gate
2-bit gates can operate on entangled pairs
Unlike a classical gate which takes an input and returns an output; a quantum gate manipulates the state of the qbit
All quantum gates are unitary: preserves normality of the qbit
they are all linear operators in the Hilbert space of the system
Gate simply modifies amplitude of each state
in principle, a quantum gate can be any unitary quantum operator
In this example, the quantum not gate simply flips the 0 state into a 1 state
Quantum logic gate using lasers

16. Important Quantum Gates
CNOT Gate
Bit 1 In
Bit 2 In
Bit 1 Out
Bit 2 Out 1
Conditional Not
Hadamard Transformation
π/8 Phase Gate
CNOT – conditional not:
classical analog is the exclusive or (XOR) gate shown earlier
exclusively quantum gate because it utilizes some degree of entanglement between the two input qbits
difference w/ classical XOR gate: input 2 AND returns 2 bits
flips the second bit iff the first bit is on
Hadamard Transformation
hadamard matrices are a fascinating problem in math, generalized fourier transforms
but for QC, they map the qbit basis states into equally weighted superpositions
it is also self inversing (applying it to RHS of eqns returns 0 and 1 states)
preserves amplitude
physical example: if 0 and 1 are represented by orthogonal x, y polarization states of light
Hadamard transform would be an optical rotator which rotates the x polarized light to 45 degree polarized light
pretty easily implemented
Phase Gate
used to modify phase of 1 state; preserves normality because it only modifies phase
click
3 gates form a universal set
any higher order n-qbit gate can be approximated to any arbitrary accuracy using only these 3 gates
These 3 gates form a universal set

17. The Measurement Gate Born’s Law M gate Most important gate in QC
Given qbit:
Probability of measuring state = amplitude squared
M gate Most important gate in QC
Collapses qbit wavefunction
Result based on probability
We may not always get “correct” answer
Irreversible!
From QM, we know that for a given superposition of states, probability of measuring one of those states is given by the square of the amplitude coefficient
this is just Born’s Law
We must have some way of extracting information from our qbits -> m gate fulfills this purpose
As such, the measurement gate is the most important gate in quantum computing
it extracts information from the qbit by collapsing it’s wavefunction and taking a measurement of its state
We can see the measurement gate in this quantum circuit diagram
initially, the uncollapsed state contains amplitude information for all the orthogonal basis states
however, once we measure it, it collapses to a single state (w/ probability proportional to the square of the amplitude) and we lose all that information
Unlike a cbit, where we just measure the state w/o changing anything, collapsing the qbit wavefunction alters it
also means that measuring the qbit is an irreversible process
once we measure it, we destroy all other amplitude information it might contain
a bit problematic as this means that we cannot recheck our calculation
Example of a measurement gate is some sort of laser or photon probe

18. Quantum Algorithms
Similarly to classical algorithms, quantum algorithms are sequences of quantum gates
In general, QCs have a simple processing structure:
Complex processing lies in the U Gates
Like a classical algorithm, a quantum algorithm simply uses a sequence of quantum gates to perform a task or complex operation
You can break down the processing strucutre of a QC into a simple diagram
qbits are prepared and sent through multiple logical gates which alter the amplitudes of each state
then they’re simply read out by an M gate
However, this picture is misleading as all of the complex processing is done in the U gates stage

19. Shor’s Algorithm Developed by Peter Shor in 1994
Efficient factorization of large numbers
RSA Encryption
Based on multiplying 2 very large prime numbers (~200 digits each)
CCs cannot factor this in a reasonable time
However, using Shor’s algorithm, a QC can
Lots of interest from government
Shor’s algorithm was developed by Peter Shor in 1994—then a researcher at AT&T’s Bell Labs, now a math professor at MIT
I’m not going to go too into depth on this as it’s a bit too involved for a talk (more like a class)
Essentially, it is a proof-of-concept algorithm which allows a quantum computer to quickly and efficiently factor large integers into their prime factors
the speeds that I quoted at the beginning of this talk were based on processing times using this algorithm
Shor’s algorithm employs quantum fourier transform and a periodicity algorithm
RSA encryption is based on multiplying two very large prime numbers together (like 200 digits each) to form an encryption key
the actual encryption process is a little more complicated than that
a classical computer cannot factor this ‘key’ in any reasonable amount of time (at beginning we found years)
however, with Shor’s algorithm, a quantum computer can
this has generated a lot of interest from the government
If you want to learn more, check our Mermin’s book  whole chapter describing this

20. Physical Implementations of QCs
In 2001, a group at IBM led by Vandersypen created a 7-qbit QC
NMR implementation
Used it to demonstrate Shor’s algorithm by factoring 15 into 3 and 5
Other possibilities
Optical lattices
Polarized light
Diamond based
Superconductor (SQUIDs)
Trapped ion
any two level system w/ orthogonal bases
I’ve already talked a little about physical implementations of QCs with photons as qbits
in 2001, a group at IBM created a 7-qbit quantum computer using an NMR implemenation
qbits were just the atoms in the magnetic field; energy splitting allowed them to be orthogonal
used it to demonstrate Shor’s algorithm
Other possibilities:
optical lattices  isolate each atom and utilize energy levels as qbits
diamond based quantum computers  crystalline carbon w/ nitrogen vacancies are stable (long coherence time) and are dense (many qbits)
in general, we can create a quantum computer from any two level system with orthogonal bases
The biggest problem in quantum computing is controlling the decoherence time of the qbits
if the qbits interact with anything other the our intended quantum gates, our results become useless
qbits must be shielded from external fields, other particles, photons
The fundamental problem for quantum engineers trying to implement a QC:
we need quantum bits that can be poked and prodded into performing calculations in concert with other qubits
yet robust enough to maintain their states over long periods of time
Questions?
Biggest problem in implementation of QC: controlling decoherence of qbits

21. Outline Motivation for Quantum Computing
A Review of Classical Computers
Qbits and Quantum Algorithms
Quantum Cryptography
Conclusion
Now we’ll talk a little bit about quantum cryptography schemes and using qbits to securely transfer information

22. Quantum Cryptography (BB84)
Called BB84: Bennett and Brassard 1984
Method of secure key distribution
Created using only 1-qbit gates
Can be implemented using current tech (transmission w/ polarized light)
interception can be detected
BB84 is a quantum key distribution scheme proposed by Bennett and Brassard in 1984
Bascially allows for perfectly secure message transmissions
generates a one time use key using 1-qbit gates and use it to encode a message
can be implemented using polarized light
and one huge advantage of this is that any interception of the key transmission can be detected

23. Message Security Say we want to transmit the number 83
In binary: (7-bits)
We securely (and randomly) generate a key w/ equal bit-length
take:
We then use this key to encode the message
“flip” message bits everywhere the key equals 1
Message becomes
impossible for someone w/o a key to unencrypt this
Cryptography comes down to:
Random key generation
Secure key distribution
Say we want to transmit the number 83
in binary this is a 7-bit number
We securely and randomly generate a key which has an equal number of bits as the message
We then use this key to encode our message by flipping the message bits everywhere the key equals 1
this is equivalent to applying the CNOT or XOR gates to the two bit strings
Since this is not pattern based and we only use the key once before discarding it, you cannot unencrypt it without a key
so the problem of quantum cryptography comes down to randomly generating and securely distributing a key
the BB84 method handles both of these simultaneously

24. Key Generation I −|<−<|<−
Alice sends Bob a long stream of photons (qbits)
She randomly assigns each a type: circular or linear pol
Then, randomly assigns a polarization sub-state based on the type
LH or RH for circ
X or Y for linear
Example: Alice sends 8 qbits
−|<−<|<−
Legend:
— X, 0 bit
| Y, 1 bit
> RHCP, 0 bit
< LHCP, 1 bit
Key distribution is at the crux of quantum cryptography—
Let’s say Alice (who is an agent at the Pentagon) wishes to send Bob at Interpol headquarters a secure message.
in order to do so, she and Bob must agree on a secure key w/o revealing it on a classical channel where it can be eavesdropped on
we can assume that they have contact over the phone
Alice and Bob decide to generate/distribute the key with photons transmitted over a fiber optic cable
so Alice sends Bob a long stream of photons
for each photon she randomly assigns a type: either circularly or linearly polarized
then for each circular or linear type, she randomly assigns a polarization state (X, Y for linear, LH RH for circ) and records the pol state for each photon before transmitting it out
they have agreed on what each polarization state represents X0, Y1, LH0, et cetera
So in this example, Alice sends 8 randomly polarized qbits with these polarizations

25. Key Generation II O+O++OOO And he measures: <|<−−><>
Bob randomly decides on a linear or circular measurement of each incoming photon
For measurement, Bob chooses:
O+O++OOO
Legend:
+ Linear
O Circular
And he measures:
<|<−−><>
for reference, Alice sent: −|<−<|<−
At the other end of the fiber optic cable, Bob takes each photon and randomly puts it through either a linear polarizer or a circular analyzer
at this point, Bob has no idea know which of his choices agree with Alice’s—for all he knows, his measurements are completely meaningless
In our example, Bob randomly chooses:
And measures:

26. Key Generation III
Bob calls Alice and tells her his choice of measurement (circ or lin) for each photon
Alice then tells Bob which of his types agree with her transmission types
NYYYNNYN
They then use the agreeing values as a key
In example, A&B have 4 agreeing qbits: |<-<
Their key is: 1101
Bob then calls Alice on an insecure phone and tells her which type of measurement he used to measure each incoming photon
he does not reveal the values he measured, just what type of measurement he used
Alice looks at her notepad and compares Bob’s choices with the types that she chose
she then tells Bob which of his measurement types agree with the type she used for transmission
in the example, we see that he got 4 right (which is what we expect because he is randomly choosing the measurement type)
They both throw out the ones Bob didn’t get the right type for (about half of the transmitted qbits) and use the rest as a key
since they’ve already agreed on what each polarization means, they can get a key from it
So now they both have a randomly generated key; this satisfies the first condition of cryptography
now we just have to worry about secure transmission and their key transmission being intercepted
Questions?

27. Eavesdropping
for ‘Eve’ to eavesdrop on A&B’s transmission, she must also randomly make circ or lin measurements of each photon
This changes polarization of about half the qbits
1/4th of Bob’s result will not agree w/ Alice’s prep
A&B can compare some ‘check bits’ over the phone to see if anyone is eavesdropping
We can assume Alice and Bob are in secure facilities—once they get the key, it won’t leak
the only way for someone to get the key is to eavesdrop on or intercept the transmission
they have to do it in a way s.t. A&B don’t find out
In order for a third party (who we’ll call Eve) to eavesdrop on Alice and Bob’s key transmission, Eve must also randomly make circular or linear measurements of each photon that Alice sends through the fiber
since this is random, this changes the polarization state of about half of the photons
This means that about 1/4th of the qbits which Alice and Bob measure the same way will not agree with each other
they can find out if anyone is eavesdropping by sacrificing some of the bits in their key and comparing them over the phone

28. Qbit Interception Suppose Eve uses a more sophisticated attack:
intercepts the transmission
processes it in a QC
restores it to original state and sends it back off to Bob
This is defeated by the no-cloning theorem
Forbids creation of identical copy of an arbitrary state
Eve gets no useful information from her interception
Suppose Eve uses a more sophisticated attack in which she intercepts the transmission and puts it through a quantum computer to get information on the key
and then she restores the original state and sends it back off to Bob
click
We’ll this doesn’t work. It turns out that the requirement for Alice’s qbit to be returned to its initial state prevents this
the no cloning theorem which forbids the creation of an identical copy of an arbitrary state makes it impossible for Eve to extract useful information from the qbits
So the BB84 scheme can neither be eavesdropped on or intercepted
this takes care of our second cryptographic requirement that it is not only a random key generator, but also a secure distribution method
In theory, cannot be defeated—this is a very powerful application of qbits
A&B’s whole setup—sending device, fiber optic cable, and receiving device is really just one large quantum computer
Questions?

29. Outline Motivation for Quantum Computing
A Review of Classical Computers
Qbits and Quantum Algorithms
Quantum Cryptography
Conclusion
Finally have come to the conclusion

30. Future Developments in QC
Largely in proof-of-concept stage
formidable technological obstacles
Still need to:
discover more algorithms
overcome decoherence of qbits
Deeper understanding of QM may make it easier to do this
We are decades away from truly powerful QC (~2050?)
Quantum computers are still largely in the proof of concept stage
Physicists and engineers must overcome formidable technological obstacles before quantum computers can be on par with classical computers
however, once they do, we will literally be in a new era of computing  we don’t yet have the understanding of what potential QCs have
We still need to work on finding algorithms which provide performance gains over CCs
and we need to design physical implementations which can prevent the decoherence of quantum bits while allowing manipulation of the qbits
If we can attain a deeper understanding of QM phenomena (especially measurement) we may be able to more quickly achieve these goals
As of right now, we are still decades away from a quantum computer that’s on par with my laptop

31. Conclusion
Quantum computers are based on enacting quantum operations on qbits
Quantum operations are simply unitary operators in the Hilbert space of the system
QCs have the potential to vastly outperform classical computers because of the QM nature of their operations
QCs are still many years off; however, they will fundamentally change computation as we know it
Qbits can also be employed in generating an undefeatable cryptography scheme which may prove useful once RSA encryption is defeated by QCs

32. References
Quantum Computing (General) Kaye, Phillip, Raymond Laflamme, and Michele Mosca. An Introduction to Quantum Computing. 1st ed. Oxford: Oxford University Press, Print. Lieven M.K. Vandersypen et al. (1999). "Separability of Very Noisy Mixed States and Implications for NMR Quantum Computing". Phys. Rev. Lett 83: 1054–1057. Mermin, David. Quantum Computer Science. 1st Ed. Cambridge: Cambridge University Press, Print. [great introductory resource for Quantum Computers from a professor at Cornell, not rigorous however] Classical Computing [cool logic gate simulator] Quantum Cryptography C. H. Bennet and G. Brassard, “Quantum Cryptography: Public key distribution and coin tossing”, in Proceedings of the IEEE International Conference on Computers, Systems, and Signal Processing, Bangalore, p. 175 (1984) [BB84 transmission simulator] Shor’s Algorithm Shor, P. (1994) Algorithms for Quantum Computation: Discrete Logarithms and Factoring. Proceedings of the 35th Annual IEEE Symposium on Foundations of Computer Science, Santa Fe, NM, Nov , 1994.

33. Since qbit must emerge in original state:
Let:
|Фμ>, μ = 0, …, 3 = four states of Alice’s qbits (X, Y, RH, LH)
|ψ> = initial state of qbits on Eve’s QC
Since qbit must emerge in original state:
Eve must find a U that yields four distinct |ψμ>