 # 1 Quantum Computing: What’s It Good For? Scott Aaronson Computer Science Department, UC Berkeley January 10, 2002 www.cs.berkeley.edu/~aaronson  John.

## Presentation on theme: "1 Quantum Computing: What’s It Good For? Scott Aaronson Computer Science Department, UC Berkeley January 10, 2002 www.cs.berkeley.edu/~aaronson  John."— Presentation transcript:

1 Quantum Computing: What’s It Good For? Scott Aaronson Computer Science Department, UC Berkeley January 10, 2002 www.cs.berkeley.edu/~aaronson  John Bell Stacy Seitz

Elementary gates Rotation by angle  Rotation by angle  Controlled NOT Controlled NOT

Universality Any quantum computation can be performed by a circuit consisting of Hadamard, phase, rotation by  /8 and controlled NOT gates. Any quantum computation can be performed by a circuit consisting of Hadamard, phase, rotation by  /8 and controlled NOT gates.

Classical vs. Quantum Circuits |x> |0> |x> |F(x)> F Add extra input initialized to 0. We can transform a classical circuit for F to quantum circuit.

Example yx ^ Classical Quantum |x> |y> |0> |x> |y> |x  y> |a> |a  (x  y)> Toffoli gate.

Quantum parallelism By linearity, By linearity, Many evaluations of f in unit time. Many evaluations of f in unit time. |x> |0> |x> |f(x)>  |x> |f(x)>  |x> |0> xx

Quantum parallelism Once we measure Once we measure we get one particular x and f(x). we get one particular x and f(x). Same as if we evaluated f on a random x. Same as if we evaluated f on a random x.  |x> |f(x)> x

Quantum parallelism Is it useful? Is it useful? We cannot obtain all values f(x) from We cannot obtain all values f(x) from because quantum states cannot be measured completely. We can obtain quantities that depend on many f(x). We can obtain quantities that depend on many f(x).  |x> |f(x)> x

Quantum interference Negative interference: |1> and -|1> cancel out one another. Negative interference: |1> and -|1> cancel out one another. Positive interference: |0> and |0> add up to a higher probability. Positive interference: |0> and |0> add up to a higher probability. Use quantum parallelism to compute many f(x). Use quantum parallelism to compute many f(x). Use positive interference to obtain information that depends on many values f(x). Use positive interference to obtain information that depends on many values f(x). Ideal for number-theoretic problems (factoring). Ideal for number-theoretic problems (factoring).

Hadamard matrix: Hadamard matrix: H |0  = (|0  +|1  )/  2H|1  = (|0  -|1  )/  2 H (|0  +|1  )/  2 = |0  H(|0  -|1  )/  2 = |1 

Quantum Circuits Unitary operation is local if it applies to only a constant number of bits (qubits) Unitary operation is local if it applies to only a constant number of bits (qubits) Given a yes/no problem of size n: 1.Apply order n k local unitaries for constant k 2.Measure first bit, return ‘yes’ iff it’s 1 BQP: class of problems solvable by such a circuit with error probability at most 1/3 (+ technical requirement: uniformity)

The Power of Quantum Computing Bernstein-Vazirani 1993: Bernstein-Vazirani 1993: BPP  BQP  PSPACE BPP: solvable classically with order n k time PSPACE: solvable with order n k memory Apparent power of quantum computing comes from interference -Probabilities always nonnegative -But amplitudes can be negative (or complex), so paths leading to wrong answers can cancel each other out

Simon’s Problem Given a black box x f(x) Promise: There exists a secret string s such that f(x)=f(y)  y=x  s for all x,y (  : bitwise XOR) Problem: Find s with as few queries as possible

Simon’s Problem more formally Simon’s Problem Determine whether f(x) has is distinct on an XOR mask or distinct on all inputs using the fewest queries of the oracle. (Find s)

Classical Simon 00 01 10 11 ACDBACDB CABDCABD 0 1 S=011 Guess what are Simon’s functions?

Example Input x Output f(x) 0004 0012 0103 0111 1002 1014 1101 1113 Secret string s: 101 f(x)=f(x  s)

Quantum Simon’s problem Function F:{0, 1} n  {0, 1} n. Function F:{0, 1} n  {0, 1} n. Given: is function F such that F(x+s)=F(x) for all x, where operation + is a bitwise addition. Given: is function F such that F(x+s)=F(x) for all x, where operation + is a bitwise addition. Find: number s. Find: number s. |x> |0> |x> |F(x)> F This is a cyclic function such as cosine

Quantum Algorithm [Simon, 1994] |0> |y> |f(x)> H H H H H H F Repeat n times and combine results y 1,..., y n. Observe that y i are AFTER Hadamard. |x> The trick here is to use Hadamard transform at the inputs and outputs of F

Hadamard on n qubits H H |0> As you remember we do Kronecker product for gates that are in parallel Kronecker product of unitary matrix of H gate

Simon’s algorithm step-by-step |0> |y> |F(x)> H H H H H H F From last slide Kronecker Product of Unitary Matrices Here n = 3 If F(X)is distinct

Simon’s algorithm step-by-step |0> |y> |F(x)> H H H H H H F From last slide Kronecker Product of Unitary Matrices Here n = 3 We add Hadamards at the outputs and observe

Simon’s algorithm step-by-step Transformations on different qubits commute. Transformations on different qubits commute. We can first measure the last n qubits and then perform Hadamard on first n qubits. We can first measure the last n qubits and then perform Hadamard on first n qubits. Makes calculations simpler. Makes calculations simpler.

Measuring F(x) Partial measurement of last n bits. Partial measurement of last n bits. We get some value y=F(x). We get some value y=F(x). The state The state collapses to part consistent with y=F(x). collapses to part consistent with y=F(x). 1. measure the last n qubits 1. measure the last n qubits 2. perform Hadamard on first n qubits. 2. perform Hadamard on first n qubits. |0> |y> |F(x)> H H H H H H F Here n = 3

Last step We now have the state We now have the state How do we get z? How do we get z? Measuring the first register would give only one of x and x+z. Measuring the first register would give only one of x and x+z.

Simon’s algorithm |0> |y> |f(x)> H H H H H H F Measuring the first register would give only one of x and x+z. Measuring the first register would give only one of x and x+z. This is why we measure through the output Hadamard Transform 

Hadamard transform 1 1 -1 Please observe when we have positive and when negative values

Hadamard transform H H H |x 1 > |x 2 > |x n >...

Hadamard transform Signs are the same iff  z i y i = 0 mod 2. Let us analyze signs in |x> and |x+z>

Simon’s Algorithm - 1993  Simon’s algorithm examines an oracle problem which takes polynomial time on a quantum computer but exponential time on a classical computer.  His algorithm takes oracle access to a function f : {0, 1} n  {0, 1} n, runs in poly(n) time and behaves as follows: f : {0, 1} n  {0, 1} n, runs in poly(n) time and behaves as follows: 1. If f is a permutation on {0, 1} n, the algorithm outputs an n-bit string y which is uniformly distributed over {0, 1} n. 1. If f is a permutation on {0, 1} n, the algorithm outputs an n-bit string y which is uniformly distributed over {0, 1} n. 2. If f is two-to-one with XOR mask s, the algorithm outputs an n-bit string y which is uniformly distributed over the 2 n-1 strings such that y * s = 0. 3. If f is invariant under XOR mask with s, the algorithm outputs some n-bit string y which satisfies y * s =0. 3. If f is invariant under XOR mask with s, the algorithm outputs some n-bit string y which satisfies y * s =0.

Simon’s Algorithm  Simon showed that when he runs this procedure O(n) times, a quantum algorithm can distinguish between Case 1 and Case 3 with high probability.  He also showed that in Case 2 the algorithm can be used to efficiently identify s with high probability.  After analyzing the success probability of classical oracle algorithms for his problem he came up with the following theorem: Let O n  s {0, 1} n be chosen uniformly and let f :{0, 1} n  {0, 1} n be an oracle chosen uniformly from the set of all functions which are two-to-one with XOR mask s. Then (i) there is a polynomial-time quantum oracle algorithm which identifies s with high probability; (ii) any p.p.t classical oracle algorithm identifies s with probability 1/2  (n). 

Simon’s Algorithm Classically, order 2 n/2 queries needed to find s - Even with randomness Simon (1993) gave quantum algorithm using only order n queries Assumption: given |x , can compute |x  |f(x)  efficiently

Schematic Diagram O b s e r v e f(x) O b s e r v e |0  1. Prepare uniform superposition 2. Compute f: 3. Measure |f(x) , yielding for some x

Simon’s Algorithm (con’t) 1. Prepare uniform superposition 2. Compute f: 3. Measure |f(x) , yielding for some x

Schematic Diagram O b s e r v e f(x) O b s e r v e |0 

Schematic Diagram O b s e r v e f(x) O b s e r v e |0 

Schematic Diagram O b s e r v e f(x) O b s e r v e |0 

Simon’s Algorithm (con’t) 4. Apply to each bit of Result: where

Simon’s Algorithm (con’t) 5. Measure. Obtain a random y such that 7. Solve for s. Can show solution is unique with high probability. 6. Repeat steps 1-5 order n times. Obtain a linear system over GF 2 :

Summary of Simon Measuring the final state gives a vector y such that Measuring the final state gives a vector y such that n-1 such constraints uniquely determine z, with high probability. n-1 such constraints uniquely determine z, with high probability. Quantum parallelism: computing F for many values simultaneously. Quantum parallelism: computing F for many values simultaneously. Quantum interference: Hadamard transform. Quantum interference: Hadamard transform.

Quantum Simon: more details

An Open Question (you could be famous!)

Concluding: Period finding Function F:N  N Function F:N  N such that F(x)=F(x+r) for all x. Find r. Find r. |x> |0> |x> |F(x)> F Now we want to apply it to Shor

Period Finding Given: Function f from {1…2 n } to {1…2 n } Promise: There exists a secret integer r such that f(x)=f(y)  r | x-y for all x Problem: Find r with as few queries as possible Classically, order 2 n/3 queries to f needed Inspired by Simon, Shor (1994) gave quantum algorithm using order poly(n) queries

Example: r=5

Factoring and Discrete Log Using period-finding, can factor integers in polynomial time (Miller 1976) Also discrete log: given a,b,N, find r such that a r  b(mod N) Breaks widely-used public-key cryptosystems: RSA, Diffie-Hellman, ElGamal, elliptic curve systems…

Order finding The order of a  Z N * modulo N is the smallest integer r>0 such that The order of a  Z N * modulo N is the smallest integer r>0 such that a r  1 (mod N) For example, order of 4 mod 7 is 3: For example, order of 4 mod 7 is 3: 4 1  4, 4 2 =16  2(mod 7), 4 3 =64  1 (mod 7), 4 4 =64*4  4 (mod 7),.. Factoring reduces to order-finding. Factoring reduces to order-finding. In the moment we will show how it reduces to order- finding. In the moment we will show how it reduces to order- finding. Four again

Period finding Function F:N  N Function F:N  N such that F(x)=F(x+r) for all x. such that F(x)=F(x+r) for all x. Find smallest r. Find smallest r. |x> |0> |x> |F(x)> F So now we have to create a function and find its order oracle Before we explain how order is used in factorization, we have to review about some other problems, Simon, etc. The algorithms depend on what we mean by addition here

Algorithm [Shor, 1994] |0> F Find factor by continued fraction expansion. QFT

Shor’s algorithm step-by-step |0> F QFT What is M? The second register

Shor’s algorithm step by step Measuring the second register leaves the first register in a state consisting of all x with the same F(x): Measuring the second register leaves the first register in a state consisting of all x with the same F(x):|d>+|d+r>+…+|d+ir> |0> F QFT The second register

Quantum Fourier transform (QFT) If M=2, this is Hadamard transform. We can check it by substituting M=2

QFT detects periods Assume r divides M. Assume r divides M. Then, Then, If j relatively prime with r, If j relatively prime with r,

QFT detects periods Assume r does not divide M. Assume r does not divide M. Then, most of T|  consists of |k> with Then, most of T|  consists of |k> with

QFT detects periods 00 r divides M r does not divide M Can we find r?

Continued fraction expansion Number theory algorithm. Number theory algorithm. Given k, M, finds j, r such that Given k, M, finds j, r such that is smallest among all j and r  r 0. If M=  (r 2 ), correct w.h.p. If M=  (r 2 ), correct w.h.p.

Summary of Shor’s factoring algorithm 1. Reduce factoring to period-finding. 1. Reduce factoring to period-finding. 2. Generate a quantum state with period r. 2. Generate a quantum state with period r. In the easy case, QFT transforms a state with period r into multiples of M/r. In the easy case, QFT transforms a state with period r into multiples of M/r. General case: same but approximately. General case: same but approximately. Continued fraction algorithm finds the closest multiple of M/r. Continued fraction algorithm finds the closest multiple of M/r.

Conclusion  Known quantum algorithms can be split into 3 groups depending on the methods they use:  The first group contains algorithms which are based on determining a common property of all the output values. For example, Shor’s Algorithm.  The second group contains those which transform the state to increase the likelihood that the ouput of interest will be read, Grover’s Algorithm.  The third group contains algorithms which are based on a combination of methods from the previous two groups.

Conclusion (cont.) Currently very few quantum algorithms are known and the search for new ones has had very limited success due to the absence of an understanding of why quantum algorithms work. Currently very few quantum algorithms are known and the search for new ones has had very limited success due to the absence of an understanding of why quantum algorithms work. Quantum algorithms can provide at most a square-root speedup for carrying out an unstructured search. Quantum algorithms can provide at most a square-root speedup for carrying out an unstructured search.

Resources  http://hplbwww2.hpl.hp.com/brims/websems/quantum/ekert/sli6.ht ml http://hplbwww2.hpl.hp.com/brims/websems/quantum/ekert/sli6.ht ml http://hplbwww2.hpl.hp.com/brims/websems/quantum/ekert/sli6.ht ml  http://people.deas.harvard.edu/~rocco/Public/icalp01.pdf http://people.deas.harvard.edu/~rocco/Public/icalp01.pdf  http://www.dcs.ex.ac.uk/~jwallace/history.htm http://www.dcs.ex.ac.uk/~jwallace/history.htm  http://planck.thphys.may.ie/jtwamley/thesis/Hovland/thesis/node43. shtml http://planck.thphys.may.ie/jtwamley/thesis/Hovland/thesis/node43. shtml http://planck.thphys.may.ie/jtwamley/thesis/Hovland/thesis/node43. shtml  http://www.imsa.edu/~matth/cs299/ http://www.imsa.edu/~matth/cs299/  http://www.bell-labs.com/user/feature/archives/lkgrover/

Download ppt "1 Quantum Computing: What’s It Good For? Scott Aaronson Computer Science Department, UC Berkeley January 10, 2002 www.cs.berkeley.edu/~aaronson  John."

Similar presentations