Presentation is loading. Please wait.

Presentation is loading. Please wait.

Quantum Factoring Michele Mosca The Fifth Canadian Summer School on Quantum Information August 3, 2005.

Published byJonah Higgins Modified over 8 years ago

Similar presentations

Presentation on theme: "Quantum Factoring Michele Mosca The Fifth Canadian Summer School on Quantum Information August 3, 2005."— Presentation transcript:

1 Quantum Factoring Michele Mosca The Fifth Canadian Summer School on Quantum Information August 3, 2005

2 Quantum Algorithms l Quantum Algorithms should exploit quantum parallelism and quantum interference. l We have already seen some elementary algorithms.

3 Quantum Algorithms l These algorithms have been computing essentially classical functions on quantum superpositions l This encoded information in the phases of the basis states: measuring basis states would provide little useful information l But a simple quantum transformation translated the phase information into information that was measurable in the computational basis

4 Extracting phase information with the Hadamard operation

5 Overview l Quantum Phase Estimation l Eigenvalue Kick-back l Eigenvalue estimation and order- finding/factoring l Shor’s approach l Discrete Logarithm and Hidden Subgroup Problem (if there’s time)

6 Quantum Phase Estimation l Suppose we wish to estimate a number given the quantum state l Note that in binary we can express

7 Quantum Phase Estimation l Since for any integer k, we have

8 Quantum Phase Estimation l If then we can do the following

9 Useful identity l We can show that

10 Quantum Phase Estimation l So if then we can do the following

11 Quantum Phase Estimation l So if then we can do the following

12 Quantum Phase Estimation l Generalizing this network (and reversing the order of the qubits at the end) gives us a network with O(n 2 ) gates that implements

13 Discrete Fourier Transform l The discrete Fourier transform maps vectors of dimension N by transforming the elementary vector according to l The quantum Fourier transform maps vectors in a Hilbert space of dimension N according to

14 Discrete Fourier Transform l Thus we have illustrated how to implement (the inverse of) the quantum Fourier transform in a Hilbert space of dimension 2 n

15 Estimating arbitrary l What if is not necessarily of the formfor some integer x? l The QFT will mapto a superposition where

16 l For any real Quantum Phase Estimation l With high probability

17 l Recall the “trick”: Eigenvalue kick-back

18 l Consider a unitary operation U with eigenvalue and eigenvector Eigenvalue kick-back

19

20 l As a relative phase, becomes measurable

21 l If we exponentiate U, we get multiples of Eigenvalue kick-back

22

23

24 Phase estimation

25 Eigenvalue estimation

26

27 l Given with eigenvectorand eigenvalue we thus have an algorithm that maps

28 Eigenvalue kick-back l Given with eigenvectorsand respective eigenvalues we thus have an algorithm that maps and therefore

29 Eigenvalue kick-back l Measuring the first register of is equivalent to measuring with probability i.e.

30 Example l Suppose we have a group and we wish to find the order of (I.e. the smallest positive such that ) l If we can efficiently do arithmetic in the group, then we can realize a unitary operator that maps l Notice that l This means that the eigenvalues of are of the formwhere k is an integer

31 (Aside: more on reversible computing) If we know how to efficiently compute and then we can efficiently and reversibly map

32 (Aside: more on reversible computing) And therefore we can efficiently map

33 Example l Let l Then l We can easily implement, for example, l The eigenvectors of include

34 Example

35

36

37

38

39 Eigenvalue Kickback

40

41

42

43 Quantum Factoring l The security of many public key cryptosystems used in industry today relies on the difficulty of factoring large numbers into smaller factors. Factoring the integer N into smaller factors can be reduced to the following task: Given integer a, find the smallest positive integer r so that

44 Example l Let l We can easily implement l The eigenvectors of include

45 Example

46

47 Eigenvalue kick-back l Given with eigenvectorsand respective eigenvalues we thus have an algorithm that maps and therefore

48 Eigenvalue Estimation

49 Eigenvalue kick-back l Measuring the first register of is equivalent to measuring with probability

50 Finding r For most integers k, a good estimate of (with error at most ) allows us to determine r (even if we don’t know k). (using continued fractions)

51 (aside: how does factoring reduce to order-finding??) l The most common approach for factoring integers is the difference of squares technique: »“Randomly” find two integers x and y satisfying »So N divides »Hope that is non-trivial l If r is even, then let so that

52 Shor’s approach l This eigenvalue estimation approach is not the original approach discovered by Shor l Kitaev developed an eigenvalue estimation approach (to the more general “Hidden Stabilizer Problem”) l We’ve presented the CEMM version here

53 Discrete Fourier Transform l The discrete Fourier transform maps uniform periodic states, say with period r dividing N, and offset w, to a periodic state with period N/r.

54 Discrete Fourier Transform l The quantum Fourier transform maps vectors in a Hilbert space of dimension N according to

55 Shor’s Factoring Algorithm

56 Network for Shor’s Factoring Algorithm

57 Eigenvalue Estimation Factoring Algorithm

58 Network for Eigenvalue Estimation Factoring Algorithm

59 Equivalence of Shor&CEMM Shor analysisCEMM analysis

60 Equivalence of Shor&CEMM Shor analysisCEMM analysis

61 Consider two elementsfrom a group G satisfying Find s. Discrete Logarithm Problem

62 We know has eigenvectors

63 Discrete Logarithm Problem Thus has the same eigenvectors but with eigenvalues exponentiated to the power of s

64 Discrete Logarithm Problem

65 Given k and ks, we can compute s mod r (provided k and r are coprime)

66 Abelian Hidden Subgroup Problem Find generators for

67 Network for AHS

68 AHS Algorithm in standard basis

69 AHS for in eigenbasis is an eigenvector of (Simon’s Problem)

70 Other applications of Abelian HSP l Any finite Abelian group G is the direct sum of finite cyclic groups l But finding generators satisfying is not always easy, e.g. for it’s as hard as factoring N l Given any polynomial sized set of generators, we can use the Abelian HSP algorithm to find new generators that decompose G into a direct sum of finite cyclic groups.

71 Examples: Deutsch’s Problem: or Order finding: any group

72 Example: Discrete Log of to base : any group

73 Examples: Self-shift equivalences:

74 What about non-Abelian HSP l Consider the symmetric group l S n is the set of permutations of n elements l Let G be an n-vertex graph l Let l Define l Then where

75 Graph automorphism problem l So the hidden subgroup of is the automorphism group of G l This is a difficult problem in NP that is believed not to be in BPP and yet not NP- complete.

76 Other Progress on the Hidden Subgroup Problem in non-Abelian groups (not an exhaustive list) Ettinger, Hoyer arxiv.gov/abs/quant-ph/9807029 Roetteler,Beth quant-ph/9812070 Ivanyos,Magniez,Santha arxiv.org/abs/quant-ph/0102014 Friedl,Ivanyos,Magniez,Santha,Sen quant-ph/0211091 (Hidden Translation and Orbit Coset in Quantum Computing); they show e.g. that the HSP can be solved for solvable groups with bounded exponent and of bounded derived series Moore,Rockmore,Russell,Schulman, quant-ph/0211124

Download ppt "Quantum Factoring Michele Mosca The Fifth Canadian Summer School on Quantum Information August 3, 2005."

Similar presentations

Quantum t-designs: t-wise independence in the quantum world Andris Ambainis, Joseph Emerson IQC, University of Waterloo.

Quantum t-designs: t-wise independence in the quantum world Andris Ambainis, Joseph Emerson IQC, University of Waterloo.
The Future (and Past) of Quantum Lower Bounds by Polynomials Scott Aaronson UC Berkeley.

The Future (and Past) of Quantum Lower Bounds by Polynomials Scott Aaronson UC Berkeley.
Umesh V. Vazirani U. C. Berkeley Quantum Algorithms: a survey.

Umesh V. Vazirani U. C. Berkeley Quantum Algorithms: a survey.
1.  Detailed Study of groups is a fundamental concept in the study of abstract algebra. To define the notion of groups,we require the concept of binary.

1.  Detailed Study of groups is a fundamental concept in the study of abstract algebra. To define the notion of groups,we require the concept of binary.
The Hidden Subgroup Problem. Problem of great importance in Quantum Computation Most Q.A. that run exponentially faster than their classical counterparts.

The Hidden Subgroup Problem. Problem of great importance in Quantum Computation Most Q.A. that run exponentially faster than their classical counterparts.
Quantum Phase Estimation using Multivalued Logic.

Quantum Phase Estimation using Multivalued Logic.
Quantum Phase Estimation using Multivalued Logic Vamsi Parasa Marek Perkowski Department of Electrical and Computer Engineering, Portland State University.

Quantum Phase Estimation using Multivalued Logic Vamsi Parasa Marek Perkowski Department of Electrical and Computer Engineering, Portland State University.
Quantum Speedups DoRon Motter August 14, 2001. Introduction Two main approaches are known which produce fast Quantum Algorithms The first, and main approach.

Quantum Speedups DoRon Motter August 14, Introduction Two main approaches are known which produce fast Quantum Algorithms The first, and main approach.
CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.

CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.
Department of Computer Science & Engineering University of Washington

Department of Computer Science & Engineering University of Washington
Phase in Quantum Computing. Main concepts of computing illustrated with simple examples.

Phase in Quantum Computing. Main concepts of computing illustrated with simple examples.
Quantum Error Correction Michele Mosca. Quantum Error Correction: Bit Flip Errors l Suppose the environment will effect error (i.e. operation ) on our.

Quantum Error Correction Michele Mosca. Quantum Error Correction: Bit Flip Errors l Suppose the environment will effect error (i.e. operation ) on our.
Quantum Computing Ambarish Roy 16.508. Presentation Flow.

Quantum Computing Ambarish Roy Presentation Flow.
Quantum Algorithms Towards quantum codebreaking Artur Ekert.

Quantum Algorithms Towards quantum codebreaking Artur Ekert.
Shor Algorithm (continued) Anuj Dawar Use of number theory and reductions.

Shor Algorithm (continued) Anuj Dawar Use of number theory and reductions.
Factoring 1 Factoring Factoring 2 Factoring  Security of RSA algorithm depends on (presumed) difficulty of factoring o Given N = pq, find p or q and.

Factoring 1 Factoring Factoring 2 Factoring  Security of RSA algorithm depends on (presumed) difficulty of factoring o Given N = pq, find p or q and.
1 Quantum Computing: What’s It Good For? Scott Aaronson Computer Science Department, UC Berkeley January 10, 2002 www.cs.berkeley.edu/~aaronson  John.

1 Quantum Computing: What’s It Good For? Scott Aaronson Computer Science Department, UC Berkeley January 10,  John.
Quantum Computation and Error Correction Ali Soleimani.

Quantum Computation and Error Correction Ali Soleimani.
Quantum Error Correction Codes-From Qubit to Qudit Xiaoyi Tang, Paul McGuirk.

Quantum Error Correction Codes-From Qubit to Qudit Xiaoyi Tang, Paul McGuirk.
“Both Toffoli and CNOT need little help to do universal QC” (following a paper by the same title by Yaoyun Shi) paper.

“Both Toffoli and CNOT need little help to do universal QC” (following a paper by the same title by Yaoyun Shi) paper.

Similar presentations

Ads by Google