Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.

Published byAllen Dalton Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course."— Presentation transcript:

1 1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 cleve@cs.uwaterloo.ca Course web site at: http://www.cs.uwaterloo.ca/~cleve Lecture 8 (2005)

2 2 Contents Recap of the order-finding problem/algorithm Reduction from factoring to order-finding The discrete log problem The “hidden subgroup” framework

3 3 Recap of the order-finding problem/algorithm Reduction from factoring to order-finding The discrete log problem The “hidden subgroup” framework

4 4 Order-finding problem Input: M (an n -bit integer) and a  {1,2,…, M  1} such that gcd( x, M ) = 1 } Output: ord M ( a ), which is the minimum r > 0 such that a r = 1 ( mod M ) Example: for M = 21 and a = 6, the powers of 10 are: 1, 10, 16, 13, 4, 19, 1, 10, 16, 13, 4, 19, 1, 10, 16, 13, 4, … Therefore, the correct output is: 6 Note: no classical polynomial-time algorithm is known for this problem

5 5 Quantum algorithm for order-finding U a,M H H H 00 00 00 00 00 11 H H 44 44 88 H measure these qubits and apply continued fractions* algorithm to determine a quotient, whose denominator divides r U a,M  y  =  a y mod M  inverse QFT * For a discussion of the continued fractions algorithm, please see Appendix A4.4 in [Nielsen & Chuang] Number of gates for a constant success probability is: O(n 2 log n loglog n)

6 6 Recap of the order-finding problem/algorithm Reduction from factoring to order-finding The discrete log problem The “hidden subgroup” framework

7 7 The integer factorization problem Input: M ( n -bit integer; we can assume it is composite) Output: p, q (each greater than 1 ) such that pq = N Note 2: given any efficient algorithm for the above, we can recursively apply it to fully factor M into primes* efficiently * A polynomial-time classical algorithm for primality testing exists Note 1: no efficient (polynomial-time) classical algorithm is known for this problem

8 8 Factoring prime-powers There is a straightforward classical algorithm for factoring numbers of the form M = p k, for some prime p What is this algorithm? Therefore, the interesting remaining case is where M has at least two distinct prime factors

9 9 Proposed quantum algorithm (repeatedly do): 1.randomly choose a  {2, 3, …, M  1} 2.compute g = gcd (a,M ) 3. if g > 1 then output g, M/g else compute r = ord M ( a ) (quantum part) if r is even then compute x = a r /2  1 mod M compute h = gcd (x,M ) if h > 1 then output h, M /h Numbers other than prime-powers so M | (a r /2 +1 )(a r /2  1 ) we have M | a r  1 thus, either M | a r /2 +1 or gcd (a r /2 +1,M ) is a nontrivial factor of M latter event occurs with probability  ½ Analysis:

10 10 Recap of the order-finding problem/algorithm Reduction from factoring to order-finding The discrete log problem The “hidden subgroup” framework

11 11 Discrete logarithm problem (I) Input: p (prime), g (generator of Z* p ), a  Z* p Output: r  Z p  1 such that g r mod p = a Example: p = 7, Z* 7 = {1, 2, 3, 4, 5, 6} = {3 0, 3 2, 3 1, 3 4, 3 5, 3 3 } (hence 3 is a generator of Z* 7 ) For a = 6, since 3 3 = 6, the output should be r = 3 Note: No efficient classical algorithm for DLP is known (and cryptosystems exist whose security is predicated on the computational difficulty of DLP) Efficient quantum algorithm for DLP? (Hint: it can be made to look like Simon’s problem!)

12 12 Discrete logarithm problem (II) Clever idea (of Shor): define f : Z p  1  Z p  1  Z* p as f (x, y) = g x a  y mod p We know a = g r for some r, so f (x, y) = g x  ry mod p When is f (x 1, y 1 ) = f (x 2, y 2 ) ? Thus, f (x 1, y 1 ) = f (x 2, y 2 ) iff x 1  ry 1  x 2  ry 2 (mod p  1) iff (x 1, y 1 )  ( 1,  r)  (x 2, y 2 )  ( 1,  r) (mod p  1) iff ((x 1, y 1 )  (x 2, y 2 ))  ( 1,  r)  0 (mod p  1) iff (x 1, y 1 )  (x 2, y 2 )  k (r, 1 ) (mod p  1) Zp1 Zp1Zp1 Zp1 ( 1,  r) (r, 1)(r, 1) Recall Simon’s: f ( x ) = f ( y ) iff x  y = k r (mod 2)

13 13 Discrete logarithm problem (III) f : Z p  1  Z p  1  Z* p defined as f (x, y) = g x a  y mod p f (x 1, y 1 ) = f (x 2, y 2 ) iff (x 1, y 1 )  (x 2, y 2 )  k (r, 1 ) (mod p  1) Recall Simon’s: f ( x ) = f ( y ) iff x  y = k r (mod 2) f F 00 00 F 00 00 F†F† F†F† result is a random (s, t) such that (s, t)  (r, 1 )  0 (mod p  1) if gcd( s, p  1) = 1 then r can be computed as r =  ts  1 mod p  1 Why?

14 14 Recap of the order-finding problem/algorithm Reduction from factoring to order-finding The discrete log problem The “hidden subgroup” framework

15 15 Hidden subgroup problem (I) Let G be a known group and H be an unknown subgroup of G Let f : G  T have the property f (x 1 ) = f (x 2 ) iff x 1  x 2  H (i.e., x 1 and x 2 are in the same right coset of H ) Problem: given a black-box for computing f, determine H Example 1: G = ( Z 2 ) n (the additive group) and H = {0, r } Example 2: G = ( Z p  1 ) 2 and H = { (0,0), ( r,1), (2 r,2), …, (( p  2) r, p  2) } Example 3: G = Z and H = r Z

16 16 Hidden subgroup problem (II) Example 4: G = S n (the symmetric group, consisting of all permutations on n objects—which is not abelian) and H is any subgroup of G A quantum algorithm for this instance of HSP would lead to an efficient quantum algorithm for the graph isomorphism problem … … yet no efficient quantum has been found for this instance of HSP, despite significant effort by many people

17 17

Download ppt "1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course."

Similar presentations

Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Lecture 11 (2005) Richard Cleve DC 3524 cleve@cs.uwaterloo.ca.

Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Lecture 11 (2005) Richard Cleve DC 3524
Section 11 Direct Products and Finitely Generated Abelian Groups One purpose of this section is to show a way to use known groups as building blocks to.

Section 11 Direct Products and Finitely Generated Abelian Groups One purpose of this section is to show a way to use known groups as building blocks to.
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.

1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.
Quantum Cryptography ( EECS 598 Presentation) by Amit Marathe.

Quantum Cryptography ( EECS 598 Presentation) by Amit Marathe.
Cryptography and Network Security

Cryptography and Network Security
Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)

Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)
Umesh V. Vazirani U. C. Berkeley Quantum Algorithms: a survey.

Umesh V. Vazirani U. C. Berkeley Quantum Algorithms: a survey.
The Hidden Subgroup Problem. Problem of great importance in Quantum Computation Most Q.A. that run exponentially faster than their classical counterparts.

The Hidden Subgroup Problem. Problem of great importance in Quantum Computation Most Q.A. that run exponentially faster than their classical counterparts.
1 The RSA Algorithm Supplementary Notes Prepared by Raymond Wong Presented by Raymond Wong.

1 The RSA Algorithm Supplementary Notes Prepared by Raymond Wong Presented by Raymond Wong.
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.

CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.
1 Quantum Computing: What’s It Good For? Scott Aaronson Computer Science Department, UC Berkeley January 10, 2002 www.cs.berkeley.edu/~aaronson  John.

1 Quantum Computing: What’s It Good For? Scott Aaronson Computer Science Department, UC Berkeley January 10,  John.
Quantum Computing Joseph Stelmach.

Quantum Computing Joseph Stelmach.
1 Recap (I) n -qubit quantum state: 2 n -dimensional unit vector Unitary op: 2 n  2 n linear operation U such that U † U = I (where U † denotes the conjugate.

1 Recap (I) n -qubit quantum state: 2 n -dimensional unit vector Unitary op: 2 n  2 n linear operation U such that U † U = I (where U † denotes the conjugate.
Theory I Algorithm Design and Analysis (9 – Randomized algorithms) Prof. Dr. Th. Ottmann.

Theory I Algorithm Design and Analysis (9 – Randomized algorithms) Prof. Dr. Th. Ottmann.
Quantum Algorithms II Andrew C. Yao Tsinghua University & Chinese U. of Hong Kong.

Quantum Algorithms II Andrew C. Yao Tsinghua University & Chinese U. of Hong Kong.
Shor’s Algorithm Osama Awwad Department of Computer Science Western Michigan University July 12, 2015.

Shor’s Algorithm Osama Awwad Department of Computer Science Western Michigan University July 12, 2015.
Chapter 8 – Introduction to Number Theory Prime Numbers

Chapter 8 – Introduction to Number Theory Prime Numbers
Tallinn University of Technology Quantum computer impact on public key cryptography Roman Stepanenko.

Tallinn University of Technology Quantum computer impact on public key cryptography Roman Stepanenko.

Similar presentations

Ads by Google