CSEP 590tv: Quantum Computing

Dave Bacon
Aug 3, 2005
Today’s Menu

Administrivia

Public Key Cryptography

Shor’s Algorithm

Grover’s Algorithm

Quantum Mysteries: Entanglement

 Administrivia
Hand in HW #5.

Pick up HW solutions.

Pick up the Take Home Final!

Two weeks to complete. No collaboration.

Extra credit problem based on next week’s lecture

on entanglement.
 Review
1992: Deutsch-Jozsa Algorithm

Exact classical q. complexity:

David Richard
Deutsch Jozsa
Bounded error classical q. complexity:
Exact quantum q. complexity:

1993: Bernstein-Vazirani Algorithm

(non-recursive)
Exact classical q. complexity:
Umesh Ethan
Vazirani Bernstein Bounded error classical q. complexity:
Exact quantum q. complexity:
 Review

n
qubits

Deutsch-Jozsa Algorithm
Bernsetein-Vazirani Algorithm
 Review
1994: Simon’s Algorithm
Bounded error classical q. complexity:
Dan
Simon Bounded error quantum q. complexity:
(first exponential separation)

Given: A function with n bit strings as input and one bit as

output

Promise: The function is guaranteed to satisfy

Problem: Find the n bit string

 Review

n qubits

n qubits

Simon’s algorithm

Multiple runs to find s

 Today:
Factoring
 One Time Pads
Random n bit string
0010101111010001

Alice Bob
Alice’s message
0110110011100101
secret secret
key key

0100011100110100
Eve 0110110011100101
cannot learn message
 Public Key Cryptography
Interesting history:

1st schemes “known in public” where put forth by

Diffie and Hellman in 1976 (key exchange) and
Rivest, Shamir and Adleman in 1978 (encryption algorithm)
(based on work by Merkle in 1974, published 1978)

However, it now appears that the British researchers working for

British intelligence (GCHQ) were actually the first to discover
these protocols, but their work was classified at the time!
Clifford Cooks in 1973 (encryption algorithm)
Malcolm Williamson in ~1973 (key exchange)
(based on work by James Ellis in the late 1960s.)
 Computational Complexity
P : decision problems which can be solved without error in
polynomial time on a deterministic classical Turing machine.

Decision problems: problem with a yes/no answer.

Polynomial time: worst case bounded by a polynomial in the

size of the problem.

Examples of problems in P:

Perfect matching: does a given graph have a perfect matching?

Primes: is a given number a prime number?

Linear Equalities: Given an integer n x d matrix A and an

integer n x 1 vector b, does there exists a rational d x 1
vector x>0 such that Ax=b?
 Computational Complexity
NP : decision problems which can be solved without error in
a polynomial time on a classical nondeterministic Turing
machine. Shorthand, decision problems which, given a
solution, you can verify this solution in polynomial time on a
deterministic classical Turing machine.
Examples of problems in NP:
Perfect matching: does a given graph have a perfect matching?
Satisfaction: does a given boolean function have a satisfying
assignment? Given f(x1,x2,…,xn), does there exist
x={0,1}n such that f(x)=1?
Minesweeper: Given a partially solved Minesweeper board, does
there exist an assignment of mines which can give rise
to this board?
 One Million Dollars

P NP OR NP=P

NP – Hard: Problems which have the property that for every

problem in NP there is a polynomial time reduction
to this problem.
NP – Complete (NPC): NP – Hard and in NP.

P NPC OR NP=NPC=P

NP
 Public Key Cryptography
1. There probably exist computational problems that are HARD.

2. Can we use these to perform secure cryptography by basing

the security of the problem on the difficulty of the hard problem?

If we make the hard problem big enough, baring a breakthrough

in the computational complexity of the problem, or in computer
hardware technology, the cryptography will be secure
Public Key Cryptography Roughly
Instructions for how
to make her lock.

Bob’s secret
documents
Alice Bob

Assume: very hard to design key from instructions to make lock

This is (very roughly) what happens in public key cryptography

 Public Key Encryption RSA

Alice Bob
1. Alice generates two random large primes, and

2. Alice chooses a number which is coprime with .

3. Alice computes such that
Public Key:
Private Key:
 Public Key Encryption: RSA

Public Key:

Alice Bob
Public Key: Bob’s message:
Private Key:

(FLT)
(CRT)
 Public Key Encryption: RSA

Alice Bob
Public Key: Bob’s message:
Private Key:
Bob, using public key can encrypt
message.
Alice, using private key, can
decrypt the message
But decrypting without the private
key is (thought) to be
computationally hard
 Public Key Encryption: RSA

Public Key:
Private Key:

Alice Bob
Bob’s message:

Factoring can be used to break RSA

If we could factor, then we could compute
from which you could use to find

Then we just use the standard decryption:

 Factoring
Difficulty? NP
Probably:
P NPC

Factoring: Is one of the factors less than k?

coNPC coNP NP NPC

P

coNP: efficiently verifiable that NO solution to problem exists.

 Shor’s Algorithm
18819881292060796383869723946165043
98071635633794173827007633564229888
59715234665485319060606504743045317
38801130339671619969232120573403187
9550656996221305168759307650257059
Peter
Shor 1994

3980750864240649373971 4727721461074353025362
2550055038649119906436 2307197304822463291469
2342526708406385189575 5302097116459852171130
946388957261768583317 520711256363590397527

Best classical algorithm Shor’s quantum algorithm

takes time takes time
 Shor’s Algorithm
What were the key insights which Shor used?

Simon’s problem work’s because the function has a symmetry:

In this case the symmetry is a symmetry

Shor became interested in different symmetries and in

particular symmetries of

“the place where we do addition modulo N”

 Period Finding
Given: A function from 0,1,…,N-1 to some n bit numbers

Promise: The function is guaranteed to satisfy

Problem: Find the hidden period

period
 Shor’s Algorithm
What were the key insights which Shor used?
1. Period finding
2. Period finding can be perform efficiently on a quantum
computer.
3. Period finding can be used to factor integers
 Order-Finding and Factoring
Factor N
choose x coprime to N (Euclid’s algorithm for gcd)
Order finding: find smallest r such that

Use order finding to factor: suppose is even,

divides
divides

But must share a common factor

not equal to with
If r is even then compute as factor!

More tricky: is even happens with high probability

Order-Finding and Period-Finding
Order finding: find r such that

Find the period of

What were the key insights which Shor used?

1. Period finding
2. Period finding can be perform efficiently on a quantum
computer.
3. Period finding can be used to factor integers

To understand period finding, we need to understand

Fourier transforms
 Fourier Transforms
Function of a single bit:

We could equally well deal with

Because we can “invert”:

“Look” familiar?
 Fourier Transforms

Output:

The Hadmard is performing this transform (up to a constant)

on the AMPLITUDES of our wave function!
 Fourier Transforms
Function on N different inputs:

We can the define the following N new numbers to represent

the function:

Slow down there egghead….

Nth root of unity:

 Nth Root Of Unity

Unit modulus:

Nth root of unity:

Im

Re
 Nth Root Of Unity

The big sum:

for
for

Unless and then

 Nth Root Of Unity

The sum of all sums:

Im
Re
 Fourier Transforms
Function on N different inputs:

We can the define the following N new numbers to represent

the function:

Now we can see how to go from the hats back to the non hats!
 Fourier Transforms

It works!....
 Fourier Transforms
Example:
 Fourier Transforms

Example:

Fourier transformed coefficients:

Unitarity & Fourier Transforms

Output:

New amplitudes are Fourier transform of old amplitudes!

 Quantum Fourier Transform
The quantum Fourier transform:

See it in action:
 Quantum Fourier Transform
The quantum Fourier transform:

But is it unitary?
 Quantum Fourier Transform
And about that inverse QFT:

It performs the inverse Fourier transform on the amplitudes!

In Class Problem #1
 Period Finding
quantum
oracle

Problem: find in as few ….in as few uses of the

queries as possible quantum oracle as possible

Period Finding Problem a symmetric problem!

 Fourier
to the Rescue

probability
 Shor’s Algorithm
To Factor N on a quantum computer:
Select x coprime to N

Use the quantum computer to find the period of

Use order of x to compute possible factors of N.

Check if they work. If not rerun.

Running time? How many quantum gates?

 QFT over 2n

This circuit requires O(n2) “elementary” gates

QFTs for all other Ns can similarly be implemented.

 Fourier
to the Rescue

O(n3) “elementary” gates

modular exponentiation
 Shor’s Algorithm
To Factor N on a quantum computer:
Select x coprime to N

Use the quantum computer to find the period of

Use order of x to compute possible factors of N.

Check if they work. If not rerun.

Running time: O(n3)

 Shor’s Algorithm
18819881292060796383869723946165043
98071635633794173827007633564229888
59715234665485319060606504743045317
38801130339671619969232120573403187
9550656996221305168759307650257059
Peter
Shor 1994

3980750864240649373971 4727721461074353025362
2550055038649119906436 2307197304822463291469
2342526708406385189575 5302097116459852171130
946388957261768583317 520711256363590397527

Best classical algorithm Shor’s quantum algorithm

takes time takes time
 Grover’s Problem
Suppose we have a black box

n qubit
1qubit
with the property

Problem: find with as few queries as possible.

 Grover’s Algorithm
Use the black box in a particular way

n qubit

Grover oracle:

How to use Grover oracle to find ?

 The Grover Iterate

n qubits
 The Grover Iterate

n qubits

Grover’s iterate
 The Grover Iterate in 2D
Two orthonormal vectors:

Express the equal superposition in terms of these:

The Grover iterate will preserve this two dimensional subspace

 The Grover Iterate in 2D
Expressed over the two dimensional subspace:

Grover’s iterate is just a rotation in this 2D space

 Repeatedly Bang Your Head
Repeated application of the Grover iterate

Grover’s algorithm:
1. start with

2. repeatedly apply Grover’s iterate to rotate to near

 Repeatedly Bang Your Head

Large amplitude in “bad” part of Hilbert space

physicist:

implies

Application of the repeated iterate to initial state rotates it to

nearly all amplitude in
 Gover’s Algorithm
We have identified marked item using only queries!
 Quantum Complexity Theory
BPP (Bounded-error Probabilistic Polynomial time):
Error probability less than some fixed constant < ½
BQP (Bounded-error Quantum Polynomial time):
Error probability less than some fixed constant < ½

NP

P
PSPACE
BPP

BQP
 Quantum Algorithms
What else can quantum computers do?
• Factoring, discrete log [Shor 94]
• Unstructured search [Grover 96]
• Various hidden subgroup problems [Long List]
• Pell’s equation [Hallgren 02]
• Hidden shift problems [van Dam, Hallgren, Ip 03]
• Graph traversal [CCDFGS 03]
• Spatial search [AA 03, CG 03/04, AKR 04]
• Element distinctness [Ambainis 03]
• Various graph problems [DHHM 04, MSS 03,…]
• Testing matrix multiplication [Buhrman,Špalek 04]
• hidden subgroup problem [Bacon, Childs, van Dam 05]
• Certain hidden shift problems [Childs, van Dam 05]
 Quantum Algorithms
What else might quantum computer be able to do?

Not likely:
BQP P NPC

NP

Interesting problems not NPC but possibly in BQP?

Graph isomorphism
Restricted shortest vector in a lattice problems
Finding Nash equilibrium
…
 Quantum Simulation
Perhaps the least well studied and understood.

Simulating quantum many body systems is

often computationally very difficult

Quantum computers allow one to perform these simulation

without having to engineer entirely new physical systems.

Quantum materials? Understanding High-T Superconductors?