Upload
iain
View
21
Download
2
Embed Size (px)
DESCRIPTION
. Quantum Computing: What’s It Good For?. Scott Aaronson Computer Science Department, UC Berkeley January 10, 2002 www.cs.berkeley.edu/~aaronson. Stacy Seitz. John Bell. Elementary gates. Hadamard gate Phase shift. Elementary gates. Rotation by angle Controlled NOT. Universality. - PowerPoint PPT Presentation
Citation preview
11
Quantum Computing:Quantum Computing:What’s It Good For?What’s It Good For?
Scott AaronsonScott Aaronson
Computer Science Department, UC BerkeleyComputer Science Department, UC Berkeley
January 10, 2002January 10, 2002
www.cs.berkeley.edu/~aaronsonwww.cs.berkeley.edu/~aaronson
John Bell
Stacy SeitzStacy Seitz
Elementary gatesElementary gates
Hadamard gateHadamard gate
Phase shiftPhase shift
1|2
10|
2
11|
1|2
10|
2
10|
H
1|1|
0|0|Z
Elementary gatesElementary gates
Rotation by angle Rotation by angle
Controlled NOTControlled NOT
1011
1110
0101
0000
CNOT
1|1|
0|0|
i
i
e
eT
UniversalityUniversality
Any quantum computationAny quantum computation can be can be performed by a circuit consisting of performed by a circuit consisting of Hadamard, phase, rotation by Hadamard, phase, rotation by /8/8 and controlled NOT gates.and controlled NOT gates.
Classical vs. Quantum Classical vs. Quantum CircuitsCircuits
|x>
|0>
|x>
|F(x)>F
Add extra input initialized to 0.
We can transform a classical circuit for F to quantum circuit.
ExampleExample
yx
^
Classical Quantum
|x>
|y>
|0>
|x>
|y>
|xy>
|a> |a(xy)>
Toffoli gate.
Quantum Quantum parallelismparallelism
By linearity,By linearity,
Many evaluations of Many evaluations of ff in unit time. in unit time.
|x>
|0>
|x>
|f(x)>
|x> |f(x)> |x> |0>x x
Quantum parallelismQuantum parallelism
Once we measureOnce we measure
we get one particular x and f(x).we get one particular x and f(x). Same as if we evaluated Same as if we evaluated ff on a on a
randomrandom xx..
|x> |f(x)>x
Quantum parallelismQuantum parallelism
Is it useful?Is it useful? We cannot obtain all values f(x) fromWe cannot obtain all values f(x) from
because because quantum states cannot be quantum states cannot be measured completelymeasured completely. .
We can obtain We can obtain quantities that quantities that depend on many f(x).depend on many f(x).
|x> |f(x)>x
Quantum Quantum interferenceinterference
Hadamard transform:Hadamard transform:
1|2
10|
2
11|
1|2
10|
2
10|
H
H
0|1|
2
10|
2
1H
Illustrate this with Bloch Sphere
Quantum interferenceQuantum interference
Negative interference:Negative interference: |1> and -|1> cancel out |1> and -|1> cancel out one another.one another.
Positive interference:Positive interference: |0> and |0> add up to a |0> and |0> add up to a higher probability.higher probability.
Use Use quantum parallelismquantum parallelism to compute many f(x). to compute many f(x). Use Use positive positive interferenceinterference to obtain information to obtain information
that that depends on many values f(x).depends on many values f(x). Ideal for Ideal for number-theoretic problemsnumber-theoretic problems (factoring). (factoring).
Hadamard matrix:Hadamard matrix: 1 1
2 21 1
2 2
H
H|0 = (|0+|1)/2 H|1 = (|0-|1)/2
H(|0+|1)/2 = |0 H(|0-|1)/2 = |1
Quantum CircuitsQuantum Circuits
Unitary operation is Unitary operation is locallocal if it applies to if it applies to only a only a constant numberconstant number of bits ( of bits (qubitsqubits))
• Given a yes/no problem of size n:
1. Apply order nk local unitaries for constant k
2. Measure first bit, return ‘yes’ iff it’s 1
• BQP: class of problems solvable by such a circuit with error probability at most 1/3
(+ technical requirement: uniformity)
The Power of Quantum The Power of Quantum ComputingComputing
Bernstein-Vazirani 1993:Bernstein-Vazirani 1993:
BPP BPP BQP BQP PSPACE PSPACE
BPP: solvable classically with order nBPP: solvable classically with order nkk time time
PSPACE: solvable with order nPSPACE: solvable with order nkk memory memory
• Apparent power of quantum computing comes from interference- Probabilities always nonnegative- But amplitudes can be negative (or complex), so paths
leading to wrong answers can cancel each other out
Simon’s ProblemSimon’s ProblemGiven a black box
x f(x)
Promise: There exists a secret string s such that f(x)=f(y) y=xs for all x,y (: bitwise XOR)
Problem: Find s with as few queries as possible
Simon’s Problem more Simon’s Problem more formallyformally
Simon’s Problem
Determine whether f(x) has is distinct on an XOR mask or distincton all inputs using the fewest queries of the oracle. (Find s)
Classical Simon
00
01
10
11
A
C
D
B
C
A
B
D
0 1
S=011
Guess what are Simon’s functions?
ExampleExampleInput xInput x Output Output
f(x)f(x)
000000 44
001001 22
010010 33
011011 11
100100 22
101101 44
110110 11
111111 33
Secret string s:
101
f(x)=f(xs)
Quantum Quantum Simon’s problem Simon’s problem Function F:{0, 1}Function F:{0, 1}n n {0, 1}{0, 1}nn..
Given:Given: is function is function FF such that such that F(x+F(x+ss)=F(x))=F(x) for all for all xx, , where where operation operation ++ is a is a bitwise addition.bitwise addition.
FindFind: : numbernumber ss..
|x>
|0>
|x>
|F(x)>
F
This is a cyclic function such as cosine
Quantum Quantum Algorithm [Simon, Algorithm [Simon, 1994]1994]
|0>
|0>
|y>
|f(x)>
H
H
H
H
H
HF
Repeat n times and combine results y1,..., yn.
• Observe that yi are AFTER Hadamard.
|x>
The trick here is to use Hadamard transform at the inputs and outputs of F
Hadamard transformHadamard transform
1|2
10|
2
11|
1|2
10|
2
10|
H
review
Hadamard on Hadamard on nn qubits qubits
H
H
|0>
|0> 1|2
10|
2
1
1|2
10|
2
1
nxn
n
n x1,0
|2
11|
2
10|
2
10|
As you remember we do Kronecker product for gates that are in parallel
Kronecker product of unitary matrix of H gate
Simon’s algorithm step-by-stepSimon’s algorithm step-by-step
|0>
|0>
|y>
|F(x)>
H
H
H
H
H
HF
0||2
1
1,0 nxn
x
)(||2
1
1,0
xFxnx
n
From last slideKronecker Product of Unitary Matrices
Here n = 3
If F(X)is distinct
If F(X)is distinct
Simon’s algorithm step-by-stepSimon’s algorithm step-by-step
|0>
|0>
|y>
|F(x)>
H
H
H
H
H
HF
0||2
1
1,0 nxn
x
)(||2
1
1,0
xFxnx
n
From last slideKronecker Product of Unitary Matrices
Here n = 3
We add Hadamards at the outputs and observe
Measuring Measuring F(x)F(x)
Partial measurement of last n bits.Partial measurement of last n bits. We get some value y=F(x).We get some value y=F(x). The state The state
collapses to part consistent with y=F(x).collapses to part consistent with y=F(x).
)(||2
1
1,0
xFxnx
n
yxyxF
||)(
1. 1. measuremeasure the last n qubits the last n qubits 2. perform 2. perform Hadamard on first n Hadamard on first n
qubitsqubits..
|0>
|0>
|y>
|F(x)>
H
H
H
H
H
HF
0||2
1
1,0 nxn
x
)(||2
1
1,0
xFxnx
n
Here n = 3
Last stepLast step
We now have the stateWe now have the state
How do we get How do we get zz?? Measuring the first register would Measuring the first register would
give give only one of x and x+z.only one of x and x+z.
yzxx |)|(|
Simon’s algorithmSimon’s algorithm
|0>
|0>
|y>
|f(x)>
H
H
H
H
H
HF
)|(| zxx
Measuring the first register would give Measuring the first register would give only one of x and x+z.only one of x and x+z.
This is why we measure through the output Hadamard Transform
Hadamard transformHadamard transform
1|2
10|
2
11|
1|2
10|
2
10|
H
1|)1(2
10|
2
1| xxH
1 1
1 -1 Please observe when we have positive and when negative values
Hadamard transformHadamard transform
H
H
H
|x1>
|x2>
|xn>
...
1|)1(2
10|
2
1 1x
1|)1(2
10|
2
1 2x
1|)1(2
10|
2
1 nx
......
nyyy
n yyyiy
ix
xxxn
...|)1(...| 21...
21
21
Hadamard transformHadamard transform
nyyy
yyyiy
iz
ix
zxn
...|)(
)1(| 21...21
nyyy
yyyiy
ix
xn
...|)1(| 21...21
Signs are the same iff zi yi= 0 mod 2.
Let us analyze signs in |x> and |x+z>
Simon’s Algorithm - 1993Simon’s Algorithm - 1993 Simon’s algorithm examines an Simon’s algorithm examines an oracle problemoracle problem which takes which takes
polynomial time on a quantum computerpolynomial time on a quantum computer but but exponential exponential time on a classical computer.time on a classical computer.
His algorithm takes oracle access to a function His algorithm takes oracle access to a function ff: {0, 1}: {0, 1}nn {0, 1} {0, 1}nn, , runs in poly(runs in poly(nn) time) time and behaves as and behaves as
follows:follows:
1.1. If If ff is a permutation on {0, 1} is a permutation on {0, 1}nn, the algorithm outputs an , the algorithm outputs an nn-bit string y-bit string y which is uniformly distributed over {0, 1} which is uniformly distributed over {0, 1}nn..
2.2. If If ff is is two-to-one with XOR mask two-to-one with XOR mask ss, the algorithm , the algorithm outputs an outputs an nn-bit string -bit string yy which is which is uniformly distributeduniformly distributed over over
the the 22nn-1-1 strings strings such that such that yy * * ss = 0. = 0.
3.3. If If ff is is invariant under XOR mask with invariant under XOR mask with ss,, the algorithm the algorithm outputs some outputs some nn-bit string -bit string yy which satisfies which satisfies yy * * ss =0. =0.
Simon’s AlgorithmSimon’s Algorithm
Simon showed that when he Simon showed that when he runs this procedure O(n) runs this procedure O(n) timestimes, a quantum algorithm , a quantum algorithm can distinguish between Case can distinguish between Case 1 and Case 31 and Case 3 with with high probabilityhigh probability..
He also showed that in He also showed that in Case 2Case 2 the algorithm can be used the algorithm can be used to efficiently identify to efficiently identify ss with high probability. with high probability.
After analyzing the success probability of classical oracle After analyzing the success probability of classical oracle algorithms for his problem he came up with the following algorithms for his problem he came up with the following theorem:theorem:
Let Let OOnn s s {0, 1} {0, 1}nn be chosen uniformly and let be chosen uniformly and let
f f :{0, 1}:{0, 1}nn {0, 1} {0, 1}nn be an oracle chosen uniformly from the be an oracle chosen uniformly from the set of all functions which are two-to-one with XOR mask s. set of all functions which are two-to-one with XOR mask s. Then Then (i)(i) there is a polynomial-time quantum oracle there is a polynomial-time quantum oracle algorithm which identifies s with high probability; algorithm which identifies s with high probability; (ii)(ii) any any p.p.t classical oracle algorithm identifies p.p.t classical oracle algorithm identifies ss with probability with probability 1/21/2(n)(n)..
Simon’s AlgorithmSimon’s Algorithm
• Classically, order 2n/2 queries needed to find s
- Even with randomness
• Simon (1993) gave quantum algorithm using only order n queries
• Assumption: given |x, can compute |x|f(x) efficiently
Schematic DiagramSchematic DiagramObserve
f(x)
Observe
nH nH |0|0
|0
|0|0
|0
1. Prepare uniform superposition
2. Compute f:
/ 2
0,1
1
2 nn
x
x f x
3. Measure |f(x), yielding
for some x
1
2x x s f x
Simon’s Algorithm (con’t)Simon’s Algorithm (con’t)
1. Prepare uniform superposition
2. Compute f:
/ 20,1
1
2 nn
x
x f x
3. Measure |f(x), yielding
for some x
1
2x x s f x
Schematic DiagramSchematic DiagramObserve
f(x)
Observe
nH nH |0|0
|0
|0|0
|0
Schematic DiagramSchematic DiagramObserve
f(x)
Observe
nH nH |0|0
|0
|0|0
|0
Schematic DiagramSchematic DiagramObserve
f(x)
Observe
nH nH |0|0
|0
|0|0
|0
Simon’s Algorithm (con’t)Simon’s Algorithm (con’t)
1
2x x s
1 12 2
1 12 2
H
4. Apply to each bit of
Result:
/ 2
0,1
11 1
22 n
x y x s y
ny
y
1
mod 2n
i ii
x y x y
where
Simon’s Algorithm (con’t)Simon’s Algorithm (con’t)
5. Measure. Obtain a random y such that
0.x y x s y s y
7. Solve for s. Can show solution is unique with high probability.
6. Repeat steps 1-5 order n times. Obtain a linear system over GF2: 1
2
0
0
s y
s y
Summary of SimonSummary of Simon
Measuring the final state gives a vector Measuring the final state gives a vector yy such thatsuch that
n-1n-1 such constraints uniquely determine such constraints uniquely determine zz, , with high probability.with high probability.
Quantum parallelism:Quantum parallelism: computing computing FF for for many values simultaneously.many values simultaneously.
Quantum interference:Quantum interference: Hadamard Hadamard transform.transform.
)2(mod0 ii zy
Quantum Simon: more details
An Open Question(you could be famous!)
Concluding:Concluding: PeriodPeriod findingfinding
Function F:NFunction F:NNN
such that F(x)=F(x+r) for all x.such that F(x)=F(x+r) for all x. Find r. Find r.
|x>
|0>
|x>
|F(x)>
F
Now we want to apply it to Shor
Period FindingPeriod Finding• Given: Function f from {1…2n} to {1…2n}
Promise: There exists a secret integer r such that f(x)=f(y) r | x-y for all x
Problem: Find r with as few queries as possible
• Classically, order 2n/3 queries to f needed
• Inspired by Simon, Shor (1994) gave quantum algorithm using order poly(n) queries
Example: r=5Example: r=5
0123456789
10
0 1 2 3 4 5 6 7 8 9 10 11
Factoring and Discrete Factoring and Discrete LogLog
• Using period-finding, can factor integers in polynomial time (Miller 1976)
• Also discrete log: given a,b,N, find r such that arb(mod N)
• Breaks widely-used public-key cryptosystems: RSA, Diffie-Hellman, ElGamal, elliptic
curve systems…
Order findingOrder finding The order of aThe order of aZZN N
** modulo N is the smallest integer r>0 modulo N is the smallest integer r>0 such thatsuch that
aarr1 (mod N)1 (mod N) For example, order of 4 mod 7 is 3:For example, order of 4 mod 7 is 3:
441 1 4, 4, 442 2 =16=162(mod 7), 2(mod 7), 443 3 =64=641 (mod 7), 1 (mod 7),
444 4 =64*4=64*44 (mod 7),..4 (mod 7),..
FactoringFactoring reduces to reduces to order-findingorder-finding.. In the moment we will show how it reduces to order-In the moment we will show how it reduces to order-
finding.finding.
Four again
PeriodPeriod finding finding Function F:NFunction F:NNN
such that F(x)=F(x+such that F(x)=F(x+rr) for all x.) for all x. Find Find smallest smallest rr. .
|x>
|0>
|x>
|F(x)>
F
So now we have to create a function and find its order
oracle
Before we explain how order is used in factorization, we have to review about some other problems, Simon, etc.
The algorithms depend on what we mean by addition here
Algorithm [Shor, Algorithm [Shor, 1994]1994]
|0>
|0>
F
Find factor by continued fraction expansion.
QFT QFT
Shor’s algorithm step-by-Shor’s algorithm step-by-stepstep
|0>
|0>
FQFT QFT
)(||1
1
xFxM
M
x
0||1
1
M
x
xM
What is M?
The second register
Shor’s algorithm step by Shor’s algorithm step by stepstep Measuring the second registerMeasuring the second register leaves leaves
the first register in a state consisting the first register in a state consisting of of all all xx with the same with the same F(x)F(x)::
|d>+|d+r>+…+|d+ir>|d>+|d+r>+…+|d+ir>
|0>
|0>
FQFT QFT
)(||1
1
xFxM
M
x
0||1
1
M
x
xM
The second register
Quantum Fourier transform Quantum Fourier transform ((QFTQFT))
ki
eM
jTM
i
M
kj
|21
|1
0
If M=2, this is Hadamard transform.
We can check it by substituting M=2
QFT detects periodsQFT detects periods
Assume Assume rr divides divides MM..
Then,Then,
If If jj relatively prime with relatively prime with rr, ,
r
r
Mdrdd
rM1...
/
1|
1
0
r
jj r
MjaT
.gcdr
M
r
MjM,
QFT detects periodsQFT detects periods
Assume Assume rr does notdoes not divide divide MM..
Then, most of Then, most of T|T| consists of consists of |k>|k> with with
rr
dMdrdd
1...
r
Mjk
QFT detects periodsQFT detects periods
r
M
r
M3
r
M20
r
M
r
M3
r
M20
r divides M r does not divide M
Can we find r?
Continued fraction Continued fraction expansionexpansion
Number theory algorithm.Number theory algorithm. Given k, M, finds j, r such thatGiven k, M, finds j, r such that
is smallest among all j and r is smallest among all j and r r r00.. If M=If M=(r(r22), correct w.h.p.), correct w.h.p.
r
Mjk
Summary ofSummary ofShor’s factoring algorithmShor’s factoring algorithm
1. Reduce 1. Reduce factoringfactoring to to period-findingperiod-finding.. 2. Generate a 2. Generate a quantum state quantum state with period rwith period r.. In the easy case, In the easy case, QFT transforms QFT transforms a state a state
with periodwith period r r into multiples ofinto multiples of M/r M/r.. General caseGeneral case: same but approximately.: same but approximately. Continued fraction algorithmContinued fraction algorithm finds the finds the
closest multiple of closest multiple of M/rM/r..
ConclusionConclusion
Known quantum algorithms can be split into Known quantum algorithms can be split into 3 groups depending on the methods they 3 groups depending on the methods they use:use: The first group contains algorithms which are The first group contains algorithms which are
based on determining a common property of all based on determining a common property of all the output values. For example, Shor’s Algorithm.the output values. For example, Shor’s Algorithm.
The second group contains those which transform The second group contains those which transform the state to increase the likelihood that the ouput the state to increase the likelihood that the ouput of interest will be read, Grover’s Algorithm.of interest will be read, Grover’s Algorithm.
The third group contains algorithms which are The third group contains algorithms which are based on a combination of methods from the based on a combination of methods from the previous two groups.previous two groups.
Conclusion (cont.)Conclusion (cont.)
Currently very few quantum algorithms Currently very few quantum algorithms are known and the search for new ones are known and the search for new ones has had very limited success due to the has had very limited success due to the absence of an understanding of why absence of an understanding of why quantum algorithms work.quantum algorithms work.
Quantum algorithms can provide at Quantum algorithms can provide at most a square-root speedup for most a square-root speedup for carrying out an unstructured search.carrying out an unstructured search.
ResourcesResources
http://hplbwww2.hpl.hp.com/brims/websems/quantum/ekert/sli6.html
http://people.deas.harvard.edu/~rocco/Public/icalp01.pdf http://www.dcs.ex.ac.uk/~jwallace/history.htm http://planck.thphys.may.ie/jtwamley/thesis/Hovland/thesis/
node43.shtml http://www.imsa.edu/~matth/cs299/ http://www.bell-labs.com/user/feature/archives/lkgrover/http://www.bell-labs.com/user/feature/archives/lkgrover/