Upload
horace-casey
View
217
Download
0
Embed Size (px)
Citation preview
Quantum ComputingMAS 725Hartmut KlauckNTU26.3.2012
Order finding over ZN
We are given x, N, x<N Order r(x) of x in ZN:
min. r0: xr =1 mod N „Period“ of the powers x
Order finding over ZN
Is there a quantum algorithm to find r(x)? Shor‘s algorithm finds r(x) in time poly(log N) trivial approach: compute xi for i=1,...,r(x)
• this is inefficient, could be that r(x)=N-1
Application
Factorization problem: Given a natural number N, find some nontrivial prime factor (or even all of them)
Factorization can be reduced to order finding!• Purely classical reduction
Shor‘s algorithm
We follow the general outline of Simon‘s algorithm Start with Hadamard transform, query the black box But then we need another transformation, the
quantum Fourier transform
Fourier Transform
Fourier transform: g is a function ZL ! C
[or a vector with L entries]
Let w=e2 i/L . Then the Fourier transform is a linear map with matrix FTL(i,j)=wij; 0· i,j· L-1
The trivial algorithm to compute the Fourier transform takes time O(L2)
Fast Fourier Transform [FFT] takes times O(L log L)
Quantum Fourier Transform
Set L=2n. Consider the state |i=j=0,...,L-1 j |ji . The Fourier transform of |i is
|i =j=0,...,L-1 j |ji, with
This is just the Fourier transform on the superposition Also called QFT Can we implement the QFT efficiently? Efficient means here:
polynomial in n=log L
Quantum Fourier Transform
Let L=2n. Consider |i=j=0,...,L-1 j |ji Write j=j1 jn; j = j12n-1 ++jn20
Set 0.jt jt+1 ... jn = jt/2++jn/2n-t+1
QFT has the following product representation: |j1...jni maps to
1/2n/2 ¢ t=n,...,1 (|0i+ e2i 0. jt...jn |1i)
=1/2n/2 ¢ t=1,...,n (|0i+ e2ij/2t |1i)
Quantum Fourier Transform
|j1...jni is mapped to 1/2n/2 ¢ t=n,...,1 (|0i+ e2i 0. jt... jn |1i)
Let Rk be the following gate/unitary operator
Apply H to j1. Result: 1/21/2 ¢ (|0i+ e2i 0. j1 |1i) |j2,...,jni Now apply the Rt gate controlled by jt for t=2,...,n to the first
qubit. Result: 1/21/2 ¢ (|0i+ e2i 0. j1,...,j
n |1i) |j2,...,jni
First qubit is now correct (corresponds to last desired qubit)
Quantum Fourier Transform
This is the circuit for QFT (up to changing the order of qubits)Number of gates: n+(n-1)++1=O(n2)=O(log2 L)
Quantum Fourier Transform
Caveat: The result of the QFT is a superposition, there is no exponential speedup of computing the Fourier transform in the classical sense (computing the whole vector)
Properties of the QFT
Computes in time O(n2), ie. can als be approximated by standard gates quickly
QFT is unitary Set w=e2i/L, then FT-1
L(i,j)=w-ij;0· i,j· L-1
Translation invariance: Let QFT j=0,...,L-1 j |ji = j=0,...,L-1 j |ji
Tk: |ji |j+k mod Li. QFT Tk j=0,...,L-1 j |ji= QFT j=0,...,L-1 j |j+k mod Li
= j=0,...L-1 e2 ijk/L j |ji
Period finding
Function f: ZL!ZN given as black boxPromise: there is a r<N: f(i)=f(i+r) for all i2ZL
i j+kr ) f(i)f(j) Find r Try to solve this for arbitrary f Black box:
Uf: |ji |yi |ji |f(j) yi; j2ZL; f(j)y 2 ZN
Note that Order finding is an instance of Period finding with f(i)=xi
Shor‘s Algorithm
log L+log N work space log L qubits in |0i ; 02ZL
log N qubits in |1i; 12ZN
Apply Hadamard on the first register Apply Uf Result:
Measure second register Result:
Shor‘s Algorithm
Result:
0 · j0 · r-1; L-r · j0+(A-1)r · L-1 A-1 < L/r < A+1
Shor‘s Algorithm
Result:
Now apply QFT Result:
i.e. the probability of k is independent of j0 (translation invariance)
Shor‘s Algorithm
Result:
Measurement now: Probability of k is
Assumption : r is a divisor of L, i.e. A=L/r, then
Shor‘s Algorithm
Assumption : r is a divisor of L, i.e. A=L/r, then
If A is a divisor of k, then =1/r If A is no divisor of k, then = 0
(because there are r values k that are multiples of A, each contributing probability 1/r)
I.e. we receive a multiple of A=L/r, say, cL/r with 0· c· r-1 With high probability: c and L/r have no common divisor Then gcd(cL/r,L)=L/r, L is known, hence we learn r.
Shor‘s Algorithm
In general: the probability of k is
„favorizes“ values of k with kr/L close to an integer Geometric sum
with k=2kr (mod L)/ L
Shor‘s Algorithm
with k=2kr (mod L))/ L There are exactly r values k2ZL with
-r/2· kr (mod L) · r/2 For those also - r/L· k· r/L
i.e. with 0· j· A-1<L/r the angles jk all lie in the same halfspace ) constructive interference!
Call such a k good
Shor‘s Algorithm
Some bounds: |1-eik|· |k|
[direct distance „1“ to „eik“ is smaller than the length of the arc] |1-eiAk|¸ 2A|k|/, if A|k|·
Set dist(0,)=|1-ei|,then dist(0,)/||¸ dist(0,)/=2/
A < (L/r)+1,hence Ak · A r/L < (1+r/L) use that kr· r/2 for a good k
Shor‘s Algorithm
|1-eik|· |k| ; |1-eiAk|¸ 2A|k|/, if A|k|·
Ak · A r/L < (1+r/L)
Shor‘s Algorithm
Each of the r good values of k has probability close to 1/r, hence with constant probability we get a k with-r/2· kr (mod L) · r/2 [Success]
|kr-cL|· r/2 for some c Then:|k/L-c/r|· 1/(2L), i.e. k/L is approximation of c/r We know k and L. Consider k/L as rational number (reduced). c is uniformly random from 0,...,r-1 c and r have no common divisor with probability at least 1/log r Then: computing c/r (as a rational number in reduced form) gives us also r Choose L large enough to get a good approximation
Shor‘s Algorithm
With constant probability we get k with |k/L-c/r|· 1/(2L) With probability 1/log r > 1/log L we have gcd(c,r)=1 Let r<N, L=N2
c/r is a rational number with denominator <N Any two such numbers are not closer than 1/N2=1/L > 1/(2L) The interval contains only one rational number c/r with
denominator < N Find the rational number with denominator < N that is close to
k/L Use the continued fractions algorithm to do that
Continued fractions
The continued fractions algorithm computed for a real its representation as continued fraction
If |c/r-|· 1/(2r2), then one of the steps computes the pair c,r , after at mostO(t3) Operations for t-bit numbers
Total running time/success probability k is good with constant probability With probability 1/log N also c is good (i.e. no common divisor
with r) Need to repeat only O(log N) times
For order finding in ZN choose L=N2,i.e. 2 log N +log N qubits are used
Fourier transform in O(log2 L) Continued fractions finds r from k/L in time O(log3 L) Can check r for correctness using the black box
Total time is O(log4 N), can be reduced to O(log3 N)
Continued fractions
Given: real Approximate by
Take integer part as a0, invert remaining number, iterate Theorem: |p/q-|· 1/(2q2), then p/q appears after at most
O(log (p+q)) steps