quantum algorithms - florida atlantic universitymath.fau.edu/bkhadka/learning materials/quantum...
TRANSCRIPT
Shor's Algorithm for factoring a given integer N:
Quantum AlgorithmsBal K. Khadka
Florida Atlantic University
Shor's Algorithm for factoring a given integer N:
1 Shor's Algorithm for factoring a given integer N:
Prodedure
Given an odd composite number N, �nd an integer d such
that gcd (d ,N) 6= 1.If N is a prime, a even number, or an integer power of a primenumber (can be tested by taking k-th roots of N, for k ≤ log2N),we do not use Shor's algorithm because there are e�cient classicalmethods for determining it. So we take an odd composite N = pq
where p and q are two coprime numbers greater than 1. Hence byChinese Remainder Theorem 1 has at least 4 distinct roots moduloN, two of them being 1 and -1. Our aim is to �nd a square root bof 1 other than 1 and -1.
Shor's Algorithm for factoring a given integer N:
Shor's algorithm consists of two parts:1) A reduction, which can be done on a classical computer, of thefactoring problem to the problem of order-�nding.
2) A quantum algorithm to solve the order-�nding problem.
Shor's Algorithm for factoring a given integer N:
Classical part
1) Pick a random element xε{2, 3, · · · ,N − 1}.2) Compute gcd(x ,N). This may be done using the Euclideanalgorithm.3) If gcd(x ,N) 6= 1, then there is a nontrivial factor of N, so we aredone.
Shor's Algorithm for factoring a given integer N:
Classical part
4) Otherwise, use the period-�nding subroutine to �nd r, the periodof the following function:f (a) = xamod N, i.e. the order r of x in (ZN)
×, which is thesmallest positive integer r for which f (a + r) = f (a).
5) If r is odd, go back to step 1.6) If x r/2 = −1mod N, go back to step 1.7) gcd(x r/2 ± 1,N) is a nontrivial factor of N. We are done.
Shor's Algorithm for factoring a given integer N:
def power(x , q,N) :box = []for i in range(q) :
a = (x ∗ ∗i)box .append(a)
returnbox
Shor's Algorithm for factoring a given integer N:
Example:1
Let N = 799Pick 7 as an x in classical part. gcd(799, 7) = 1. ok.7368 = 1mod 799 (we can compute using wolfram alpha).Now 7184 − 1mod 799 = 423 and 7184 + 1mod 799 = 425.gcd(799, 425) = 17 and gcd(799, 423) = 47Therefore 799 = 17× 47
Shor's Algorithm for factoring a given integer N:
Quantum part
Pick an integer q that is a power of 2 such thatN2 ≤ q < 2N2. This step would be done on classical computer.
Creat a quantum register and partition it into two sets,register one and register two. Thus the state of our quantumcomputer can be given by: |reg1, reg2 > . Register one musthave enough qubits to represent integers as large as q − 1.Register two must have enough qubits (say m) to representintegers as large as N − 1 then m = plogNq.
Shor's Algorithm for factoring a given integer N:
Quantum part
Pick an integer q that is a power of 2 such thatN2 ≤ q < 2N2. This step would be done on classical computer.
Creat a quantum register and partition it into two sets,register one and register two. Thus the state of our quantumcomputer can be given by: |reg1, reg2 > . Register one musthave enough qubits to represent integers as large as q − 1.Register two must have enough qubits (say m) to representintegers as large as N − 1 then m = plogNq.
Shor's Algorithm for factoring a given integer N:
Quantam part
Load register one with an equally weighted superposition of allintegers form 0 to q-1, register two with the 0 state.
this operation would be performed by our quantum computer.The total state of the quantum memory at this point is:1√q
∑a=q−1a=0
|a, 0 >
Shor's Algorithm for factoring a given integer N:
Quantam part
Load register one with an equally weighted superposition of allintegers form 0 to q-1, register two with the 0 state.
this operation would be performed by our quantum computer.The total state of the quantum memory at this point is:1√q
∑a=q−1a=0
|a, 0 >
Shor's Algorithm for factoring a given integer N:
Quantam part
Load register one with an equally weighted superposition of allintegers form 0 to q-1, register two with the 0 state.
this operation would be performed by our quantum computer.The total state of the quantum memory at this point is:1√q
∑a=q−1a=0
|a, 0 >
Shor's Algorithm for factoring a given integer N:
Apply the transformation xamod N for each number stored inregister one and store the result in register two. Usingquantum parallelism this will take only one step, as thequantum computer will only calculate x |a>mod N, where|a >is the superposition of states created in step 5. The stateof the quantum memory register at this point is:1√q
∑q−1a=0|a, xamodN >.
Shor's Algorithm for factoring a given integer N:
Perform a measurement in the computational basis todetermine the bit values in the second register. This has theside e�ect of collapsing register one into an equal superpositionof each value a between 0 and q − 1 such that xamod N = y .
Suppose that the result is y = x lmod N for the smallest l withthis property. If r is the period of x then x l = x jr+l (mod)Nfor all j .
The measurement selects the sequence of a′s values (in the�rst register), l , l + r , l + 2r , · · · , l +Ar , where A is the largestinteger such that l + Ar ≤ q − 1, and l ≤ r . Clearly A ≈ q/r .
The state of the quantum memory register after this step is:
|φl >= 1√A+1
A∑j=0|jr + l , y > . (post measurement of the �rst
register.)
Shor's Algorithm for factoring a given integer N:
Perform a measurement in the computational basis todetermine the bit values in the second register. This has theside e�ect of collapsing register one into an equal superpositionof each value a between 0 and q − 1 such that xamod N = y .
Suppose that the result is y = x lmod N for the smallest l withthis property. If r is the period of x then x l = x jr+l (mod)Nfor all j .
The measurement selects the sequence of a′s values (in the�rst register), l , l + r , l + 2r , · · · , l +Ar , where A is the largestinteger such that l + Ar ≤ q − 1, and l ≤ r . Clearly A ≈ q/r .
The state of the quantum memory register after this step is:
|φl >= 1√A+1
A∑j=0|jr + l , y > . (post measurement of the �rst
register.)
Shor's Algorithm for factoring a given integer N:
Perform a measurement in the computational basis todetermine the bit values in the second register. This has theside e�ect of collapsing register one into an equal superpositionof each value a between 0 and q − 1 such that xamod N = y .
Suppose that the result is y = x lmod N for the smallest l withthis property. If r is the period of x then x l = x jr+l (mod)Nfor all j .
The measurement selects the sequence of a′s values (in the�rst register), l , l + r , l + 2r , · · · , l +Ar , where A is the largestinteger such that l + Ar ≤ q − 1, and l ≤ r . Clearly A ≈ q/r .
The state of the quantum memory register after this step is:
|φl >= 1√A+1
A∑j=0|jr + l , y > . (post measurement of the �rst
register.)
Shor's Algorithm for factoring a given integer N:
Perform a measurement in the computational basis todetermine the bit values in the second register. This has theside e�ect of collapsing register one into an equal superpositionof each value a between 0 and q − 1 such that xamod N = y .
Suppose that the result is y = x lmod N for the smallest l withthis property. If r is the period of x then x l = x jr+l (mod)Nfor all j .
The measurement selects the sequence of a′s values (in the�rst register), l , l + r , l + 2r , · · · , l +Ar , where A is the largestinteger such that l + Ar ≤ q − 1, and l ≤ r . Clearly A ≈ q/r .
The state of the quantum memory register after this step is:
|φl >= 1√A+1
A∑j=0|jr + l , y > . (post measurement of the �rst
register.)
Shor's Algorithm for factoring a given integer N:
Special case(r|q)
Compute the discrete Fourieer transform on register one. Thediscrete Fourier transform when applied to a state |a >changesit in the following manner:
|a >7−→ 1√q
∑q−1c=0|c > ∗e2πiac/q
In this case A = qr− 1, and the last state is
|φl >=√
rq
∑Aj=0|jr + l , y > .
After the quantum Fourier transform applied on |φl > ourregister is in the state:
Shor's Algorithm for factoring a given integer N:
Special case(r|q)
Compute the discrete Fourieer transform on register one. Thediscrete Fourier transform when applied to a state |a >changesit in the following manner:
|a >7−→ 1√q
∑q−1c=0|c > ∗e2πiac/q
In this case A = qr− 1, and the last state is
|φl >=√
rq
∑Aj=0|jr + l , y > .
After the quantum Fourier transform applied on |φl > ourregister is in the state:
Shor's Algorithm for factoring a given integer N:
Special case(r|q)
Compute the discrete Fourieer transform on register one. Thediscrete Fourier transform when applied to a state |a >changesit in the following manner:
|a >7−→ 1√q
∑q−1c=0|c > ∗e2πiac/q
In this case A = qr− 1, and the last state is
|φl >=√
rq
∑Aj=0|jr + l , y > .
After the quantum Fourier transform applied on |φl > ourregister is in the state:
Shor's Algorithm for factoring a given integer N:
Measuring �rst register
QFTq|φl >= 1√q
∑q−1c=0
√rq
∑Aj=0|c, y > ∗e2πic(jr+l)/q =
√rq
q−1∑c=0
e2πilc/q(∑A
j=0e2πijcr/q)|c , y >.
If c is a multiple of qr, then e2πijcr/q = 1 and if c is not a
multiple of qr, then
∑Aj=0
e2πijcr/q = 0. because the above sumis over a set of q
rroots of unity equally spaced around the unit
circle.
Therefore |φout >= QFTq|φl >= 1√r
∑r−1j=0
e2πilc/q|j qr> .
Measre the state of register one, call this value m, this integerm has a very high probalility of being a multiple of q/r , wherer is the desired period.
Shor's Algorithm for factoring a given integer N:
Measuring �rst register
QFTq|φl >= 1√q
∑q−1c=0
√rq
∑Aj=0|c, y > ∗e2πic(jr+l)/q =
√rq
q−1∑c=0
e2πilc/q(∑A
j=0e2πijcr/q)|c , y >.
If c is a multiple of qr, then e2πijcr/q = 1 and if c is not a
multiple of qr, then
∑Aj=0
e2πijcr/q = 0. because the above sumis over a set of q
rroots of unity equally spaced around the unit
circle.
Therefore |φout >= QFTq|φl >= 1√r
∑r−1j=0
e2πilc/q|j qr> .
Measre the state of register one, call this value m, this integerm has a very high probalility of being a multiple of q/r , wherer is the desired period.
Shor's Algorithm for factoring a given integer N:
Quantum parallelism
Suppose classical algorithm computes f : {0, 1}n → {0, 1}mThen quantum circuit U : |x , 0 >→ |x , f (x) > can compute f onall inputs simultaneously!U( 1√
2n
∑xε{0,1}n |x , 0 >) =
1√2n
∑xε{0,1}n |x , f (x) >
This contains all 2n function values! But observing gives only onerandom |x , f (x) > .All other information will be lost.
Shor's Algorithm for factoring a given integer N:
Measurement of n-qubit register.
Q.1) Express the basis states |00 >, |01 >, |10 > and |11 > in termsof the states |0′0′ >, |0′1′ >, |1′0′ >, |1′1′ > and vice versa.Q.2) Let 2-qubit register has the state|ψ >= a00|00 > +a01|01 > +a10|10 > +a11|11 >, where|a00|2 + |a01|2 + |a10|2 + |a11|2 = 1. what is the probability of theoutcome 0 in the �rst qubit?Q.3) What are the results of the measurement of the �rst qubit ofthe following states with respect to the dual basis: a)a|000 > +b|111 > .b) 1√
2(|0000 > +|1111 >); c) 1√
2(|0(n) > +|1(n) >) for an arbitrary
n?
Shor's Algorithm for factoring a given integer N:
Example:2
Let N = 15. Let us pick x = 7, then f (a) = 7amod 15. NowN2 ≤ 2n = q < 2N2 ⇒ q = 256, n = 8.Now we begin with the 8-bit register in the state|0 > (i .e., all qubits in states |0 >).Now the state of the quantum memory after applying DFTq hasthe form1
q
∑|a, 7amod 15 >= 1
q[|0, 1 > +|1, 7 > +|2, 4 > +|3, 13 >
+|4, 1 > +|5, 7 > +|6, 4 > + · · ·+ |255, 13 > .If we measure at this point the second register gives us one of{1, 4, 7, 13} and the following table shows the correspondingpost-measurement states in the second column.
Shor's Algorithm for factoring a given integer N:
result post-measurement states o�set
1 1
8(|0 > +|4 > + · · ·+ |252 >)|1 > 0
4 1
8(|2 > +|6 > + · · ·+ |254 >)|4 > 2
7 1
8(|1 > +|5 > + · · ·+ |253 >)|7 > 1
13 1
8(|3 > +|7 > + · · ·+ |255 >)|13 > 3
Shor's Algorithm for factoring a given integer N:
Summary
1) On quantum computer, to factor an integer N, Shor's algorithmruns in polynomial time (the time taken is polynomial in logN,which is the size of input.). Specially it takes time O((logN)3).2) Quantum intereference and entanglement makes the quantumcomputer more powerful than the classical computer becauseinteference create parallel computation andconstructive/desctructive superpositions of states and can amplifyor destroy the impaccts of some computations and entangled statesallows even very distant parts of systems to be strongly tied.
Shor's Algorithm for factoring a given integer N:
3) Given a quantum computer with a su�cient number of qubits,Shor's algorithm can be used to break public-key cryptographyschemes such as the widely used RSA scheme.For example: given c = memon N. Since e is relatively prime toφ(N), O(c) = O(m). Let d be such that ed = 1mod(O(c)), i.e.ed = k .(O(m) + 1) for some k . In such a casecd ≡ med = mO(m).k+1 ≡ m modN. Hence we get the plaintext mfrom the ciphertext c for given public key n, e.