Quantum Computing Jakob Bartolj

Univerza na Primorskem Fakulteta za metematiko, naravoslovje in

Informacijske tehnologije Koper, Slovenija

jakob.bartolj@student.upr.si

ABSTRACT As we all know very well, conventional (electronic) computers have enormous power which, moreover, is constantly increasing.With their help gigantic quantities of data can be handled and evaluated. This is of crucial importance, for instance, in modern high energy physics experiments. On the other hand, computers can be used to model very complex systems with the aim of predicting, for example, future developments in our environment, notably climatic changes. Thanks to their incredible speed computers are, of course, destined to treat mathematical problems for which specific algorithms exist very efficiently. To mention a simple example, the digits of π are readily evaluated up to a very high order. Last, but not least, their potential to solve differential equations numerically, even when they are nonlinear, makes computers indispensable in modern research. So, one might ask, is there any reason to look for fundamentally new ways of computing as they are seemingly offered by quantum processes? What advantages can be expected when the laws of quantum mechanics, rather than those of classical physics, are exploited for computation? Two answers were given: first, the simulation of complex quantum systems on classical computers meets serious difficulties that might be overcome with the help of quantum computers. This idea was suggested in 1982 by R. Feynman, and in the 1990s it was indeed shown by several groups of researchers that quantum mechanical systems for which no efficient simulation on a classical computer is known can be efficiently simulated on a quantum computer. Second, and more surprising, it was shown for a few special cases that a quantum computer will be superior to a classical computer in solving selected mathematical problems, notably the problem of finding the prime factors of an integer. Also here the quantum computer excels in efficiency. The efficiency criterion is the time (more precisely speaking, the number of computational steps) needed for the calculation. When this time grows as a polynomial with the size of the input, we speak of an efficient algorithm. On the other hand, when this growth is superpolynomial (typically exponential), the algorithm is considered inefficient. In this sense, the classical algorithm for factorizing integers, for example, is inefficient. For very large integers the calculation is so extremely time consuming that the problem, in fact, becomes intractable. There are actually two different topics of research: new efficient algorithms have to be devised that will run (only) on quantum computers, and physical concepts of quantum computers have to be discussed that, hopefully, might lead to a realization. Admittedly, in view of the desired complexity there is no great hope that a quantum computer will be constructed some day that can actually beat a classical computer. Nevertheless, it is an exciting task to study quantum mechanics from a completely novel point of view. Instead of striving to find out the physical laws governing microscopic systems and utilize this knowledge to develop technical devices, we now want to use the quantum laws to do

calculations that are impossible to perform on conventional computers [6].

Categories and Subject Descriptors

Learning, Quantum information science, Computational models, Information theory

General Terms

Algorithms, Quantum computer

Keywords

Quantum computer, Algorithm, Decoherence, Quantum encryption, Qubit, Complexity theory, Quantum information, Quantum computing models

1. INTRODUCTION Every so often a new technology surfaces that enables the bounds of computer performance to be pushed further forwards. From the introduction of valve technology through to the continuing development of VLSI designs, the pace of technological advancement has remained relentless. Lately, the key to improving computer performance has been the reduction of size in the transistors used in modern processors. This continual reduction however, cannot continue for much longer. If the transistors become much smaller, the strange effects of quantum mechanics will begin to hinder their performance. It would therefore seem that these effects present a fundamental limit to our computer technology, or do they? In 1982, the Nobel prize-winning physicist Richard Feynman thought up the idea of a 'quantum computer', a computer that uses the effects of quantum mechanics to its advantage. For some time, the notion of a quantum computer was primarily of theoretical interest only, but recent developments have bought the idea to everybody's attention. One such development was the invention of an algorithm to factor large numbers on a quantum computer, by Peter Shor (Bell Laboratories). By using this algorithm, a quantum computer would be able to crack codes much more quickly than any ordinary (or classical) computer could. In fact a quantum computer capable of performing Shor's algorithm would be able to break current cryptography techniques in a matter of seconds. With the motivation provided by this algorithm, the topic of quantum computing has gathered momentum and researchers around the world are racing to be the first to create a practical quantum computer [2]. A quantum computer is a device for computation that makes direct use of quantum mechanical phenomena, such as superposition and entanglement, to perform operations on data. The basic principle behind quantum computation is that

quantum properties can be used to represent data and perform operations on these data. Although quantum computing is still in its infancy, experiments have been carried out in which quantum computational operations were executed on a very small number of qubits (quantum binary digits). Both practical and theoretical research continues with interest, and many national government and military funding agencies support quantum computing research to develop quantum computers for both civilian and national security purposes, such as cryptanalysis. If large-scale quantum computers can be built, they will be able to solve certain problems much faster than any of our current classical computers (for example Shor's algorithm). Quantum computers are different from other computers such as DNA (deoxyribonucleic acid) computers and traditional computers based on transistors. Some computing architectures such as optical computers may use classical superposition of electromagnetic waves. Without some specifically quantum mechanical resources such as entanglement, it is conjectured that an exponential advantage over classical computers is not possible. The Bloch sphere (figure 1) is a representation of a qubit, the fundamental building block of quantum computers [1].

Figure 1: Block sphere

1.1 UNDERSTANDING BASICS A classical computer has a memory made up of bits, where each bit holds either a one or a zero. A quantum computer maintains a sequence of qubits. A single qubit can hold a one, a zero, or, crucially, any quantum superposition of these; moreover, a pair of qubits can be in any quantum superposition of 4 states, and three qubits in any superposition of 8. In general a quantum computer with n qubits can be in an arbitrary superposition of up to 2n different states simultaneously (this compares to a normal computer that can only be in one of these 2n states at any one time). A quantum computer operates by manipulating those qubits with a fixed sequence of quantum logic gates. The sequence of gates to be applied is called a quantum algorithm. An example of an implementation of qubits for a quantum computer could start with the use of particles with two spin

states: "down" and "up" (typically written and , or

and ). But in fact any system possessing an observable quantity A which is conserved under time evolution and such that A has at least two discrete and sufficiently spaced

consecutive eigenvalues, is a suitable candidate for implementing a qubit. This is true because any such system can be mapped onto an effective spin-1/2 system. Consider first a classical computer that operates on a three-bit register. The state of the computer at any time is a probability distribution over the 23 = 8 different three-bit strings 000, 001, ..., 111. If it is a deterministic computer, then it is in exactly one of these states with probability 1. However, if it is a probabilistic computer, then it may have a chance in being in a number of different states. We can describe this probabilistic state by eight nonnegative numbers a,b,c,d,e,f,g,h (where a = probability computer is in state 000, b = probability computer is in state 001, etc.). There is a restriction that these probabilities sum to 1. The state of a three-qubit quantum computer is similarly described by an eight-dimensional vector (a,b,c,d,e,f,g,h), called a wavefunction. However, instead of adding to one, the sum of the squares of the coefficient magnitudes, | a | 2 + | b | 2 + ... + | h | 2, must equal one. Moreover, the coefficients are complex numbers. Since states are represented by complex wavefunctions, two states being added together will undergo interference. This is a key difference between quantum computing and probabilistic classical computing. If you measure the three qubits, then you will observe a three-bit string. The probability of measuring a string will equal the squared magnitude of that string's coefficients (using our example, probability that we read state as 000 = | a | 2, probability that we read state as 001 = | b | 2, etc..). Thus a measurement of the quantum state with coefficients (a,b,...,h) gives the classical probability distribution ( | a | 2, | b | 2,..., | h | 2). We say that the quantum state "collapses" to a classical state. Note that an eight-dimensional vector can be specified in many different ways, depending on what basis you choose for the space. The basis of three-bit strings 000, 001, ..., 111 is known as the computational basis, and is often convenient, but other bases of unit-length, orthogonal vectors can also be used. Ket notation is often used to make explicit the choice of basis. For example, the state (a,b,c,d,e,f,g,h) in the computational basis can be written as

0 0 0 0 0 1 0 1 0 0 1 1 1 0 0

1 0 1 1 1 0 1 1 1 ,

a b c d e

f g h

where, e.g., 010 0,0,1,0,0,0,0,0 . The

computational basis for a single qubit (two dimensions) is

0 1,0 , 1 0,1 , but another common basis is the

Hadamard basis of 11,1

2 and 1

1, 12

.

Note that although recording a classical state of n bits, a 2n-dimensional probability distribution, requires an exponential number of real numbers, practically we can always think of the system as being exactly one of the n-bit strings—we just don't know which one. Quantum mechanically, this is not the case, and all 2n complex coefficients need to be kept track of to see how the quantum system evolves. For example, a 300-qubit quantum computer has a state described by 2300 (approximately 1090) complex numbers, more than the number of atoms in the observable universe. Qubits (figure 2) are made up of controlled particles and the means of control (e.g. devices that trap particles and switch them from one state to another) [1].

Figure 2: Quantum computer

1.2 Theory of universal computation One thing that all computers have in common, from Charles Babbage's analytical engine (1936) to Pentium(tm) based PC's, is the theory of classical computation as described by the work of Alan Turing. In essence, Turing's work describes the idea of the universal turing machine, a very simple model of a computer that can be programmed to perform any operation that "would naturally be considered to be computable". All computers are essentially implementations of a universal turing machine. They are all functionally equivalent and although some may be quicker, larger or more expensive than others, they can all perform the same set of computational tasks [2].

1.2.1 Heating up over lost information A great deal of time has been spent on investigating whether quantum theory places any fundamental limits on computing machines. As a result, it is now believed that physics does not place any absolute limits on the speed, reliability or memory capacity of computing machines. One consideration that needs to be made however, concerns the information that may be 'lost' in a computation. In order for a computer to run arbitrarily fast, its operation must be reversible (i.e. it's inputs must be entirely deducible from its outputs). This is because irreversible computations involve a 'loss' of information which can be equated to a loss in heat, and thus the restricted ability of the system to dissipate heat will in turn limit the performance of the computer. An example of information being lost can be seen in an ordinary AND gate. An AND gate has two inputs and only one output, which means that in the process of moving from the input to the output of the gate, we loose one bit of information. In 1976, Charles Bennett proved that it is possible to build a universal computer entirely from reversible gates, and that expressing a program in terms of primitive reversible operations does not significantly slow it down. A suitable universal and reversible gate with which we could build a computer is the Toffoli gate (see Figure 3) [2].

Figure 3: The inputs of a Toffoli gate are entirely deducible from the outputs.

1.2.2 The universal quantum computer The Church-Turing principle - "There exists or can be built a universal computer that can be programmed to perform any computational task that can be performed by any physical object". A number of key advances have been made in the theory of quantum computation, the first being the discovery that a simple class of 'universal simulator' can mimic the behaviour of any finite physical object, by Richard Feynman in 1982. David Albert made the second discovery in 1984 when he described a 'self measuring quantum automaton' that could perform tasks that no classical computer can simulate. By instructing the automaton to measure itself, it can obtain 'subjective' information that is absolutely inaccessible by measurement from the outside. The final and perhaps most important discovery was made by David Deutsch in 1989, he proved that all the computational capabilities of any finite machine obeying the laws of quantum computation are contained in a single machine, a 'universal quantum computer'. Such a computer could be built from the quantum equivalent of the Toffoli gate and by adding a few extra operations that can bring about linear superpositions of 0 and 1 states, the universal quantum computer is complete. This discovery requires a slight alteration to the Church-Turing principle - "There exists or can be built a universal quantum computer that can be programmed to perform any computational task that can be performed by any physical object"[2].

1.2.3 Artificial intelligence The theories of quantum computation have some interesting implications in the world of artificial intelligence. The debate about whether a computer will ever be able to be truly artificially intelligent has been going on for years and has been largely based on philosophical arguments. Those against the notion suggest that the human mind does things that aren't, even in principle, possible to perform on a Turing machine. The theory of quantum computation allows us to look at the question of consciousness from a slightly different perspective. The first thing to note is that every physical object, from a rock to the universe as a whole, can be regarded as a quantum computer and that any detectable physical process can be considered a computation. Under these criteria, the brain can be regarded as a computer and consciousness as a computation. The next stage of the argument is based in the Church-Turing principle and states that since every computer is functionally equivalent and that any given computer can simulate any other, therefore, it must be possible to simulate conscious rational thought using a quantum computer. Some believe that quantum computing could well be the key to cracking the problem of artificial intelligence but others

disagree. Roger Penrose of Oxford University believes that consciousness may require an even more exotic (and as yet unknown) physics [2].

2. HOW MIGHT A QUANTUM COMPUTER WORK? A computer, whether classical or quantum mechanical, is a physical system, and computing is achieved through physical processes. The fundamental difference between a classical and a quantum computer is that the former, as a classical system, obeys the laws of classical physics, where as the latter makes extensive use of quantum laws. Quite generally, computation is a physical evolution process: the system starts from a certain initial state and ends up in a final state that represents the result of the computation. In the case of quantum computers, the evolution is known to be a unitary transformation. Hence, to make a computation on a quantum computer means to realize a specific unitary transformation. This is certainly no trivial task. Fortunately, we can benefit from the fact that any unitary transformation can be built up from rotations that bring single qubits into superposition states and elementary unitary transformations, so-called quantum gates (the analogues of gates in classical computers) that act on two qubits. Hence a quantum algorithm is specified by a sequence of rotations and gates, and the experimentalist’s task is to realize this sequence of operations. Among the quantum gates the so-called controlled-NOT gate (or C-NOT gate) is of special importance, since it was shown that any unitary transformation can be decomposed into rotations on a single qubit and controlled-NOT gates acting on two qubits, a control and a target qubit. A controlled-NOT gate has the following properties: it leaves the target qubit t unchanged, when the control qubit c is set to 0

0 0 0 0 , 0 1 0 1 ,c t c t c t c t

and it causes a flip of the target qubit, when the control qubit is set to 1

1 0 1 1 , 1 1 1 0 ,c t c t c t c t

To realize a controlled-NOT gate, one needs a physical mechanism that couples any target qubit to any control qubit. Cirac and Zoller (1995) found a suitable mechanism to be given by Coulomb repulsion, in their proposal of a quantum computer that is made up of cold ions stored in a linear Paul trap. This concept proved to be attractive for experimentalists. In fact, many of the techniques for preparing and manipulating quantum states of trapped ions have already been developed in the field of precision spectroscopy, and we mentioned that entanglement between two trapped ions was produced and quantum teleportation was realized in a three-ion system. Hence the trapped ion scheme is indeed prospective. So, to get a realistic idea of how a quantum computer might work, as a physical system, let us have a closer look at the Cirac–Zoller proposal.

Dealing with ions, the two states of a qubit, 0 and 1 , are

realized by two longlived energy levels.Working with alkaline

earth ions, one may choose the state 0 as a sublevel of the

1

2

S ground state, and the state 1 as a sublevel of the

excited 5

2

D state. Those two states are coupled through a

quadrupole transition. So the excited state is metastable. Nevertheless, with the help of lasers optical transitions between the two states can be induced. A second important point is that by utilizing the quantum jump technique level occupations can

be reliably read out. With a properly tuned strong laser, resonance fluorescence can be excited exclusively between the

ground state 0 and a suitable higher level, whereas no such

possibility exists for the excited state 1 . So the occurrence of

a fluorescence signal indicates that the qubit is in the state 0 ,

where as the absence of such a signal tells us that the state 1 is

occupied. In fact, this is the kind of measurement that enables us to read out the result of a computation. A prerequisite of computation is, of course, the ability to address the ions individually (with lasers). This is achieved by storing them in a linear Paul trap. With the help of the optical cooling technique the ions can be arranged in a ‘string-of-pearls’ configuration. Then each is localized in a region whose dimensions are much less than optical wavelengths. On the other hand, the spacing between adjacent ions can be made conveniently large. While the ions are tightly bound in the directions transverse to the trap axis, the trap potential along the axis will give them the freedom to oscillate about their equilibrium positions. Their coupling via Coulomb repulsion will, however, give rise to collective oscillations that are described by normal modes of the linear chain. In the simplest case, all the ions move in the same way (as if they were rigidly coupled). The eigenfrequency of this so-

called centre-of-mass (CM) mode, CM , is the smallest one. It

equals that of a single ion. Typically, it is of the order of 100kHz. The eigenfrequencies of the various modes are well

separated. In particular, the eigenfrequency next to CM is

greater by a factor of 3 , and the eigenfrequencies of the other modes are still larger. So one can discriminate between the modes, and it becomes possible to excite, or de-excite, just one of them, preferably the CM mode. All possible manipulations of the ions for computational purposes make use of lasers acting on individual ions. Depending on the tuning of the laser frequency, the following two basic processes can be realized. Rotation of a qubit. When the laser is at resonance with the

transition 0 1 , it will not affect the ion’s motion. The

action of the laser can be described by the following unitary operation, which is referred to as qubit rotation

, ;

0 cos 0 s 1 ,

1 sin 0 c 1

i

i

V

ie

ie

in2 2

os2 2

Here we have introduced the pulse area t (assuming the pulses to be rectangular) and disregarded the free evolution of the basis states, we have used the so-called interaction representation. Of special importance will be π/2, π and 2π pulses that correspond to θ = π/2, etc. Not only must the frequency of the laser be adjusted very precisely; its polarization must also be properly set. This is because the basis states are actually sublevels with given magnetic quantum numbers so that the laser transition is subjected to selection rules that ensure angular momentum

conservation. To drive only the 0 1 transition, the laser

beam must be chosen to be right-handed circularly polarized, for instance. Switching to left-handed circular polarization gives us

an opportunity to drive a transition from 0 to a second

excited level 2 , which we will refer to as an auxiliary level.

But what is the use of it? Certainly, we are not interested in

actually populating level 2 , since this would invalidate the

qubit concept. However, by applying a left-handed polarized 2π

pulse to the state 0 we will bring back the ion into this state,

but nevertheless produce a subtle effect, with 1 replaced

by 2 , the state 0 will change its sign. Importantly, the

state 1 remains unaffected. Such an operation is indeed

required. For instance, a simple NOT operation that interchanges

0 and 1 cannot be realized by a rotation: a π pulse with

phase ϕ = π/2 causes the transition 0 1 , 1 0 .

So the false sign of 0 still has to be inverted. Interaction with

vibrations. When a laser is properly detuned, it will act not only on the internal states of an ion, but also on its vibrational motion. The underlying mechanism is that a moving ion ‘feels’ the (given) electric field strength residing at the actual positions of the centre of mass. This makes the interaction Hamiltonian depend on the elongation of the ion, which implies a coupling between the electric field and the ion’s motion, in addition to the coupling to the internal degrees of freedom. When we are dealing with a linear chain of ions, the electric field will interact with the collective vibrations (normal modes), though the field is acting on just one ion. Let us specify the physical conditions in which this interaction can actually be observed. First, it has to be noticed that in the quantum mechanical description the vibrational modes have quantized energies. In perfect analogy to the electromagnetic field modes, the energy is a multiple of

vibh (h Planck’s constant), where vib is the eigenfrequency of

the respective vibrational mode. The role of photons is now played by phonons, and we speak of the presence of n phonons

(n = 0, 1, 2, . . .) when the energy is just vibnh . Of vital

importance for the Cirac–Zoller proposal are processes in which an ion becomes excited and one phonon is simultaneously annihilated. Energy conservation then requires that one laser photon is annihilated jointly with one phonon, their energies being converted altogether into the excitation energy of the ion,

1 0 ,L vibh h h where L is the laser frequency,

and 1 0,hh are the energies of the excited state 1 and the

ground state 0 . Equation gives us the frequency condition

1 0L vib , which indicates that the laser frequency

must be red-shifted. As was mentioned above, the eigenfrequencies for the vibrational modes differ distinctly. This makes it possible to act on just one selected mode, preferably the CM mode, by properly setting the laser frequency. But the inverse process must also be possible (which is, in fact, a general rule): a laser-induced transition from the higher level to the lower level that is accompanied by the creation of a phonon. (Formally, this follows from the Hermiticity of the interaction Hamiltonian.) So we are able to act, with properly tuned laser pulses, simultaneously on both the internal and the vibrational degrees of freedom of the ionic system. When directed on the μth ion, a laser pulse with pulse area θ and phase ϕ gives rise to

the following transformation that is referred to as ,U

operation

0 1 cos 0 1 sin2 2

1 0 sin 0 1 cos2 2

i

vib vib

i

vib vib

ie

ie

1 0 ,

1 0 .

vib

vib

Here, 0vib

and 1vib

are vibrational states with 0 or 1

phonons, it is readily seen that a π pulse (θ = π) allows us to realize the special operations we considered before. It should be noticed that the expression for the Rabi frequency, and hence also the pulse area, is different for the operations

,V

and ,U .

As in the case of qubit rotations,

the existence of an auxiliary level 2

can be utilized to

change the sign of the state 0

, without affecting the

state 1

.This is achieved with the help of a properly polarized

2π pulse. It should be observed, however, that this process takes place only when the vibrational mode is excited. Otherwise the (red-shifted) laser pulse will not interact with the ion. So we are

able to change the sign of 0

on condition that one phonon is

present. We will see below that this sign inversion can be used as an important ingredient of a controlled-NOT gate. The

, U

operation allows us to create a phonon in a selected

vibrational mode, by applying a π pulse on any excited ion μ. Since all ions are involved in this vibrational motion, the phonon will modify, in turn, the action of a suitably chosen pulse sequence directed on any ion . So the vibrational mode plays

the role of a data bus: the information that the μth ion is initially excited is encoded into a phonon, and it can be read out on any ion . This kind of information transfer is, in fact, crucial to

quantum computing, opening the way to implement two-qubit gates. I will illustrate this by the example of the controlled-NOT gate. The first step in implementing a controlled-NOT gate will be to

a apply a redshifted π pulse, ,2

cU

, to the control

qubit c. If it is in the excited state 1c

the pulse will ‘swap’ the

excitation for a phonon. What we now need is a sequence of pulses acting on the target qubit t that has the following effect: it inverts the population of the target qubit if a phonon is present. However, it leaves the target qubit unchanged in the absence of a phonon. Cirac and Zoller (1995) proposed to build up this sequence from three pulses:

(a) a resonant π/2 pulse with phase −π/2, ,2 2

tV

,

(b) a red-shifted 2π pulse, 2aux

tU

, with modified

polarization so that it interacts with an auxiliary level 2t

(see

above) and

(c) a resonant π/2 pulse with phase π/2, ,2 2

tV

. The two

pulses (a) and (c), applied one after the other, reproduce the state of the target qubit. However, in combination with the pulse (b)

(which changes exclusively the sign of the state 0t) they

produce the desired inversion of the target qubit. Note that the phonon is still present. So the control qubit can finally be set back, with the help of a red-shifted π pulse, to the initial

state 1c

, whereby the phonon is annihilated. Hence the

requirement is fulfilled. On the other hand, when the control

qubit is initially set to 0c

, the first pulse ,2

cU

does

not affect the control qubit. Since no phonon is produced, the pulse (c) has also no effect. So only the resonant pulses (a) and (c) actually interact with the target qubit, their combined action, however, leaving the state of the target qubit unchanged, as was mentioned above. Actually, experimentalists at Innsbruck succeeded in realizing a controlled-NOT gate along the lines just described (Schmidt-Kaler et al., 2003). Finally, let me say a few words on how the laser pulses are generated and manipulated. One starts with a cw laser that is coupled into a single-mode optical fibre. Making the laser light pass through a Pockels cell placed between crossed polarizers, the pulse duration – and hence also the pulse area – can be adjusted. A Pockels cell is also used for setting the polarization. Addressing a particular ion is achieved with the help of a focusing lens system. The possibility of switching between different ions is provided by electro-optical beam deflectors. The problem that is really open is the scalability of the experimental scheme. Will it be possible to manipulate many hundreds of ions such that the incredibly large number of computational steps prescribed by the algorithm are realized [ 6]?

3. QUANTUM ALGORITHMS An algorithm is a set of instructions used to perform some well-defined task on a computer. A large part of the desire to develop a quantum computer has come from the discovery that some algorithms work dramatically better on a quantum computer than they could ever work on a classical computer. This is because the nature of quantum systems—captured in superposition and interference of qubits—often allows a quantum system to compute in a parallel way that is not possible even, in principle, with a classical computer. It was discovered that given a function f (x), a quantum algorithm is capable of evaluating the function at multiple values of x simultaneously. As we will see below, a quantum algorithm highlights one of the central tugs-of-war that exist in quantum theory. A qubit can exist in a superposition of states, giving a quantum computer a hidden realm where exponential computations are possible. In other words, the fact that a quantum system can exist in a superposition or linear combination of states allows us to do simultaneous parallel computations that cannot be done even, in principle, on any classical computer. This feature allows a quantum computer to do parallel computations using a single circuit-providing a dramatic speedup in many cases. However, since measurement finds a qubit in one state or the other—frustratingly we find that if we give a quantum computer n inputs we only get n outputs. Nature allows us to get around this to a certain extent and extract useful information using quantum interference. This is another feature of qubits that cannot be seen with classical bits—and it plays an important role in the

development of useful algorithms. Because it’s also true that a quantum computer can execute any classical algorithm, the hope is that as more algorithms are discovered and quantum computers become a reality, extremely efficient computing machines can be built. At the present time only a small set of truly quantum algorithms have been discovered, and this remains a very active area of research. We begin by reviewing two quantum gates that are important in the development of quantum algorithms and explaining quantum interference. Then we explore our first truly quantum algorithm, called Deutsch’s algorithm after its creator, the imaginative physicist David Deutsch [5].

3.1 Hadamard Gates An important step in quantum algorithms is to use Hadamard gates to create superposition states. Recall that the Hadamard gate H acts on the computational basis states in the following way:

An interesting feature of the Hadamard gate is that two Hadamard gates in series act to reverse the operation and give back the original input. Let’s consider a Hadamard gates applied

to an arbitrary qubit 0 1 . We have

If we apply a Hadamard gate twice, we get the original state back:

Figure 4: Two Hadamard gates in series restore a qubit to its original state

Figure 5: Two Hadamard gates used in parallel

So the action of two Hadamard gates in series, shown in figure 4, restores a qubit to its original state. Now consider what happens when we apply two Hadamard gates in parallel. Let’s

say that we do this for the state 1 1 (see figure 5). The result

of this action is the product state given by

As we will see, the operation of two or more Hadamard gates in parallel plays an important role in quantum algorithms. When n Hadamard gates act in parallel on n qubits, this is called a Hadamard transform. A shorthand notation that is sometimes

used is to write So the operation shown in previous

equation can be denoted by . If we apply

nH

2H 2H to the

product state 0 0 , we obtain

In a similar way3 0 0 0H

gives us

We can write a sum over states

like 100 01 10 11

2 compactly in the

following way: We let x denote a general state

where that is, 20,1 ;x x is one of

00 1, 01 , 10 , 1 . If we write , then we

mean that

30,1 ;x

x is one of the three qubit

states 000 , 001 , 010 , 011 , 111100 , 101 , .

By summing over the variable x , we can write the states

compactly.

In general, the application ofnH

to a product state with n

copies of 0 is

Another useful operation is applying to the product

state

H H0 1 . This gives

If we think of x as running over the numbers 00, 01, 10, 11 (i.e, 0, 1, 2, 3), then we can write this compactly as

Meanwhile

where 0 1x x is the exclusive-OR of the two qubits, and we

are saying x is a two qubit state of the

form 0 1x x where 0 1,x x are either 0 or 1 [5].

3.2 The Phase Gate Another useful gate that can be applied in the development of quantum algorithms is a variation of the phase gate we met in the last chapter, called the discrete phase gate. We denote the

discrete phase gate by kR , where

3.3 Matrix Representation of Serial and Parallel Operations When looking at quantum circuit diagrams or thinking about quantum algorithms, it is sometimes helpful to break down the problem in terms of matrices. There are two basic rules that can be followed. The first is that if a set of operations is performed

in series, then this is represented by a matrix product. We represent a set of operations performed in series (i.e., in time) by starting with the first operation on the left followed by subsequent operations moving to the right. This is illustrated in figure 6, where we first perform a phase gate with angle θ, followed by a Hadamard gate, which is then followed by the application of a Z gate. The matrix representation of this sequence of operations is written down by multiplying the matrices in reverse order. Hence the operation shown in figure 6 is written as ZHP(θ)

Figure 6: Circuit diagram for the application of a phase gate, followed by an application of a Hadamard gate,

llowed by the application of a Z gate

Explicitly we have

fo

When quantum operations are performed in parallel (i.e., at the same time), we compute the tensor product, which we already know how to do. So the matrix representation of H ⊗H is

As we will see when we start developing some quantum algorithms, interference and parallelism play a fundamental role. Before actually describing an algorithm we first describe quantum interference [5].

m inte ence. Let’s recall wh s

when we calculate

3.4 Quantum Interference The application of a Hadamard gate to an arbitrary qubit is an example of quantu rfer at happen

H for 0 1 . We get

Notice that the probability to obtain 0 upon measurement has

been changed as

2

while the probability to find 1 has been changed as

2

Specifically, looking at the state, we write

0 1

2

The Hadamard gate transforms

0 . This is a

manifestation of quantum interference—mathematically this means the addition of probability amplitudes. There are two

types of interference, positive interference in which probability amplitudes add constructively to increase or negative interference in which probability amplitudes add destructively to decrease. In the case with the Hadamard transformation of the state we have the following:

• Positive interference with regard to the basis state 0 . The

two amplitudes add to increase the probability of finding 0 upon measurement. In fact in this case it goes to unity meaning we are certain to find 0.

• Negative interference where by the terms 1 and 1

cancel. We go from a state where there was a 50% chance of finding 1 upon measurement to one where there is no chance of

important role in the

of the basic quantum algorithm toolkit, quantum parallelism [5].

output. That is,

finding 1 upon measurement. Quantum interference plays an development of quantum algorithms: • Quantum interference allows us to gain information about a function f (x) that depends on evaluating the function at many values of x. That is, interference allows us to deduce certain global properties of the function. Now let’s look at the final part

3.5 Quantum Parallelism and Function Evaluation The first foray into the development of a quantum algorithm one can imagine is actually quite simple— but it demonstrates the overwhelming power of a quantum computer (i.e., should a practical one ever be constructed). The algorithm we are going to describe is called Deutsch’s algorithm. Earlier we mentioned that quantum parallelism can be described as the ability to evaluate the function f (x) at many values of x simultaneously. Let’s see how to do this by considering a very simple function, one that accepts a single bit as input and produces a single bit as

0,1x . There are only a small number of

functions that can act on the set 0,1x and give a single bit

as output. For example, we could have the identity function

Two more examples are the constant functions f (x) = 0, f(x) = 1 The final example is the bit flip function

The identity and bit flip functions are called balanced because the outputs are opposite for half the inputs. So a function on a single bit can be constant or balanced. Whether a function on a single bit is constant or balanced is a global property. What we’re going to see in the following development is that Deutsch’s algorithm will let us put together a state that has all of the output values of the function associated with each input value in a superposition state. Then we will use quantum interference to find out if the given function is constant or balanced. The first step in developing is algorithm is to

imagine a unitary operation denoted by

th

fU that acts on two

qubits. It leaves e first qubit alone and produces the exclusive th

or (denoted b ) of the second qubit with the function f evaluated with the first qubit as argument. That is,

y

, ,fU x y x y f x

e that x, y {0, 1}). Now, since(not x is a qubit, it can be in a

superposition state. Let’s specifically start with an initial state

0 and appl a Hadamard gate, as shown in figure 7.

Using algebra, we write the action of the circuit shown in figure 7 as

y

This circuit has produced a superposition state that has information about every possible value of f (x), in a single step. Suppose that f (x) is the identity function. Then the final state is

Figure 7: Circuit diagram

for , ,fU x y x y f x where we take the first

qubit to be in a superposition and the second qubit to be

0 .

Recall that , so

more generally the output of this circuit is

0 0 1 1 0,0 1 1,1 0 1

This looks pretty nifty—we have a superposi ll pairs of x, f (x) represented. But remember how quantum

measurement works. If we measure the state

tion state with a

x f x). After measurem

,

we get one and only one value of x and f (x ent

the system is in a state proportional to x f x for that

single and specific value of x. Moreover the value of x that we obtain is completely random. So what we have so far is the same as evaluating the function f (x) at some randomly chosen x. That doesn’t seem very useful. For a simple function on bits we can learn the value of f (0) or f (1), but not both simultaneously (even though they are simultaneously present in the premeasurement state). While it seems like we haven’t gotten anything any more useful than what we can do with a classical computer, it’s in fact worse: we can’t choose which value to reveal, f (0)or f (1), that occurs rando h’s algorithm takes what we have done so far to exploit th e system is in a superposition

state

mly. Deutsce fact that th

x f x to obtain information abou rty t a global prope

of the function—whether or not it is constant 0 1f f or

balanced 0 1f f . It does this by computing

In words Deutsch’s algorithm is implem ented by the followingsteps:

1. Apply Hadamard gates to the input state 0 1 produce a

product state of two superpositions.

2. Apply fU to that product state.

3. Apply to the first qubit leaving the second qubit alone. We alre esult of the first step is in previous

nd we restate here

a Hadamard gate

ady know what the requation. We calculated it a

By doing this, we provide a superposition state as input that will contain all possible values of the combination (x, f (x)) once

we fU . Because it’s a single state, we havapply e these listed

simultaneously. Now let’s apply fU to each term

of 0 1H H . For the first e term we hav

s This result take into account the

possibilities 0 0f 0 this works, note tha

and 1. To see how

t (0)=0, then

0 0f if f

0 0 00 0f and

On the other hand, if f (0)=1, then 0 0f 0 1 1 and

Similar logic applied to the other terms gives

Hence

To get the final output state of Deutsch’s algorithm, we

apply H I ´to .

The Hadamard gate is applied to the first qubit, and the second qubit is left alone. Let’s look a the first couple of terms explicitly:

Applying to all the terms and doing some algebra gives the final output state of Deutsch’s algorithm as

H I

Now suppose that the function is constant so that f (0)=f (1). Then we obtain the final output state, using previous equation, as

On the other hand, if f (0) f (1), then f (0)=0, f (1)=1, or f (0)=1, f (1)=0, and the final output state is

In this algorithm, single-qubit interference is applied to the first qubit allowing us to distinguish between the two cases of the output of the function [5].

3.6 Deutsch-Jozsa Algorithm The Deutsch-Jozsa algorithm is a generalization of Deutsch’s algorithm. Again, this algorithm allows us to determine whether a function f (x) is constant or balanced, but this time the function has multiple input values. If f (x) is constant, then the output is the same for all input values x. If the function is balanced, then f (x)=0 for half of the inputs and f (x)=1 for the other half of the inputs, and vice versa. We start with an initial state that includes

n qubits in the state 0 and a singlequbit in the state 1 .

Hadamard gates are applied to all qubits. The circuit is illustrated in figure 8. We start off by calculating

Next we apply , ,fU x y x y f x , to evaluate the

function. The first n qubits are the values of x and the last qubit plays the role of y as shown in the figure 8. The output state of

the fU gate is

Figure 8: The Deutsch-Jozsa algorithm generalizes Deutsch’s algorithm to handle a function with n input values and determine whether or not it is constant or balanced

Applying a Hadamard gate to an n qubit state x gives

So the final output state is

Now we measure the n inputs. It might not be immediately, but

there are two possible measurement results on y (which is the

state of n inputs at this stage) that are of interest. The possible results are as follows:

• Measurement of the first n input qubits in out returns all

0’s. In this case f (x) is constant.

• Otherwise, if at least one of the qubits in y is found to be a 1

on measurement, f (x) is balanced [5].

3.7 Quantum Fourier Transform A quantum computer can be used to compute a quantum analog of the Fourier transform. First let’s get some preliminaries down. Consider two states of d =n qubits

where each , 0,i ix y 1 . Then

The quantum Fourier transform maps the

state 1 2 0...n nx x x into the state

where we have introduced the notation

and so on, to represent a binary fraction. Notice that we have two things going on here—superposition states and the introduction of phases. The first fact tells us that we will need to build a circuit with Hadamard gates to introduce superposition states. As for the phases, let’s recall the discrete phase gate. The matrix representation of this gate in the computational basis is

So we see that

The quantum Fourier transform is implemented using Hadamard gates and controlled discrete phase gates. Let’s denote the

quantum Fourier transform operator by . It acts on an

arbitrary state

FU

x as

We use the

property andba b aee e 0 1 ... ny y y y 1

to write this as a tensor product state:

Each 0,1iy . If , then0iy 0 12 ... 0 1i jiy x x xe e

.

If , then the termsis left with1i y 0 12 ...i jiy x x xe

. The

discussion so far has been pretty abstract. Next we will show how to compute the discrete quantum Fourier transform for a

three-qubit state 2 1 0x x x x . The circuit used to do this is

shown in figure 9. The first step is to apply the Hadamard gate

to 2x . Note that 1 ie , so the state on the top line in

figure 9 becomes

We proceed to act on this state with the controlled 2R gate. The

control bit for this gate is the state 1x , which is 0 or 1 .

Since 0 21 ie e 0 , and 1x is either 0 or 1 , we can

write the action of the 2R gate on the basis state

1 as 1 1/2 2 ie /42 1 1 1i x xR e . So the state of the

entire system at this point is

Now we apply the controlled 3R gate to this state with the

control bit being 0x . This acts in the same manner

transforming the system into the state

Next 1x goes through the Hadamard gate and the

controlled 2R gate, transforming it as

Figure 9: Circuit for a quantum Fourier transform applied to a three—qubit state.

The state of the system becomes

The last step is to act on 0x with the final Hadamard gate. This

takes

The final state of the system is [5]:

3.8 Phase Estimation The quantum Fourier transform is closely related to a problem called phase estimation. Let U be a unitary operator on a

2nd Hilbert space, and let 1 2, ,... d be the

eigenvectors of U, which form an orthonormal basis for the space. The eigenvalues of unitary operators are phases. Hence

the eigenvalues of each n will be given by

2 nin nU e

Notice that if we act on a given eigenvector say j times, we have

The problem of quantum phase estimation is the following:

Given a unitary operator U and an input eigenvector of U,

estimate the angle θ in the associated eigenvalue that will have a form given by. We suppose that we want to know the phase angle θ to m bits of accuracy. To begin, the algorithm with the initial state given by

0m

in

Here we know the eigenvector of the given unitary

operator, to n bits, meaning it is an n qubit state

1 2 1 0, ,..., ,n n . Following a procedure you’re

familiar with already, the first step is to apply Hadamard gates to

the 0 inputs to generate superposition states. Acting with m

Hadamard gates gives

Now apply the unitary operator to the state in the following way:

Because2 i xe

is just a number, we can move it wherever we like. Notice that the state in previous equation is a product state,

with each term multiplied by . So we can pull it out of the

sum and write

We are after an estimate of θ, so we can throw out the last n

qubits (i.e., throw out ). This leaves the state

The algorithm we have described to this point is sometimes called a phase kickback circuit . This is illustrated in figure 10. To get an estimate of θ, we can use the quantum Fourier

transform . Specifically, we apply the inverse quantum

Fourier transform, which is given by

FU

, to the state in previous equation. The result is

The probability of finding the system in the state y is

Figure 10: An illustration of a circuit

We can evaluate this term by considering a geometric series. If |r| < 1, then

When the sum is finite, we have

The probability of finding the system in the state y is

We wish to estimate a lower bound on this probability. Doing so involves looking at the terms in the complex plane. If you haven’t had complex variables, you may wish to skip this section, which will seem obscure to many readers. Suppose that we have an m bit approximation of θ given by 0.

1 2...m m 0 12m

that differs from θ by some error ε such that 0

< |ε| ≤

. Then we can take2 ir e and estimate a lower

bound on obtaining an accurate m bit precision estimate of θ. To do this, we examine the complex plane and consider that

2 1mr is the chord length from 1 to . We drawing a unit

circle in the complex plane. As illustrated in figure 10, the arc

length from 1 to is given by 2π|ε|2m. In figure 11 the ratio of the arc length to the chord length cannot exceed π/2. Hence we obtain the bound

2mr

2mr

Figure 11: Estimating a bound on the probability by looking at the complex plane.

Now we need a bound on the denominator. A similar procedure for considering the chord length from 1 to r gives the bound

Hence

The bottom line of this calculation is that the probability is greater than 0.4. that a measurement of θ to m bits of precision is obtained with every single bit correct [5].

3.9 Shor´s algorithm Shor’s algorithm is an algorithm invented by Peter Shor in 1995 for finding prime factors of large integers. The statement of the problem of factoring integer is as follows: Given an integer N,

find prime numbers ip and integers such that ie1 2

1 2 ... kee ekN p p p . Let us make two simplifications

of the problem without loosing generality: Firstly, given N, it is enough to split it into

integers and such that1N 2N 1N N N2 . It is easy to see

that after a linear number (in size of the input, i.e. logN) of such steps, we are guaranteed to reach prime factors. Secondly, assume that N is a product of two primes, N = p×q, where

,p q . Classically, naive algorithm for the factoring

problem works in time NO . The fastest known algorithm

for this problem is Field Sieve algorithm that works in time

3 lo2

gO N. In fact, Shor showed that we can do better with

quantum computer. Theorem 1.1: There exists quantum algorithm that solves the factoring problem with bounded error probability in polynomial time [4].

3.9.1 Shor's algorithm - An example The purpose of this section is to illustrate the basic steps involved in Shor's Algorithm. In order to keep the example relatively easy to follow we will consider the problem of finding the prime factors of the number 15. Since the Algorithm consists

of three key steps, this explanation will be presented in 3 stages... Stage 1 The first stage of the algorithm is to place a memory register into a coherent superposition of all its possible states. The letter 'Q' will be used denote a qubit that is in the coherent state.

Figure 12: A three-qubit register can represent 8 classical

states simultaneously.

When a qubit is in the coherent state, it can be thought of as existing in two different universes. In one universe it exists as a '1' and in the other it exists as a '0' (see figure 12). Extending this idea to the 3 bit register we can imagine that the register exists in 8 different universes, one for each of the classical states it could represent (i.e. 000, 001, 010, 011, 100, 101, 110, 111). In order to hold the number 15, a four bit register is required (capable of representing the numbers 0 to 15 simultaneously in the coherent state). A calculation performed on the register can be thought of as a whole group of calculations performed in parallel, one in each universe. In effect, a calculation performed on the register is a calculation performed on every possible value that register can represent. Stage 2 The second stage of the algorithm performs a calculation using the register. The details of which are as follows:

The number N is the number we wish to factorise, N = 15.

A random number X is chosen, where 1 < X < N-1. X is raised to the power contained in the register

(register A) and then divided by N. The remainder from this operation is placed in a

second 4 bit register (register B).

Figure 13: Operation performed in stage 2.

After this operation has been performed, register B contains the superposition of each universes results. This is best illustrated with an example, if we choose X to be 2, then the contents of register B, for every possible value in register A are as follows.

Table 1: Contents of Register B, when N = 15 and X = 2. Register A Register B 0 1 1 2 2 4 3 8 4 1 5 2 6 4 7 8 8 1 9 2 10 4 11 8 12 1 13 2 14 4 15 8 Notice (see table 1) that the contents of register B follows a repeating sequence (1,2,4,8,1,2,4,8...), the frequency at which this repeats can be named f. In this case the repeating sequence (1, 2, 4, 8) has four values so f = 4. Stage 3 The final stage is perhaps the most difficult to follow. The frequency of repetition, f, can be found using a quantum computer. This is done by performing a complex operation on register B and then looking at its contents which causes the results from every universe to interfere with each other. The resulting value for f is then used in the following equation to calculate a (possible) factor.

The resulting number cannot be guaranteed to be a prime factor, but there is a good chance that it is one. The interference that produces the value for f tends to favour the correct answer as incorrect answers cancel each other out. In our example the value f = 4 does give a correct answer of 3. The fact that the answer cannot be guaranteed to be correct is of little consequence as it can be easily checked with multiplication. If the answer is incorrect, there is a very strong chance that repeating the calculation a few times with different values of X will produce the right answer [2].

3.10 Quantum searching and Grover’s algorithm Grover’s algorithm for searching over a space of size N works as follows: consider the two dimensional subspace that consists of

two states: the target state a and 0

1x

N .

Start with the state 0 , and repeat for O N steps:

reflect about a and then reflect about 0 . To implement

the reflection about 0 , we use the Diffusion operator D

(assume ), which works as follows. First, apply ,

which maps

2nN 2nH

0 00...0 . Then reflect around

00...0 . Finally, apply to return to the original basis.

(Note that this is simply a reflection around the zero vector in the Hadamard basis.) Let’s write out this diffusion operator explicitly to give another way of understanding Grover’s algorithm:

2nH

Claim: The Diffusion operator D has two properties: 1. It is unitary and can be efficiently realized. 2. It can be seen as an “inversion about the mean.” Proof:

1. For 2nN ,D can be decomposed and rewritten as:

Observe that D is expressed as the product of three unitary matrices (two Hadamard matrices separated by a conditional phase shift matrix). Therefore, D is also unitary. Regarding the implementation, both the Hadamard and the conditional phase shift transforms can be efficiently realized within O(n) gates.

2. Consider D operating on a vector to generate

another vector :

If we let be the mean amplitude, then the expression

2 i describes a reflection of i about the mean. Thus,

the amplitude of 2

2i j i ijN can

be considered an “inversion about the mean” with respect to

i . The quantum search algorithm iteratively improves the

probability of measuring a solution. Here’s how:

1. Start state is 0

1x

xN

2. Invert the phase of i using f

3. Then invert about the mean using D

4. Repeat steps 2 and 3 O N times, so in each iteration

a increases by 2

N.

This process is illustrated in figure 14 [3].

Figure 14: The first three steps of Grover’s algorithm. We start with a uniform superposition of all basis vectors in (a).

In (b), we have used the function f to invert the phase of k .

After running the diffusion operator D, we amplify k while

decreasing all other amplitudes.

4. POTENTIAL Integer factorization is believed to be computationally infeasible with an ordinary computer for large integers that are the product of only a few prime numbers (e.g., products of two 300-digit primes). By comparison, a quantum computer could efficiently solve this problem using Shor's algorithm to find its factors. This ability would allow a quantum computer to "break" many of the cryptographic systems in use today, in the sense that there would be a polynomial time (in the number of digits of the integer) algorithm for solving the problem. In particular, most of the popular public key ciphers are based on the difficulty of factoring integers (or the related discrete logarithm problem which can also be solved by Shor's algorithm), including forms of RSA. These are used to protect secure Web pages, encrypted email, and many other types of data. Breaking these would have significant ramifications for electronic privacy and security. The only way to increase the security of an algorithm like RSA would be to increase the key size and hope that an adversary does not have the resources to build and use a powerful enough quantum computer. A way out of this dilemma would be to use some kind of quantum cryptography. There are also some digital signature schemes that are believed to be secure against quantum computers. Besides factorization and discrete logarithms, quantum algorithms offering a more than polynomial speedup over the best known classical algorithm have been found for several problems, including the simulation of quantum physical processes from chemistry and solid state physics, the approximation of Jones polynomials, and solving Pell's equation. No mathematical proof has been found that shows that an equally fast classical algorithm cannot be discovered, although this is considered unlikely. For some problems, quantum computers offer a polynomial speedup. The most well-known example of this is quantum database search, which can be solved by Grover's algorithm using quadratically fewer queries to the database than are required by classical algorithms. In this case the advantage is provable. Several other examples of provable quantum speedups for query problems have subsequently been discovered, such as for finding collisions in two-to-one functions and evaluating NAND trees. Consider a problem that has these four properties:

The only way to solve it is to guess answers repeatedly and check them,

there are n possible answers to check. Every possible answer takes the same amount of time

to check, and there are no clues about which answers might be

better: generating possibilities randomly is just as good as checking them in some special order.

An example of this is a password cracker that attempts to guess the password for an encrypted file (assuming that the password has a maximum possible length). For problems with all four properties, the time for a quantum computer to solve this will be proportional to the square root of n. That can be a very large speedup, reducing some problems from years to seconds. It can be used to attack symmetric ciphers such as Triple DES and AES by attempting to guess the secret key. Regardless of whether any of these problems can be shown to have an advantage on a quantum computer, they nonetheless will always have the advantage of being an excellent tool for studying quantum mechanical interactions, which of itself is an enormous value to the scientific community.

Grover's algorithm can also be used to obtain a quadratic speed-up (over a brute-force search) for a class of problems known as NP (Nondeterministic Polynomial time)-complete. Since chemistry and nanotechnology rely on understanding quantum systems, and such systems are impossible to simulate in an efficient manner classically, many believe quantum simulation will be one of the most important applications of quantum computing. There are a number of practical difficulties in building a quantum computer, and thus far quantum computers have only solved trivial problems. David DiVincenzo, of IBM, listed the following requirements for a practical quantum computer [1]:

scalable physically to increase the number of qubits; qubits can be initialized to arbitrary values; quantum gates faster than decoherence time; universal gate set; qubits can be read easily.

5. QUANTUM DECOHERENCE One of the greatest challenges is controlling or removing decoherence. This usually means isolating the system from its environment as the slightest interaction with the external world would cause the system to decohere. This effect is irreversible, as it is non-unitary, and is usually something that should be avoided, if not highly controlled. Decoherence times for candidate systems, in particular the transverse relaxation time T2 (for NMR and MRI technology, also called the dephasing time), typically range between nanoseconds and seconds at low temperature. These issues are more difficult for optical approaches as the timescales are orders of magnitude lower and an often cited approach to overcoming them is optical pulse shaping. Error rates are typically proportional to the ratio of operating time to decoherence time, hence any operation must be completed much more quickly than the decoherence time. If the error rate is small enough, it is thought to be possible to use quantum error correction, which corrects errors due to decoherence, thereby allowing the total calculation time to be longer than the decoherence time. An often cited figure for required error rate in each gate is 10−4. This implies that each gate must be able to perform its task 10,000 times faster than the decoherence time of the system. Meeting this scalability condition is possible for a wide range of systems. However, the use of error correction brings with it the cost of a greatly increased number of required qubits. The number required to factor integers using Shor's algorithm is still polynomial, and thought to be between L and L2, where L is the number of bits in the number to be factored; error correction algorithms would inflate this figure by an additional factor of L. For a 1000-bit number, this implies a need for about 104 qubits without error correction. With error correction, the figure would rise to about 107 qubits. Note that computation time is about L2 or about 107 steps and on 1 MHz, about 10 seconds. A very different approach to the stability-decoherence problem is to create a topological quantum computer with anyons, quasi-particles used as threads and relying on braid theory to form stable logic gates [1].

6. QUANTUM COMMUNICATION The research carried out on quantum computing has created the spin-off field of quantum communication. This area of research aims to provide secure communication mechanisms by using the properties of quantum mechanical effects [2].

6.1 How quantum communication works? Quantum communications makes use of the fact that information can be encoded as the polarisation of photons (i.e. the orientation of a photon's oscillation). An oscillation in one direction can be thought of as 0 and in another as a 1. Two sets of polarisations are commonly used, rectilinear and diagonal (see figure 15)[].

Figure 15: The polarisation of photons can be used to encode data. In order to receive the data, the polarisation of the filter must match that of the photons.

The property that quantum communication exploits is that in order to receive the correct information, photons have to be measured using the correct filter polarisation e.g. the same polarisation that the information was transmitted with. If a receiver is in rectilinear polarisation, and a diagonally polarised photon is sent, then a completely random result will appear at the receiver. Using this, property information can be sent in such a way as to make it impossible for an eavesdropper to listen undetected. The mechanism by which this works is as follows:

1. The sender transmits information to the receiver using random polarisations.

2. The receiver detects this information (also at random polarisations) and records it.

3. The sender then informs the receiver of the polarisations that he used over a public channel.

4. The receiver and sender compare a random selection of the information that was received at the correct polarisation.

5. If an eavesdropper has intercepted and forwarded the information, the receiver and sender will be alerted as a higher percentage of errors will be present than expected.

6. If an eavesdropper has been detected, then the whole process has to be repeated.

For example, say there is a sender named Alice who wishes to transmit information to Bob without an eavesdropper Eve listening. They would follow the steps as described above. If Eve tries to eavesdrop, she will have to measure the bits coming from Alice and then forward them to Bob (she can't simply look at the information as doing so will alter it's content). She must use random polarisations to do this, as she does not know which ones Alice used. The chances are that Eve will correctly receive 50% of the information, the other 50% will consist of random values. The fact that approximately half of the random values will be correct means that Eve can at best forward 75% of the correct information to Bob.

Assuming that there is negligible noise on the communication line, Bob will be able to detect that Eve has eavesdropped, as the information he received at the correct polarisation will contain more than 25% errors. He checks for errors by comparing a random selection with Alice on a public channel. Another way that Eve could attempt to subvert communication between Bob and Alice is to intercept the information and send her own instead. Eve will be thwarted by the fact that Alice and Bob discuss a randomly selected group of values, giving away the fact that Eve changed the information. It does not matter how subtly Eve intercepts the signal, Alice and Bob will always be able to discover that she has been listening to the line. This system can only work if the noise on the communication line is negligible, if the line had 25% noise for example it would be impossible to distinguish an eavesdropper from the noise itself. British Telecom has managed to implement a line with only 9% error over a distance of 10km, giving quantum communications a promising future [2].

6.2 Quantum bit commitment A different method of quantum communication is quantum bit commitment. Using this method, people can compare or combine information while keeping each individual contribution secret. A possible use for this would be in contract bidding (making firms bid their best possible offer instead of simply higher than the highest opposition). The basic operation of this method is as follows:

1. Alice sends a string of photons to Bob, all of which are at the same polarisation.

2. Bob receives the photons, randomly changing his polarisation and recording the results.

3. Alice can prove to Bob that she sent the information by telling him the pattern of 1's and 0's he saw when his polarisation was the same as hers.

The weakness in this system is that Alice can cheat by creating pairs of photons and sending only one to Bob. These matched photons have the strange quantum property, which no matter how far apart, an observation of one will effect how the other appears at the receiver. Alice can now change Bob's photons by manipulating the copy she kept. Researchers knew of this problem for some time, and Mayor has recently proven that this is a general weakness of all quantum bit commitment systems [2].

7. CANDIDATES There are a number of quantum computing candidates, among those:

Superconductor-based quantum computers (including SQUID-based quantum computers)

Trapped ion quantum computer Optical lattices Topological quantum computer Quantum dot on surface (e.g. the Loss-DiVincenzo

quantum computer) Nuclear magnetic resonance on molecules in solution

(liquid NMR) Solid state NMR Kane quantum computers Electrons on helium quantum computers Cavity quantum electrodynamics (CQED) Molecular magnet Fullerene-based ESR quantum computer

Optic-based quantum computers (Quantum optics) Diamond-based quantum computer Bose–Einstein condensate-based quantum computer Transistor-based quantum computer - string quantum

computers with entrainment of positive holes using an electrostatic trap

Spin-based quantum computer Adiabatic quantum computation Rare-earth-metal-ion-doped inorganic crystal based

quantum computers

The large number of candidates shows explicitly that the topic, in spite of rapid progress, is still in its infancy. But at the same time there is also a vast amount of flexibility. In 2005, researchers at the University of Michigan built a semiconductor chip which functioned as an ion trap. Such devices, produced by standard lithography techniques, may point the way to scalable quantum computing tools. An improved version was made in 2006 [1].

8. QUANTUM COMPUTING IN COMPUTATIONAL COMPLEXITY THEORY This section surveys what is currently known mathematically about the power of quantum computers. It describes the known results from computational complexity theory and the theory of computation dealing with quantum computers. The class of problems that can be efficiently solved by quantum computers is called BQP, for "bounded error, quantum, polynomial time". Quantum computers only run probabilistic algorithms, so BQP on quantum computers is the counterpart of BPP (class of decision problems) on classical computers. It is defined as the set of problems solvable with a polynomial-time algorithm, whose probability of error is bounded away from one quarter. A quantum computer is said to "solve" a problem if, for every instance, its answer will be right with high probability. If that solution runs in polynomial time, then that problem is in BQP.

Figure 16: The suspected relationship of BQP to other problem spaces BQP is contained in the complexity class #P (or more precisely in the associated class of decision problems P#P), which is a subclass of PSPACE (polynomial amount of memory).

BQP is suspected to be disjoint from NP-complete and a strict superset of P, but that is not known. Both integer factorization and discrete log are in BQP. Both of these problems are NP problems suspected to be outside BPP, and hence outside P. Both are suspected to not be NP-complete. There is a common misconception that quantum computers can solve NP-complete problems in polynomial time. That is not known to be true, and is generally suspected to be false. Quantum gates may be viewed as linear transformations. Daniel S. Abrams and Seth Lloyd have shown that if nonlinear transformations are permitted, then NP-complete problems could be solved in polynomial time. It could even do so for #P-complete problems. They do not believe that such a machine is possible. Although quantum computers may be faster than classical computers, those described above can't solve any problems that classical computers can't solve, given enough time and memory (however, those amounts might be practically infeasable). A Turing machine can simulate these quantum computers, so such a quantum computer could never solve an undecidable problem like the halting problem. The existence of "standard" quantum computers does not disprove the Church–Turing thesis [1].

9. CURRENT PROGRESS & FUTURE PROSPECTS The recent work on the 'computing liquid' technique pioneered by Dr. Gershenfield and Dr. Chuang (Los Alamos National Laboratory, New Mexico) has given quantum computing a promising future. In fact, Dr. Gershenfield believes that a quantum co-processor could be a reality within 10 years if the current pace of advancement continues. Other techniques, such as quantum dots, may also yield similar results as our technology advances. The optimist will point out that the problems being experienced by researchers appear to be technical rather than fundamental. On the other side of the argument, is the topic of decoherence. This problem has not been resolved and many people, including Rolf Landauer of IBM's Thomas Watson Research Centre, believe that the quantum computer is unlikely to progress beyond the 10-qubit system, as decoherence makes them too fragile to be practical. Researchers in quantum communication have enjoyed a greater level of success. The partial quantum computers involved have enabled secure communication over distances as far as 10km. Depending on how costly these lines are to develop and the demand that exists for them, there could be a strong future for quantum communications [2].

10. CONCLUSION With classical computers gradually approaching their limit, the quantum computer promises to deliver a new level of computational power. With them comes a whole new theory of computation that incorporates the strange effects of quantum mechanics and considers every physical object to be some kind of quantum computer. A quantum computer thus has the theoretical capability of simulating any finite physical system and may even hold the key to creating an artificially intelligent computer. The quantum computers power to perform calculations across a multitude of parallel universes gives it the ability to quickly perform tasks that classical computers will never be able to practically achieve. This power can only be unleashed with the

correct type of algorithm, a type of algorithm that is extremely difficult to formulate. Some algorithms have already been invented; they are proving to have huge implications on the world of cryptography. This is because they enable the most commonly used cryptography techniques to be broken in a matter of seconds. Ironically, a spin off of quantum computing, quantum communication allows information to be sent without eavesdroppers listening undetected. For now at least, the world of cryptography is safe because the quantum computer is proving to be vary difficult to implement. The very thing that makes them powerful, their reliance on quantum mechanics, also makes them extremely fragile. The most successful experiments only being able to add one and one together. Nobody can tell if the problems being experienced by researchers can be overcome, some like Dr. Gershenfield are hopeful that they can whilst others believe that the quantum computer will always be to fragile to be practical.

11. GLOSSARY OF TERMS AES

Advanced Encryption Standard BPP

In complexity theory, BPP is the class of decision problems solvable by a probabilistic Turing machine in polynomial time, with an error probability of at most 1/3 for all instances. The abbreviation BPP refers to Bounded-error, Probabilistic, Polynomial time.

BQP In computational complexity theory BQP stands for Bounded error, Quantum, Polynomial time. It denotes the class of decision problems solvable by a quantum computer in polynomial time, with an error probability of at most 1/3 for all instances.

Coherent Term used to describe the stable superposition of states

Computing liquid A possible quantum computer whose molecules can be used as qubits

Decoherence When a quantum bit stabilises into only one of its states

DES Data Encryption Standard

Diagonal Polarisation at 45 and 135

Grover's Algorithm An algorithm to search databases, that can also be used to crack DES

Ket notation Bra-ket notation is a standard notation for describing quantum states in the theory of quantum mechanics composed of angle brackets and vertical bars.

NMR Nuclear Magnetic Resonance

MRI Magnetic Resonance Imaging

Polarisation The orientation of a photon's vibrations

PSPACE In complexity theory the class PSPACE is the set of decision problems that can be solved by a Turing machine using a polynomial amount of memory and unlimited time. PSPACE is a strict superset of the set of context-sensitive languages.

Public Key Encryption A method of encryption which uses the difficulty to factorise large numbers as its safeguard against cracking

Quantum bit commitment A flawed method of verifying the source of a message

Qubit A quantum bit, capable of being in both 0 and 1 states simultaneously

Quantum parallelism By performing operations on qubits, many values can be processed with one calculation

Quantum communication Using quantum effects to send information without eavesdroppers listening undetected

Quantum computer A computer that is capable of utilising the effects of quantum parallelism

Quantum dot A possible implementation of a qubit

Rectilinear The vertical and horizontal polarisations

Shor's Algorithm Algorithm to factorise large numbers

Toffoli Gate A universal reversible gate.

VLSI Very Large Scale Integration.

12. REFERENCES [1]. Wikipedia: Quantum computer, Link:

http://en.wikipedia.org/wiki/Quantum_computer. [2]. Bone S., Castro M.: A Brief History of Quantum

Computing, Link: http://www.doc.ic.ac.uk/~nd/surprise_97/journal/vol4/spb3/.

[3]. Vazirani U., Lecture notes, Grover’s algorithm, University of California at Berkeley, Berkeley, CA 94720, U.S.A. 2004, Link: http://www.eecs.berkeley.edu/~vazirani/f04quantum/notes/lec10/lec10.pdf.

[4]. Vazirani U., Lecture notes, Shor's Factoring Algorithm, University of California at Berkeley, Berkeley, CA 94720, U.S.A. 2004, Link: http://www.eecs.berkeley.edu/~vazirani/f04quantum/notes/lec9.pdf.

[5]. McMahon D., 2007 Quantum computing expained, ISBN 978-0-470-09699-4 (cloth), 1. Quantum computers. I. Title., QA76.889.M42 2007, 004.1–dc22.

[6]. Paul H., 2008 Introduction to Quantum theory, Humboldt-Universität zu Berlin, ISBN-13 978-0-511-40865-6, Cambridge University Press, The Edinburgh Building, Cambridge CB2 8RU, UK