Transcript Lecture 6
Quantum Computing MAS 725 Hartmut Klauck NTU 26.3.2012 Order finding over ZN We are given x, N, x<N Order r(x) of x in ZN: min. r0: xr =1 mod N „Period“ of the powers x Order finding over ZN Is there a quantum algorithm to find r(x)? Shor‘s algorithm finds r(x) in time poly(log N) trivial approach: compute xi for i=1,...,r(x) • this is inefficient, could be that r(x)=N-1 Application Factorization problem: Given a natural number N, find some nontrivial prime factor (or even all of them) Factorization can be reduced to order finding! • Purely classical reduction Shor‘s algorithm We follow the general outline of Simon‘s algorithm Start with Hadamard transform, query the black box But then we need another transformation, the quantum Fourier transform Fourier Transform Fourier transform: g is a function ZL ! C [or a vector with L entries] Let w=e2 i/L . Then the Fourier transform is a linear map with matrix FTL(i,j)=wij; 0· i,j· L-1 The trivial algorithm to compute the Fourier transform takes time O(L2) Fast Fourier Transform [FFT] takes times O(L log L) Quantum Fourier Transform Set L=2n. Consider the state |i=j=0,...,L-1 j |ji . The Fourier transform of |i is |i =j=0,...,L-1 j |ji, with This is just the Fourier transform on the superposition Also called QFT Can we implement the QFT efficiently? Efficient means here: polynomial in n=log L Quantum Fourier Transform Let L=2n. Consider |i=j=0,...,L-1 j |ji Write j=j1 jn; j = j12n-1 ++jn20 Set 0.jt jt+1 ... jn = jt/2++jn/2n-t+1 QFT has the following product representation: |j1...jni maps to 1/2n/2 ¢ t=n,...,1 (|0i+ e2i 0. jt...jn |1i) t =1/2n/2 ¢ t=1,...,n (|0i+ e2ij/2 |1i) Quantum Fourier Transform |j1...jni is mapped to 1/2n/2 ¢ t=n,...,1 (|0i+ e2i 0. jt... jn |1i) Let Rk be the following gate/unitary operator Apply H to j1. Result: 1/21/2 ¢ (|0i+ e2i 0. j1 |1i) |j2,...,jni Now apply the Rt gate controlled by jt for t=2,...,n to the first qubit. Result: 1/21/2 ¢ (|0i+ e2i 0. j1,...,jn |1i) |j2,...,jni First qubit is now correct (corresponds to last desired qubit) Quantum Fourier Transform This is the circuit for QFT (up to changing the order of qubits) Number of gates: n+(n-1)++1=O(n2)=O(log2 L) Quantum Fourier Transform Caveat: The result of the QFT is a superposition, there is no exponential speedup of computing the Fourier transform in the classical sense (computing the whole vector) Properties of the QFT Computes in time O(n2), ie. can als be approximated by standard gates quickly QFT is unitary Set w=e2i/L, then FT-1L(i,j)=w-ij; 0· i,j· L-1 Translation invariance: Let QFT j=0,...,L-1 j |ji = j=0,...,L-1 j |ji Tk: |ji |j+k mod Li. QFT Tk j=0,...,L-1 j |ji = QFT j=0,...,L-1 j |j+k mod Li = j=0,...L-1 e2 ijk/L j |ji Period finding Function f: ZL!ZN given as black box Promise: there is a r<N: f(i)=f(i+r) for all i2ZL i j+kr ) f(i)f(j) Find r Try to solve this for arbitrary f Black box: Uf: |ji |yi |ji |f(j) yi; j2ZL; f(j)y 2 ZN Note that Order finding is an instance of Period finding with f(i)=xi Shor‘s Algorithm log L+log N work space log L qubits in |0i ; 02ZL log N qubits in |1i; 12ZN Apply Hadamard on the first register Apply Uf Result: Measure second register Result: Shor‘s Algorithm Result: 0 · j0 · r-1; L-r · j0+(A-1)r · L-1 A-1 < L/r < A+1 Shor‘s Algorithm Result: Now apply QFT Result: i.e. the probability of k is independent of j0 (translation invariance) Shor‘s Algorithm Result: Measurement now: Probability of k is Assumption : r is a divisor of L, i.e. A=L/r, then Shor‘s Algorithm Assumption : r is a divisor of L, i.e. A=L/r, then If A is a divisor of k, then =1/r If A is no divisor of k, then =0 (because there are r values k that are multiples of A, each contributing probability 1/r) I.e. we receive a multiple of A=L/r, say, cL/r with 0· c· r-1 With high probability: c and L/r have no common divisor Then gcd(cL/r,L)=L/r, L is known, hence we learn r. Shor‘s Algorithm In general: the probability of k is „favorizes“ values of k with kr/L close to an integer Geometric sum with k=2kr (mod L)/ L Shor‘s Algorithm with k=2(kr (mod L))/ L There are exactly r values k2ZL with -r/2· kr (mod L) · r/2 For those also - r/L· k· r/L i.e. with 0· j· A-1<L/r the angles jk all lie in the same halfspace ) constructive interference! Call such a k good Shor‘s Algorithm Some bounds: |1-eik|· |k| [direct distance „1“ to „eik“ is smaller than the length of the arc] |1-eiAk|¸ 2A|k|/, if A|k|· Set dist(0,)=|1-ei|, then dist(0,)/||¸ dist(0,)/=2/ A < (L/r)+1, hence Ak · A r/L < (1+r/L) use that kr· r/2 for a good k Shor‘s Algorithm |1-eik|· |k| ; |1-eiAk|¸ 2A|k|/, if A|k|· Ak · A r/L < (1+r/L) Shor‘s Algorithm Each of the r good values of k has probability close to 1/r, hence with constant probability we get a k with -r/2· kr (mod L) · r/2 [Success] |kr-cL|· r/2 for some c Then:|k/L-c/r|· 1/(2L), i.e. k/L is approximation of c/r We know k and L. Consider k/L as rational number (reduced). c is uniformly random from 0,...,r-1 c and r have no common divisor with probability at least 1/log r Then: computing c/r (as a rational number in reduced form) gives us also r Choose L large enough to get a good approximation Shor‘s Algorithm With constant probability we get k with |k/L-c/r|· 1/(2L) With probability 1/log r > 1/log L we have gcd(c,r)=1 Let r<N, L=N2 c/r is a rational number with denominator <N Any two such numbers are not closer than 1/N2=1/L > 1/(2L) The interval contains only one rational number c/r with denominator < N Find the rational number with denominator < N that is close to k/L Use the continued fractions algorithm to do that Continued fractions The continued fractions algorithm computed for a real its representation as continued fraction If |c/r-|· 1/(2r2), then one of the steps computes the pair c,r , after at mostO(t3) Operations for t-bit numbers Total running time/success probability k is good with constant probability With probability 1/log N also c is good (i.e. no common divisor with r) Need to repeat only O(log N) times For order finding in ZN choose L=N2, i.e. 2 log N +log N qubits are used Fourier transform in O(log2 L) Continued fractions finds r from k/L in time O(log3 L) Can check r for correctness using the black box Total time is O(log4 N), can be reduced to O(log3 N) Continued fractions Given: real Approximate by Take integer part as a0, invert remaining number, iterate Theorem: |p/q-|· 1/(2q2), then p/q appears after at most O(log (p+q)) steps