Download Introduction to Quantum Computation

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
Document related concepts

Aharonov–Bohm effect wikipedia , lookup

Instanton wikipedia , lookup

Matter wave wikipedia , lookup

Propagator wikipedia , lookup

Quantum dot cellular automaton wikipedia , lookup

Ensemble interpretation wikipedia , lookup

Topological quantum field theory wikipedia , lookup

Wave–particle duality wikipedia , lookup

Renormalization wikipedia , lookup

Relativistic quantum mechanics wikipedia , lookup

Renormalization group wikipedia , lookup

Scalar field theory wikipedia , lookup

Bell test experiments wikipedia , lookup

Basil Hiley wikipedia , lookup

Theoretical and experimental justification for the Schrödinger equation wikipedia , lookup

Bohr–Einstein debates wikipedia , lookup

Quantum decoherence wikipedia , lookup

Particle in a box wikipedia , lookup

Measurement in quantum mechanics wikipedia , lookup

Quantum field theory wikipedia , lookup

Density matrix wikipedia , lookup

Double-slit experiment wikipedia , lookup

Delayed choice quantum eraser wikipedia , lookup

Hydrogen atom wikipedia , lookup

Quantum dot wikipedia , lookup

Quantum entanglement wikipedia , lookup

Coherent states wikipedia , lookup

Copenhagen interpretation wikipedia , lookup

Bell's theorem wikipedia , lookup

Path integral formulation wikipedia , lookup

Max Born wikipedia , lookup

Quantum fiction wikipedia , lookup

Symmetry in quantum mechanics wikipedia , lookup

Orchestrated objective reduction wikipedia , lookup

Many-worlds interpretation wikipedia , lookup

Probability amplitude wikipedia , lookup

Quantum electrodynamics wikipedia , lookup

EPR paradox wikipedia , lookup

History of quantum field theory wikipedia , lookup

Quantum computing wikipedia , lookup

Interpretations of quantum mechanics wikipedia , lookup

Quantum group wikipedia , lookup

Quantum teleportation wikipedia , lookup

Quantum machine learning wikipedia , lookup

Canonical quantization wikipedia , lookup

Quantum state wikipedia , lookup

T-symmetry wikipedia , lookup

Quantum cognition wikipedia , lookup

Hidden variable theory wikipedia , lookup

Quantum key distribution wikipedia , lookup

Transcript 
Potentially Disruptive Technologies
Quantum Computation and Cryptography
Michele Mosca
Canada Research Chair in Quantum Computation
15 April 2003
www.iqc.ca
Perimeter Institute is a
community of theoretical
physicists dedicated to
investigating fundamental
issues in theoretical physics.
www.perimeterinstitute.ca
Outline
What is quantum information processing?
What does quantum mechanics make
possible?
What quantum mechanics make impossible?
When will quantum information processing be
realized?
Computer technology is making
devices smaller and smaller…
…reaching a point where classical
physics is no longer a suitable
model for the laws of physics.
Physics and Computation
• Information is stored in a physical medium,
and manipulated by physical processes.
• The laws of physics dictate the capabilities of
any information processing device.
• Designs of “classical” computers are implicitly
based in the classical framework for physics
• Classical physics is known to be wrong or
incomplete… and has been replaced by a more
powerful framework: quantum mechanics.
The nineteenth century was known as the machine age, the twentieth
century will go down in history as the information age. I believe the twentyfirst century will be the quantum age. Paul Davies, Professor Natural
Philosophy – Australian Centre for Astrobiology
The design of devices on such a small scale will
require engineers to control quantum mechanical
effects.
Allowing computers to take advantage of
quantum mechanical behaviour allows us to do
more than cram increasingly many microscopic
components onto a silicon chip…
… it gives us a whole new framework in which
information can be processed in fundamentally
new ways.
A simple experiment in optics
…consider a setup involving a photon source,
a half-silvered mirror (beamsplitter),
and a pair of photon detectors.
detectors
photon
source
beamsplitter
Now consider what happens when we fire a
single photon into the device…
50%
50%
Simplest explanation: beam-splitter acts
as a classical coin-flip, randomly sending
each photon one way or the other.
The “weirdness” of quantum mechanics…
… consider a modification of the experiment…
100%
The simplest explanation for
the modified setup would still
predict a 50-50 distribution…
full mirror
The simplest explanation is wrong!
Classical probabilities…
Consider a computation tree for a simple two-step (classical) probabilistic
algorithm, which makes a coin-flip at each step, and whose output is 0 or 1:
1
2
1
2
0
1
2
1
2
1
1
2
0
1
The probability of the computation following
a given path is obtained by multiplying the
probabilities along all branches of that
path… in the example the probability the
computation follows the red path is
1 1 1
 
2 2 4
The probability of the computation giving the
answer 0 is obtained by adding the
probabilities of all paths resulting in 0:
1
1
1


4 4 2
…vs quantum probabilities …
In quantum physics, we have probability amplitudes, which
can have complex phase factors associated with them.
1
2
1
2
1
2

|0
1
2
|1
1
2
|0
1
2
|1
The probability amplitude associated with a path
in the computation tree is obtained by multiplying
the probability amplitudes on that path. In the
example, the red path has amplitude 1/2, and the
green path has amplitude –1/2.
The probability amplitude for getting the answer |0
is obtained by adding the probability amplitudes…
notice that the phase factors can lead to
cancellations! The probability of obtaining |0 is
obtained by squaring the total probability
amplitude. In the example the probability of
getting |0 is
2
1 1
   0
2 2
Explanation of experiment
… consider a modification of the experiment…
100%
The simplest explanation for
1
1
the modified setup would still
0  0 1 0
predict a 50-50 distribution…
2
2
1
1
2
0
1
1
1  1  01
2
2
1
0
2
full mirror
When do we use which probability rules?
•If no path information is revealed, we must use
the quantum probability rules.
•If full path information is revealed, we must use
the classical probability rules.
•If partial path information is revealed, we must
use a combination of the two; i.e. there is a more
general set of rules that encapsulates both.
Quantum mechanics and information
Any physical medium capable of
representing 0 and 1 is in principle capable
of storing any linear combination 0 0  1 1
What does 0 0  1 1 really mean??
It’s a “mystery”. THE mystery. We don’t
understand it, but we can tell you how it works.
(Feynman)
The world of the quantum may be bizarre, but it is our world and our future.
Gerard Milburn, author of Schrödinger’s Machines.
Quantum mechanics and information
Any physical medium capable of
representing 0 and 1 is in principle capable
of storing any linear combination 0 0  1 1
How does this affect computational complexity?
How does this affect information security?
How does this affect communication complexity?
Would you believe a quantum proof?
How does quantum information help us better
understand physics?
How does this affect what is
feasibly computable?
Which “infeasible” computational tasks
become “feasible”?
How does this affect “computationally
secure” cryptography?
What new computationally secure
cryptosystems become possible?
Generalization to n qubits
The general state of n qubits is
α
x
x
x{0 ,1}n
where the x are complex numbers satisfying the
normalization constraint
α
2
x
 1.
x{0 ,1}n
The state is represented by a unit vector in an exponentially
large vector (Hilbert) space!
Note, therefore, that it seems exponentially hard to simulate n
quantum particles on a classical computer (Feynman).
The Classical Computing Model
A “Probabilistic Turing Machine” (PTM) is an abstract
model of the modern (classical) computer.
Strong Church-Turing Thesis:
A PTM can efficiently simulate any realistic model of
computing.
Widespread belief in the Strong Church-Turing
thesis has been one of the underpinnings of
theoretical computer science.
What do we mean by “efficient”?
The complexity of an algorithm
measures how much of some resource
(e.g. time, space, energy) the algorithm
uses as a function of the input size.
e.g. the best known algorithms for
factoring an n bit number uses time in
O e(1.92o (1))( n)

1
2
3 (logn ) 3
  k3 n


(number field sieve algorithm)
Factoring is believed to be hard on a Turing
machine (or any equivalent model), but how
do we know that there isn’t some novel
architecture on which it is easy?
The Strong Church Turing thesis tells us
that all reasonable models can be efficiently
simulated by a PTM, which implies that if it’s
hard for a PTM it must be hard for any other
reasonable computer.
i.e. we believe computational problems, like
factoring, have an intrinsic difficulty,
independent of how hard we try to find an
efficient algorithm.
In the early 1980s, Richard Feynman observed that
it seems implausible for a PTM to efficiently
simulate quantum mechanical systems…
…quantum computers are
quantum mechanical systems…
… so quantum computing is a model
which seems to violate the Strong
Church-Turing thesis!
Are quantum computers realistic?
The answer seems to be YES!
If the quantum computers are a reasonable model
of computation, and classical devices cannot
efficiently simulate them, then the Strong ChurchTuring thesis needs to be modified to state:
A quantum computer can efficiently simulate
any realistic model of computation.
A quantum circuit provides an visual representation
of a quantum algorithm.
0
0
0
0
initial
state
quantum gates
time
measurement
Quantum Parallelism
Why are quantum computers capable of solving seemingly
very difficult mathematical problems?
Since quantum states can exist in exponential
superposition, a computation of a function being performed
on quantum states can process an exponential number of
possible inputs in a single evaluation of f :
2 n 1
αx x
i 0
2 n 1
f
α
i 0
x
f ( x)
By exploiting a phenomenon known as quantum interference,
some global properties of f can be deduced from the output.
Applications
• Efficient simulations of quantum systems
• Phase estimation; improved time-frequency and
other measurement standards (e.g. GPS)
• Factoring and Discrete Logarithms
• Hidden subgroup problems
• Amplitude amplification
• and much more…
Quantum Algorithms
Integer Factorization (basis of RSA cryptography):
Given N=pq, find p and q.
Discrete logarithms (basis of DH crypto, including ECC):
a,b  G
,
ak = b
, find k
Computational Complexity Comparison
Classical
Factoring

e
O n1 / 3 log2 / 3 n
Elliptic
Curve
Discrete
Logarithms
e
O n 
Quantum

On e
O logn 
On e
O logn 
(in terms of number of group multiplications for n-bit inputs)
Which cryptosystems are threatened
by Quantum Computers??
Information security protocols must be studied in the context
of quantum information processing.
The following cryptosystems are insecure against such
quantum attacks:
• RSA (factoring)
• Rabin (factoring)
• ElGamal (discrete log, including ECC – see Proos and Zalka)
http://arxiv.org/abs/quant-ph/0301141
•Buchmann-Williams (principal ideal distance problem)
•and others… (see MMath thesis, Michael Brown, IQC)
We need to worry NOW about information that needs to
remain private for long periods of time.
It takes a long time to change an infrastructure.
What sort of cryptography will
quantum computers enable?
Can efficient factoring, discrete logarithms, or other efficient
quantum tasks be used to produce new computationally
secure cryptosystems secure against quantum attacks?
•A quantum public key cryptosystem was proposed by a group in
Japan [OTU00]; require a quantum computer to set up the system,
but only require classical means to encrypt and decrypt
•others??
These are techniques that can be employed once largescale quantum computation are available.
Amplitude Amplification
Consider any function f : X  {0,1}.
Find x satisfying f(x)=1.
Suppose algorithm A succeeds with probability p.
With classical methods, we expect to repeat A a total
1 time before finding a solution, since
of
p
each application of A “boosts” the probability of
finding a solution by roughly p
p  p  p  p  p  p  p  p  p   1



1/ p
Amplitude Amplification
(Grover96, BBHT98, BH97, Gro98, BHMT02)
A quantum mechanical implementation of A succeeds with
probability amplitude p .
With quantum methods, each application of A
“boosts” the probability amplitude of finding a
solution by roughly
p
p  p  p   1


1/ p
i.e. we get a square-root speedup!
Application of Amplitude
Amplification: Searching a key space
f (x)=1 if and only if x is the correct n-bit cryptographic key
Find an x satisfying f(x)=1.
Suppose algorithm A succeeds with probability p=1/2n.
We can iterate A and f
 
O 2n / 2
times to find such an
x.
i.e. we need to roughly double our key lengths
This algorithm is VERY broadly applicable to any sort of
computational search.
How else does quantum
mechanics affect
information security?
No-cloning theorem
There is no procedure that will copy or “clone” an
arbitrary quantum state, i.e.
ψ 0 ψ ψ
Such an operation is not linear, and is not permitted by quantum
mechanics.
We can copy all the elements of an orthogonal set of states, but
when we extend this operation linearly, no other states will be
correctly cloned. For example, we can map
0 0 0 0
However
0
1 0 11
 1  0  0 0  1 1   0  1  0  1 
Eavesdropper detection
Any attempts to produce pseudo-clones will be detected
with significant probability. In general, any scheme to
extract information about the state of a quantum
system, will disturb the system in a way that can be
detected with some probability.
This idea motived Wiesner to invent quantum money
around 1970. His work was essentially ignored by the
scientific community for a decade, until Bennett and
Brassard built on these ideas to create quantum key
distribution.
Quantum Key Establishment
(general idea)
Alice
quantum bits
Bob
Eve
Alice and Bob measure their qubits
Quantum Key Distribution
(general idea)
Authenticated public channel
Alice and Bob publicly discuss the information they
measured to assess how much information Eve could
have obtained.
If Eve’s information is very likely to be below a certain
constant threshold, they can communicate further and
distill out a very private shared key (“privacy
amplification”). Otherwise they abandon the key.
Quantum Information Security
We can exploit the eavesdropper detection that is
intrinsic to quantum systems in order to derive new
“unconditionally secure” information security protocols.
The security depends only on the laws of physics, and
not on computational assumptions.
•Quantum key establishment (available now/soon)
•Quantum random number generation (available now/soon)
•Quantum money
(require stable quantum memory)
•Quantum digital signatures (requires quantum computer)
•Quantum secret sharing
(requires quantum computer)
•Multi-party quantum computations
•and more…
Implementations?
Why is it so hard?
How will they be built?
When will we see quantum
information processors?
Quantum Information is Fragile
CLASSICAL
106 eV
QUANTUM
|0
10-6 eV
0
1
|1
• low energy
• control of operations
• superpositions are very fragile
• isolation from environment
Quantum Error Correction
… allows quantum computation in the presence of noise.
A quantum computation of any length
can be made as accurate as desired,
so long as the noise is below some
threshold, e.g. P < 10-4.
Significance:
• imperfections and imprecision are not fundamental
obstacles to building quantum computers
• gives a criterion for scalability
 guide for experimentalists
 benchmark for comparing technologies
Devices for Quantum Computing
• Atom traps
• Cavity QED
• Electron floating on helium
• Electron trapped by surface acoustic waves
• Ion traps
• Nuclear magnetic resonance (NMR)
• Quantum optics
• Quantum dots
• Solid state
• Spintronics
• Superconducting Josephson junctions
•and more…
Implementations
Who’s Trying?
• Aarhus
• Berkeley
• Caltech
• Cambridge
• College Park
• Delft
• DERA (U.K.)
• École normale supérieure
• Geneva
• HP Labs (Palo Alto and Bristol)
• Hitachi
• IBM Research (Yorktown Heights and
Palo Alto)
• Innsbruck
• Los Alamos National Labs
• McMaster
• Max Planck Institute-Munich
• Melbourne
• MIT
• NEC
• New South Wales
• NIST
• NRC
• Orsay
• Oxford
• Paris
• Queensland
• Santa Barbara
• Stanford
• Toronto
• Vienna
• Waterloo
• Yale
• many others…
Bottom line
What are the capabilities of quantum information
processors?
What will be the impact of these capabilities?
Which technologies will be realized and when?
What technologies will be implemented
and when?
Quantum random number generators: now.
Quantum key establishment: <10 years; some prototypes
already available
Small scale quantum computers (e.g. needed for long
distance quantum communication): medium term
Large scale quantum computers: medium-long term
Precise times are hard to predict since we are in the early
stages and still trying a very broad range of approaches.
Once we focus on technologies that show promise, expect
progress to be very fast.
•Wireless Sensor Networks
•Injectable Tissue Engineering
•Nano Solar Cells
•Mechatronics
•Grid Computing
•Molecular Imaging
•Nanoimprint Lithography
•Software Assurance
•Glycomics
•Quantum Cryptography
Goal: to take quantum information from
the blackboard to the drawing board
Investments Canada makes today in quantum computing will set the
foundation for Canada’s global commercial success in this important
new technology over the coming century. Mike Lazaridis, President
and co-CEO, RIM.
www.quantumworks.net
Related documents
Quantum mechanical model
Quantum mechanical model
Prof. Bertrand Reulet, Université de Sherbrooke, Canada Talk: 23. May 2014
Prof. Bertrand Reulet, Université de Sherbrooke, Canada Talk: 23. May 2014
An Introduction to Quantum Computing
An Introduction to Quantum Computing
Project suggestion as part of the course 203-1-3431 November 7 , 2011
Project suggestion as part of the course 203-1-3431 November 7 , 2011
“Can Quantum-Mechanical Description of Physical Reality Be Considered Complete?” JOSEPH LEONARD TUBERGEN
“Can Quantum-Mechanical Description of Physical Reality Be Considered Complete?” JOSEPH LEONARD TUBERGEN
Probing contextuality with superconducting quantum circuits Talk 27. Oct. 2015 ABSTRACT:
Probing contextuality with superconducting quantum circuits Talk 27. Oct. 2015 ABSTRACT:
Some Families of Probability Distributions Within Quantum Theory
Some Families of Probability Distributions Within Quantum Theory
Non-equilibrium physics of quantum materials Department of Physics and Physical Oceanography Colloquium
Non-equilibrium physics of quantum materials Department of Physics and Physical Oceanography Colloquium
`12
`12
3.4 quantum numbers
3.4 quantum numbers
Quantum Model Worksheet
Quantum Model Worksheet
Periodic boundary physics etc
Periodic boundary physics etc
THE UNCERTAINTY PRINCIPLE The uncertainty principle states
THE UNCERTAINTY PRINCIPLE The uncertainty principle states
There are 4 quantum numbers. - 12S7F-note
There are 4 quantum numbers. - 12S7F-note
Example Syllabus
Example Syllabus
Quantum Numbers and Electron Configurations Worksheet
Quantum Numbers and Electron Configurations Worksheet