Download 12 Simon Oracle Problem

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
Document related concepts

Determinism wikipedia , lookup

Transcript 
Quantum Computing:
What’s It Good For?

John
Bell
Stacy Seitz
Scott Aaronson
Computer Science Department, UC Berkeley
January 10, 2002
www.cs.berkeley.edu/~aaronson
1
Elementary gates


Hadamard gate
Phase shift
1

| 0  2 | 0  
H 
1
 | 1 
|0

2
 | 0  | 0 
Z 
| 1   | 1 
1
2
1
2
|1 
|1 
Elementary gates

Rotation by angle 
| 0  ei | 0 
T 
i
| 1  e | 1 

Controlled NOT
 00

 01
CNOT  
 10
 11

 00
 01
 11
 10
Universality

Any quantum computation can be
performed by a circuit consisting of
Hadamard, phase, rotation by /8 and
controlled NOT gates.
Classical vs. Quantum Circuits
We can transform a classical circuit
for F to quantum circuit.
|x>
|0>
|x>
F
|F(x)>
Add extra input initialized to 0.
Example
Quantum
Classical
x
y
^
|x>
|x>
|y>
|y>
|0>
|xy>
|a>
|a(xy)>
Toffoli gate.
Quantum parallelism


|x>
|x>
|0>
|f(x)>
By linearity,
x |x> |0>
 |x> |f(x)>
x
Many evaluations of f in unit time.
Quantum parallelism

Once we measure
 |x> |f(x)>
x


we get one particular x and f(x).
Same as if we evaluated f on a random x.
Quantum parallelism


Is it useful?
We cannot obtain all values f(x) from
 |x> |f(x)>
x

because quantum states cannot be
measured completely.
We can obtain quantities that depend on
many f(x).
Quantum interference

Hadamard transform:

 H | 0 

 H | 1 

1
|0 
2
1
|0 
2
1
|1 
2
1
|1 
2
1
 1

H
|0
| 1   | 0 
2
 2

Illustrate this with
Bloch Sphere
Quantum interference





Negative interference: |1> and -|1> cancel out
one another.
Positive interference: |0> and |0> add up to a
higher probability.
Use quantum parallelism to compute many f(x).
Use positive interference to obtain information
that depends on many values f(x).
Ideal for number-theoretic problems (factoring).

1
Hadamard matrix: H   2
1

2

2 

1

2 
1
H|0 = (|0+|1)/2
H|1 = (|0-|1)/2
H(|0+|1)/2 = |0
H(|0-|1)/2 = |1
Quantum Circuits

Unitary operation is local if it applies to
only a constant number of bits (qubits)
• Given a yes/no problem of size n:
1. Apply order nk local unitaries for constant k
2. Measure first bit, return ‘yes’ iff it’s 1
• BQP: class of problems solvable by such a
circuit with error probability at most 1/3
(+ technical requirement: uniformity)
The Power of Quantum Computing

Bernstein-Vazirani 1993:
BPP  BQP  PSPACE
BPP: solvable classically with order nk time
PSPACE: solvable with order nk memory
• Apparent power of quantum computing
comes from interference
- Probabilities always nonnegative
- But amplitudes can be negative (or complex), so paths
leading to wrong answers can cancel each other out
Simon’s Problem
Given a black box
x
f(x)
Promise: There exists a secret string s such that
f(x)=f(y)  y=xs for all x,y (: bitwise XOR)
Problem: Find s with as few queries as possible
Simon’s Problem more
formally
Simon’s Problem
Determine whether f(x) has is distinct on an XOR mask or distinct
on all inputs using the fewest queries of the oracle. (Find s)
Classical Simon
0
1
00
A
C
01
C
A
10
D
B
11
B
D
S=011
Guess what are
Simon’s functions?
Example
Input x
000
001
010
011
100
101
110
111
Output
f(x)
4
2
3
1
2
4
1
3
Secret string s:
101
f(x)=f(xs)
Quantum Simon’s problem

Function F:{0, 1}n {0, 1}n.
|x>
|0>


F
|x>
|F(x)>
Given: is function F such that F(x+s)=F(x) for
all x, where operation + is a bitwise addition.
This is a cyclic function such as cosine
Find: number s.
Quantum Algorithm [Simon, 1994]
|x>
|0>
H
H
H
H
H
F
|y>
H
|0>
|f(x)>
Repeat n times and combine results y1,..., yn.
• Observe that yi are AFTER Hadamard.
The trick here is to use Hadamard transform at the inputs
and outputs of F
review
Hadamard transform
1

| 0  2 | 0  
H 
1
 | 1 
|0

2
1
2
1
2
|1 
|1 
Hadamard on n qubits
|0>
H
1
2
|0>
H
1
2
n
|0
1
|0
1
1
1
 1

|0 
|0
| 1  
2
 2

2n
n
As you remember we do
Kronecker product for
gates that are in parallel
2
2
|1 
|1 
| x 
x0 ,1n
Kronecker product of
unitary matrix of H gate
Simon’s algorithm step-by-step
If F(X)is distinct
If F(X)is distinct
|0>
H
H
H
H
H
F
|y>
Here n = 3
H
|F(x)>
|0>
1
2n
| x  | 0 
x0 ,1n
From last slide
1
2
n
 | x  | F ( x) 
x0,1n
Kronecker Product
of Unitary Matrices
Simon’s algorithm step-by-step
We add Hadamards at the
outputs and observe
|0>
H
H
H
H
H
F
|y>
H
|F(x)>
|0>
Here n = 3
1
2n
| x  | 0 
x0 ,1n
From last slide
1
2
n
 | x  | F ( x) 
x0,1n
Kronecker Product
of Unitary Matrices



Partial measurement of last n bits.
We get some value y=F(x).
1
The state
| x  | F ( x) 
2n

collapses to part
|0>
Measuring F(x)

x0,1n
 | x  | y  consistent with y=F(x).
F ( x ) y
H
H
H
H
H
F
2n
Here n = 3
H
|F(x)>
|0>
1
|y>
| x  | 0 
x0 ,1n
1
2


n
 | x  | F ( x) 
x0,1n
1. measure the last n qubits
2. perform Hadamard on first n qubits.
Last step

We now have the state
(| x   | x  z ) | y 


How do we get z?
Measuring the first register would give
only one of x and x+z.
Simon’s algorithm
|0>
H
H
H
H
H
F
|y>
H
|f(x)>
|0>
 z )
(| x   | x 
Measuring
the first register would give only one of x and x+z.
This is why we measure through the output Hadamard Transform
Hadamard transform
1

| 0  2 | 0  
H 
1
 | 1 
|0

2
H | x 
1
2
|0
1
2
1
2
1
2
|1 
|1 
(1) x | 1 
1 1
1 -1
Please observe when we
have positive and when
negative values
Hadamard transform
|x1>
|x2>
...
|xn>
H
1
2
1
H
2
...
H
1
2
|0
1
2
1
|0
2
...
|0
1
2
(1)
x1
x2
|1 
xn
|1 
(1)
(1)
|1 
x y
| x1 x2 ...xn    (1) i i | y1 y 2 ... y n 
y1 y2 ... yn
Hadamard transform
Let us analyze signs in |x> and |x+z>
x y
| x    (1) i i | y1 y 2 ... y n 
y1 y2 ... yn
 (x  z ) y
i
i i | y y ... y 
| x  z    (1)
1 2
n
y1 y2 ... yn
Signs are the same iff zi yi= 0 mod 2.
Simon’s Algorithm - 1993
 Simon’s algorithm examines an oracle problem which takes polynomial
time on a quantum computer but exponential time on a classical
computer.
 His algorithm takes oracle access to a function
f: {0, 1}n  {0, 1}n, runs in poly(n) time and behaves as follows:
1. If f is a permutation on {0, 1}n, the algorithm outputs an n-bit
string y which is uniformly distributed over {0, 1}n.
2. If f is two-to-one with XOR mask s, the algorithm outputs an n-bit
string y which is uniformly distributed over
y * s = 0.
the 2n-1 strings such that
3. If f is invariant under XOR mask with s, the algorithm outputs
some n-bit string y which satisfies y * s =0.
Simon’s Algorithm
 Simon showed that when he runs this procedure O(n) times, a
quantum algorithm can distinguish between Case 1 and Case 3
with high probability.
 He also showed that in Case 2 the algorithm can be used to
efficiently identify s with high probability.
 After analyzing the success probability of classical oracle
algorithms for his problem he came up with the following
theorem:
Let On  s {0, 1}n be chosen uniformly and let
f :{0, 1}n  {0, 1}n be an oracle chosen uniformly from the set
of all functions which are two-to-one with XOR mask s. Then
(i) there is a polynomial-time quantum oracle algorithm which
identifies s with high probability; (ii) any p.p.t classical oracle
algorithm identifies s with probability 1/2(n).
Simon’s Algorithm
• Classically, order 2n/2 queries needed to find s
- Even with randomness
• Simon (1993) gave quantum algorithm using
only order n queries
• Assumption: given |x, can compute |x|f(x)
efficiently
Schematic Diagram
O
b
s
e
r
v
e
|0
|0
H
n
H
|0
|0
|0
f(x)
|0
1. Prepare uniform superposition
n
O
b
s
e
r
v
e
1
2

x

x

s

f
3. Measure |f(x), yielding
1
2n /
2

x
f

x

x
0 ,1

n
2. Compute f:
for some x

x

Simon’s Algorithm (con’t)
1. Prepare uniform superposition
1
2. Compute f: n / 2
2

x f  x
x0,1
n
3. Measure |f(x), yielding
for some x
1
 x  xs
2
 f  x
Schematic Diagram
|0
|0
H
n
H
|0
|0
|0
|0
f(x)
O
b
s
e
r
v
e
n
O
b
s
e
r
v
e
Schematic Diagram
|0
|0
H
n
H
|0
|0
|0
|0
f(x)
O
b
s
e
r
v
e
n
O
b
s
e
r
v
e
Schematic Diagram
|0
|0
H
n
H
|0
|0
|0
|0
f(x)
O
b
s
e
r
v
e
n
O
b
s
e
r
v
e
Simon’s Algorithm (con’t)
1
2

4. Apply H   1

2

2 
to each bit of

 1 
1
2
1
2
Result:
1
22n / 2
x
 xs

x y
 x s  y 

y
 n  1   1

y 0,1
 
where
 n

x y    xi yi  mod 2
 i 1

Simon’s Algorithm (con’t)
5. Measure. Obtain a random y such that
x y   x  s  y  s y  0.
6. Repeat steps 1-5 order n times. Obtain a
linear system over GF2:
s y1  0
s y2  0
7. Solve for s. Can show solution is unique with
high probability.
Summary of Simon

Measuring the final state gives a vector y such
that
yi zi  0 (mod 2)




n-1 such constraints uniquely determine z, with
high probability.
Quantum parallelism: computing F for many
values simultaneously.
Quantum interference: Hadamard transform.
Quantum Simon: more details
An Open Question
(you could be famous!)
Concluding: Period finding

Function F:NN
|x>
|0>

F
|x>
|F(x)>
such that F(x)=F(x+r) for all x.
Find r.
Now we want to apply it to Shor
Period Finding
• Given: Function f from {1…2n} to {1…2n}
Promise: There exists a secret integer r such
that f(x)=f(y)  r | x-y for all x
Problem: Find r with as few queries as possible
• Classically, order 2n/3 queries to f needed
• Inspired by Simon, Shor (1994) gave quantum
algorithm using order poly(n) queries
Example: r=5
10
9
8
7
6
5
4
3
2
1
0
0
1
2
3
4
5
6
7
8
9
10 11
Factoring and Discrete Log
• Using period-finding, can factor integers in
polynomial time (Miller 1976)
• Also discrete log: given a,b,N, find r such that
arb(mod N)
• Breaks widely-used public-key cryptosystems:
RSA, Diffie-Hellman, ElGamal, elliptic
curve systems…
Order finding


The order of aZN * modulo N is the smallest integer r>0
such that
ar1 (mod N)
For example, order of 4 mod 7 is 3:
41  4,
42 =162(mod 7),
43 =641 (mod 7),
44 =64*44 (mod 7),..


Four
again
Factoring reduces to order-finding.
In the moment we will show how it reduces to orderfinding.
So now we have to create a function and find its order
Period finding

Function F:NN
|x>
|0>

F
|x>
|F(x)>
such that F(x)=F(x+r) for all x.
Find smallest r.
The algorithms
depend on what
we mean by
addition here
oracle
Before we explain how order is used in factorization, we have to
review about some other problems, Simon, etc.
Algorithm [Shor, 1994]
|0>
QFT
F
QFT
|0>
Find factor by continued fraction expansion.
Shor’s algorithm step-by-step
|0>
QFT
QFT
F
The
second
register
|0>
1
M
What is M?
M
| x  | 0 
x 1
1
M
M
 | x  | F ( x) 
x 1
Shor’s algorithm step by step

Measuring the second register leaves the
first register in a state consisting of all x
with the same F(x):
|d>+|d+r>+…+|d+ir>
|0>
QFT
QFT
F
The
second
register
|0>
1
M
M
| x  | 0 
x 1
1
M
M
 | x  | F ( x) 
Quantum Fourier transform (QFT)
T| j
1
M 1
M
i 0
e
2 i Mj k
|k 
If M=2, this is Hadamard transform.
We can check it by substituting M=2
QFT detects periods

Assume r divides M.
|  

M

 d  d  r  ...  d    1r
M / r 
 r

1

Then,

If j relatively prime with r,
r 1
M
T   a j j 
r
j 0
jM  M

gcd  M,
.

r  r





QFT detects periods

Assume r does not divide M.
 M  d  1
  d  d  r  ...  d  
r

r



Then, most of T| consists of |k> with
jM
k
r
QFT detects periods
r does not
divide M
r divides M
M 2M
0
r
r
3M
r
M
0
r
Can we find r?
2 M 3M
r
r
Continued fraction expansion


Number theory algorithm.
Given k, M, finds j, r such that
jM
k
r

is smallest among all j and r  r0.
If M=(r2), correct w.h.p.
Summary of
Shor’s factoring algorithm





1. Reduce factoring to period-finding.
2. Generate a quantum state with period r.
In the easy case, QFT transforms a state
with period r into multiples of M/r.
General case: same but approximately.
Continued fraction algorithm finds the
closest multiple of M/r.
Conclusion
 Known quantum algorithms can be split into 3
groups depending on the methods they use:
 The first group contains algorithms which are based


on determining a common property of all the output
values. For example, Shor’s Algorithm.
The second group contains those which transform the
state to increase the likelihood that the ouput of
interest will be read, Grover’s Algorithm.
The third group contains algorithms which are based
on a combination of methods from the previous two
groups.
Conclusion (cont.)


Currently very few quantum algorithms
are known and the search for new ones
has had very limited success due to the
absence of an understanding of why
quantum algorithms work.
Quantum algorithms can provide at most a
square-root speedup for carrying out an
unstructured search.
Resources
 http://hplbwww2.hpl.hp.com/brims/websems/quantum/ekert/sli6.ht





ml
http://people.deas.harvard.edu/~rocco/Public/icalp01.pdf
http://www.dcs.ex.ac.uk/~jwallace/history.htm
http://planck.thphys.may.ie/jtwamley/thesis/Hovland/thesis/node43.
shtml
http://www.imsa.edu/~matth/cs299/
http://www.bell-labs.com/user/feature/archives/lkgrover/
Related documents
Quantum mechanical model
Quantum mechanical model
Télécharger le sujet de stage - Laboratoire de Physique des Solides
Télécharger le sujet de stage - Laboratoire de Physique des Solides
David Williams (University of Cambridge)
David Williams (University of Cambridge)
HWU4-21 QUESTION: The principal quantum number, n, describes
HWU4-21 QUESTION: The principal quantum number, n, describes
Project suggestion as part of the course 203-1-3431 November 7 , 2011
Project suggestion as part of the course 203-1-3431 November 7 , 2011
An Introduction to Quantum Computing
An Introduction to Quantum Computing
THE UNCERTAINTY PRINCIPLE The uncertainty principle states
THE UNCERTAINTY PRINCIPLE The uncertainty principle states
Prof. Bertrand Reulet, Université de Sherbrooke, Canada Talk: 23. May 2014
Prof. Bertrand Reulet, Université de Sherbrooke, Canada Talk: 23. May 2014
Outline Summary
Outline Summary
Probing contextuality with superconducting quantum circuits Talk 27. Oct. 2015 ABSTRACT:
Probing contextuality with superconducting quantum circuits Talk 27. Oct. 2015 ABSTRACT: