Download KyleBoxPoster

A Quantum Algorithm for Testing for Mersenne Primes
Kyle Box and Harsh Mathur
Department of Physics, CWRU
10900 Euclid Ave., Cleveland, OH 44106
ABSTRACT
In this project we will be looking for a quantum algorithm to solve a specific number theory problem - testing for Mersenne
primes. Prime numbers play an important role in modern life, mostly in various data encryption schemes, and Mersenne
primes have a particularly interesting and simple structure: They are primes which are one less than a power of 2. Currently,
Shor’s Algorithm is the only quantum algorithm for an important problem that is better than its classical counterpart. The
algorithm is used for factoring integers, which classically requires exponential time. Shor’s Algorithm only requires time
polynomial in the log of the integer. This project will attempt to find a quantum algorithm that will successfully test whether a
number if a Mersenne prime, and ideally will perform faster than classical algorithms.
QUANTUM COMPUTING
Classical computers store their data in classical bits, which contain the discrete values 0 or 1. Input Bits AND OR XOR
Arithmetic is performed on this bits via gates; the NOT gate is the simplest non-trivial gate,
0
0
0
0
0
and it merely inverts the bit: and 0 becomes a 1 and a 1 becomes a 0. This and the identity gate
0
1
0
1
1
represent all possible actions on a single bit. With 2 input bits, we have a total of 4 possible
1
0
0
1
1
input values. Every input has 2 possible outputs, giving us 24 = 16 possible actions. There are
1
1
1
1
0
three gates that are particularly interesting: the AND, OR, and XOR gates, whose actions are
Figure 1: Actions of classical AND,
shown in table 1.
OR, and XOR gates.
Multiple gates can be chained together to introduce more complicated
arithmetic. A full adder, which is used to perform the addition of two bits,
is composed of just 2 AND gates, 2 XOR gates, and 1 OR gate. The adder
has three inputs (the two bits to add and a carry in bit) and two outputs
(result of the sum and the carry out bit); the gate-level implementation is
shown in figure 2a using the typical symbols for each gate. Chaining
together n full adders results in an n-bit ripple carry adder, as in figure 2c.
As it turns out, all classical algorithms can be implemented with some
combination of the identity, NOT, AND, OR, and XOR gates.
Quantum computers operate on a similar principle. The data is stored in a
quantum bit (qbit for short). However, these qbits are encoded as states in
Figure 2: a) Implementation (top left), b) black box
some two-level quantum mechanical system (the typical example is the
schematic (top right) of a full adder, and c) a 4-bit adder
spin of an electron: spin up corresponds to 0 , and spin down is 1 ). The
(bottom). Images courtesy of Wikipedia:
two qbits must compose a basis of the system; then any state in the
http://en.wikipedia.org/wiki/Adder_%28electronics%29
system can be represented a superposition of 0 and
system
1 . One way to view a qbit is by the Bloch sphere, a geometrical
representation of a qbit, which is shown in figure 3. The state ψ is represented by   cos 0  ei sin  1 , and as long as ψ is
not |0> or |1> the representation is unique.
Just as classical computers store larger sets of data by putting bits together, we can have n
entangled particles each encoding a separate qbit of an n-qbit system. Such a collection of
entangled qbits is called a quantum register. Unlike classical registers, which have definite
values, a n qbit quantum register can be in a superposition of all 2n possible states. Our
notation is to write a quantum register simply as x , where x is the decimal equivalent of
the binary number xn-1xn-2…x1x0.
This superposition allows for a huge amount of parallelization when we perform a single Figure 3: Bloch sphere representation
operation on a range of values. Classically we must calculate f(0), f(1), ... one at a time, for of a qbit. Image courtesy of Wikipedia:
a total of 2n operation. Quantum mechanically, we can put our register in a superposition of http://en.wikipedia.org/wiki/Bloch_sph
ere
1
0
aaa,
, … and perform the calculation on this superposition. The end result is a
superposition of f (0) , f (1) , ...: What took us 2n operations classically takes 1 quantum mechanically!
Unfortunately, there is no way to extract all this information. As soon as we take a measurement to find one of the values, the
state collapses into one of the two basis vectors and we lose all other information. A common trick with quantum algorithms,
them, is to find a way to manipulate the output superposition so that we have a high probability of obtaining useful
information. Shor employed this trick in his factoring algorithm, which runs exponentially faster than any classical factoring
algorithm.
Exactly like classical computers, arithmetic on quantum computers is performed via quantum gates, which are implemented
as operators on various numbers of qbits. Due to the property of superposition, there are infinitely more possible quantum
gates than classical gates. Of course, the identity and the NOT gates are possible, but there is also the particularly useful
Hadamard
1 1 
 .
Hadamard gate, whichis defined as H  
1  1
The usefulness of this gate is that it takes a basis qbit into a superposition of the two basis qbits, with equal probability of
measuring each. By chaining together n Hadamard gates, an n-bit quantum register is put in a superposition of 0 , 1 , ...,
2 n  1 which can then be sent into other gates for parallelization as described above. Just like classical gates, we can denote
which
the Hadamard gate schematically.
There are some other problems that quantum computers need to address. Classically, bits can be created and destroyed at will
– they are just electrical pulses. Quantum mechanically, the qbits are encoded on physical components that can not be
arbitrarily created and destroyed. This means that any qbits used just within a gate -- helper qbits -- need to be provided as
input and output and, in fact, may have their states changed through the course of the computation. This issue can be
addressed by requiring the quantum gates be reversible, which effectively allows us to ignore any consideration of additional
qbits because we can return them to their initial states.
Unfortunately, most gates are not reversible, such as the three 2-bit classical gates we introduced (AND, OR, XOR). The
simplest way to resolve this is to provide the quantum gate with separate input and output registers; in other words, a
f
x
0


x f ( x) .
quantum gate that implements the function f is a transformation of the form
MERSENNE PRIMES
Prime numbers have always interested mathematicians, although for most of history the were
only interesting from a mathematical standpoint. Some primes have been grouped into
subcategories, where they follow some simpler pattern, but there is no known overall pattern
for all primes. Interesting properties have been observed, such as the Ulam spiral shown in
figure 5, but the effect is unexplained.
CLASSICAL ALGORITHM
xy = (xn-1<< (n-1) + xn-2 << (n-2) + … + x1 << 1 + x0 << 0)y
= (xn-1y) << (n-1) + (xn-2y) << (n-2) + … + (x1y) << 1 + (x0y) << 0
For each xi, we can decompose y in a similar fashion to obtain
xiy = (yn-1xi) << (n-1) + (yn-1xi) << (n-2) + … + (y1xi) << 1 + (y0xi) << 0
vastly reducing the complexity. Note that this is equivalent to multiplying each bit in y by xi without modifying the order.
Thus, we introduce the single bit multiplier m1. It takes 2 input bits and produces 1
output bit, without the need for any auxiliary bits. Its black box schematic, was also
shows its explicit function, is indicated in figure 6. From the single bit multiplier,
Figure 6: Black box
we can introduce the 1xn-bit multiplier mn. Based on the decompositions above, it
schematic for m1.
is a series of m1 gates, as indicated in figure 7. Finally, we can combine the mn in
series, along withseries,
adders, to construct the general n bit multiplier Mn, as shown in figure 8. Note that
some additional notations were adopted; thicker lines represent multiple qbits in parallel (called a
bus), and the red digit represents its width (so the bus y is a n-qbit wide number, as expected). The bit
shift is handled by just appending 0s to the end of the least significant bit, which also results in
widening the bus. An X at the end of a wire indicates that it will not be used after that point; for
auxiliary bits, this means we can re-use them after properly returning them to 0.
Figure 8:
Construction of the
nxn bit multiplier from
simpler gates.
One such category of primes are the Mersenne primes, which are prime Mersenne numbers.
Mersenne numbers are simply numbers for the form 2n-1. This simplicity is especially clear
in a binary representation: Mersenne numbers are all 1s.
Most existing quantum algorithms are based on number theoretical problems, which is a
good indication that this is a promising field for exploration. It is due to this fact and the
simple form of Mersenne primes that this specific problem was chosen as a good possibility
for a quantum algorithm.
We can then write xy as
Figure 5:Ulam spiral, created by
writing the first n integers in a spiral
with 1 at the center and marking
primes. Image courtesy Wikipedia:
http://en.wikipedia.org/wiki/Ulam_S
piral
Before working on a quantum algorithm, the classical algorithm needs to be understood. The most common algorithm is the
Lucas-Lehmer test, which is a simple recurrence relationship. The relation starts by defining s0 = 4, si = si-12 – 2; the first three
terms of the sequence are 4, 14, and 194. Then 2p-1 is prime if and only if sp-2≡0 (mod Mp). The running time of the algorithm
on the number 2p-1 is O(p3), with the recurrence loop running p times and the multiplication having O(p2) complexity in each
loop. Taking advantage of the FFT, the multiplication step can be sped up slightly.
APPROACH
The initial approach was to consider a quantum implementation of the classical algorithm, and then look for potential areas of
speed-up. Unfortunately, we are unable to use the powerful parallelization available to us directly, but there are other potential
tricks. Another possible approach is to attempt to build a completely new algorithm from the beginning, without any
consideration to the classical algorithm, but with the limited timeframe this approach was deemed too unlikely to produce a
result.
The classical algorithm consists of two major parts, which requires the implementation of three gates. The first is the
arithmetic part, which requires a multiplication gate (or a potentially simpler squaring gate) and an addition gate. The second
part is the modulus, which requires a modulus gate. Research into addition gates has been done, and many implementations
have been proposed (references?). Thus we must handle the creation of a multiplication and modulus gate.
Research into a quantum algorithm for multiplication is scarce, although a quantum algorithm based on Booth's
multiplication algorithm for signed numbers has been proposed. Since our numbers will be positive, we can ignore a sign bit
and thus we need not consider address the problem of signed numbers. The approach taken to implement multiplication is
based on the manual way of doing it. First, we note that we can express a binary number d as
dn-1 << (n-1) + dn-2 << (n-2) + … + d1 << 1 + d0 << 0
where “<< m” represents a bit shift to the left by m digits.
Figure 7: Construction
of the mn multiplier
from the m1 multiplier.
With the multiplication handled, we next need to handle the subtraction. The simplest way would be to encode our number
using 2s complement, but this means our multiplier needs to handle negative numbers (which it does not). A simpler approach
is to recognize that we can make the result mod Mp after every multiplication and subtraction step, and note that
k – 2 (mod Mp) ≡ k + Mp – 2 (mod Mp)
Then instead of subtracting 2, we can add Mp – 2, and ignore the problem of negative numbers.
The final step is the modulus function. Fortunately, there is a lemma we can use to make this step much simpler.
k ≡ (k mod 2n) + floor(k / 2n) (mod 2n – 1)
The first term is equivalent to taking the first n qbits of the number, while the second is equivalent to taking all but the first n
qbits. Thus, we need only break the qbit into two distinct sections, add them through an adder, and repeat until we have n or
fewer qbits. Since the largest value we can have at the end of any modulus is 2n–2, the largest value at the end of the
multiplicative and additive step is (2n–2)(2n–2) + 2n–1 – 2 = 22n – 2n+2 + 4 + 2n – 3 < 22n for n > 0. Hence, this operation
converges in at most 2 steps. The only problem case is when k ≡ 0 (mod Mp); then our algorithm will give a answer of Mp
instead of 0. This can be handled by checking explicitly for Mp at the end of the modulus step, or outright ignoring it and
continuing into the next step with the value Mp – we are not actually required to take the modulus at every step, but it is
convenient to do so to reduce space constraints.
The final algorithm, as implemented quantum mechanically, is an
iterative process just like the classical algorithm. The work at each Figure 9: The iterative step of the final algorithm. Si is fed back
step is shown in figure 9; the output is fed back into the same series into the same gates until the desired value is reached.
of gates until we obtain sp-2, which we check for equivalence to 0 (mod Mp) to determine if Mp is prime. There are a few
notational things to note, again. The red numbers indicate the width of each bus. The dark red indicates how we split the bus
– MSB stands for most significant bits and LSB stands for least significant bits.
FUTURE WORK
There is much room for improvement in our algorithm. The multiplication gate is far from as efficient as possible, but time
constraints prevented a heavy focus on its optimization. In particular, one could attempt to implement the classical
multiplication algorithm, which by itself is faster than our implementation. Furthermore, the most efficient multiplication
implementation takes advantage of the fast Fourier transform. This is suggestive that the quantum Fourier transform may be
employed for further speed increase. The modulus step is probably as efficient as it can get, unless there is some quantum
mechanical trick for speed up with the general modulus algorithm that makes it faster than the trick we employed.
References:
Draper, Thomas G. “Addition on a Quantum Computer.” 2000 Aug 7. arXiv.org. 14 April 2008
<http://arxiv.org/abs/quant-ph/0008033 >
Mermin N. Quantum Computer Science. Cambridge: Cambridge University Press, 2007.