Download College 11: Algoritme van Simon

Simon’s algorithm (1994)
Given a classical circuit Cf (of polynomial size, in n)
for an f : {0, 1}n → {0, 1}n , such that for a certain s ∈ {0, 1}n \{0n }:
∀x, y ∈ {0, 1}n (x 6= y ) : f (x) = f (y ) ⇔ x ⊕ y = s
with ⊕ the bitwise XOR, i.e., addition modulo 2.
Running example: n = 3 and s = 011.
f : {0, 1}3 → {0, 1}3 is defined as follows:
f (000) = f (011) = 010
f (100) = f (111) = 110
f (001) = f (010) = 101
f (101) = f (110) = 001
Simon’s algorithm
We are only given a black box, which for any input x produces f (x).
Problem: Determine s.
A brute force algorithm:
Search for a pair x 6= y with f (x) = f (y ), and compute x ⊕ y .
On average, this takes an exponential amount of time (in n).
Simon’s algorithm on average determines s in polynomial time (in n)
Simon’s algorithm
Cf transforms [xy i into [x(f (x) ⊕ y )i, for each x, y ∈ {0, 1}n .
|0n i
H
H
H
H
..
.
..
.
Cf
|0n i
..
.
..
.
(The circuit needed to compute f (x) is omitted.)
After performing Cf , the last n qubits are measured.
Simon’s algorithm
We start with [0n 0n i. (The last n qubits are “working memory”.)
After Hadamards on the first n qubits, the superposition is
√1
2n
P
x∈{0,1}n
Perform Cf on the 2n qubits:
√1
2n
|x 0n i
P
x∈{0,1}n
|x f (x)i
Measure the last n qubits: f (x0 ) for a certain x0 ∈ {0, 1}n .
Since f (x0 ) = f (x0 ⊕ s), the superposition of the first n qubits is
√1
2
(|x0 i + |x0 ⊕ si)
Simon’s algorithm: running example
n = 3, and s = 011, and f : {0, 1}3 → {0, 1}3 is defined by:
f (000) = f (011) = 010
f (100) = f (111) = 110
f (001) = f (010) = 101
f (101) = f (110) = 001
We start with |000000i, and perform Hadamards on the first three qubits:
√1 (|000000i
8
+ |001000i + |010000i + |011000i
+ |100000i + |101000i + |110000i + |111000i)
Simon’s algorithm: running example
Perform Cf on the six qubits:
√1 (|000010i
8
+ |001101i + |010101i + |011010i
+ |100110i + |101001i + |110001i + |111110i)
Measure the last three qubits. There are four possible answers:
010
101
110
001
Suppose we read 110. The superposition of the first three qubits then is
√1 (|100i
2
+ |111i)
Simon’s algorithm
The probability that a Hadamard
into a b 0 ∈ {0, 1} is
−1
√
2
1
√
2
1
1
if b = b 0 = 1, and
1
−1
√1
2
transforms a b ∈ {0, 1}
otherwise.
n Hadamards on a string x ∈ {0, 1}n produce a string z with a + or −
depending on how many 1’s the strings x0 and z have in common.
If x and z have an even number of 1’s in common, z is produced.
If x and z have an odd number of 1’s in common, −z is produced.
Simon’s algorithm
So n Hadamards transform a string x ∈ {0, 1}n into
√1
2n
hx,zi |zi
z∈{0,1}n (−1)
P
with hx, zi = x1 z1 ⊕ · · · ⊕ xn zn .
Example: Three Hadamards on the qubits in [011i transform it into
√1 (|000i
8
− |001i − |010i + |100i + |011i − |101i − |110i + |111i)
Simon’s algorithm
Perform Hadamards on the n qubits of
√1
2n+1
hx0 ,zi
z∈{0,1}n ((−1)
P
√1
2
(|x0 i + |x0 ⊕ si):
+ (−1)hx0 ⊕s,zi ) |zi
If s and z have an even (resp. odd) number of 1’s in common,
then n Hadamards on x0 and x0 ⊕ s produce z with the same
(resp. opposite) sign.
So the n Hadamards on √12 (|x0 i + |x0 ⊕ si) produce those z with
hs, zi = 0 mod 2 (i.e., s1 z1 ⊕ · · · ⊕ sn zn = 0).
Simon’s algorithm: running example
Perform Hadamard on the first qubit of
1
2 (|000i
√1 (|100i
2
+ |111i).
− |100i + |011i − |111i)
Perform Hadamard on the second qubit.
√1 (|000i
8
+ |010i − |100i − |110i + |001i − |011i − |101i + |111i)
Perform Hadamard on the third qubit.
1
4 (|000i
+ |001i + |010i + |011i − |100i − |101i − |110i − |111i
+ |000i − |001i − |010i + |011i − |100i + |101i + |110i − |111i)
=
1
2 (|000i
+ |011i − |100i − |111i)
Simon’s algorithm: running example
Measure the three qubits. There are four possible answers z:
000
011
100
111
We know that s1 z1 ⊕ s2 z2 ⊕ s3 z3 = 0.
I
000 gives no information.
I
011 implies s2 ⊕ s3 = 0 mod 2.
I
100 implies s1 = 0 mod 2.
I
111 implies s1 ⊕ s2 ⊕ s3 = 0 mod 2.
Two of the last three equations suffice to determine that s = 011
(because s 6= 000).
Simon’s algorithm
Measuring the n qubits gives a z ∈ {0, 1}n with hs, zi = 0 mod 2,
with a uniform probability distribution over all possible solutions z.
n − 1 linearly independent z1 , . . . , zn−1 such that hs, zi i = 0
for i = 1, . . . , n − 1 suffice to compute s.
The more vectors z ∈ {0, 1}n with hs, zi = 0 we determine,
the larger the probability that n − 1 of them are linearly independent.
On average, s is determined in polynomial time (in n).
Shor’s algorithm (1994)
Problem: Decompose a given n > 1 into its prime factors.
Shor’s algorithm on average yields a solution in O(log3 n) time.
(Note that n is represented using log2 n bits.)
Shor’s algorithm follows the approach of Simon’s algorithm,
but is more complicated.
With Shor’s algorithm, the RSA cryptographic algorithm is broken !
Only, nobody has succeeded yet in building a quantum computer
on which Shor’s algorithm can be executed for large instances of n...
Quantum circuits versus probabilistic TMs
A probabilistic TM is a nondeterministic TM in which a choice
between available transitions can be made with respect to some
probability distribution.
Each probabilistic TM can be efficiently simulated by
a quantum circuit.
Vice versa, each quantum circuit can be simulated by
a probabilistic TM.
However, this simulation can take an exponential amount of time.
Quantum operations versus probabilistic algorithms
Simon’s and Shor’s algorithm are exponentially faster than
all known (classical) probabilistic algorithms for these problems.
Unitary operations on qubits seem to differ in a fundamental way
from probabilistic operations on TMs.
“ The only difference between a probabilistic classical world and
the equations of the quantum world is that somehow or other
it appears as if the probabilities would have to go negative. ”
(Richard Feynman, 1982)
Entanglement plays a key role.
BQP and BPP
BQP (Bounded error, Quantum, Polynomial time):
Decision problems that can be solved by a quantum TM
in polynomial time, with an error probability < 13 .
BPP (Bounded error, Probabilistic, Polynomial time):
Decision problems that can be solved by a probabilistic TM
in polynomial time, with an error probability < 13 .
(The choice for
1
3
is arbitrary, each value in h0, 1i would do.)
P ⊆ BPP ⊆ BQP ⊆ PSpace
Unknown is whether these inclusions are strict.
The questions BPP,BQP ⊆ NP ? and NP ⊆ BPP,BQP ? are still open.
Quantum-computer: dream or reality ?
Building quantum computers is still in its infancy.
A challenge is to avoid that qubits interact with the environment,
as else they fall back to a classical state 0 or 1.
Recent breakthroughs:
I
In April 2012, a 2-qubit quantum computer was constructed
on a crystal of diamond, which can be scaled up in size and
functionality at room temperature.
I
D-Wave Systems builds and sells quantum computers
which they claim use a 128 qubit processor chipset.