Polynomial-Time Algorithms for Prime Factorization on a Quantum Computer |
advertisement
Polynomial-Time Algorithms for Prime
Factorization on a Quantum Computer
Junxin Chen, Chi Zhang
Junxin Chen, Chi Zhang |
30/05/14
|
1
Outline
Introduction
Order-finding Algorithm
Superposition State Preparation
Modular Exponentiation
Quantum Fourier Transform
Measurement and Estimating r
Example: Factorizing 21
Summary
((Vorname Nachname)) | 01.07.2016 |
2
Why Shor’s Algorithm interesting?
RSA Encryption
Breaking RSA encryption
requires prime factorizing a
large integer (M)
Best classical algorithm:
1
2
æ
ö
3
exp ç c ( log n ) ( log log n ) 3 ÷
è
ø
Shor’s algorithm:
(
O ( log n ) ( log log n ) ( log log log n )
2
)
Image source:http://www.lsi-contest.com/2008/spec2_e.html
((Vorname Nachname)) | 01.07.2016 |
3
What is special for quantum algorithm?
Parallelism – Use of superposition states
Reversibility – Due to unitary operators
Special requirements:
Need additional output to keep track of the input
In intermediate steps, the additional output may need to be erased
“reversibly”
Junxin Chen, Chi Zhang |
30/05/14
|
4
Procedure of prime factorization
Junxin Chen, Chi Zhang |
30/05/14
|
5
Quantum Order-finding Algorithm
Input: (x,n);
0
Prepare
Superposition
Modular
Exponentiation
QFT
0
R1
q-1
Output: order r
0
R2
1
a
å
q a=0
R1
0
R2
0 0
0 0
n 2 £ q £ 2n2
0 0
0 0
q : total number of states,
integer power of 2
1 q-1
a
a
x
(mod n) R2
å
R1
q a=0
1 q-1 q-1
2p iac
a
exp(
)
c
x
( mod n )
å
å
R1
q a=0 c=0
q
R2
Measurement and estimate order r
Junxin Chen, Chi Zhang |
30/05/14
|
6
Prepare Superposition State
Goal:
0
R1
0
R2
1 q-1
a
å
q a=0
R1
0
R2
Junxin Chen, Chi Zhang |
30/05/14
|
7
Prepare Superposition State
a0
00...0
a1
H
0
)
) H=
0
…
First
Register
L qubits
1
0 +1
(
2
1
0 +1
(
2
H
0
al-1
0
1
1
0 +1
(
2
H
1
R1
(
2
l
(0
R1
0
R2
a
(q =q 2ål )
a=0
1
1
2
1
2
1
2
1
2
ù
ú
ú
ú
ú
û
+ 1 ) ( 0 + 1 ) ...( 0 + 1 )
1
Second register
not changed
= l 00...0 R1 + 00...1
2 1 q-1
0
)
é
ê
ê
ê
ê
ë
0
R1
0
R1
+ ... 11...1
R1
)
1 q-1
=
a
å
q a=0
R1
R2
Junxin Chen, Chi Zhang |
30/05/14
|
8
Modular Exponentiation
Goal:
1 q-1
a
å
q a=0
R1
0
R2
1 q-1
a
å
q a=0
R1
x a (mod n)
R2
Junxin Chen, Chi Zhang |
30/05/14
|
9
Modular Exponentiation
Register power
Register a
l-1
al-1 al-2
a0
0
0
x =x
1
a
å a[i ]×2i
i=0
l-1
= Õx
a[i ]×2i
i=0
result
a
R1
b
c
x a ( mod n )
i
power = power × x 2 (modn)
R2
Junxin Chen, Chi Zhang |
30/05/14
| 10
Modular Exponentiations
Register result
Register b
b0
bl-1 bl-2
0
0
0
l-1
bc = å b[i]2i c
i=0
b
R
bc ( mod n )
We do not want b in
the final result!
One more step to
go…
R
Junxin Chen, Chi Zhang |
30/05/14
| 11
Modular Exponentiation
Register b
b0
bl-1 bl-2
Register result
rl-1 rl-2
r0
l-1
b = b - result × c = b - å result[i]× 2i × c-1
-1
i=0
0
bc ( mod n )
R
Bonus:
quantum
watchdog
R
Junxin Chen, Chi Zhang |
30/05/14
| 12
Modular Exponentiation
1 q-1
a
å
q a=0
R1
0
R2
1 q-1
a
å
q a=0
R1
x a (mod n)
R2
Junxin Chen, Chi Zhang |
30/05/14
| 13
Quantum Fourier Transform
Goal:
1 q-1
a
å
q a=0
R1
x a (mod n)
R2
1 q-1 q-1
2p iac
exp(
)c
å
å
q a=0 c=0
q
R1
x a ( mod n )
Junxin Chen, Chi Zhang |
30/05/14
| 14
R2
Quantum Fourier Transform
Definition of Fourier Transform
q-1
1
yk =
x je
å
q j=0
2 p ijk
q
Quantum version
1 q-1
j R®
e
å
q k=0
2 p ijk
q
k
R
Junxin Chen, Chi Zhang |
30/05/14
| 15
Quantum Fourier Transform
With a little algebra, quantum Fourier transform can be
written into such a product representation
j1,... jl
R
binary representation of
For deduction, see Nielson & Chuang, P218
Junxin Chen, Chi Zhang |
30/05/14
| 16
Quantum Fourier Transform
Ingredients
Hadamard Gate
j1
H
j1 '
H=
0
1
Controlled Phase Gate
j1 '
j2
Rk
é
ê
ê
ê
ê
ë
0
1
1
2
1
2
1
2
1
2
ù
ú
ú
ú
ú
û
j1 ® j1 ' = ( 0 + e2pi 0. j1 1 )
00 01 10 11
é
ê
ê
ê
ê
11 êë
00
j1 "
Rk = 01
10
j2
1 0 0
0 1 0
0 0 1
0 0 0 e
0
0
0
2pi
2k
ù
ú
R
ú j1 ' ®2 j1 " = ( 0 + e2pi 0. j1 j2 1 )
ú
ú
úû
Junxin Chen, Chi Zhang |
30/05/14
| 17
Quantum Fourier Transform
j1
H
j2
R2
Rl-1
0 + e2pi0. j1 j2 ... jl 1
Rl
H
Rl-2
0 + e2pi 0. j2 ... jl 1
Rl-1
…
jl-1
0 + e2pi0. jl-1 jl 1
H
R2
0 + e2p i 0. jl 1
jl
H
Junxin Chen, Chi Zhang |
30/05/14
| 18
Quantum Fourier Transform
Compare the output of the above circuit
With the definition of Quantum Fourier Transform
Use at most l/2 swap gates to change the order
Read in reverse order
Junxin Chen, Chi Zhang |
30/05/14
| 19
Measurement and Estimating r
Goal:
Measure the state of the two registers
Estimate r from the measured state c
Junxin Chen, Chi Zhang |
30/05/14
| 20
Measurement and Estimating r
Final state:
1 q-1 q-1
2p iac
a
exp(
)
c
x
( mod n ) R
å
å
R
q a=0 c=0
q
2
æ 2p iac ö
1
k
exp
Has a probability
to
get
c,
x
mod n )
(
å
ç
÷
è q ø
q a:x a ºx k
Junxin Chen, Chi Zhang |
R
30/05/14
| 21
Measurement and Estimating r
Probability
æ 2p iac ö
1
exp ç
å
è q ÷ø
q a:x a ºx k
2
Because the order of x is r, this sum is over all a satisfying a = br + k
1
p=
q
êë( q-k-1)/r úû
å
b=0
æ 2p i ( br + k ) c ö
1
exp ç
=
÷
è
ø
q
q
q
q
- < {rc}q <
2
2
2
êë( q-k-1)/r úû
å
b=0
æ 2p ib{rc}q ö
exp ç
÷ø
è
q
2
residue congruent to rc (mod q)
Junxin Chen, Chi Zhang |
30/05/14
| 22
Measurement and Estimating r
Probability
1
p=
q
êë( q-k-1)/r úû
å
b=0
æ 2p ib{rc}q ö
exp ç
÷ø
è
q
2
{rc}q
q
Only when
is close to 0, the probability would be significant
We can conclude our measurement of c is very likely to be an
integer multiple of r/q
Therefore r can be estimated using classical computer
Junxin Chen, Chi Zhang |
30/05/14
| 23
Example: Factorizing 21
First, choose a random integer in the range (1,20)
Extremely lucky: x=3
We are done! gcd(3,21) = 7, and 3×7 = 21
Quite lucky: x=9
gcd(9,21) = 3 and we get another prime factor by calculating 21 ÷ 3 = 7
Unlucky: x = 10
gcd(10,21) = 1
Therefore we need to run the quantum order-finding routine!
Junxin Chen, Chi Zhang |
30/05/14
| 24
Example: Factorizing 21
n = 21,n 2 = 441
x = 10
q = 512,l = log 2 512 = 9
Initial states: 0
0
0 0
R1
0
R2
0 0
Superposition states:
1
0 +1)
(
2
…
0 0
0 0
1 511
a
å
512 a=0
R1
0
0
0 0
0 0
0 0
0 0
0
0 0
0 0
0 0
0 0
R2
1
0 +1)
(
2
Junxin Chen, Chi Zhang |
30/05/14
| 25
Example: Factorizing 21
Modular Exponentiation
1 511
a
å
512 a=0
R1
1 511
0 R2 ®
a
å
512 a=0
a
10
( mod 21)
R1
R2
100 ( mod 21) = 1
101 (mod 21) = 10
Period of 6
10 2 ( mod 21) = 16
10 3 ( mod 21) = 13
10 4 ( mod 21) = 4
10 5 ( mod 21) = 19
1
( 0 + 1 + ...+ 511 )
512
1 + 10 + 16 + 13 + 4 + 19
Note: No tensor product here.
They are entangled states!
10 6 ( mod 21) = 1
Junxin Chen, Chi Zhang |
30/05/14
| 26
Example: Factorizing 21
Quantum Fourier Transform
1 511
a
å
512 a=0
1 511 511
æ 2p iac ö
10
mod
21
®
exp
(
)
å
å
çè
÷ø c
R1
R2
512 a=0 c=0
512
a
a
10
( mod 21)
R1
R2
Measurement
Suppose the output of the second register is 19
We need to collect all the possible a, such that 10 a ( mod21) = 19
19
Junxin Chen, Chi Zhang |
30/05/14
| 27
Example: Factorizing 21
Measurement
Probability amplitude to get a value c in the first register:
p(c) =
512
(0)
256
85
171
1
æ 2p iac ö
exp
å
çè
÷
512 {10a º19(mod 21)}
512 ø
511
341
427
2
The measurement output of
first register will most
probably be one of the 6
numbers.
Let’s assume we get 341…
Junxin Chen, Chi Zhang |
30/05/14
| 28
Example: Factorizing 21
Estimate r
Check if r=3 correct? No…
Run the order-finding program again with input x=103(mod21), to
get another factor of r, which is 2. Therefore r=2×3=6
Or make some trials based on r1=3, with classical computer
Get correct answer r=6
Junxin Chen, Chi Zhang |
30/05/14
| 29
Example: Factorizing 21
Now we know r=6
r is even
103+1(mod21)= 14, does not equal to 20
Good choice!
gcd(103+1,21)=7
gcd(103-1,21)=3
We are done!
Junxin Chen, Chi Zhang |
30/05/14
| 30
Summary
Only polynomial time needed for Shor’s algorithm.
Exponential time need classically.
Procedure of Shor’s algorithm:
Prepare superposition states
Modular exponentiation
Quantum Fourier transform
Measure the register. Estimate the order r using classical computer.
Quantum parallelism makes Shor’s algorithm faster than
classical ones, but requirement for reversibility makes it
more complicated than classical.
Junxin Chen, Chi Zhang |
30/05/14
| 31
Literature
Shor, Peter W. "Polynomial-time algorithms for prime
factorization and discrete logarithms on a quantum
computer." SIAM journal on computing 26.5 (1997): 14841509.
Michael A. Nielsen, Isaac L. Chuang ”Quantum
Computation and Quantum Information.” Cambridge
University Press, (2000)
Junxin Chen, Chi Zhang |
30/05/14
| 32
Junxin Chen, Chi Zhang |
30/05/14
| 33
