quantum - Word Format
advertisement
Introduction to Quantum Cryptography
Author: Tak Yin Wong
Abstract: Church’s Thesis states that any computable algorithm can be processed by a Turing
machine. Although not a formal proof, for over sixty years since the invention of the Turing
machine, this assertion has remained largely unchallenged, and many computational models have
been proven reducible ultimately to the Turing machine. Recent developments in the theoretical
field of Quantum Computation, however, have come up with new and more efficient measures of
computability and complexity in certain algorithms which are not attainable with the classical
Turing machine. In the area of Quantum Cryptography, in particular, it has been shown that
there are intrinsic properties in Quantum Mechanics that will enable a Quantum Computer to
produce results not possible with a classical computer. In addition, the Quantum Computer
defines different classes of complexity measures that are not relevant to the classical
computational procedures.
Introduction
Recent breakthroughs in Quantum computation technology have led to an
explosion of research in the new paradigm of theoretical computational science.
However, while encouraging results [Yao, Shor] bolster the feasibility of
Quantum algorithms as a sound alternative to the classical Turing machine, the
actual construction of a fully functional Quantum machine remains a not so
tangible goal in the near future. One area of the Quantum computation model,
namely, Quantum Cryptography, however, has made tremendous strides not only
in the development of theory and procedure, but also in the practical application
of the Quantum theory on constructible models of communication, albeit these are
by and large still restricted to laboratory and academic environments.
The technology of Quantum Cryptography has several emphatic advantages over
any conventional methods. In particular, Shor’s algorithm for factoring prime
numbers introduces a new approach to cryptanalysis and, because of its efficiency
in finding the private keys based on public ones, threatens to render the
technology of public-key encryption much less robust than was once believed. On
the encryption side, Quantum methods can be applied in teleporting private key
information without the risk of the man-in-the-middle attack. A Quantum
communication channel that transports cipher text can also detect eavesdropping
from the measurements of the information being transferred. These advantages
are intrinsic to Quantum properties and cannot be emulated in any way by
classical computers.
1
Classical Computation Model
A Quantum Turing Machine (QTM) is a conceptual system that makes
use of the quantum mechanical properties of particles to emulate the process of
the classical Turing Machine. As a high-level computational model, the classical
Turing Machine does not make any assumptions about its physical
implementation, and its computation is completely independent of the underlying
mechanical process. The QTM, however, is characterized by the properties of
particles which implement the basic element - the "qubit". A qubit, represented
by a single particle, is analogous to the binary bit in a classical Turing machine.
A qubit can be used for storing information encoded by the physical state angular momentum, polarization, discrete energy level etc. - of the particle. For
example, a 2-state quantum system can use spin-up and spin-down to represent
bits 0 and 1, respectively, just as the different voltage levels in the implementation
of classical computers. However, the Principle of Superposition in Quantum
Mechanics allows a qubit to represent all the legitimate states simultaneously.
This essentially means that the QTM is inherently parallel in both the
representation of information and the computational procedure. It has been
shown that a QTM can emulate completely the process of a classical Turing
Machine. Moreover, because of the parallelism, the QTM has the potential
ability to solve efficiently problems that would be considered intractable in the
classical Turing Machine.
But the operation of a Quantum Computer is complicated because of the unusual
physical properties of quantum particles. The quantum computation model has to
take into account of the principles of Quantum Mechanics, and at the same time,
provide a coherent mathematical process for calculating and obtaining the results.
The most basic issues in quantum computing deal with the representation and
measurement of quantum states. This paper will explain some of the
requirements and methodologies below.
Basic Mathematical and Axiomatic Princples
Quantum computation is all about applying linear transformation of operator
matrices to vectors that represent the quantum states. A physical state of a qubit is
always represented by a superposition of state vectors. The state property (the
observable) of the qubit can be measured by an operator that represents that
particular property. The result of the measurement is a probabilistic one,
depending on the eigenvalue of each superpositioned state.
Dirac Notation
State vectors in Quantum Computation are eigenvectors, and their eigenvalues
represent the magnitude of the probability of the qubit found in each state. For
2
conveniency of calculation, the Dirac, or "bra-ket" notation is used to represent
the vectors. For example, a 0 and 1 state can be represented by the state vectors
_ _
_ _
| 1 |
| 0 |
| 0 |
| 1 |
respectively. In Dirac notation, these can be denoted |0> and |1>, respectively.
The 0 and 1 in the above "ket" forms is just a short-hand name for the vectors they can be alternatively written as |zero> and |one>. The inner product of two
vectors is represented as <a|b>. The operations using the Dirac notation follow
exactly the properties of vector arithmatics:
1) |a> + |b> = |b> + |a>
2) (|a> + |b>) + |c> = |a> + (|b> + |c>)
3) |a> + 0 = |a>
4) x(|a> + |b>) = x|a> + x|b>
5) (x + y)|a> = x|a> + y|a>
Superposition
A qubit can be used to represent actually a blend of states with different
probabilities. In a 2-state system, such as a qubit that can be 0 or 1, we can have
the |0> and |1> states. The state of the qubit, written as |q>, can then be
generalized as a superposition of the two states :
|q> = a|0> + b|1> =
a | 1 |
| 0 |
+ b| 0 |
| 1 |
So, if the qubit is in state |0>, it is represented by the superposition 1|0> + 0|1>,
and in state |1>, 0|0> + 1|1>.
Essentially, a superposition of a quantum state |q> is a linear combination vectors
that span |q>.
We also see immediately that |0> = | 1 |
| 0 |
and
|1> = | 0 |
| 1 |
are the standard basis for the subspace of |q>, the eigenstate of the qubit. In short,
a state vector |q> for a qubit is the superposition of eigenvectors which contributes
3
in different magnitudes to |q>. The coefficients a and b represent the probability
of |q> found in either of the eigenstate. In fact, |a|2 + |b|2 is expected to be 1. So,
if the qubit is in state |0>, it is represented by the superposition 1|0> + 0|1>, and in
state |1>, represented by 0|0> + 1|1>. The qubit can also be in a blended state of
|0> and |1> with varied probability of being in one or the other state. When
measured, the result will be in a random state according to the magnitude of the
probability, represented by the square of the coefficients.. For example, if the
qubit is somehow set in state = 1/sqrt(4) |0> + sqrt(3/4) |1>, when measured, the
result has 1/4 chance in state |0> and 3/4 chance in state |1>.
Unitary Operator
According to Schrodinger's equation, a quantum system always undergoes a
unitary transformation. Thus in order to capture the quantum mechanical process,
the operators used in Quantum Computation must be unitary.
A quantum operator for a n-state quantum system is a n x n square matrix. An
operator can be used to transform a complete vector state into a superposition, or
used as a simple logical gated.
Ex1:
Using a rotation matrix as an operator to obtain different
superpositions:
| cos x
U(x) = | sin x
---
-sin x |
cos x |
---
As before, representing states |0> and |1> respectively as
- | 1 |
| 0 |
- -
Then, U(pi/4)|0> =
- | 0 |
| 1 |
- ----| 1/sqrt(2) | = 1/sqrt(2)|0> + 1/sqrt(2)|1>
| 1 /sqrt(2) |
-----
4
setting equal probabilities to states |0> and |1> - meaning that
when this qubit is measured, the chances of finding it in one state
is exactly equal to the chance of finding it in another.
Application: Simple Random Number Generator
Using the above unitary operator, and starting with a qubit
set to |0>, transform the qubit to the superposition
1/sqrt(2)|0> + 1/sqrt(2)|1>
Whenever we need to generate a random number, just measure the
qubit. The quantum property dictates that the chances of getting
|0> or |1> is exactly 1/2 (the square of the coefficients to |0> and
|1>.)
Ex2: The 'NOT' Gate
--Define NG = | 0
|1
---
--1|
0|
---
Apply on qubit as defined before:
--- --- - NG |0> =
|0
1| | 1 | =
|1
0| | 0 |
--- --- - and
--- --- - NG |1> =
|0
1| | 0 | =
|1
0| | 1 |
--- --- - -
|
|
-
0 | = |1>
1 |
-
- | 1 | = |0>
| 0 |
- -
Ex 3: The 'Square-Root-of-NOT' Gate
--| 1+i
Define SQRT-NG = | 2
| 1-i
| 2
---
--1-i |
2 |
1+i |
2 |
---
5
Then,
|
|
|
|
--1+i
2
1-i
2
---
--1-i |
2 |
1+i |
2 |
---
--| 1+i
| 2
| 1-i
| 2
---
--1-i |
2 |
1+i |
2 |
---
= NOT Gate
Even though the dot product of the SQRT-NG produces the NOT
Gate, we note that if we apply a single SQRT-NG on either |0>
or |1>, the result will be a superposition of |0> or |1>:
SQRT-NG |0> = (1+i)/2 |0> + (1-i)/2 |1>
and
SQRT-NG |1> = (1-i)/2 |0> + (1+i)/2 |1>
This is an inherent property of Quantum Computation, and has to
be taken into account mathematically.
For conveniency, the square matrix is often represented in Dirac notation:
- - | 1 |
| 0 |
|0><1| + |1><0| , which denotes | 0 | [ 0 1 ] + | 1 | [1 0 ]
- - Observables
The observable properties of a qubit are measured by applying unitary operators
to the state vectors of the qubit. Now, if the qubit happens to be in the state
which is an eigenstate of the observable operator, the result of the measurement
will return an eigenvalue of the operator. For example, if the qubit is in state |0>,
and
|0> is an eigenvector of operator A, the eigenvalue e, such that A|0> = e|0>, will
be obtained as a result. This would be an ideal because the state of the qubit is
decided easily. Without losing generality, suppose A is a 2 X 2 matrix. Then if
A=
--- --|a
b|
|c
d|
--- ---
6
Then,
det | a - e
b | = e2 - ae - de + ad - bc = 0
|c
d-e|
So, the eigenvalues e of A are
e0 =
a + d + sqrt(a2 - 2ad + d2 + 4bc)
-------------------------------------------2
and
e1 =
a + d - sqrt(a2 - 2ad + d2 + 4bc)
-------------------------------------------2
So, for eigenvectors |q0> and |q1> of A
A|q0> = e0|0>
and similarly
A|q1> = e1|1>
For any measured results, we desire a real number value. Looking at the
coefficient e0 = 1/2 (a + d + sqrt[a2 - 2ad + d2 + 4bc] ), we see that sq(a) + sq(d)
>= 2ad for any real numbers a and d. and 4bc >= 0 iff for any complex numbers b,
c, b = conjugate(c). Then it is clear that for e to be a real number, A has to be
self-adjoint - ie. a Hermitian operator. Thus the observables in Quantum
Computation are usually defined as Hermitian operator with the appropriate
eigenvectors for the qubit states.
In general, if we are measuring for state |s> in a qubit which happens to be in state
|q>, the probability of finding it in state |s> is |<s|q>|2. Obviously, if we are
looking for |s> = |0> and q happens to be in |0>, then the probability of finding it
in |0> is |<0|0>|2 = 1, and the chance of finding it in state |1> is |<1|0>|2 = 0. Now,
if |q> happens to be a superposition such as 1/sqrt(2)|0> + 1/sqrt(2)|1>, the
probability of finding it in either |0> or |1> works out to be 1/2. So, it is clear that,
in order to represent and measure quantum states correctly and efficiently, the
choices of basis for the state vectors and the observable matrix have to afford the
above properties.
The Heisenberg Uncertainty Principle
As noted, when we measure an observable property represented by the matrix A,
of a qubit which is in the state |q>, if the result obtained is an eigenvalue of A,
7
then |q> is an eigenstate of the observable A. Now, if we measure a different
observable property, represented by matrix B, and |q> is not an eigenvector of B, a
different probabilistic result will be obtained for each measurement, if the qubit is
in the |q> eigenstate of A. To quantify the uncertainty of a measurement, a
mean-square deviation formula is used:
|Delta A|2 = <vA2v> - |<vAv>|2
From Quantum Statisitics, <v, Av> is the expected value of the measured result
after a qubit is set to state v, and measure with observable matrix A. Note that A
is a Hermitian matrix and v is an orthonormal vector. Clearly, if the qubit is
placed in a state |q> that is an eigenvector of A, then an eigenvalue of A will be
obtained when the qubit is measured, and the values <vA2v> and |<vAv>|2 are
equal. But, for
|Delta B|2 = <vB2v> - |<vBv>|2
if the qubit is in state |q> which is not an eigenvector of B, then |Delta B| > 0.
Moreover, after the measurement is made on the observable B, the qubit will be
changed to some eigenstate of B, just because of the act of measurement. So, if
we look at the different orders of measurement of observables A and B, with the
qubit set to state |q>, the results are:
1) Measuring observable A, if |x> is an eigenvector of A, the result is an
eigenvalue of A Then measuring observalbe B, where |q> is not an eigenvector
of B, the result is random, and after the measurement, the
qubit will be in
some eigenstate of B with some eigenvalue. In short,
the act of measuring observable B perturbs the state of the qubit.
2) Measuring observable A, if |q> is not an eigenvector of A, the result is
random, and subsequently the qubit is in some state that is an
eigenvector of A - again, the qubit is perturbed. Then, measuring
observable
B, a random state also results, with the subsequent state of
the qubit changed
to an eigenstate of B.
3) and 4) Measuring B first and then A, the results are parallel as above.
So, unless matrices A and B have the same eigenvectors (ie. A and B are
comutators), the results of the measurement in different orders are not the same.
In other words, the same state results with the different orders of measurement if
and only if A and B have common eigenvectors - ie. AB = BA, that they
commute.
In general, the uncertainty of the measurement is expressed as
8
|Delta A| |Delta B| = ||(A-aI)v|| ||(B-av>I)v|| >= 1/2|<v, Cv>|
where a = <v, Av>, the expected value of measurement, and C = AB-BA.
The derivation is as follows:
Given conditions v is a normal vector and A, B are Hermitian
n X n matrices, C = AB - BA, and a, b are real numbers, (1)
then
(A-aI)(B-bI) - (B-bI)(A-aI) = AB - A(bI) - (aI)B + (aI)(bI) [BA - B(aI) - (bI)A + (bI)(aI)]
Since A(bI) = b(AI) = b(IA) = (bI)A,
(aI)B = a(IB) = a(BI) = B(aI),
and (aI)(bI) = (bI)(aI)
then
(A-aI)(B-bI) - (B-bI)(A-aI) = AB - BA = C
- from the conditions in (1)
(2)
Now, for any normal vector v
<v, Cv>
= <v, (AB-BA)v>
- from conditions in (1)
= <v, [(A-aI)(B-bI) - (B-bI)(A-aI)]v>
- from (2)
= <v, [(A-aI)(B-bI)v - (B-bI)(A-aI)v]>
= (A-aI)v(B-bI)v - (B-bI)v(A-aI)v
= <(A-aI)v, (B-bI)v> - <(B-bI)v, (A-aI)v>
- A, B are Hermitian
= 2 Img <(A-aI)v, (B-bI)v>
- factor out the imaginary part
Then
1/2|<v, Cv>|
=
|Img<(A-aI)v, (B-bI)v>|
=
|<(A-aI)v, (B-bI)v>|
- the imaginary part goes away
since |Img<x>| = |<x>|
and from the Schwartz Inequality:
9
|<u,w>| <= ||u|| ||w||
then
1/2|<v, Cv>| = |<(A-aI)v, (B-bI)v>| <= ||(A-aI)v, (B-bI)v||
(3)
Now, for a fixed unit vector v, and <v, Av> giving the expected
value of a qubit set to state v measured with observable A, the
mean-square-deviation is defined as
|Delta A|2 = <v, A2v> - |<v, Av>|2
(4)
Let a = <v, Av> and take
||(A-aI)v||2
= <(A-aI)v, (A-aI)v>
= <Av, Av> - a<v, Av> - a<Av, v> +
a2<v, v>
= <Av, Av> - <v, Av>2 - <v, Av>2
+ <v, Av>2
- because A is Hermitian
= <Av, Av> - 2<v, Av>2 + <v, Av>2
= <v, A2v> - <v, Av>2 = |Delta A|2
(5)
Then, obviously,
|Delta A| = ||(A-aI)v|| = ||(A-<v, Av>I)v|| from (5)
Also
|Delta B| = ||(B-aI)v|| = ||(B-<v, Av>I)v||
Then , from (3),
|Delta A| |Delta B| = ||(A-aI)v|| ||(B-aI)v|| >= 1/2|<v, Cv>|,
with A, B, C, v provided as in (1) for any real value a.
The above is the Generalized Heisenberg Uncertainty Principle which is used to
quantify the randomness of the measurement.
10
An Application of the Uncertainty Principle in Message Encoding
One of the most potentially powerful applications of Quantum
Computation is in the area of encryption and decryption. Based on the properties
of polarized photons and the Uncertainty Principle of measuring qubit states, one
can pass secret information securely over public channels and, with a high degree
of probability, can detect random eavedropping. The idea is to encode the qubits
by polarizing the photons in 2 different orientations such that the observable
operators are constructed in differenct bases. Thus, if a qubit is measured with the
wrong operator, the state of the qubit will be perturbed and sets a signal that
someone has tried to measure the qubit without the right "key".
Suppose we have mechanisms to set a qubit by polarizing a photon either
straightly - at an angle of 0 or 90 degrees, or diagonally - at an angle of 45 or 135
degrees. The orientations of 0 and 45 degrees will encode the 0 bit, and the 45
and 135 degrees will encode the 1 bit. The quantum states |0> and |1> can be
represented by the vectors
- | 1 |
| 0 |
- -
- | 0 |
| 1 |
- -
respectively.
The polarization operator can thus be
A=
---- ---|1
0|
|0
-1 |
---- ----
Note that the operators and vectors for the 2 different orientations have
different bases. We can transform the operator of diagonally polarized vectors to
the straight basis by rotating the diagonal axes with the unitary operator
--| cos x
U(x) = | sin x
---
---sin x |
cos x |
---
11
So,
B
--= U(-pi/4) | 1
| 0
---
--0| =
-1 |
---
----| 1/sqrt(2) -1/sqrt(2) |
| -1/sqrt(2) -1/sqrt(2) |
-----
Clearly, AB =/= BA, and from the Heisenberg Uncertainty Principle,
measurement with the wrong operator will perturb the state of the qubit. This
means that when a qubit is measured, one must first choose the correct orientation
and then apply the operator in order to get the true value. If the orientation of the
polarization of each qubit is set at random, the longer the message, the higher the
probability that the state of some qubits will be measured with the wrong
orientation and thus perturbed. The recipient of the message will be able to detect
changes in the original message when he/she tries to decode it with the correct
sequence of orientations.
Shor’s Algorithm for Factoring Prime Numbers
Public-key cryptography was first proposed by Diffie and Hellman as a more
practical alternative than the conventional one-time pad private key methodology.
Instead of having to exchange private keys, as in the one-time pad cryptosystem,
public-key encryption allows two parties who want to communicate securely to
publish and obtain each other’s public key in an open directory. Message
encrypted with the public key, however, can only be efficiently decrypted by
corresponding private keys, which are kept secret. This approach eliminates the
requirement of having to exchange the private-keys through some secure
mechanism or procedure before the transport of encrypted messages.
The currently most significant public-key cryptosystem is RSA developed by
Rivest, Shamir, and Adelman in 1978 as a solution for the key distribution
problem described above. The core principle of RSA can be summarized as
follows:
Suppose Alice and Bob need to have a secure conversation. Instead of
having to rendezvous with each other and exchange a private key before
starting the conversation, both Alice and Bob will follow these same
procedures and each obtain a public/private key pair: 1) Find 2 large
primes p and q and let n = pq. 2) Find coprime d of (p – 1)(p – 2).
3) Compute encryption key e such that ed = 1 mod(p – 1)(q – q).
The pair (e, n) is the public key that can be listed in an open directory.
A plain text can be encrypted by applying e mod n to the message. To
12
Decrypt the message, d mod n will be applied to the cipher text. The
difficulty of breaking the code, then, is dependent on finding the (d, n)
Pair from the knowledge of the (e, n) pair. Since e and n are publicize,
this basically amounts to finding p and 1, the 2 prime factors of n,
computing d from e, (p – 1) and (q – 1). Currently, the best known nonQuantum algorithm for factoring large integers is the Number Field Sieve,
which has a Non-Polynomial running time of exp(kn1/3), where k is a
constant and n is the size of the integer in binary bits. In classical
computation theory, such a NP algorithm is considered intractable for
practical applications on very large input values.
“The Quantum Parallelism” Approach
To find the 2 prime factors of n, one needs only to calculate the products of all the
integers between 1 and n1/2. At first glance, a straightforward application of
Quantum Computing on the factoring problem would make use of the intrinsic
parallel property of qubits – that all the integers between 1 and n1/2 can be
represented simultaneously by the superpositions on the input qubitsAs the
Quantum Machine begins to operate, all possible paths of computation will
proceed in parallel. So, instead of doing n1/2 iterative computations, all n1/2 results
can be computed in the time that requires one single classical computation, and
the results of all n1/2 computations can be represented by the superpositions of a
single Quantum register. So, in effect, the Quantum Parallelism property reduces
the complexity of large number factoring to Polynomial time. Unfortunately,
since the superpositional values in the resulting register can only be measured
probabilistically, the chances of getting the right answer is just as great as getting
any other results. One may need to re-iterate the Quantum procedure many times
before measuring the right answer by chance. And the upper probabilistic limit
for getting the right answer is still exponential.
Shor’s Algorithm
In 1994, Peter Shor of Bell Labs found an efficient Quantum algorithm for
factoring large intergers. The procedures of this algorithm has to be executed by a
Quantum machine, but the central element of the algorithm is from the classical
theory on periodic functions.
Periodic Functions
Give an integer to be factored in 2 primes, one can construct a periodic function
f(a) = xa mod n, where is x is coprime to n, the period of the function r is even,
and x = 1, 2, 3, …. If the period of f is r, this implies x^r = mode n. then
(xr/2)2 – 1 = (xr/2 –1)(xr/2 + 1) = mod n
13
Thus (xr/2 –1)(xr/2 +1) = cn, where c is some integer constant.
For (xr/2) not = mod n, a factor of n can be obtained by computing
gcd(xr/2 – 1, n) and gcd(xr/2 + 1, n). It can be shown that with the Euclidean
Algorithm, the number of steps for calculating the above gcd’s do not exceed
max(xr/2 + 1, n).
The Quantum Procedure to Find the Period
Shor’s algorithm capitalizes on the fact that any values represented by a number
of binary bits can be simultaneously contained in a uniform superposition of
qubits. For example, 3 qubits can represent all the values from 0 to 8. The
uniform superposition state is
a:1/81/2( |000> + |100> + |010> + |001> + |011> + |101> + |110> + |111>)
Note that the above is in “big Endian” format, meaning the most significant bit is
in the right. We can represent the above with an equivalent and more
comprehensible short-hand notation:
a:1/81/2(|0> + |1> + |2> + |3> + |4> + |5> + |6> + |7>)
In Shor’s algorithm the uniform value a is stored in a register. A second register
Y is used to store the value of f(X) for the constructed function f. Using the same
notation, the b register is represented as follows:
b:1/81/2(|f(0)> + |f(1)> + |f(2)> + |f(3)> + |f(4)> + |f(5)> + |f(6)> + |f(7)>)
The critical step in the algorithm is applying a discrete Fourier transform on the
content of register a. The Fourier transform maps the original periodic function to
a function in the frequency domain and will cause a new superposition to be
stored in register a. Since the function is periodical, many of the resulting phases
will cancel out. The Fourier transform of the remaining one will have large values
at multiples of the frequency. This implies when register a is measure again, the
most likely result would be the frequency of the function – ie. the inverse of the
period, or 1/r. Therefore, using this algorithm, the period of the function can be
obtained with a few tries of the process. When the frequency is known, the
Euclidean Algorithm can be applied to find the prime factors of n.
A short example will suffice to demonstrate the process and generalize Shor’s
algorithm:
Given n which is the product of 2 large primes, Pick integer x that is coprime to
n. Suppose x is represented by q qubits, register a will be constructed to contain
this superposition:
14
a:1/q1/2(|0> + |1> + |2> + |3> + … + |2q - 1>)
Suppose in our example, x = 5. The register a and b will be
a:1/81/2(|0> + |1> + |2> + |3> + |4> + |5> + |6> + |7>)
b:1/81/2(|f(0)> + |f(1)> + |f(2)> + |f(3)> + |f(4)> + |f(5)> + |f(6)> + |f(7)>)
and the Fourier transform maps a to
|5> => 1/81/2(1 * |0> + exp(i20pi/8) * |2> + exp(i30pi/8) * |3> + … + exp(i70pi/8) * |7>)
Suppose the period of the function P = 2. Then f(0) = f(2) = f(4) = f(6), and f(1) =
f(3) = f(5) = f(7). We can mix the states of registers a and b with this uniform
superposition:
ab: 1/8(|0, f(0)> + |1, f(1)> + |2, f(2)> + |3, f(3)> + |4, f(4)> + |5, f(5)> + |6, f(6)> +
|7, f(7)>)
where |0, f(0)> means |0>|f(0)>.
Applying the transformation to both registers together, we have
ab’: ½|0>[(|f(0)> + |f(1)>] +
1/8|1>({f(0>[1 + exp(i2pi2/8) + exp(i2pi4/8) + exp(i2pi6/8)] +
f(1)>[exp(i2pi1/8) + exp(i2pi3/8) + exp(i2pi5/8) + exp(i2pi7/8)]} +
1/8|2>({f(0>[1 + exp(2i2pi2/8) + exp(2i2pi4/8) + exp(2i2pi6/8)] +
f(1)>[exp(2i2pi1/8) + exp(2i2pi3/8) + exp(2ipi5/8) + exp(2i2pi7/8)]} +
1/8|3>({f(0>[1 + exp(3i2pi2/8) + exp(3i2pi4/8) + exp(3i2pi6/8)] +
f(1)>[exp(3i2pi1/8) + exp(3i2pi3/8) + exp(3i2pi5/8) + exp(3i2pi7/8)]} +
1/8|4>({f(0>[1 + exp(4i2pi2/8) + exp(4i2pi4/8) + exp(4i2pi6/8)] +
f(1)>[exp(4i2pi1/8) + exp(4i2pi3/8) + exp(4i2pi5/8) + exp(4i2pi7/8)]} +
1/8|5>({f(0>[1 + exp(5i2pi2/8) + exp(5i2pi4/8) + exp(5i2pi6/8)] +
f(1)>[exp(5i2pi1/8) + exp(5i2pi3/8) + exp(5i2pi7/8) + exp(5i2pi7/8)]} +
1/8|6>({f(0>[1 + exp(6i2pi2/8) + exp(6i2pi4/8) + exp(6i2pi6/8)] +
f(1)>[exp(6i2pi1/8) + exp(6i2pi3/8) + exp(6i2pi5/8) + exp(6i2pi7/8)]} +
1/8|7>({f(0>[1 + exp(7i2pi2/8) + exp(7i2pi4/8) + exp(7i2pi6/8)] +
f(1)>[exp(7i2pi1/8) + exp(7i2pi3/8) + exp(7i2pi7/8) + exp(7i2pi7/8)]}
Since the complex amplitudes with difference of pi cancel each other out, all the
remaining amplitudes can be summed up from constructive interference as
15
ab’:½[ |0, f(0)> + |0, f(1)> + |4, f(0)> + exp(ipi * |4, f(1)>]
Now, when the a register is measured at this point, the possible values will be
0, 2q/P, 2*2q/P, 3*2q/P,…, (P – 1)2q/P
where q is the number of qubits used, and P is the period of the function.
In the above example, the only possible values in register a is either 0 or 4. Thus
it can be deduced easily from 4 = 23/P that
4P = 8 => P = 2
After the iteration of the algorithm, the measured value in register a is m(2q/P),
where m = 0, 1, 2, 3, …, P – 1. The probability the the measured value in register
a has P/m not reducible is the highest among all possible returned values. So, in
the case where P > 2, and there are multiple values returned from measuring
register a, the period P can be deduced by iterating the process a few times and
measuring the same result with high frequency.
16
References:
Berman, Doolean, Mainieri, Tsifrinovich, “Introduction to Quantum Computers”,
World Scientific, 1998
Silverman, “A Friendly Introduction to Number Theory”, Prentice Hall, 1997
Williams, Clearwater, “Exploration in Quantum Computing”, Springer, 1997
Stinson, “Cryptography, Theory and Practice”, CRC Press, 1995
17
