Quantum Computer - Physics, Computer Science and Engineering
advertisement
An Introduction to Quantum
Computing
GOSN203 (AI); GOSN204 (OS)
Professor John FULCHER
Christopher Newport University
April 2004
…the story so far:
References:
* E. Riefel & W. Polak (2000) “An Introduction to
Quantum Computing for Non-Physicists” ACM
Computing Surveys 22(3) 300-335 * HANDOUT#1
* J. Mullins (2002) “Making Unbreakable Code” IEEE
Spectrum May 40-45. * HANDOUT#2
http://www.pcs.cnu.edu/~mzhang/PCS450_550/Quan
tumComp1(2).ppt (Lecture Notes: MS-PowerPoint)
C. Bennett, G. Brassad & A. Ekert (1992) “Quantum
Cryptography” Scientific American 267(4) 26-33
C. Williams & S. Clearwater (1998) Explorations in
Quantum Computing Springer (+ CDROM –
Mathematica)
Key Quantum Phenomena
Key Quantum Computing Phenomena:
1. Superposition of all possible states
simultaneously. Hence an n-Qubit memory
register can exist in a superposition of all 2n
possible configurations: |f> = a|0> + b|1>
i.e. a Quantum Computer = a massively parallel
computer (however, it is impossible to observe
these parallel computations individually).
Key Quantum Phenomena
Key Quantum Computing Phenomena:
2. Interference – since a QC can work on
several classical inputs at once, they can
interfere with/influence one another (either
constructively or destructively):
|f> = |0 1> + |1 0>
a net computational state that reveals a
joint/collective property of all the computations i.e.
quantum parallelism.
Key Quantum Phenomena
Key Quantum Computing Phenomena:
3. Entanglement – 2 or more Qubits emerge from an
interaction in a definite joint quantum state that
cannot be expected in terms of a product of definite
individual quantum states: |f> = |0 1> + |1 0>
Moreover, they retain a lingering, instantaneous influence on
each other, irrespective of their distance of separation
quantum teleportation (for which there is no classical
counterpart!); quantum factoring relies on entanglement to
create a repeating sequence of numbers whose period
reveals the factors of a large integer.
Key Quantum Phenomena
Key Quantum Computing Phenomena:
4. Non-determinism = inability to predict the
quantum state into which a superposed state
will collapse upon being measured
quantum key distribution, which relies on nondeterminism to guarantee that any eavesdropping
will be detected.
Key Quantum Phenomena
Key Quantum Computing Phenomena:
5. Non-clonability, since it is impossible to
copy an unknown quantum state exactly
(Heisenberg Uncertainty Principle).
It is impossible to measure pairs of quantities
simultaneously (e.g. position & momentum)
quantum cryptography relies on non-clonability to
guarantee security.
Key Quantum Phenomena
Key Quantum Computing Phenomena:
6. Non-locality: quantum teleportation relies
on non-locality (as well as entanglement) to
disassemble and re-assemble the quantum
state to be teleported.
Key Quantum Phenomena
Key Quantum Computing Phenomena:
7. reversible: and thus no power dissipation:
H |in> = |out>; H -1 |out> = |in>
An operation is logically reversible if it can be
undone (run backwards) – i.e. if its inputs can
always be deduced from the outputs.
cf. classical computations, which are irreversible &
thus dissipative.
Quantum Spin States
2-state quantum system used to encode a
Qubit:
The (solid) angle between the vector & the
vertical axis (= phase) is determined by the
relative contributions of the |y0> and |y1>
(eigen)states
Q: Where’s the power in QCs?
A: Superposition
Superposition = simultaneous existence in many states,
not just |0>
and
|1>
but:
q
Qubit: phase = (solid) q
magnitude = c0|0> + c1|1>
where probabilities |c0|2 + |c1|2 = 1 (i.e. 100%)
& |ci| = sqrt (xi2 + yi2) (i.e. complex numbers)
Quantum Gates
Any quantum computation can be reduced to a sequence of 1 and 2
qubit operations:
H |in> = H1 H2 H3 .... Hn |in>
Conventional operations: NOT , AND
Quantum operations:
qNOT , CNOT
NOT
CONTROLLED
NOT
IN OUT
IN OUT
|0|1 |00|00
|1|0 |01|01
|10|11
|11|10
+Phase shifts
Quantum Gates
e.g. a root(NOT) gate:
|input>
|output> = NOT |input>
rootNOT
rootNOT
superposition of bits
(thus unlike any classical gate)
Walsh-Hadamard Gate
e.g. if we apply the WH-gate to each of n
qubits individually, we obtain the
superposition of the 2n numbers that can
be represented in n bits.
Thus we can effectively load exponentially
many (2n) numbers into a quantum computer
using only polynomial many (n) basic gate
operations.
Controlled-NOT Gate
A particular 2-qubit gate is of paramount
importance in quantum computing, & this
is the controlled-NOT gate:
UCN|00> = |00>
UCN|01> = |01>
UCN|10> = |11>
UCN|11> = |10>
|x>
|x>
|y>
|x xor y>
ie. apply NOT to (flip) second bit if first qubit = 1.
Controlled-NOT Gate
NOTE that this operation involves no
measurements whatsoever – i.e. we do
not need to measure qubits in order to
bring about “controlled” operations.
|x>
|y>
|x>
|x xor y>
xor:
control
1 0 1 not
01 1
Universal Quantum Gates
Universal Gates: the (infinite) set of all 1-qubit
rotations, together with the controlled-NOT gate,
is enough to achieve any imaginable quantum
computation.
i.e. we can perform any quantum computation
by connecting just 1-qubit rotation gates and
controlled-NOT gates (cf. any classical
computation can be realized using just AND and
NOT gates)
Barenco (1995) and DiVincenzo (1995) independently
showed that a 2-qubit gate is universal for quantum
computation.
Reversible Computation
Quantum realizations of sets of reversible
gates which are universal for all Boolean
circuits.
Recall that a quantum circuit is composed of
quantum wires & elementary quantum gates;
each wire represents a path of a single qubit
& is described by a state in the 2D Hilbert
Space C2.
Quantum Calculus
A Hilbert Space is a mathematical model
for representing state space vectors.
The state of a quantum system can be
described by a column vector (|y> “ket”)
in a Hilbert Space of wave functions.
As the system evolves, its state vector rotates
with its base anchored to the origin of the
axes.
Tensor Products
Systems of more than one qubit need a
Hilbert Space which captures the
interaction (entanglement) of the qubits.
A 2-qubit system can be represented by a
unit vector in the tensor product of 2
copies of C2 (i.e. the space C2 C2).
Quantum Calculus
In general, a system containing exactly n >= 2
qubits is represented by n copies of C2 tensored
together. Thus the state space is 2n-dimensional.
Now in contrast to a classical system, which can
be completely defined by describing the state of
each individual component, in a quantum
system, the state cannot always be described by
considering only the component pieces.
Entangled States
e.g. the state 1/root(2)(|00> + |11>)
cannot be decomposed into separate
states for each of the 2 qubits.
i.e. we cannot express this state as a tensor
product of two single qubits.
A state that can’t be expressed as a tensor
product is called an entangled state.
Not covered in lectures…
Quantum Memory Registers
Quantum Error Correction
Symmetry, entanglement, “ancilla” qubits
(Shor)
Fault tolerant (Quantum) Computers
[ref. Handout#1, references]
This Lecture…
Quantum Algorithms
Quantum Key Distribution
(Teleportation)?
Quantum Computer Hardware
QC Applications (OS; AI)?
Quantum Parallelism
The principal advantage of a quantum
computer over a classical computer is that
it can use a technique called quantum
parallelism to compute certain joint
properties of several superposed
computations
(several answers to different classical
computation) in the time it takes a classical
computer to find just one of these answers…
Quantum Parallelism
…moreover, the quantum computer can do
this without needing to reveal the answer
to any one of those computations
individually.
This gives the quantum computer the
potential to be vastly more efficient than a
classical computer at certain
computational tasks.
Quantum Algorithms
1. The Deutsch-Jozsa problem: Is a boolean
function f:{0,1} {0,1} even (i.e. always gives
the same output) and/or balanced (gives one
output on half of the inputs, & another output
on the other half)?
Exploits superposition without need for measurement
2. Simon (1994): a quantum memory register
could be used to evolve into a superposition
representing the Fourier Transform.
Measurement sample period (of sines, cosines)
Quantum Algorithms
3. Shor (1994): factoring of large composite
integers can be achieved by finding the period
(= QC’s “killer app”lication)
exploits a technique similar to Simon’s Fourier
Transform sampling.
4. Grover (1996) showed that unstructured
search can be solved with bounded probability in
O(rootN) on a Quantum Computer.
1. Deutsch-Joza Problem
The Deutsch-Jozsa problem: Consider a
boolean function f :{0,1} -> {0,1}.
Is f(0) = f(1) or f(0) not= f(1)?
Classical test: 2 computations & 1
comparison.
Can we do better on a QC? Yes!
The key to a Quantum Computer solution is
that we do not need to actually calculate f(x),
simply determine whether they are the same.
1. Deutsch-Joza Problem
Suppose we possess a quantum “black
box” which computes ‘f’ (a big if!)
Consider the transformation Uf which applies
to 2 qubits |x> and |y> and produces |x>|y
mod2 f(x)).
This transformation flips the second bit if f
acting on the first bit is 1, & does nothing if f
acting on the first qubit is 0.
1. Deutsch-Joza Problem
Now since the black box is “quantum”, we
can choose the input state to be a
superposition of |0> and |1>, say
1/root2(|0>+|1>) and 1/root2(|0>-|1>)…
Perform a measurement that projects the first
qubit onto the basis 1/root2(|0>+|1>),
1/root2(|0>-|1>)
we will obtain 1/root2(|0>+|1>) if the
function is balanced, 1/root2(|0>-|1>) if not.
1. Deutsch-Joza Problem
We can achieve this because a quantum
computer can be in a blend of states: we
can compute f(0) and f(1), but more
importantly, extract information about f
which tells us whether f(0) is equal to f(1)
or not.
1. Deutsch-Joza Problem
Solution of the Deutsch-Jozsa problem on
a quantum computer:
Step#1. Initialize the 2-qubit
register in the state |0>|1>.
Step#2. Apply the Walsh-Hadamard
operation W to each qubit: |0>|1>
1/root2(|0> + |1>) superimposed with
1/root2(|0> - |1>)
1. Deutsch-Joza Problem
Solution of the Deutsch-Jozsa problem on
a quantum computer:
Step#3. Apply the operation U
(which requires f to be evaluated once
only): 1/root2(|0> + |1>) superimposed
with 1/root2(|0> - |1>) 1/root2((1)f(0)|0> + (-1)f(1)|1>) superimposed with
1/root2(|0> - |1>)
1. Deutsch-Joza Problem
Solution of the Deutsch-Jozsa problem on
a quantum computer:
Step#4. Apply the operation V
(which does not require f to be
evaluated): 1/root2((-1)f(0)|0> + (1)f(1)|1>) superimposed with 1/root2(|0>
- |1>) 1/root2((-1)f(0)+(-1)f(1)|0> + (1)f(0)-(-1)f(1)|1>) superimposed with
1/root2(|0> - |1>)
1. Deutsch-Joza Problem
Solution of the Deutsch-Jozsa problem on
a quantum computer:
Step#5. Measure the bit value in
the first qubit:
If it is 0, f(0) = f(1);
If it is 1, f(0) not= f(1).
1. Deutsch-Joza Problem
NOTE: in essence, this quantum algorithm
exploits superposition and interference to
extract a joint property of both function
values – f(0) and f(1) – without having to
calculate either function value explicitly.
2. Fourier Transform on QC
Any mathematical function can be
described as a weighted sum of certain
basis (elementary) functions such as sines
& cosines (or real & imaginary exponential
functions): sin(x), sin(2x), …cos(x),
cos(2x)…(the more terms, the better the
approximation) Fourier Series
recall eiq = cos q + i sin q (circle)
2. Fourier Transform on QC
Fourier series = (integral) representation
of continuous (linear) functions
Discrete Fourier Transform for sampled
functions Fast Fourier Transform (= a
more efficient algorithm – 2n terms)
In Digital Signal Processing, the FFT
transforms a signal from the time-domain to
the frequency domain (& Inverse FFT from fdomain to t-domain)
2. Fourier Transform on QC
Observation: if a time-varying signal is
very spiky, this means it can be
represented by just a few sines & cosines,
with precisely defined periods.
2. Fourier Transform on QC
D. Simon (1994): a quantum computation
could cause the state of a quantum
memory register to evolve into a
superposition representing the Fourier
Transform.
By reading this memory register, we would
most likely obtain a result corresponding to
where the probability amplitude was most
highly concentrated – i.e. where the Fourier
Transform is most strongly spiked.
2. Fourier Transform on QC
Thus a quantum measurement returns a
sample from the Fourier Transform, which
provides us with some information about
the periodic sine & cosine functions which
make up our original function.
3. Shor’s Factoring Algorithm
P. Shor (AT&T) was wanting to demonstrate that
a quantum computer could be used to solve a
real problem, as opposed to the contrived
problems demonstrated up to that time (mid
1990s).
Shor: if you can relate the (real) problem of
finding the factors of a large composite integer
to that of finding the period, then you can
exploit a technique similar to Simon’s sampling
of a FT.
3. Shor’s Factoring Algorithm
Shor (1994) showed that a quantum
computer could be used to factor a large
integer super-efficiently.
This was big news, especially in security &
banking circles (since all of a sudden RSA
public cryptography is rendered eminently
breakable)!
3. Shor’s Factoring Algorithm
Multiplying large prime numbers together is
computationally easy: e.g. 127 * 229 = ?
By contrast, no conventional (classical)
polynomial algorithm exists for factoring large
prime numbers (exhaustive search only)
(in fact it is thought to be practically impossible)
hence used as the basis for (RSA) public key
cryptography. e.g. ? * ? = 29,083
& this is only for five digits – imagine 400, say!
3. Shor’s Factoring Algorithm
Classical Factoring Algorithms:
The time required to find the factors is
strongly believed (but has never been proved)
to be superpolynomial in log(n); i.e. as n
increases, the worst case time grows faster
than any power of log(n).
Quadratic Sieve was the best known
technique in 1997 (network of 1,000
workstations).
3. Shor’s Factoring Algorithm
Shor’s exciting new result was that a
quantum computer could factor in
polynomial time – O[(ln n)3] factoring
of a 400-digit number in under 3 years (cf.
1010 years on a classical computer)!
3. Shor’s Factoring Algorithm
Public Key Cryptography (RSA)
P1 P2 C
[easy] : t = P(N)
C P1 P2
[hard] : t = exp(N)
Eg: Factorization of a 129-digit number
(RSA-129) ~2000 computers processing for 8 months
Shor’s Algorithm - Finds prime factors
Peter Shor (AT&T Bell Labs, 1994)
C P1 P2
[easy] : t = P(N)
With a QC could solve RSA-129 in
seconds!
3. Shor’s Factoring Algorithm
Shor’s quantum factoring algorithm relies
on a result from number theory that
relates the period of a particular periodic
function to the factors of an integer:
Given a number n, choose a related function
fn(a) = xa mod n, such that the Greatest
Common Divisor of x and n = 1.
Both mod & GCD can be computed efficiently
(even on a classical computer).
3. Shor’s Factoring Algorithm
Step-1: pick a number q such that 2n2 =<
q =< 3n2.
Step-2: pick a random integer x whose
Greatest Common Divisor with n is 1.
3. Shor’s Factoring Algorithm
Step-3: repeat the following steps (a)
through (g) about log(q) times, using the
same random number x each time:
(a) create a quantum memory register, &
partition the qubits into two sets called
register1 & register2,
3. Shor’s Factoring Algorithm
Step-3: repeat the following steps (a)
through (g) about log(q) times, using the
same random number x each time:
(a) create a quantum memory register, &
partition the qubits into two sets called
register1 & register2,
(b) load register1 with all integers in the
range 0 to q-1, & load register2 with all
zeroes,
3. Shor’s Factoring Algorithm
Step-3: repeat the following steps (a) through
(g) about log(q) times, using the same random
number x each time:
(a) create a quantum memory register, & partition the
qubits into two sets called register1 & register2,
(b) load register1 with all integers in the range 0 to q1, & load register2 with all zeroes,
(c) now compute, in quantum parallel, the function xa
mod n of each number in register1, & place result in
register2.
3. Shor’s Factoring Algorithm
Step-3: repeat the following steps (a)
through (g) about log(q) times, using the
same random number x each time:
(d) measure the state of register2, obtaining
some result k. This has the effect of
projecting out the state of register1 to be a
superposition of just those values of a such
that xa mod n = k,
3. Shor’s Factoring Algorithm
Step-3: repeat the following steps (a)
through (g) about log(q) times, using the
same random number x each time:
(d) measure the state of register2, obtaining
some result k. This has the effect of
projecting out the state of register1 to be a
superposition of just those values of a such
that xa mod n = k,
(e) next compute the Fourier Transform of the
projected state in register1,
3. Shor’s Factoring Algorithm
Step-3: repeat the following steps (a)
through (g) about log(q) times, using the
same random number x each time:
(f) measure the state of register1. This
effectively samples from the Fourier
Transform and returns some number c’ that is
some multiple l of q/r, where r is the desired
period; i.e. c’/q ~ l/r for some positive integer
l.
3. Shor’s Factoring Algorithm
Step-3: repeat the following steps (a) through
(g) about log(q) times, using the same random
number x each time:
(f) measure the state of register1. This effectively
samples from the Fourier Transform and returns some
number c’ that is some multiple l of q/r, where r is
the desired period; i.e. c’/q ~ l/r for some positive
integer l.
(g) to determine the period r, we need to estimate l.
This is accomplished using a continued fraction
technique.
3. Shor’s Factoring Algorithm
Step-4: by repeating steps (a) through (g)
we create a set of samples of the Discrete
Fourier Transform in register1. This gives
samples of multitudes of 1/r as l1/r, l2/r,
l3/r…for various integers li.
After a few repetitions of the algorithm, we
have enough samples of the contents of
register1 to compute what li must be and
hence to guess r.
3. Shor’s Factoring Algorithm
Step-5: when r is known the factors of n
can be obtained from GCD(xr/2 – 1,n) and
GCD(xr/2 + 1,n).
(Greatest Common Demoninator)
4. Grover’s Search Algorithm
Generally speaking, a solution search
space has no special structure, which
prevents the development of efficient
algorithms.
e.g. (structured): you know someone’s name find their telephone number in the city’s
directory.
e.g. (unstructured): you know someone’s
telephone number – find their name!
4. Grover’s Search Algorithm
In order to search a simple unstructured
file, a computer would have to run
through, on average, half of the data to
locate an x satisfying P(x).
No shortcuts are possible, thus randomly
testing the predicate P is the best strategy
that can be adopted on a conventional
computer O(N) for a search space = N
(omitting time to test P)
4. Grover’s Search Algorithm
Now while no shortcuts are possible on a
conventional computer, we can do much
better on a quantum computer.
Grover (1996) showed that unstructured
search can be solved with bounded probability
in O(rootN) on a Quantum Computer.
4. Grover’s Search Algorithm
Now whilst the resulting speedup of our
undirected search of a city’s telephone
directory (i.e. O(N) O(rootN)) is not
particularly dramatic, it is in the case of
data encryption.
Consider the Data Encryption Standard:
enciphering & deciphering are both
accomplished using a 56-bit key, known only
to the legitimate sender & receiver.
4. Grover’s Search Algorithm
The goal of an eavesdropper, having
intercepted matching pairs of plain and
cipher text, is to find the key that maps
one onto the other.
This problem can be described as a “virtual
phone directory”, in which each possible key is
a “name”, and the enciphered text the
corresponding “phone number”.
4. Grover’s Search Algorithm
An exhaustive search would try 255 keys before
hitting the correct one, which would take over a
year even if 1 billion keys are checked every
second (on a conventional computer)!
By comparison, Grover’s algorithm can solve the
problem, after quantum-DES enciphering the
known clear text in just 185 million times.
Thus in principle, Grover’s algorithm can be used to
break classical cryptographic systems such as DES!
4. Grover’s Search Algorithm
Grover’s algorithm searches an
unstructured list of size N to find one item
satisfying a given condition.
Let n be such that 2n >= N.
Assume the predicate P is implemented by
a quantum gate UP|x,0> -> |x,P(x)>,
where “true” is encoded as 1.
4. Grover’s Search Algorithm
Step-1: start with an equally weighted
superposition of all N = 2n possible
indices.
Any one of which could be the target entry in
the quantum “telephone directory”.
4. Grover’s Search Algorithm
Step-1: start with an equally weighted
superposition of all N = 2n possible indices.
Any one of which could be the target entry in the
quantum “telephone directory”.
Step-2: Pick an (almost) arbitrary unitary
operator. The operator has to have some nonzero overlap between the starting state and the
target.
The easiest way to ensure this is to pick an operator
with no zero entries in its unitary matrix.
4. Grover’s Search Algorithm
Step-3: construct a special amplitude-
amplification operator Q from the
quantum “telephone directory” oracle and
the arbitrary unitary operator.
4. Grover’s Search Algorithm
Step-3: construct a special amplitude-
amplification operator Q from the
quantum “telephone directory” oracle and
the arbitrary unitary operator.
Step-4: Iterate Q about (p/4)rootN times
starting with the state U|s> and then
measure.
The measurement outcome is the target
index, with probability ~1 (i.e. near certainty).
4. Grover’s Search Algorithm
Grover’s algorithm is optimal up to a
constant factor; no quantum algorithm
can perform an unstructured search faster.
4. Grover’s Search Algorithm
If there is only a unique xo such that P(xo)
is true, then after (p/8)2n/2 iterations of
steps 2 through 4 the failure rate is ½.
After iterating (p/4)2n/2 times the failure rate
drops to 2-n.
However additional iterations will increase the
failure rate!
e.g. after (p/2)2n/2 iterations, the failure rate is
close to 1.
4. Grover’s Search Algorithm
This is an important feature of many
quantum algorithms, & has little
counterpart in conventional computers.
ie. repeating quantum procedures may
improve results for a while, but after some
repetitions the results will get worse
again!
4. Grover’s Search Algorithm
Quantum procedures are unitary
transformations, which are rotations of complex
space; repeated applications of a quantum
transform may rotate the state closer & closer to
the desired state for a while, but eventually it
will rotate past the desired state & get further &
further away from it.
Thus to obtain useful results from a repeated
application of a quantum transformation, it is
paramount to know when to stop!
Quantum Key Distribution
Relies on Quantum Mechanical effects:
Heisenberg Uncertainty Principle precludes
exact, simultaneous measurements.
Polarization: according to Quantum Theory, a
single photon passing through a polarizer will
either emerge with its electric field oscillating
in the desired plane, or not at all.
NOTE: here quantum states = light (photon)
polarizations, rather than spin states.
Quantum Key Distribution
Encoding a (0 0 1 …) bit stream within a
stream of polarized photons:
Vertically polarized photons
Horizontally polarized photons
Calcite (birefringent) Crystal
Quantum Key Distribution
But what happens when diagonally
polarized light passes through verticallyoriented calcite, say?
The Heisenberg Uncertainty Principle says
that some photons will have their
polarizations shifted and some won’t,
depending on the angle of their axis relative
to the calcite crystal’s.
Quantum Key Distribution
In order to read the encoded bit stream,
we need to measure the polarization of
each photon.
However if we choose the wrong orientation
(axis) with our calcite crystal detector, then
we only have a 50:50 chance of getting the
correct answer.
Quantum Key Distribution
But can we measure both the rectilinear
(0o/90o) and the diagonal (45o/135o)
polarizations (say) simultaneously?
NO! because any attempt to measure one
polarization necessarily perturbs (in fact
randomizes) the other polarization
(Heisenberg)
i.e. attempted eavesdropping will disturb the
encoded bit pattern & become immediately
obvious to both sender & receiver.
Quantum Key Distribution
Alice & Bob want to establish a secret key
A chooses a random sequence of bits out
of which she & B will construct a key.
Initially neither A nor B has a particular key in
mind; it will emerge out of the communication
protocol they use.
Thus the exact bit sequence is not important
– all that matters is that they & only they
come to learn the common (private) bit
subset = key.
Quantum Key Distribution
Quantum Key Distribution in the absence
of eavesdropping:
Alice & Bob need to first agree on (a) the
probability of detecting eavesdropping & (b)
the number of key bits #photons - e.g.
75% & 4-bits A:
11111001010 00 01000 0100000 01011
x + x x x x x + x x + + + + x x + + x ++ x x + + x x + x x
\ - \ \\// -/ \ | | | | \/ | |/ - |// | | / \ |\\
row#2: + rectilinear x diagonal polarizations
row#3: open communications channel
Quantum Key Distribution
Quantum Key Distribution in the absence
of eavesdropping:
Upon receipt of the photons, Bob chooses an
orientation for his calcite crystal (row#2) with
which he measures their polarization B:
\ - \ \ \/ / -/ \ | | ||\ /| |/ - | / /|| / \ |\ \
+ + x + x x + x + x + + x x+ x x + x + x ++ + x + x + x +
0 11110 00110 001000001111 011101 0
row#3: reconstructed bit stream
Quantum Key Distribution
Quantum Key Distribution in the absence
of eavesdropping:
Now Alice & Bob enter into a public (insecure)
communication in which A divulges to B the
polarizer orientation of a subset of bits;
likewise B divulges to A the calcite
orientations he used to decode the same set
of bits
Quantum Key Distribution
Quantum Key Distribution in the presence
of eavesdropping:
(i) Alice encodes her bits into a stream of
polarized photons (as previously)
(ii) Eve(sdropper) intercepts/measures these
photons, just as Bob did previously:
row#1 = (polarized) photons;
row#2 = calcite orientations;
row#3 = (encoded) bits
Quantum Key Distribution
Quantum Key Distribution in the presence
of eavesdropping:
(iii) Eve retransmits photons to Bob, using any
polarizer orientations
(but most likely the same sequence she used
during decoding)
(iv) B, unaware of E’s presence, decodes the
polarized photon stream in the usual manner.
Quantum Key Distribution
Quantum Key Distribution in the presence of
eavesdropping:
(iv) B, unaware of E’s presence, decodes the polarized
photon stream in the usual manner.
(v) A & B now compare orientations of their polarizer
& calcite crystals with measured (decoded) bit values,
on a subset of the photon/bit stream:
where they agree on polarizer orientation, they should also
agree on the measured/decoded bit; where they don’t agree,
then this reflects the presence of (an) E!
Teleportation
The fictional version of teleportation (= a
3-stage process):
(i) dissociation
(ii) information transmission
(iii) reconstitution
Teleportation
In contrast with a fax transmission, where the
original object remains intact at the transmitter
location & only a replica (facsimile) is
constructed at the receiver location,
with teleportation, the original object is
destroyed once the necessary information is
extracted,
& moreover an exact replica is reconstructed at
the receiver destination!
Teleportation
Quantum teleportation is the transmission
of quantum information to a distant
location.
The objective is to transmit the quantum
state of a particle using classical bits, then
reconstruct the quantum state at the
receiver.
i.e. is it possible to send qubits without
sending qubits?!
Teleportation
Let’s assume that Alice wishes to
communicate (through classical channels)
with Bob a single qubit of unknown state
j = a|0> + b|1>
A can neither measure this quantum state
nor clone it.
It would appear the only way to send B the
qubit would be to either send him the physical
qubit, or to swap the state into another
quantum system, then send this system to B.
Teleportation
Alice & Bob use an entangled pair:
y0 = 1/root(2)(|00> + |11>);
A controls the first half of the pair & B the
second.
Teleportation
The input state is j
y0 =
= (a|0> + b|1>)
1/root(2)(|00> + |11>)
= 1/root(2)(a|0>
|00> + a|0>
|11> …
= 1/root(2)(a|000> + a|011> + b|100> +
b|111>)
Teleportation
Alice now applies the transformation:
(H
I
I)*(CNOT
I)
to this state (i.e. j
y0)
The third bit is left unchanged; only the
first two bits belong to A – the rightmost
bit belongs to B.
Teleportation
Applying (H
…
½(a(|000> + |110> + |011> + |111>) +
b(|010> - |110> + |001> - |101>))
I) we have:
1/root(2)H
I
I(a|000>+a|011>+b|110>+b|101>)
I
& by regrouping terms
½(|0>(a(|0> + b|1>) + |01>(a|1> + b|0>)
+ |10>(a|0> - b|1>) + |11(a|1> - b|0>)))
Teleportation
Alice then measures her qubits, obtaining
four possible results: |00>, |01>, |10> or
|11>, with equal probability (¼).
Depending on the result of the
measurement, the quantum state of Bob’s
qubit is projected to a|0>+b|1>,
a|1>+b|0>, a|0>-b|1>, a|1>-b|0>,
respectively.
Teleportation
Bob will know what has happened, & can
apply the decoding transformation T e
{I,X,Y,Z} to fix his qubit.
The final output state is j = a|0> + b|1>,
which is the unknown qubit that Alice
wanted to send.
Teleportation
e.g.
received bits statetransformation result
00 a|0> + b|1> I
a|0> + b|1>
01 a|1> + b|0> X
a|0> + b|1>
10 a|0> - b|1> Z
a|0> + b|1>
11 a|1> - b|0> Y
a|0> + b|1>
Hardware Quantum Computers?
Dreaming up a quantum computer
proposal is relatively easy; proposing a
quantum computer that can be easily
constructed is hard!
2 inherent difficulties:
1. is Quantum Mechanics correct?
2. what about decoherence & quantum noise?
(Quantum Error Correction?)
Requirements for Quantum
Computation
1. robustly represent quantum information
(DiVincenzo criteria):
2.
3.
4.
5.
a scalable physical system with wellcharacterized qubits
prepare an initial state
decoherence times >> logic gate times
a universal set of logic operations
high probability readout
strong (projective) measurements
1. Ion Traps
Fluorescence from trapped Be Ions
Hyperfine states and vibrational modes of an atom form qubits
Manipulated by laser pulses
NIST
Main drawback: weakness of phonon mediated spin-spin OXFORD
Coupling, susceptible to decoherence.
LOS ALAMOS
2. Nuclear Magnetic
Resonance (NMR)
•Qubits are Spin of nuclei
•rf pulse perform arbitary rotations
•Coupling between spins is dipolar and hyperfine
•Read-out: ensemble average induction.
Main drawback: Not scalable. Why?
MIT
IBM
LOS ALAMOS
3. Optical QC
•Qubits formed from location between
two modes, or polarisation.
•Single photons are manipulated by
beam splitters, mirrors, phase shifters
and non-linear Kerr media.
•Read-out: Photomultipler.
•Main drawback: Coupling is difficult!
CQCT (UNSW et.al.)
LOS ALAMOS
4. Superconductors
•Charge Qubits
•Flux (SQUID) Qubits.
•Phase Qubits.
NEC
DELFT
Chalmers
Yale et.al.
5. Solid State QCs
Benefits
Metal Electrodes
• Clearly scalable
Insulator
• Compatible with Si MOS
- integrated control electronics
Silicon
• Can borrow Si MOS technology
- material quality
- gate technology
- interconnect architectures
Substrate
20 nanometres
Challenges
• Single spin readout is difficult
• Completely new nanofabrication technologies must be developed
- single donor positioning never done before
CQCT = UNSW
UQ
UMelb
Maryland
Los Alamos
The State of the Art (2002)
qubit
1 qubit
operation
2 qubit
operation
Max Nq
Ion
YES
YES
10 – 100 ?
Atom
YES
YES
10 –100 ?
Optical
Photon
YES
??
??
Superconducting
Flux,
charge
YES
2002 ?
106 ?
Atom
2002 ?
2002 –
2004 ?
109 ?
Implementation
Ion Trap
NMR
Silicon
Quantum Computing Applications
A quantum computer can complete calculations,
such as factorizing large numbers, much faster
than even the most powerful existing
supercomputer, while other potential
applications include determining the properties
of proteins and molecules, and solving
biochemical, biological, environmental, and
climatology problems.
Quantum computers could also decode
practically any encrypted message, though
quantum cryptography itself promises to be
unbreakable.
Quantum Computing Applications
Shor’s prime factorization: encryption
Grover’s Exhaustive Search has many
potential applications, including genomics.
Quantum Simulation: Quantum Chemistry,
drug design, fundamental physics
…etc.
but recall Amdahl’s Law (%Serial +
%Parallel)! i.e. not every problem will benefit
from (or even be suited to) Quantum
Parallelism!
Quantum Computing
Relevance to Operating Systems/Artificial
Intelligence??
OS – security…
AI – quantum parallel search; QNNs…
Quantum Computers
2003/4 news items courtesy of ACM
TechNews weekly postings
Quantum MP3 (10/09/03)
Shepelyansky et.al. (France) believe that a quantum
computer could be capable of storing far more
information than all modern supercomputers by
employing 50 qubits. And it would only take 18 qubits to
encode the voice of HAL 9000, the autonomous
computer from the film "2001: A Space Odyssey," in a
quantum computer's wave function, according to the
researchers.
Real-time audio communications require the reduction or
compression of sound signals, and one form of audio
compression - MP3 - can quickly access the audio-signal
spectrum using a Fast Fourier Transform. Audio signals
could be transmitted even more rapidly through the
Quantum Fourier Transform, the quantum equivalent of
MP3.
Quantum Gate (12/09/03)
Japanese scientists at NEC and the Institute of Physical
and Chemical Research have successfully built a
fundamental element of a quantum computer--a
"quantum gate" that could be a component of the
quantum equivalent of a computer chip. NEC research
fellow Tsai Jaw-Shen reports that the gate can only
function in extremely low temperatures because it relies
on superconductivity, though he hopes that the
operating temperature can be raised to a level more
comparable to that of conventional computers.
He wages that a considerable amount of time must pass
before quantum computers become a reality, and
estimates that only 10 percent of the job has been
accomplished thus far. "The single Qubit [quantum bit]
was completed in 1999 and the two Qubit operation has
been completed this year," Nakamura notes. "But we
have to integrate these two components."
Quantum Cryptography (1/28/03)
Experts believe even the best existing digital security system will
ultimately be defeated by hackers, and the only unbeatable solution
is quantum cryptography, in which the keys used to encrypt and
decrypt data are encoded within light particles so sensitive that
even the slightest attempt to monitor their transmission will change
their encoded state and alert users to the intrusion. Researchers are
hopeful that the encoding of binary bits on photons, electrons, and
other quantum particles will be a reality before 2020, thus enabling
computers to carry out multiple calculations concurrently.
Commercial quantum cryptography products were recently
introduced by Geneva-based id Quantique and New York-based
MagiQ Technologies, while NEC, Hewlett-Packard, Toshiba, and
other large companies are planning to roll out products of their own.
Such products' commercial appeal will be restricted until certain
challenges are met: For one thing, quantum encrypted data sent
over fiber-optic cable has a limited range, and requires computers
directly connected to each other. Quantum repeaters are also
required to expand transmission range and make quantum
encryption workable in a networking environment, and both NEC
and Hewlett-Packard are pursuing this goal. Wireless quantum key
transmission is also being developed in Europe and the US.
Quantum Hacking (11/29/03)
Quantum communication has long been publicized as completely hack-proof, but
quantum hacking is an area of research that engineers are exploring in parallel with
the development of true quantum networks--and they are uncovering possible
exploits that quantum encryption designers never anticipated. "The models that tell
us quantum cryptography is hot stuff are drastically simplified," explains Harvard
University's John Myers. Quantum communication encryption's basic incarnation is
the BB84 scheme devised by IBM's Charles Bennett and the University of Montreal's
Gilles Brassard, in which a message sender (Alice) and receiver (Bob) use both a
public link and a quantum communication link to set up a secret quantum key used to
encrypt messages that an eavesdropper (Eve) cannot guess without being detected,
since Eve's measurement of Alice's photons disturbs their quantum state. However,
engineers have found several practical techniques that eavesdroppers could use to
correctly guess the key: In a photon number-splitting attack designed by Nicolas
Gisin of the University of Geneva, Alice's laser accidentally releases two or three
photons instead of just one, and Eve diverts and measures these extra photons
without Alice and Bob knowing. In another quantum hack, known as a frying attack,
Eve sends an intense pulse of laser light into Bob's 1 photon detector, rendering it
inoperative and making Bob capable of only receiving 0s; Alice and Bob's key will
therefore be all 0s, which means that their data will be unencrypted without their
realizing it. "In general, I do not think that a real quantum cryptography system will
ever be 100 percent secure, because a real system will always implement an
approximation of the theorist's system," states Gisin. Military and intelligence
agencies as well as financial firms are employing commercial quantum
communication products, but establishing secure quantum communication in a public
Internet is a more complex proposition, especially since there is such a wide variety
of quantum communication schemes.
Topological QCs (1/24/04)
A quantum computer carries such promised capabilities as ultrafast
database searches and a "virtual lab" where the behavior of materials can
be predicted without actually fabricating them, but a practical quantum
computer must be immune to decoherence, in which computations are
undone because even the slightest disturbance results in data leakage.
Microsoft Research's Alexei Kitaev and Michael Freedman, along with
Zhenghan Wang and Michael Larson of Indiana University, may have solved
the problem with their outline of a topological quantum computer that could
be constructed out of existing technology. The operating principle of the
device is the manipulation of quantum particles--non-Abelian anyons--into
braids that exist in both time and space. These anyons' "world lines" can be
weaved around each other into knots that encode information; this braiding
could be accomplished with an instrument similar to a scanning tunneling
microscope. "The state of the quantum computer is stored in the conserved
charges that the anyons carry," notes Caltech's John Preskill. "Even if you
hit an anyon with a hammer, you can't change that charge, so the state
stored in the computer is quite robust." Bringing the anyons together in
pairs allows topological charges to be read off: Those with equal and
opposite charges annihilate each other, creating a "0" output, and those
with unbalanced charges merge into a new anyon, resulting in a "1" output.
The topological quantum computer is still speculative, since the existence of
non-Abelian anyons has yet to be proved (sic!).
QC Hardware? (Feb’04)
Start-ups MagiQ Technologies and ID Quantique announced
quantum cryptography hardware late last year, but most enterprise
networks will not be able to take advantage of the technology.
However, the continued development of quantum cryptography over
the next few years is expected to make the advancement more
beneficial to enterprise networks. Quantum cryptography uses
objects that are in different places at one time to create the same
random numbers in two locations, enabling the two identical sets of
random numbers to be used as symmetric encryption keys or onetime pads. The problem of creating and distributing encryption
would be solved because the keys would never be used again.
Nonetheless, dedicated fiber cable is needed for quantum key
distribution through a network, and fully optical switches for
multiplexing entangled photons with ordinary data remain a few
years away. Moreover, repeaters can not be used, prompting MagiQ
to experiment with using Free Space Optics lasers to send photons
through a wireless link. Existing key distribution systems are unable
to distribute a one-time pad, which makes them susceptible to
outright mathematical attacks. A quantum computer could break
encryption that reuses keys, but a working computer will not be
here for decades!!!
