Shor’s Factoring Algorithm David Poulin Institute for Quantum Computing & Perimeter Institute for...

Shor’s Factoring Algorithm

David Poulin

Institute for Quantum Computing&

Perimeter Institute for Theoretical Physics

Guelph, September 2003

Summary

•Some number theory•Shor’s entire algorithm•Quantum circuits•Phase estimation•Quantum Fourier transform•Final circuit

David Poulin, IQC & PI

A bit of number theory

TheoremIf a ±b (mod N) but a2 b2 (mod N)Then gcd(a+b,N) is a factor of N.

Proofa2 - b2 0 (mod N) (a - b)(a+b) 0 (mod N) ( t) [ (a - b) (a+b) = tN ]

gcd(a+b, N) is a non trivial factor of N.

uN vN


Shor’s entire algorithm

N is to be factored:

1. Choose random x: 2 x N-1.2. If gcd(x,N) 1, Bingo!3. Find smallest integer r : xr 1 (mod N)4. If r is odd, GOTO 15. If r is even, a = xr/2 (mod N)6. If a = N-1 GOTO 17. ELSE gcd(a+1,N) is a non trivial factor of N.

Easy

Easy

Easy

Easy

Easy

Easy

Hard


Success probability

TheoremIf N has k different prime factors, probability of success for random x is 1- 1/2k-1.

Add this step to Shor’s algorithm:

0. -Test if N=N’2l and apply Shor to N’ -Compute for 2 j ln2N. If one of these root is integer, apply Shor to this root.

Probability of success ½.

j N

Easy


Basic logical unit: the bit 0 or 1

Universal set: (Not-and, Swap, Copy)

AB Not-and(A B)

A B NAND (A B)

0 0 1

0 1 1

1 0 1

1 1 0

SwapB

A

A

BCopy A

A

A

Classical computing


Classical Quantum

0 or 1

000...0 (0)000...1 (1)…111...1 (2n-1)

1 bit

| + |1 ||2 + ||2=11 qubit

n bits

Measure

b1b2b3...bn

b1b2b3...bn

Measure

12

0

n

ii ic

i with probability |ci|2

Bits and Qubits


12

0

n

ii ic 1

12

0

2

n

iic

n qubits

(|4- |7) = (|0100- |0111)2

12

1

= |01(|00- |11)21

Universal set: (C-not, U(2) on single qubit)

Controlled not:|a

|b

|a|b if a=0|b if a=1

Ex. One qubit gate: H|0 (|0+|1)2

1

|1 (|0-|1)21

Quantum gates


|0

|0

H2

1 (|0|0 +|1|1)

Composing Quantum gates


Use linearity of quantum mechanics.

(|0+ |1) |0 = (|0|0 + |1|0) 21

21

Any classical computation can be made reversibly (one to one) with poly overhead.

Any reversible classical computation can be performedon a quantum computer with poly overhead.

Phase kick back


What are the eigenstates of NOT?

(|0| ± + |1| ± ) 21

|+ = (|0+ |1)21 (|1+ |0) = |+2

1

|- = (|0- |1)21 (|1- |0) = - |-2

1± |±

(|0| ± ± |1| ± ) = (|0± |1) | ±

21

21

|0 H

|±

H

|± = |0+ eix |1

|x s.t. eig. = eix

Phase estimation

In the previous slide, we were able to determine whether was 0 or .Q: Can me determine any ?

A: We can get the best n bit estimation of /2.

|0

|u U |u

Hn

U2 U22U23

U24

|0+ei2 |14

|0+ei |1

… |


12

0

2/2 2

1

nn

c

ixc

ncex F

1 0 ... 1 0 1 0 )....0(2).0(2).0(2 11 nnnn xxixxixi eee

Quantum Fourier Transform

So applying F-1 to | will yield |x that is the best n bitestimation of /2.

1 mod 22 2

0 kn

k

kx

1 0 re whe 2

1

ij

n

j

epp

njnjnj xxx ... .0 1 (binary extension of x/2n mod1)


QFT circuit

We define the gate Rk as a -/2k phase gate.

H|x3 0pR1 R2 R3

|x2 1p

|x1 2p

H|x0 3p

H R1 R2

H R1

Note: H = R0


njnjnj xxx ... .0 1

Multiplication

1

0

/2 mod r

j

jrikjk Nae

Consider UN,a : |x |ax mod N. Then,

are eigenstates of UN,a with eigenvalues

for k = 1,...,r

rike /2

r

j

jrjikr

j

jrikjk NaeNae

1

/)1(21

0

1/2 mod mod UN,a

mod 1

0

/2/2

r

j

jrikjrik Naee

If we could prepare such a state, we could obtain anestimation of k/r hence of r. It requires the knowledge of r.



Multiplication

Nae jrikjr

k

r-

j

r

kk mod /2

1

1

01

Consider the sum

01

/2 j

r

k

rikje

Since

The state |1 is easy to prepare. In what follows, weshow that it can be used to get an estimation of k/rfor random k.

1

|0

|1 U

Hn

U2 U22U23

U24N,a N,a N,a N,a N,a

Make measurement here to collapse the state to arandom |k : get an estimation of k/r for random k.

m

This measurement commutes with the Us so we canperform it after.

m

This measurement is useless! No knowledge of r is needed!

F-1 m

Phase estimation


Shor’s Factoring Algorithm David Poulin Institute for Quantum Computing & Perimeter Institute for...

Documents

Transcript of Shor’s Factoring Algorithm David Poulin Institute for Quantum Computing & Perimeter Institute for...