Quantum Algorithms - Centre for Applied Cryptographic Research
Download
Report
Transcript Quantum Algorithms - Centre for Applied Cryptographic Research
Capabilities and limitations
of quantum computers
1 November 1999
ECC ’99
Michele Mosca
[email protected]
What I’m not talking about
Quantum Communication Theory
(reduce the complexity of distributed
computation tasks; ask Alain Tapp)
Quantum Information Security
(quantum key exchange; security
based on uncertainty principle and not
computational assumptions)
Overview
A small computer
A quantum computer
Fast quantum algorithms
Limitations
Are they “realistic”?
Computing Model
Acyclic circuits of reversible gates
0
a
b
a b
0
0
0
a
b
a b
a
b
Information and Physics
Realisations are getting smaller and faster
A small computer
0
NOT
1
A small computer
1
0
1
1
A small computer
0
0
0
1
0
1
A closer look
0
NOT
NOT
1
A closer look
0
1
NOT
1
2
NOT
i
2
0 1
i
2
0 1
1
2
In general
0
0
0
0 000100120103 011
1005101 6 110 7 111
4
In general
0 0001001
20103 011
1005101
6 110 7 111
4
F(x)
0 F000 1 F001
2 F010 3 F 011
F100 5 F101
4
6 F110 7 F111
Quantum computers
Note that it becomes exponentially
difficult (classically) to keep track of an
n-qubit system after t operations, but
to implement quantumly only requires n qubits
and t steps! (Feynman ’82, Deutsch ’85)
Can we exploit this apparent
computational advantage?
Efficient algorithms
(Deutsch ’85) f :{ 0 ,1} { 0 ,1}
a0
Find
f(0)
f
a f(a)
f( 1) using only 1 evaluation of f
(Deutsch, CEMM, Tapp; implemented in
NMR by Jones&M, Chuang et al.)
Bernstein&Vazirani, Simon came up with
relativized separations between P and QP
Efficient algorithms
Shor:
a Z
*
N
a , b GF(p)
Generalisations:
a G
a, b G
r 1
a
Find r .
k
a b Find k .
r 1
a
Find r .
k
a b Find k .
Further generalisation
Hidden Subgroup Problem:
f
: Zn Zn Zn X
1
2
3
K Zn Zn Zn
1
2
3
f(x) f( y) x y K
Find
K
Another algorithm
Hidden Affine Functions:
m
Zp
f :Z
n
p
x
Mx b
Find M using only m evaluations of f
(instead of n+1) (D,BV,CEMM,H,M)
Searching and Counting
f
: X { 0 ,1}
X1 f
1
(1 )
t X1
Find x X 1
Suppose algorithm A succeeds with
t
p
probability p (e.g.
N ).
We can iterate A and f O times to
find such an x .
i.e. SQUARE ROOT speed-p
(Grover, BBHT,BH, ’amplitude amplification’)
1
p
Counting
Estimate
Use only
t X 1 with accuracy
O
1 N
t
applications of f .
(BBHT,BHT,M,BHMT, ‘amplitude estimation’)
(vs.
N
O 2t applications
classically)
Limitations
No luck with:
Square root speed up for serial
algorithms
Graph automorphism/isomorphism
Short vectors in a lattice
NP-complete problems (e.g. minimum
codeword, graph colouring, subset
sum, …)
What about implementations?
1-7 qubits using NMR technology
1-2 qubits using ion traps
1-2 qubits using various other
quantum technologies
Scaling is very hard!
Is the problem technical or
fundamental?
Technical or Fundamental?
Noise, “decoherence”, imprecision are
detrimental
Similar problems exist in “classical” systems
Theory of linear error correction and fault
tolerant computing can be generalised to the
quantum setting (Shor, Steane, etc.)
Using “reasonable” physical models, there
exist fault-tolerant schemes for scalable
quantum computing
Summary
Quantum Computers are a natural
generalisation of “classical” computers
Quantum algorithms: Factoring,
Discrete log, Hidden Subgroup, Hidden
Affine Functions, Searching, Counting
Small implementations exist
Scaling is difficult, but seems to be a
technological (not fundamental) problem