Transcript Quantum Algorithms - Centre for Applied Cryptographic Research

Capabilities and limitations
of quantum computers
1 November 1999
ECC ’99
Michele Mosca
[email protected]
What I’m not talking about
Quantum Communication Theory
(reduce the complexity of distributed
computation tasks; ask Alain Tapp)
 Quantum Information Security
(quantum key exchange; security
based on uncertainty principle and not
computational assumptions)

Overview
A small computer
 A quantum computer
 Fast quantum algorithms
 Limitations
 Are they “realistic”?

Computing Model
Acyclic circuits of reversible gates
0
a
b
a b
0
0
0
a
b
a b
a
b
Information and Physics
Realisations are getting smaller and faster
A small computer
0
NOT
1
A small computer
1
0
1
1
A small computer
0
0
0
1
0
1
A closer look
0
NOT
NOT
1
A closer look
0
1
NOT
1
2
NOT
i
2
0 1
i
2
0 1
1
2
In general
0
0
0
0 000100120103 011
 1005101 6 110 7 111
4
In general
0 0001001
20103 011
 1005101
 6 110 7 111
4
F(x)
0 F000   1 F001 
2 F010  3 F 011
  F100  5 F101 
4
 6 F110 7 F111 
Quantum computers
Note that it becomes exponentially
difficult (classically) to keep track of an
n-qubit system after t operations, but
to implement quantumly only requires n qubits
and t steps! (Feynman ’82, Deutsch ’85)
Can we exploit this apparent
computational advantage?
Efficient algorithms
(Deutsch ’85) f :{ 0 ,1} { 0 ,1}
a0
Find
f(0)
f
 a f(a)
f( 1) using only 1 evaluation of f
(Deutsch, CEMM, Tapp; implemented in
NMR by Jones&M, Chuang et al.)
Bernstein&Vazirani, Simon came up with
relativized separations between P and QP
Efficient algorithms
Shor:
a Z
*
N
a , b  GF(p)
Generalisations:
a G
a, b  G
r 1
a
Find r .
k
a  b Find k .
r 1
a
Find r .
k
a  b Find k .
Further generalisation
Hidden Subgroup Problem:
f
: Zn  Zn  Zn  X
1
2
3
K  Zn  Zn  Zn
1
2
3
f(x)  f( y)  x  y  K
Find
K
Another algorithm
Hidden Affine Functions:
m

Zp
f :Z
n
p
x 
Mx  b
Find M using only m evaluations of f
(instead of n+1) (D,BV,CEMM,H,M)
Searching and Counting
f
: X  { 0 ,1}
X1  f
1
(1 )
t  X1
Find x  X 1
Suppose algorithm A succeeds with
t
p

probability p (e.g.
N ).
We can iterate A and f O times to
find such an x .
i.e. SQUARE ROOT speed-p
(Grover, BBHT,BH, ’amplitude amplification’)




1
p




Counting
Estimate
Use only
t  X 1 with accuracy
O
1 N 


 t 



applications of f .
(BBHT,BHT,M,BHMT, ‘amplitude estimation’)
(vs.
 N 
O  2t  applications
classically)
Limitations
No luck with:
Square root speed up for serial
algorithms
 Graph automorphism/isomorphism
 Short vectors in a lattice
 NP-complete problems (e.g. minimum
codeword, graph colouring, subset
sum, …)

What about implementations?
1-7 qubits using NMR technology
 1-2 qubits using ion traps
 1-2 qubits using various other
quantum technologies
 Scaling is very hard!
 Is the problem technical or
fundamental?

Technical or Fundamental?
Noise, “decoherence”, imprecision are
detrimental
 Similar problems exist in “classical” systems
 Theory of linear error correction and fault
tolerant computing can be generalised to the
quantum setting (Shor, Steane, etc.)
 Using “reasonable” physical models, there
exist fault-tolerant schemes for scalable
quantum computing

Summary
Quantum Computers are a natural
generalisation of “classical” computers
 Quantum algorithms: Factoring,
Discrete log, Hidden Subgroup, Hidden
Affine Functions, Searching, Counting
 Small implementations exist
 Scaling is difficult, but seems to be a
technological (not fundamental) problem
