140 likes | 154 Views
Delve into Shor's Algorithm for quantum integer factorization, understanding tools like DFT, and the Exponent Factorization Method. Learn to measure period in sequences and apply Quantum Fourier Transform for efficient calculations.
E N D
Shor’s Algorithm • quantum integer factorization by Peter Shor (1994) • (quantum) polynomial time: O(log3 N) • Tools: • quantum Fourier transform • modular exponentiation by squaring • In practice: • in 2012, can factor 21 (it is 3*7 )
Exponent Factorization Method • Suppose ar´ 1 (mod N). • Define: • r=2km, where m is odd • b0´ am (mod N) • bu+1´ bu2 (mod N), for 0· u· k-1 • If b0´ 1 (mod N), or if bu´ -1 (mod N) for some u, return Failure (to factor N). • If bu+1´ 1 (mod N) and bu§ 1 (mod N), then gcd(bu-1,n) gives a non-trivial factor of N. • What does this remind you of?
ar´ 1 (mod N) • Goal: find a,r, such that ar´ 1 (mod N) • Idea: • Choose a random a • Consider the sequence 1,a,a2,a3, … (mod N) • If ar´ 1 (mod N), then the sequence is periodic with period r • Goal: given a periodic sequence, measure its period • Caveat: the sequence is too long to compute all of it!
Discrete Fourier Transform (not quantum) • Goal: find a,r, such that ar´ 1 (mod N) • Suppose have sequence: • a0,a1,a2,…,{M-1}, where M=2m for some integer m • Define Fourier transform: • F(x) = 1/√M c=0M-1 e2¼icx/M ac, where 0·x·M-1 • Example: • sequence 1,3,7,2,1,3,7,2 (period ___) • we get F(0) = 26/√8, F(2) = (-12+2i)/√8, F(4) = 6/√8, F(6) = (-12-2i)/√8, and F(1)=F(3)=F(5)=F(7)=0
Discrete Fourier Transform (not quantum) • If period divides M (the length): • Define frequency: length/period • Nonzero values at multiples of the frequency (though there could be 0s at those positions, too) • Otherwise, peaks at approximately the positions that are multiples of the frequency (not an integer in this case) – other values are close to 0. • Example: 1,0,0,1,0,0,1,0 • Length: • Period: • Frequency: • Figure shows the abs.value of F.
Discrete Fourier Transform (not quantum) • If period divides M (the length): • Define frequency: length/period • Nonzero values at multiples of the frequency (though there could be 0s at those positions, too) • Otherwise, peaks at approximately the positions that are multiples of the frequency (not an integer in this case) – other values are close to 0. • Example: 1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1 • Length: • Period: • Frequency: • Figure shows the abs.value of F.
Shor’s Algorithm Choose m, N2· 2m· 2N2. Start with m qubits, each in state 1/√2(|0i+|1i) Together, they are in state:
Shor’s Algorithm Choose m, N2· 2m· 2N2. Start with m qubits, each in state 1/√2(|0i+|1i) Together, they are in state: 1/√(2m)(|00…000i+|00…001i+|00…0010i+|00…0011i+ |00…0100i+…+|11..1111i) To simplify notation, write: 1/√(2m)(|0i+|1i+|2i+|3i+|4i+…+|2m-1i) Choose a random a, 1<a<N. Assume gcd(a,N)=1. Why?
Shor’s Algorithm Compute f(x) = ax mod N (done “quantum-ly”). 1/√(2m)(|0,a0i+|1,a1i+|2,a2i+|3,a3i+|4,a4i+…+|2m-1,aM-1i), where M=2m So far… not good, if we measure, get |y,ayi for some y (we cannot specify which y). Then, the rest of the computation is lost.
Shor’s Algorithm Compute f(x) = ax mod N (done “quantum-ly”). 1/√(2m)(|0,a0i+|1,a1i+|2,a2i+|3,a3i+|4,a4i+…+|2m-1,aM-1i), where M=2m Notice: ax mod N < n < 2m/2 – need m/2 bits for ax Idea: measure only the last m/2 bits. Then: 1/C 0· x· M-1 |x,ui ax´ u (mod N) where C scales the vector to length 1.
Shor’s Algorithm Compute f(x) = ax mod N (done “quantum-ly”). 1/√(2m)(|0,a0i+|1,a1i+|2,a2i+|3,a3i+|4,a4i+…+|2m-1,aM-1i), where M=2m Notice: ax mod N < n < 2m/2 – need m/2 bits for ax Idea: measure only the last m/2 bits. Then: 1/C 0· x· M-1 |x,ui ax´ u (mod N) Now: want to measure y,z, then ay´ az´ u (mod N) How does that help?
Shor’s Algorithm Compute f(x) = ax mod N (done “quantum-ly”). 1/√(2m)(|0,a0i+|1,a1i+|2,a2i+|3,a3i+|4,a4i+…+|2m-1,aM-1i), where M=2m Notice: ax mod N < n < 2m/2 – need m/2 bits for ax Idea: measure only the last m/2 bits. Then: 1/C 0· x· M-1 |x,ui ax´ u (mod N) Now: want to measure y,z, then ay´ az´ u (mod N) What is the problem?
Shor’s Algorithm Quantum Fourier Transform to the rescue! Let |xi be a basic state, i.e., 0·x· M-1. Define: QFT(|xi) = 1/√M c=0M-1 e2¼icx/M |ci For a linear combination of states: QFT(a1|x1i+…+at|xti) = a1QFT(|x1i)+…+ atQFT(|xti) Apply QFT to 1/C 0· x· M-1 |x,ui ax´ u (mod N) Then, measure. (Recall, non-zero values are at multiples of the frequency.)
Shor’s Algorithm • Suppose we measure c. • Then, c ¼ jf0, for some j, where f0 is the frequency. • We have rf0¼ M. • Then, c/M ¼ j/r. • We want to find r, we know c, M. • Shor showed: • With high chance, get c/M with |c/M-j/r|<1/(2M)<1/(2N2) • Finding unique j/r where r<N by method of continued fractions • If something fails, try again with a new a.