Quantum Computing Jim Royer CIS 675 Algorithms April 24, 2019 . - PowerPoint PPT Presentation

Quantum Computing Jim Royer CIS 675 Algorithms April 24, 2019 . . . Crypto (CIS 675) Quantum Computing April 24, 2019 1 / 1

References A Physics-Free Introduction to the Quantum Computation Model by Stephen A. Fenner. https://arxiv.org/abs/cs/0304008 (. . . more importantly, it is complex analysis free) The Talk by Scott Aaronson and Zach Weinersmith, http://www.smbc-comics.com/comic/the-talk-3 (There is tons of misleading hype about quantum computing. This is a good, double-entendre-filled, dehyping.) Quantum Computing Since Democritus by Scott Aaronson https://www.scottaaronson.com/democritus/ (This connects quantum computing to the wider world while being rather goofy.) Crypto (CIS 675) Quantum Computing April 24, 2019 2 / 1

Quantum Computing and Cryptography Given RSA with key size k , it can be broken by a computer with quantum register size ≈ k . ⋆ Similarly with discrete-log-based cryptosystems. There are latticed-based and other post-quantum cryptosystems that quantum computers seemingly cannot break better than classical computers. We will cover enough about quantum computing give you a glimpse of what is behind all the fuss. This is based on A Physics-Free Introduction to the Quantum Computation Model by Stephen A. Fenner. https://arxiv.org/abs/cs/0304008 . ⋆ Assuming that you can build a reliable quantum computer of that size. Crypto (CIS 675) Quantum Computing April 24, 2019 3 / 1

Classical Boolean Circuits, I We view them as naming maps { 0, 1 } n → { 0, 1 } n a • a control a ∧ b b target ∧ ✐ ⇛ current flow ⇛ Consider • ¬ a a ¬ ✐ ( a ∧ b ) ∨ c b ∧ ✐ ∨ ✐ c • c We can describe this by either of: b ← a ∧ b ; a ← ¬ a ; b ← b ∨ c | x , y , z � = state vector | a , b , c � �→ | a , a ∧ b , c � �→ |¬ a , a ∧ b , c � �→ |¬ a , ( a ∧ b ) ∨ c , c � Crypto (CIS 675) Quantum Computing April 24, 2019 4 / 1

Classical Boolean Circuits, II Input/Output Conventions The first k registers are input 0 ≤ k ≤ n The first ℓ registers are output 0 ≤ ℓ ≤ n Each non-input register is assigned 0 or 1 a • a a �→ ( a , a ) 0 ❣ a ∨ Crypto (CIS 675) Quantum Computing April 24, 2019 5 / 1

Uniform Computation A circuit family , C , is a sequence of circuits C 0 , C 1 , C 2 , . . . ∋ for each i , C i has i -inputs and 1-output. L ( C ) = def { w | w | = n & C n ( w ) = 1 } , L ( C ) is the language defined by C . A circuit family is ptime uniform ⇐ ⇒ ∃ a poly-time alg D ∋ for all i , D ( 1 . . . 1 ) = a description of C i . � �� � i many FACT: P = the languages accepted by ptime uniform circuit families. Crypto (CIS 675) Quantum Computing April 24, 2019 6 / 1

Reversible Circuits, I Reversible circuits have inverses. The controlled not gate (CNOT) • a a ⊕ a ⊕ b b Toffoli Gate where ⊙ ( x , y , z ) = z ⊕ ( x ∧ y ) • a a • b b c ⊕ ( a ∧ b ) c ⊙ Reversible circuits do not collapse states. (Why?) Crypto (CIS 675) Quantum Computing April 24, 2019 7 / 1

Reversible Circuits, II Toffoli Gate input output CNOT Gate 0 0 0 0 0 0 input output 0 0 1 0 0 1 0 0 0 0 0 1 0 0 1 0 0 1 0 1 0 1 1 0 1 1 1 0 0 1 0 0 1 0 1 1 1 0 1 1 0 1 1 1 1 0 1 1 0 1 1 1 1 1 1 1 1 0 0 and 1 are the interesting bits. Crypto (CIS 675) Quantum Computing April 24, 2019 8 / 1

Probabilistic Circuits, I The Biased Coin-Flip Gate — p , q — input output 1: ( 1 − p ) 0 0: p 1: ( 1 − q ) 1 0: q v � : 2 n basis vectors Our new state space: H , a 2 n -dim. real vector space | � ( H for Hilbert space) x 1 . . . p , q x i . . . x n | x 1.. i − 1 , 0, x i + 1.. n � �→ p · | x 1.. i − 1 , 0, x i + 1.. n � + ( 1 − p ) · | x 1.. i − 1 , 1, x i + 1.. n � | x 1.. i − 1 , 1, x i + 1.. n � �→ q · | x 1.. i − 1 , 0, x i + 1.. n � + ( 1 − q ) · | x 1.. i − 1 , 1, x i + 1.. n � Crypto (CIS 675) Quantum Computing April 24, 2019 9 / 1

Probabilistic Circuits, II Consider the subspace spanned by | 0 � and | 1 � . | 1 � ❅ q | 0 � + ( 1 − q ) | 1 � The gate p , q always maps the line segment ❅ ✁ p | 0 � + ( 1 − p ) | 1 � ✁ ❅ ✟ from (1,0) to (0,1) to itself. ✟✟ ✁ ❅ | 0 � We can also represent the p , q gate by the matrix: � � p q 1 − p 1 − q This is a stochastic matrix : all entries ≥ 0, all columns sum to 1. Crypto (CIS 675) Quantum Computing April 24, 2019 10 / 1

Probabilistic Circuits: Gates as Linear Maps The irreversible AND gate is: a ∧ b a b a a b 00 01 10 11 0 0 0 0 00 1 1 0 0 ◮ All entries are 0–1 0 1 0 0 01 0 0 0 0 ◮ One 1 in each col ◮ ∴ Stochastic 1 0 1 0 10 0 0 1 0 1 1 1 1 11 0 0 0 1 Reversible gates are permutation matrices! (Why?) Definition A probabilistic circuit is a circuit built from Boolean & p , q gates, where The input state is a basis state. The output state is of the form: ∑ x ∈{ 0,1 } n p x | x � ∋ (i) each p x ≥ 0 and (ii) ∑ p x = 1. p x = the probability that the output will be | x � . Crypto (CIS 675) Quantum Computing April 24, 2019 11 / 1

“Majority Coin Flips” Circuit 2 , 1 1 0 ∧ ∨ ∨ 2 1 2 , 1 0 ∧ 2 2 , 1 1 0 ∧ 2 1 ∧ 1 2 , 1 2 = flip of a fair coin Crypto (CIS 675) Quantum Computing April 24, 2019 12 / 1

A Complexity-Theoretic Aside � C = C 0 , C 1 , C 2 , . . . : a ptime uniform probablistic circuit family ( R , A ) is an acceptance criterion when R , A ⊂ [ 0, 1 ] with R ∩ A = ∅ . (R for reject, A for accept) � C computes L with acceptance criterion ( R , A ) when for each n and each x ∈ { 0 , 1 } n : x ∈ L = ⇒ Prob [ C n ( x ) = 1 ] ∈ A ∈ L = ⇒ Prob [ C n ( x ) = 1 ] ∈ R x / Class Acceptance Criterion ( { 0 } , { 1 } ) P ( { 0 } , ( 0, 1 ]) NP ( { 0 } , ( 1 RP 2 , 1 ]) where 0 < q < 1 BPP ([ 0, q ] , [ 1 − q , 1 ]) 2 ([ 0, 1 2 ] , ( 1 PP 2 , 1 ]) Crypto (CIS 675) Quantum Computing April 24, 2019 13 / 1

Quantum Circuits (´ a la Fenner), I states = vectors in H gates = matrices Now allow negative entries in matrices. (But all real numbers) Now require: � Mv � 2 = � v � 2 for all v . � a 2 1 + · · · + a 2 Note: � � a � 2 = def n This forces the matrices to be orthonormal , i.e., its columns form an orthogonal basis of H . Registers are now called qubits (quantum bits) instead of bits. � � 1 1 1 The Hadamard gate , – H –, has the matrix: √ 1 − 1 2 See the Note: H 2 = I . 1 1 H | 0 � = 2 ( | 0 � + | 1 � ) . H | 1 � = 2 ( | 0 � − | 1 � ) . √ √ next slide Fact: { H , Toffoli gates } are a universal collection of quantum gates. The p , q gates now correspond to measurements . Crypto (CIS 675) Quantum Computing April 24, 2019 14 / 1

Hadamard Gate Geometrically | 1 � √ ( | 0 � + | 1 � ) / 2 Transpose around the 1 x-axis: ( x , y ) � → ( x , − y ) | 0 � Then do a +45 o rotation. 2 √ ( | 0 � − | 1 � ) / 2 1 1 H | 0 � = 2 ( | 0 � + | 1 � ) . H | 1 � = 2 ( | 0 � − | 1 � ) . √ √ Crypto (CIS 675) Quantum Computing April 24, 2019 15 / 1

Quantum Circuits (´ a la Fenner), II QCF (Quantum Coin Flip) This is a variation on Hadamard gate. � 1 1 − 1 � QCF = √ 1 1 2 � 0 √ � 1 Note that ( QCF ) 2 = = the not gate. So, QCF = NOT, the square root of not . 1 0 Quantum I/O Input: basis states Note: ∑ a 2 Output: ∑ x ∈{ 0,1 } n a x | x � x = 1 a 2 x = the probability associated with | x � a x = the probability amplitude for | x � Crypto (CIS 675) Quantum Computing April 24, 2019 16 / 1

Another Complexity-Theoretic Aside If we use quantum circuits, then Class Description Acceptance Criterion ( { 0 } , { 1 } ) EQP Exact quantum polynomial time ( { 0 } , ( 0, 1 ]) C � = P Co-Exact-Counting Polynomial-Time ( { 0 } , ( 1 2 , 1 ]) RQP One-sided Error Extension of EQP ([ 0, 1 n ) , ( n − 1 BQP n , 1 ]) Bounded-Error Quantum Polynomial-Time [ 0, 1 2 ] , ( 1 PP 2 , 1 ]) Probabilistic Polynomial-Time See: https://complexityzoo.uwaterloo.ca/Complexity_Zoo Crypto (CIS 675) Quantum Computing April 24, 2019 17 / 1

“Traditional” Quantum Circuits In place of vector spaces over R , we use vector spaces over C . In place of orthonormal matrices, we use unitary matrices. Etc., etc. See § 6 of Fenner for details. Past this point, we shall be even sketchier than before. . . . so, we won’t digress into complex linear algebra. Crypto (CIS 675) Quantum Computing April 24, 2019 18 / 1

Towards Shor’s Algorithm: Number Theory Facts, I Suppose we want to factor N (assuming N isn’t prime). If we find an x ∈ { 2, . . . , N − 2 } with x 2 ∼ = 1 ( mod N ) a then we can factor N . (Why?) If we can find an a and an even r with: b gcd ( a , N ) = 1, i a r ∼ = 1 ( mod N ) , and ii a r /2 �∼ = ± 1 ( mod N ) , iii then we can factor N . (Why?) Crypto (CIS 675) Quantum Computing April 24, 2019 19 / 1