Introduction to Quantum Computing

Transcription

1 Introduction to Quantum Computing Frédéric Magniez LIAFA & PCQC, Université Paris Diderot

2 The genesis 2 Copenhagen School (Bohr, Heisenberg, ) - The state of a quantum particule is only fixed after a measurement - Bennett, Brassard 84: perfectly secure quantum encryption that can be used in practice Paradoxe of Einstein, Podolsky, Rosen 35 - Very distant particules remain linked? - Aspect, Grangier, Roger, Dalibard 82: yes - Quantum encryption of Ekert 91 can be certifiable

3 Quantum boxes Classical information is encoded using bit (0/1) - The measure describes the state of the system 3 Preskill - A random bit is a hidden bit Quantum information is encoded using quantum-bit - Several possible measures - Outcome is determined during the measurement

4 Quantum key distribution 4 Problem - Setting No prior shared secret information between Alice and Bob Authenticated classical channel - Goal: Get a private key between Alice and Bob - Application: One-time pad (Miller 1882-Shanon 1945) Classical results - Impossible: all the information is in the canal - Possible (using randomized techniques): Amplify the privacy of an imperfect private key Washington-Moscow hotline (1963)

5 The protocol BB84 [Bennett-Brassard 84] 5 Protocol: quantum part Key: Encoding: Decoding: Key: Protocol: classical part - Reconciliation: Alice and Bob publicly announce their coding choices A&B only keep key bits with same choices - Security: Intercepting and opening a box errors A&B check few key bits at random positions - Privacy amplification: Perfect key using with few other more key bits Conclusion - Secrete key generation using an authenticated classical channel - Small initial private key large private key, with no authenticated channel

6 The protocol BB84 [Bennett-Brassard 84] 5 Protocol: quantum part Key: Encoding: Decoding: Key: Protocol: classical part - Reconciliation: Alice and Bob publicly announce their coding choices A&B only keep key bits with same choices - Security: Intercepting and opening a box errors A&B check few key bits at random positions - Privacy amplification: Perfect key using with few other more key bits Conclusion - Secrete key generation using an authenticated classical channel - Small initial private key large private key, with no authenticated channel

7 Superposition 6 Quantum randomness: principle of superposition - 1 qubit is in superposition of 2 values 1 2 (, ) 0i + 1i Rotation of axes: another measure 1 1 0i + 1i

8 Polarization of photons 7 State - Polarization: 2-dimensional vector i = cos i + sin "i Measure - Calcite crystal separates horizontal and vertical polarizations A measure modifies the system Transformation - Well known transformation: half-wave blade orthogonal symmetry around its axis - Any rotations (possibly with complex angles) cos 2 sin 2

9 Qubit 8 State - 2-dimensional unit vector i = cos 0i +sin 1i 1i 0i general case (complex amplitudes): i = = 0i + 1i, =1 Measure - Randomized orthogonal projection Evolution 0i + 1i Measure 2 2 0i 1i - Unitary transformation G 2 U(2) ( reversible) Definition: G 2 C 2 2 s.t. G G = Id i G 0 i = G i 0 i = G i G i

10 Examples of transformations 9 Reversible classical transformation - Identity - Negation Hadamard transformation - Definition: half-wave blade at 22,5 bi bi H Id - Properties: quantum coin flipping bi bi NOT 1 bi 0i H bi H 1 p 2 ( 0i + 1i) H Measure H = p p 2 ( 0i + ( Measure bi 1) b 1i) i 1i Measure does not commute

11 Entanglement 10 Principle: 2 distant boxes which remain entangled - Outcomes are random - but correlated if boxes are opened similarly - and uncorrelated otherwise Bell 64 inequality - Cooperative random game Classical 75% of victory Quantum > 85% of victoiry - Experimental verification at Orsay in Application: quantum certification

12 Bell-CHSH inequality as a classical game 11 Game - Alice and Bob share random bits but cannot communicate - Alice receives a random bit x, Bob y - Alice returns a bit a, Bob b x y a shared random bits b - Goal: maximize p = Pr(a b = x ^ y) x,y Classically: CHSH inequality [1969] Best deterministic strategy: a = b =0 =) p = Theorem: the best probabilistic strategy is not better than the best deterministic strategy

13 n-qubit 12 State - i2c {0,1}n such that k ik =1 i = X x xi X x2{0,1} with n x 2 =1 x2{0,1} n - Examples - Separated 2-qubit: 00i + 01i = 0i( 0i + 1i) - Entangled 2-qubit: 00i + 11i 6= 1i 2i EPR state Measure - Randomized X orthogonal projection x xi Measure x2{0,1} n Evolution - Unitary transformation G 2 U(2 n ) i G x 2 ( G 2 C 2n 2 n s.t. G G = Id) 0 i = G i xi

14 Transformation c NOT 13 Definition c NOT 0bi = 0bi c NOT 1bi = 1i (1 c NOT abi = ai a b)i bi c NOT = B A 0010 Representation control bit target bit NOT Bell basis change xi H yi NOT xyi 00i = 1 p 2 ( 00i + 11i) 01i = 1 p 2 ( 01i + 10i) 10i = 1 p 2 ( 00i 11i = 1 p 2 ( 01i 11i) 10i)

15 EPR state 14 Setting - Assume Alice & Bob shares an EPR state: p 1 2 ( 00i + 11i) Alice has the first qubit, and Bob the second one Alice & Bob observe their qubit and respectively get bit a,b Fact - a=b with probability 1 - a (resp. b) is a uniform random bit Classical analogue? - Shared randomness model: Alice and Bob have access to shared random bits Non product distribution: / 2 / 2 00 with prob. 1/2 and 11 with prob. 1/2 - Can we simulate quantum physic using shared randomness? shared random bits

16 Bell-CHSH inequality as a quantum game 15 Reminder - Goal: maximize Quantumly - Alain and Bob share an EPR state x a p = Pr(a b = x ^ y) x,y / 2 / 2 y b - Bob performs a rotation of angle - If x =1, Alain performs a rotation of angle - If y =1, Bob performs a rotation of angle Alain et Bob observe their qubit and send their respective outcomes - Theorem: p = cos 2 ( 8 ) 0.85 Realization: [Aspect-Grangier-Roger-Dalibard: Orsay 82]

17 Superdense coding [1992] 16 Problem - Alice & Bob share an EPR state: - Alice wants to send two bits xy to Bob - But Alice can only send one qubit to Bob 00i = 1 p 2 ( 00i + 11i) 0 0 / qubit 1 1 / 2 xy xy? Bell basis change xi H yi NOT xyi 00i = 1 p 2 ( 00i + 11i) 01i = 1 p 2 ( 01i + 10i) 10i = 1 p 2 ( 00i 11i = 1 p 2 ( 01i 11i) 10i) Protocol - Alice applies to its qubit NOT, if y=1; and FLIP, if x=1 - Alice sends its qubit to Bob - Bob performs the inverse of the Bell basis change, and observes xy FLIP =

18 Quantum teleportation 17 Problem - Alice wants to transmit a qubit i to Bob - Bob: far and unknown position to Alice i i Realization Alice 0 0 Bob ψ Interaction quantique Interaction interne Interaction classique The quantum communication does not reveal anything on i Alice ψ Bob

19 Realization of teleportation 18 Circuit i = 0i + 1i Analysis 0i 0i H NOT NOT - 1 P Final state with xyi = (NOT) y (FLIP) x 2 x,y xyi xyi i - By measuring x,y, third qubit is projected to xyi xyi i - After learning x,y, Bob can correct to Realizations - 1 photon [Zeilinger et al : Innsbruck 97] - 1 photon, 6 km [Gisin et al : Genève 02] - 1 atom [Blatt et al : Innsbruck 04] - Today: over 100km H Measure xi yi xyi

20 NATURE NEWS Google and NASA snap up quantum computer 19 D-Wave machine to work on artificial-intelligence problems. Nicola Jones 16 May 2013 D-Wave, the small company that sells the world s only commercial quantum computer, has just bagged an impressive new customer: a collaboration between Google, NASA and the non-profit Universities Space Research Association. The three organizations have joined forces to install a D-Wave Two, the computer company's latest model, in a facility launched by the collaboration the Quantum Artificial Intelligence Lab at NASA's Ames Research Center in Moffett Field, California. The lab will explore areas such as machine learning making computers sort and analyse data on the basis of previous experience. This is useful for functions such as language translation, image searches and voice-command recognition. We actually think quantum machine learning may provide the most creative problem-solving process under the known laws of physics, says a blog post from Google describing the deal. Print The D-Wave Two quantum computer has a 512- qubit processor (pictured) that can do some calculations thousands of times faster than conventional computers. D-WAVE

21 In the News Barack Obama Drones American Airlines Benghazi American Idol Safari Power Saver Click to Start Flash Plug-in 20 Senate report: Benghazi attack was preventable VIDEO Top Springsteen political moments MAP The United States (of Pizza) NSA seeks to build quantum computer that could crack most types of encryption By Steven Rich and Barton Gellman, Published: January 2 the writers In room-size metal boxes secure against electromagnetic leaks, the National Security Agency is racing to build a computer that could break nearly every kind of encryption used to protect banking, medical, business and government records around the world. According to documents provided by former NSA contractor Edward Snowden, the effort to build a cryptologically useful quantum computer a machine exponentially faster than classical computers is part of a $79.7 million research program titled Penetrating Hard Targets. Much of the work is hosted under classified contracts at a laboratory in College Park, Md. Vous Vendez Un Bien? 20

22 Supercomputer 21 Feynman 81 - Can quantum systems be probabilistically simulated by a classical computer? [...] the answer is certainly, No Deutsch 85 - Quantum Turing Machine - Existence of a universal Turing Machine Simon, Shor 94 - Quantum algorithms with exponential speedup - Quantum attack of public-key crypto-systems

23 Quantum parallelism 22 n-qubit - Superposition of all possible values - 2 n possible values Parallel computation - In one step, 2 n computations - But only one outcome can be (randomly) observed Strategy Nb of particules in the Universe Combine cleverly those values before measuring them 4 bits can take 2 4 =16 values

24 Asymmetric encryption 23 One-way functions - Example: multiplication / factorization - Bases of modern encryption (Rivest, Shamir, Adleman 77) RSA challenges ( ) - RSA-100, $1,000, RSA-640, $20,000, x 19 =? 667 =? x? =? x?

25 Quantum algorithm for factorization 24 Classical reduction - Factorization can be reduced to period finding (of some arithmetic function) Quantum tool: Fourier Transform Shor 94 - FT reveals the period of a signal - FT is (very) fast on a quantum superposition = x

26 From period finding to factorization 25 Theorem [Simon-Shor 94] - Finding the period of any function on an abelian group can be done in quantum time poly (log G ) Order finding - Input: integers n and a such that gcd(a,n)=1 - Output: the smallest integer q 0 such that a q = 1 mod n - Reduction to period finding: the period of x a x mod n is q Factorization - Input: integer n - Output: a nontrivial divisor of n Reduction : Factorization R Order finding - Check that gcd(a,n)=1 - Compute the order q of a mod n - Restart if q is odd or a q/2-1 mod n - Otherwise (a q/2-1) (a q/2 + 1) = 0 mod n - Return gcd(a q/2 ± 1, n)

27 Simon s problem 26 Problem - Oracle input: f : {0, 1} n {0, 1} n a black-box function xi U f 0 f(x) xi xi U f xi wi w f(x)i such that - Output: the period s Complexity - Randomly: 2 (n) queries - Quantumly: O(n) queries and time O(n 3 ) Idea - Use a Fourier transformation: QFT n xi = 1 where x y = X i 9s 6= 0 n : 8x 6= y, f(x) =f(y) () y = x x i y i mod 2 2 n/2 X y ( 1) x y yi s - Realization of QFTn using Hadamard gates: 1 bi H p2 ( 0i + ( 1) b 1i) QFT n H H H

28 Quantum solution 27 0 n i QFT n QFT n Measure yi : y 2 s? U f 0 n i Measure f(x)i Initialization: Parallelization: 1 Query to f: Filter: Interferences: 0 n i 0 n i X 2 n/2 x X 1 2 n/2 x xi 0 n i X 1 2 (n+1)/2 y X 1 2 (n+1)/2 y X 1 2 (n 1)/2 xi f(x)i 1 p 2 ( xi + x y:s y=0 si) f(x)i (( 1) x y + ( 1) (x s) y ) yi f(x)i ( 1) x y (1 + ( 1) s y ) yi f(x)i yi f(x)i

29 Finding the period 28 Construction of a linear system - After iterations: - s 0 n is solution of the linear system in t: n + k y 1,y 2,...,y n+k s y 1 t = 0 y 2 t = 0 y 1 1 t 1 + y 1 2 t y 1 n t n =0 y 2 1 t 1 + y 2 2 t y 2 n t n =0. y n+k t = 0. y n+k 1 t 1 + y n+k 2 t yn n+k t n =0 - The y i are of rank n-1 with proba 1-1/2 k+1 - System solutions: 0 n and s Complexity - Constructing the system: O(n) queries, time O(n) - Solving the system: no query, time O(n 3 )

30 More difficult Period Finding(G) - Oracle input: function f on G such that f is strictly periodic for some unknown H G: f(x) =f(y) () y 2 xh G H a 1 H f - Output: generator set for H Examples - Simon Problem: - Factorization : - Discrete logarithm: - Pell s equations: - Graph Isomorphism: a t H G =(Z 2 ) n,h= {0,s} G = Z, H= rz G = Z 2,H= {(rx, x) :x 2 Z} G = R G = S n Quantum polynomial time algorithms (in log G ) - Abelian groups G: QFT-based algorithm [1995] - Normal period groups H: QFT-based algorithm [2000] - Solvable groups G of constant exponent and constant length [2003] -...

31 Hard instances 30 Shift problem - Dihedral group Z N o Z 2 : sub-exponential time 2 O( log N) [2003] f(, 0) f(, 1) Graph Isomorphism A : B : shift = Instance of Period Finding on the symmetric group where we just know how to implement QFT... [1997] A B a 1 b 6 c 8 d 3 e 5 f 2 g 4 h 7 General case - Polynomial number of queries to f, but exponential post-processing time [1999]

32 Grover search algorithm 31 Grover problem - Oracle input: f : [N] {0,1} - Output: find x0 such that f(x0)=1, if there is any - Constraint: f is a black-box Query complexity - Randomly: ϴ(N) - Quantumly: ϴ( N)

33 Graph search 32 Setting - Graph G on a vertex-set X - Set M X of unknown marked vertices Problem - Move to a marked vertex - Constraints Displacements restricted to the edges of G Can check if x is marked only if currently at position x - Complexity: # of moves

34 Search via random walk 33 Setting - Probability transitions: Markov chain P = (pxy) on G Locality pxy 0 only if (x, y) is an edge of G - Starting vertex: Stationary distribution π on vertices of G π: 1-eigenvector of P Random search 1. Sample from stationary distribution of P 2. Repeat a. Check if current state is marked b. Move according to P Hitting time - HT: Average # iterations of Random search to hit a marked element average complexity : Sample + 1/(HT) ( Check + Move ) Examples - HT(Complete graph) = N (# of vertices) - HT(2D grid) = N x log N

35 Quantum walk 34 Some examples - [1995]: Complete graph - [2003]: Hypercube - [2004]: Johnson Graph - [2005]: 2D-Grid Generic construction - Quantum analogue of a symmetric Markov chain P [2004] - Generalization for reversible walks and simplified analysis [2007] Theorem - There is a quantum analogue of Random search which finds a marked elements with complexity Sample + 1/ (HT) ( Check + Move )

36 Important application: Element distinctness 35 Element Distinctness - Input: List of N numbers {x1, x2, x3,, xn} - Output: Are all the numbers distinct? (or is there a collision: xi = xj, i j) - Complexity: # of queried numbers - Classically: N - Using Grover search: N 3/4 [2001] - Using quantum walk on Johnson graph: N 2/3 [2004] - Lower bound: N 2/3 [2002] Algorithm - Johnson Graph (N, r) Vertices: { S {1, 2,, N}: S =r } Edges: { (S, T): Δ(T S) =1 } - Hitting time: HT = O(N 2 /r) - Runtime: r + (N 2 /r) ( ) N 2/3 x 2 x 5 x 2 x 3 x 8 x 13 x 10 x 13 x 2 x 3 x 8 x 13 x 2 x 3 x 5 = x 7 x 2 x 3 x 5 x 13 sample check move

37 How many quantum algorithms exist? 36 Unstructured problems - Grover algorithm [1996] Algebraic problems - Simon-Shor algorithm [1994] Well structured problems - Classical algorithms are optimal Problems with few structures - Quantum walk based algorithms [2003] quantum analogy of random walks - Examples Element Distinctness, Commutativity: N 2/3 [2004] Triangle Finding: N 9/7 (lower bound N) [2013] Square Finding: N 1.25 (lower bound N) [2010] Matrix Multiplication: N 5/3 (lower bound N 3/2 ) [2006] AND-OR Tree evaluation: N [2007]

38 The superiority of Quantum Computing 37 Cryptography - Secrete Key Distribution Protocol [Bennett, Brassard 84] Implementation: ~100 km Information Theory - EPR Paradox [Einstein, Podolsky, Rosen 35] Realization: 1982 [Orsay] - Teleportation [Bennett, Brassard, Crépeau, Jozsa, Peres, Wootters 93] Realization: 1997 [Innsbruck] Algorithms - Polynomial algorithm for Period Finding [Simon, Shor 94] Factorization, Discrete Logarithm - Quadratic speedup for Database Search [Grover 96] - Quantum computer? 1995: 2-qubit [ENS], 2000: 5-qubit [IBM], 2006: 12-qubit [Waterloo]

39 The superiority of Quantum Computing 37 Cryptography - Secrete Key Distribution Protocol [Bennett, Brassard 84] Implementation: ~100 km Information Theory - EPR Paradox [Einstein, Podolsky, Rosen 35] Realization: 1982 [Orsay] - Teleportation [Bennett, Brassard, Crépeau, Jozsa, Peres, Wootters 93] Realization: 1997 [Innsbruck] Algorithms - Polynomial algorithm for Period Finding [Simon, Shor 94] Factorization, Discrete Logarithm - Quadratic speedup for Database Search [Grover 96] - Quantum computer? 1995: 2-qubit [ENS], 2000: 5-qubit [IBM], 2006: 12-qubit [Waterloo] Quantum proofs for classical theorems - [Drucker, de Wolf 09]

40 Where does the quantum superiority come from? 38 Entanglement? - Classical entanglement exists: shared randomness - But quantum entanglement is stronger Bell-CHSH inequality and applications Complex amplitudes? - No: they can be simulated using only real amplitude Negative amplitudes? - Yes: they can induce destructive interferences / 2 / 2 Hardness of amplitudes? - No: amplitudes must be easily computable for being physically realizable

41 Future 39 Applications - Unfalsifiable money, artificial intelligence, Quantum computing - For a better understanding of quantum phenomenon - New mathematical tool for proving results in classical computing Technology - Computer, intermediate models: boson sampling - Certification : encryption, random generator, computation

42 Some quantum centers in the world 40 IQIS CQC RQC IQC PCQC IQI QIS QISC CQI CQT CQC 2 T

43 41