![Page 1: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/1.jpg)
1
Quantum algorithms
Daniel J. Bernstein
University of Illinois at Chicago
“Quantum algorithm”
means an algorithm that
a quantum computer can run.
i.e. a sequence of instructions,
where each instruction is
in a quantum computer’s
supported instruction set.
How do we know which
instructions a quantum
computer will support?
![Page 2: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/2.jpg)
2
Quantum computer type 1 (QC1):
stores many “qubits”;
can efficiently perform
“Hadamard gate”, “T gate”,
“controlled NOT gate”.
Making these instructions work
is the main goal of quantum-
computer engineering.
Combine these instructions
to compute “Toffoli gate”;
: : : “Simon’s algorithm”;
: : : “Shor’s algorithm”;
: : : “Grover’s algorithm”; etc.
![Page 3: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/3.jpg)
3
Quantum computer type 2 (QC2):
stores a simulated universe;
efficiently simulates the
laws of quantum physics
with as much accuracy as desired.
This is the original concept of
quantum computers introduced
by 1982 Feynman “Simulating
physics with computers”.
![Page 4: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/4.jpg)
3
Quantum computer type 2 (QC2):
stores a simulated universe;
efficiently simulates the
laws of quantum physics
with as much accuracy as desired.
This is the original concept of
quantum computers introduced
by 1982 Feynman “Simulating
physics with computers”.
General belief: any QC1 is a QC2.
Partial proof: see, e.g.,
2011 Jordan–Lee–Preskill
“Quantum algorithms for
quantum field theories”.
![Page 5: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/5.jpg)
4
Quantum computer type 3 (QC3):
efficiently computes anything
that any physical computer
can compute efficiently.
![Page 6: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/6.jpg)
4
Quantum computer type 3 (QC3):
efficiently computes anything
that any physical computer
can compute efficiently.
General belief: any QC2 is a QC3.
Argument for belief:
any physical computer must
follow the laws of quantum
physics, so a QC2 can efficiently
simulate any physical computer.
![Page 7: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/7.jpg)
4
Quantum computer type 3 (QC3):
efficiently computes anything
that any physical computer
can compute efficiently.
General belief: any QC2 is a QC3.
Argument for belief:
any physical computer must
follow the laws of quantum
physics, so a QC2 can efficiently
simulate any physical computer.
General belief: any QC3 is a QC1.
Argument for belief:
look, we’re building a QC1.
![Page 8: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/8.jpg)
5
The state of an algorithm
Data (“state”) stored in n bits:
an element of {0; 1}n, viewed as
an element of {0; 1; : : : ; 2n − 1}.
![Page 9: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/9.jpg)
5
The state of an algorithm
Data (“state”) stored in n bits:
an element of {0; 1}n, viewed as
an element of {0; 1; : : : ; 2n − 1}.
State stored in n qubits:
a nonzero element of C2n .
Retrieving this vector is tough!
![Page 10: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/10.jpg)
5
The state of an algorithm
Data (“state”) stored in n bits:
an element of {0; 1}n, viewed as
an element of {0; 1; : : : ; 2n − 1}.
State stored in n qubits:
a nonzero element of C2n .
Retrieving this vector is tough!
If n qubits have state
(a0; a1; : : : ; a2n−1) then
measuring the qubits produces
an element of {0; 1; : : : ; 2n − 1}and destroys the state.
Measurement produces element q
with probability |aq |2=Pr |ar |2.
![Page 11: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/11.jpg)
6
Some examples of 3-qubit states:
(1; 0; 0; 0; 0; 0; 0; 0) is
“|0〉” in standard notation.
Measurement produces 0.
![Page 12: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/12.jpg)
6
Some examples of 3-qubit states:
(1; 0; 0; 0; 0; 0; 0; 0) is
“|0〉” in standard notation.
Measurement produces 0.
(0; 0; 0; 0; 0; 0; 1; 0) is
“|6〉” in standard notation.
Measurement produces 6.
![Page 13: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/13.jpg)
6
Some examples of 3-qubit states:
(1; 0; 0; 0; 0; 0; 0; 0) is
“|0〉” in standard notation.
Measurement produces 0.
(0; 0; 0; 0; 0; 0; 1; 0) is
“|6〉” in standard notation.
Measurement produces 6.
(0; 0; 0; 0; 0; 0;−7i ; 0) = −7i |6〉:Measurement produces 6.
![Page 14: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/14.jpg)
6
Some examples of 3-qubit states:
(1; 0; 0; 0; 0; 0; 0; 0) is
“|0〉” in standard notation.
Measurement produces 0.
(0; 0; 0; 0; 0; 0; 1; 0) is
“|6〉” in standard notation.
Measurement produces 6.
(0; 0; 0; 0; 0; 0;−7i ; 0) = −7i |6〉:Measurement produces 6.
(0; 0; 4; 0; 0; 0; 8; 0) = 4|2〉+ 8|6〉:Measurement produces
2 with probability 20%,
6 with probability 80%.
![Page 15: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/15.jpg)
7
Fast quantum operations, part 1
(a0; a1; a2; a3; a4; a5; a6; a7) 7→(a1; a0; a3; a2; a5; a4; a7; a6)
is complementing index bit 0,
hence “complementing qubit 0”.
![Page 16: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/16.jpg)
7
Fast quantum operations, part 1
(a0; a1; a2; a3; a4; a5; a6; a7) 7→(a1; a0; a3; a2; a5; a4; a7; a6)
is complementing index bit 0,
hence “complementing qubit 0”.
(a0; a1; a2; a3; a4; a5; a6; a7)
is measured as (q0; q1; q2),
representing q = q0 + 2q1 + 4q2,
with probability |aq |2=Pr |ar |2.
(a1; a0; a3; a2; a5; a4; a7; a6)
is measured as (q0 ⊕ 1; q1; q2),
representing q ⊕ 1,
with probability |aq |2=Pr |ar |2.
![Page 17: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/17.jpg)
8
(a0; a1; a2; a3; a4; a5; a6; a7) 7→(a4; a5; a6; a7; a0; a1; a2; a3)
is “complementing qubit 2”:
(q0; q1; q2) 7→ (q0; q1; q2 ⊕ 1).
![Page 18: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/18.jpg)
8
(a0; a1; a2; a3; a4; a5; a6; a7) 7→(a4; a5; a6; a7; a0; a1; a2; a3)
is “complementing qubit 2”:
(q0; q1; q2) 7→ (q0; q1; q2 ⊕ 1).
(a0; a1; a2; a3; a4; a5; a6; a7) 7→(a0; a4; a2; a6; a1; a5; a3; a7)
is “swapping qubits 0 and 2”:
(q0; q1; q2) 7→ (q2; q1; q0).
![Page 19: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/19.jpg)
8
(a0; a1; a2; a3; a4; a5; a6; a7) 7→(a4; a5; a6; a7; a0; a1; a2; a3)
is “complementing qubit 2”:
(q0; q1; q2) 7→ (q0; q1; q2 ⊕ 1).
(a0; a1; a2; a3; a4; a5; a6; a7) 7→(a0; a4; a2; a6; a1; a5; a3; a7)
is “swapping qubits 0 and 2”:
(q0; q1; q2) 7→ (q2; q1; q0).
Complementing qubit 2
= swapping qubits 0 and 2
◦ complementing qubit 0
◦ swapping qubits 0 and 2.
Similarly: swapping qubits i ; j .
![Page 20: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/20.jpg)
9
(a0; a1; a2; a3; a4; a5; a6; a7) 7→(a0; a1; a3; a2; a4; a5; a7; a6)
is a “reversible XOR gate” =
“controlled NOT gate”:
(q0; q1; q2) 7→ (q0 ⊕ q1; q1; q2).
![Page 21: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/21.jpg)
9
(a0; a1; a2; a3; a4; a5; a6; a7) 7→(a0; a1; a3; a2; a4; a5; a7; a6)
is a “reversible XOR gate” =
“controlled NOT gate”:
(q0; q1; q2) 7→ (q0 ⊕ q1; q1; q2).
Example with more qubits:
(a0; a1; a2; a3; a4; a5; a6; a7;
a8; a9; a10; a11; a12; a13; a14; a15;
a16; a17; a18; a19; a20; a21; a22; a23;
a24; a25; a26; a27; a28; a29; a30; a31)
7→ (a0; a1; a3; a2; a4; a5; a7; a6;
a8; a9; a11; a10; a12; a13; a15; a14;
a16; a17; a19; a18; a20; a21; a23; a22;
a24; a25; a27; a26; a28; a29; a31; a30).
![Page 22: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/22.jpg)
10
(a0; a1; a2; a3; a4; a5; a6; a7) 7→(a0; a1; a2; a3; a4; a5; a7; a6)
is a “Toffoli gate” =
“controlled controlled NOT gate”:
(q0; q1; q2) 7→ (q0 ⊕ q1q2; q1; q2).
![Page 23: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/23.jpg)
10
(a0; a1; a2; a3; a4; a5; a6; a7) 7→(a0; a1; a2; a3; a4; a5; a7; a6)
is a “Toffoli gate” =
“controlled controlled NOT gate”:
(q0; q1; q2) 7→ (q0 ⊕ q1q2; q1; q2).
Example with more qubits:
(a0; a1; a2; a3; a4; a5; a6; a7;
a8; a9; a10; a11; a12; a13; a14; a15;
a16; a17; a18; a19; a20; a21; a22; a23;
a24; a25; a26; a27; a28; a29; a30; a31)
7→ (a0; a1; a2; a3; a4; a5; a7; a6;
a8; a9; a10; a11; a12; a13; a15; a14;
a16; a17; a18; a19; a20; a21; a23; a22;
a24; a25; a26; a27; a28; a29; a31; a30).
![Page 24: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/24.jpg)
11
Reversible computation
Say p is a permutation
of {0; 1; : : : ; 2n − 1}.
General strategy to compose
these fast quantum operations
to obtain index permutation
(a0; a1; : : : ; a2n−1) 7→(ap−1(0); ap−1(1); : : : ; ap−1(2n−1)):
![Page 25: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/25.jpg)
11
Reversible computation
Say p is a permutation
of {0; 1; : : : ; 2n − 1}.
General strategy to compose
these fast quantum operations
to obtain index permutation
(a0; a1; : : : ; a2n−1) 7→(ap−1(0); ap−1(1); : : : ; ap−1(2n−1)):
1. Build a traditional circuit
to compute j 7→ p(j)
using NOT/XOR/AND gates.
2. Convert into reversible gates:
e.g., convert AND into Toffoli.
![Page 26: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/26.jpg)
12
Example: Let’s compute
(a0; a1; a2; a3; a4; a5; a6; a7) 7→(a7; a0; a1; a2; a3; a4; a5; a6);
permutation q 7→ q + 1 mod 8.
1. Build a traditional circuit
to compute q 7→ q + 1 mod 8.
q0
�� ��222
2222
2222
2222
22
!!DDD
DDDD
DDD q1
��
��
q2
��
c1 = q1q0
!!DDD
DDDD
DDD
q0 ⊕ 1 q1 ⊕ q0 q2 ⊕ c1
![Page 27: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/27.jpg)
13
2. Convert into reversible gates.
Toffoli for q2 ← q2 ⊕ q1q0:
(a0; a1; a2; a3; a4; a5; a6; a7) 7→(a0; a1; a2; a7; a4; a5; a6; a3).
![Page 28: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/28.jpg)
13
2. Convert into reversible gates.
Toffoli for q2 ← q2 ⊕ q1q0:
(a0; a1; a2; a3; a4; a5; a6; a7) 7→(a0; a1; a2; a7; a4; a5; a6; a3).
Controlled NOT for q1 ← q1 ⊕ q0:
(a0; a1; a2; a7; a4; a5; a6; a3) 7→(a0; a7; a2; a1; a4; a3; a6; a5).
![Page 29: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/29.jpg)
13
2. Convert into reversible gates.
Toffoli for q2 ← q2 ⊕ q1q0:
(a0; a1; a2; a3; a4; a5; a6; a7) 7→(a0; a1; a2; a7; a4; a5; a6; a3).
Controlled NOT for q1 ← q1 ⊕ q0:
(a0; a1; a2; a7; a4; a5; a6; a3) 7→(a0; a7; a2; a1; a4; a3; a6; a5).
NOT for q0 ← q0 ⊕ 1:
(a0; a7; a2; a1; a4; a3; a6; a5) 7→(a7; a0; a1; a2; a3; a4; a5; a6).
![Page 30: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/30.jpg)
14
This permutation example
was deceptively easy.
It didn’t need many operations.
For large n, most permutations p
need many operations ⇒ slow.
Really want fast circuits.
![Page 31: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/31.jpg)
14
This permutation example
was deceptively easy.
It didn’t need many operations.
For large n, most permutations p
need many operations ⇒ slow.
Really want fast circuits.
Also, it didn’t need extra storage:
circuit operated “in place” after
computation c1 ← q1q0 was
merged into q2 ← q2 ⊕ c1.
Typical circuits aren’t in-place.
![Page 32: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/32.jpg)
15
Start from any circuit:
inputs b1; b2; : : : ; bi ;
bi+1 = 1⊕ bf (i+1)bg(i+1);
bi+2 = 1⊕ bf (i+2)bg(i+2);
: : :
bT = 1⊕ bf (T )bg(T );
specified outputs.
![Page 33: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/33.jpg)
15
Start from any circuit:
inputs b1; b2; : : : ; bi ;
bi+1 = 1⊕ bf (i+1)bg(i+1);
bi+2 = 1⊕ bf (i+2)bg(i+2);
: : :
bT = 1⊕ bf (T )bg(T );
specified outputs.
Reversible but dirty:
inputs b1; b2; : : : ; bT ;
bi+1 ← 1⊕ bi+1 ⊕ bf (i+1)bg(i+1);
bi+2 ← 1⊕ bi+2 ⊕ bf (i+2)bg(i+2);
: : :
bT ← 1⊕ bT ⊕ bf (T )bg(T ).
Same outputs if all of
bi+1; : : : ; bT started as 0.
![Page 34: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/34.jpg)
16
Reversible and clean:
after finishing dirty computation,
set non-outputs back to 0,
by repeating same operations
on non-outputs in reverse order.
Original computation:
(inputs) 7→(inputs; dirt; outputs).
Dirty reversible computation:
(inputs; zeros; zeros) 7→(inputs; dirt; outputs).
Clean reversible computation:
(inputs; zeros; zeros) 7→(inputs; zeros; outputs).
![Page 35: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/35.jpg)
17
Given fast circuit for p
and fast circuit for p−1,
build fast reversible circuit for
(x; zeros) 7→ (p(x); zeros).
![Page 36: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/36.jpg)
17
Given fast circuit for p
and fast circuit for p−1,
build fast reversible circuit for
(x; zeros) 7→ (p(x); zeros).
Replace reversible bit operations
with Toffoli gates etc.
permuting C2n+z → C2n+z.
Permutation on first 2n entries is
(a0; a1; : : : ; a2n−1) 7→(ap−1(0); ap−1(1); : : : ; ap−1(2n−1)).
Typically prepare vectors
supported on first 2n entries
so don’t care how permutation
acts on last 2n+z − 2n entries.
![Page 37: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/37.jpg)
18
Warning: Number of qubits
≈ number of bit operations
in original p; p−1 circuits.
This can be much larger
than number of bits stored
in the original circuits.
![Page 38: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/38.jpg)
18
Warning: Number of qubits
≈ number of bit operations
in original p; p−1 circuits.
This can be much larger
than number of bits stored
in the original circuits.
Many useful techniques
to compress into fewer qubits,
but often these lose time.
Many subtle tradeoffs.
![Page 39: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/39.jpg)
18
Warning: Number of qubits
≈ number of bit operations
in original p; p−1 circuits.
This can be much larger
than number of bits stored
in the original circuits.
Many useful techniques
to compress into fewer qubits,
but often these lose time.
Many subtle tradeoffs.
Crude “poly-time” analyses
don’t care about this,
but serious cryptanalysis
is much more precise.
![Page 40: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/40.jpg)
19
Fast quantum operations, part 2
“Hadamard”:
(a0; a1) 7→ (a0 + a1; a0 − a1).
![Page 41: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/41.jpg)
19
Fast quantum operations, part 2
“Hadamard”:
(a0; a1) 7→ (a0 + a1; a0 − a1).
(a0; a1; a2; a3) 7→(a0 + a1; a0 − a1; a2 + a3; a2 − a3).
![Page 42: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/42.jpg)
19
Fast quantum operations, part 2
“Hadamard”:
(a0; a1) 7→ (a0 + a1; a0 − a1).
(a0; a1; a2; a3) 7→(a0 + a1; a0 − a1; a2 + a3; a2 − a3).
Same for qubit 1:
(a0; a1; a2; a3) 7→(a0 + a2; a1 + a3; a0 − a2; a1 − a3).
![Page 43: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/43.jpg)
19
Fast quantum operations, part 2
“Hadamard”:
(a0; a1) 7→ (a0 + a1; a0 − a1).
(a0; a1; a2; a3) 7→(a0 + a1; a0 − a1; a2 + a3; a2 − a3).
Same for qubit 1:
(a0; a1; a2; a3) 7→(a0 + a2; a1 + a3; a0 − a2; a1 − a3).
Qubit 0 and then qubit 1:
(a0; a1; a2; a3) 7→(a0 +a1; a0−a1; a2 +a3; a2−a3) 7→(a0 +a1 +a2 +a3; a0−a1 +a2−a3,
a0 +a1−a2−a3; a0−a1−a2 +a3).
![Page 44: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/44.jpg)
20
Repeat n times: e.g.,
(1; 0; 0; : : : ; 0) 7→ (1; 1; 1; : : : ; 1).
Measuring (1; 0; 0; : : : ; 0)
always produces 0.
Measuring (1; 1; 1; : : : ; 1)
can produce any output:
Pr[output = q] = 1=2n.
![Page 45: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/45.jpg)
20
Repeat n times: e.g.,
(1; 0; 0; : : : ; 0) 7→ (1; 1; 1; : : : ; 1).
Measuring (1; 0; 0; : : : ; 0)
always produces 0.
Measuring (1; 1; 1; : : : ; 1)
can produce any output:
Pr[output = q] = 1=2n.
Aside from “normalization”
(irrelevant to measurement),
have Hadamard = Hadamard−1,
so easily work backwards
from “uniform superposition”
(1; 1; 1; : : : ; 1) to “pure state”
(1; 0; 0; : : : ; 0).
![Page 46: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/46.jpg)
21
Simon’s algorithm
Assume: nonzero s ∈ {0; 1}n
satisfies f (x) = f (x ⊕ s)for every x ∈ {0; 1}n.
Can we find this period s,
given a fast circuit for f ?
![Page 47: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/47.jpg)
21
Simon’s algorithm
Assume: nonzero s ∈ {0; 1}n
satisfies f (x) = f (x ⊕ s)for every x ∈ {0; 1}n.
Can we find this period s,
given a fast circuit for f ?
We don’t have enough data
if f has many periods.
Assume: {periods} = {0; s}.
![Page 48: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/48.jpg)
21
Simon’s algorithm
Assume: nonzero s ∈ {0; 1}n
satisfies f (x) = f (x ⊕ s)for every x ∈ {0; 1}n.
Can we find this period s,
given a fast circuit for f ?
We don’t have enough data
if f has many periods.
Assume: {periods} = {0; s}.
Traditional solution:
Compute f for many inputs,
sort, analyze collisions.
Success probability is very low
until #inputs approaches 2n=2.
![Page 49: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/49.jpg)
22
Simon’s algorithm uses
far fewer qubit operations
if n is large and
reversibility overhead is low.
![Page 50: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/50.jpg)
22
Simon’s algorithm uses
far fewer qubit operations
if n is large and
reversibility overhead is low.
Say f maps n bits to m bits using
z “ancilla” bits for reversibility.
Prepare n +m + z qubits
in pure zero state:
vector (1; 0; 0; : : :).
![Page 51: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/51.jpg)
22
Simon’s algorithm uses
far fewer qubit operations
if n is large and
reversibility overhead is low.
Say f maps n bits to m bits using
z “ancilla” bits for reversibility.
Prepare n +m + z qubits
in pure zero state:
vector (1; 0; 0; : : :).
Use n-fold Hadamard
to move first n qubits
into uniform superposition:
(1; 1; 1; : : : ; 1; 0; 0; : : :)
with 2n entries 1, others 0.
![Page 52: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/52.jpg)
23
Apply fast vector permutation
for reversible f computation:
1 in position (q; 0; 0)
moves to position (q; f (q); 0).
Note symmetry between
1 at (q; f (q); 0) and
1 at (q ⊕ s; f (q); 0).
![Page 53: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/53.jpg)
23
Apply fast vector permutation
for reversible f computation:
1 in position (q; 0; 0)
moves to position (q; f (q); 0).
Note symmetry between
1 at (q; f (q); 0) and
1 at (q ⊕ s; f (q); 0).
Apply n-fold Hadamard.
![Page 54: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/54.jpg)
23
Apply fast vector permutation
for reversible f computation:
1 in position (q; 0; 0)
moves to position (q; f (q); 0).
Note symmetry between
1 at (q; f (q); 0) and
1 at (q ⊕ s; f (q); 0).
Apply n-fold Hadamard.
Measure. By symmetry,
output is orthogonal to s.
![Page 55: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/55.jpg)
23
Apply fast vector permutation
for reversible f computation:
1 in position (q; 0; 0)
moves to position (q; f (q); 0).
Note symmetry between
1 at (q; f (q); 0) and
1 at (q ⊕ s; f (q); 0).
Apply n-fold Hadamard.
Measure. By symmetry,
output is orthogonal to s.
Repeat n + 10 times.
Use Gaussian elimination
to (probably) find s.
![Page 56: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/56.jpg)
24
Example, 3 bits to 3 bits:
f (0) = 4.
f (1) = 7.
f (2) = 2.
f (3) = 3.
f (4) = 7.
f (5) = 4.
f (6) = 3.
f (7) = 2.
![Page 57: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/57.jpg)
24
Example, 3 bits to 3 bits:
f (0) = 4.
f (1) = 7. 4<<
7<<
2 3
7<<
4<<
3 2
f (2) = 2.
f (3) = 3.
f (4) = 7.
f (5) = 4.
f (6) = 3.
f (7) = 2.
![Page 58: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/58.jpg)
24
Example, 3 bits to 3 bits:
f (0) = 4.
f (1) = 7. 4<<
7<<
2 3
7<<
4<<
3 2
f (2) = 2.
f (3) = 3.
f (4) = 7.
f (5) = 4.
f (6) = 3.
f (7) = 2.
Complete table shows that
f (x) = f (x ⊕ 5) for all x .
Let’s watch Simon’s algorithm
for f , using 6 qubits.
![Page 59: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/59.jpg)
25
Step 1. Set up pure zero state:
1; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0:
![Page 60: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/60.jpg)
25
Step 2. Hadamard on qubit 0:
1; 1; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0:
![Page 61: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/61.jpg)
25
Step 3. Hadamard on qubit 1:
1; 1; 1; 1; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0:
![Page 62: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/62.jpg)
25
Step 4. Hadamard on qubit 2:
1; 1; 1; 1; 1; 1; 1; 1;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0:
![Page 63: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/63.jpg)
25
Step 5. (q; 0) 7→ (q; f (q)):
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 1; 0; 0; 0; 0; 1;
0; 0; 0; 1; 0; 0; 1; 0;
1; 0; 0; 0; 0; 1; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 1; 0; 0; 1; 0; 0; 0:
![Page 64: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/64.jpg)
25
Step 6. Hadamard on qubit 0:
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 1; 1; 0; 0; 1; 1;
0; 0; 1; 1; 0; 0; 1; 1;
1; 1; 0; 0; 1; 1; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
1; 1; 0; 0; 1; 1; 0; 0:
Notation: 1 = −1.
![Page 65: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/65.jpg)
25
Step 7. Hadamard on qubit 1:
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
1; 1; 1; 1; 1; 1; 1; 1;
1; 1; 1; 1; 1; 1; 1; 1;
1; 1; 1; 1; 1; 1; 1; 1;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
1; 1; 1; 1; 1; 1; 1; 1:
![Page 66: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/66.jpg)
25
Step 8. Hadamard on qubit 2:
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
2; 0; 2; 0; 0; 2; 0; 2;
2; 0; 2; 0; 0; 2; 0; 2;
2; 0; 2; 0; 0; 2; 0; 2;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
2; 0; 2; 0; 0; 2; 0; 2:
![Page 67: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/67.jpg)
25
Step 8. Hadamard on qubit 2:
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
2; 0; 2; 0; 0; 2; 0; 2;
2; 0; 2; 0; 0; 2; 0; 2;
2; 0; 2; 0; 0; 2; 0; 2;
0; 0; 0; 0; 0; 0; 0; 0;
0; 0; 0; 0; 0; 0; 0; 0;
2; 0; 2; 0; 0; 2; 0; 2:
Step 9. Measure.
First 3 qubits are uniform random
vector orthogonal to 101: i.e.,
000, 010, 101, or 111.
![Page 68: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/68.jpg)
26
Grover’s algorithm
Assume: unique s ∈ {0; 1}n
has f (s) = 0.
Traditional algorithm to find s:
compute f for many inputs,
hope to find output 0.
Success probability is very low
until #inputs approaches 2n.
![Page 69: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/69.jpg)
26
Grover’s algorithm
Assume: unique s ∈ {0; 1}n
has f (s) = 0.
Traditional algorithm to find s:
compute f for many inputs,
hope to find output 0.
Success probability is very low
until #inputs approaches 2n.
Grover’s algorithm takes only 2n=2
reversible computations of f .
Typically: reversibility overhead
is small enough that this
easily beats traditional algorithm.
![Page 70: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/70.jpg)
27
Start from uniform superposition
over all n-bit strings q.
Step 1: Set a← b where
bq = −aq if f (q) = 0,
bq = aq otherwise.
This is fast.
Step 2: “Grover diffusion”.
Negate a around its average.
This is also fast.
Repeat Step 1 + Step 2
about 0:58 · 20:5n times.
Measure the n qubits.
With high probability this finds s.
![Page 71: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/71.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 0 steps:
−1.0
−0.5
0.0
0.5
1.0
![Page 72: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/72.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after Step 1:
−1.0
−0.5
0.0
0.5
1.0
![Page 73: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/73.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after Step 1 + Step 2:
−1.0
−0.5
0.0
0.5
1.0
![Page 74: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/74.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after Step 1 + Step 2 + Step 1:
−1.0
−0.5
0.0
0.5
1.0
![Page 75: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/75.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 2× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 76: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/76.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 3× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 77: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/77.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 4× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 78: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/78.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 5× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 79: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/79.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 6× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 80: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/80.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 7× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 81: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/81.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 8× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 82: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/82.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 9× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 83: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/83.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 10× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 84: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/84.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 11× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 85: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/85.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 12× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 86: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/86.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 13× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 87: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/87.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 14× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 88: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/88.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 15× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 89: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/89.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 16× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 90: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/90.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 17× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 91: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/91.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 18× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 92: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/92.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 19× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 93: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/93.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 20× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 94: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/94.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 25× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 95: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/95.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 30× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 96: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/96.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 35× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
Good moment to stop, measure.
![Page 97: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/97.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 40× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 98: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/98.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 45× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 99: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/99.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 50× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
Traditional stopping point.
![Page 100: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/100.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 60× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 101: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/101.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 70× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 102: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/102.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 80× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 103: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/103.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 90× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
![Page 104: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/104.jpg)
28
Normalized graph of q 7→ aqfor an example with n = 12
after 100× (Step 1 + Step 2):
−1.0
−0.5
0.0
0.5
1.0
Very bad stopping point.
![Page 105: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/105.jpg)
29
q 7→ aq is completely described
by a vector of two numbers
(with fixed multiplicities):
(1) aq for roots q;
(2) aq for non-roots q.
Step 1 + Step 2
act linearly on this vector.
Easily compute eigenvalues
and powers of this linear map
to understand evolution
of state of Grover’s algorithm.
⇒ Probability is ≈1
after ≈(ı=4)20:5n iterations.
![Page 106: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/106.jpg)
30
Textbook algorithm analysis
“WHAT is your algorithm?”
![Page 107: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/107.jpg)
30
Textbook algorithm analysis
“WHAT is your algorithm?”
“Heapsort. Here’s the code.”
![Page 108: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/108.jpg)
30
Textbook algorithm analysis
“WHAT is your algorithm?”
“Heapsort. Here’s the code.”
“WHAT does it accomplish?”
![Page 109: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/109.jpg)
30
Textbook algorithm analysis
“WHAT is your algorithm?”
“Heapsort. Here’s the code.”
“WHAT does it accomplish?”
“It sorts the input array in place.
Here’s a proof.”
![Page 110: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/110.jpg)
30
Textbook algorithm analysis
“WHAT is your algorithm?”
“Heapsort. Here’s the code.”
“WHAT does it accomplish?”
“It sorts the input array in place.
Here’s a proof.”
“WHAT is its run time?”
![Page 111: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/111.jpg)
30
Textbook algorithm analysis
“WHAT is your algorithm?”
“Heapsort. Here’s the code.”
“WHAT does it accomplish?”
“It sorts the input array in place.
Here’s a proof.”
“WHAT is its run time?”
“O(n lg n) comparisons;
and Θ(n lg n) comparisons
for most inputs. Here’s a proof.”
![Page 112: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/112.jpg)
30
Textbook algorithm analysis
“WHAT is your algorithm?”
“Heapsort. Here’s the code.”
“WHAT does it accomplish?”
“It sorts the input array in place.
Here’s a proof.”
“WHAT is its run time?”
“O(n lg n) comparisons;
and Θ(n lg n) comparisons
for most inputs. Here’s a proof.”
“You may pass.”
![Page 113: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/113.jpg)
31
Algorithms to attack crypto
Critical question for ECC security:
How hard is ECDLP?
![Page 114: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/114.jpg)
31
Algorithms to attack crypto
Critical question for ECC security:
How hard is ECDLP?
Standard estimate for “strong”
ECC groups of prime order ‘:
Latest “negating” variants of
“distinguished point” rho methods
break an average ECDLP instance
using ≈0:886√‘ additions.
![Page 115: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/115.jpg)
31
Algorithms to attack crypto
Critical question for ECC security:
How hard is ECDLP?
Standard estimate for “strong”
ECC groups of prime order ‘:
Latest “negating” variants of
“distinguished point” rho methods
break an average ECDLP instance
using ≈0:886√‘ additions.
Is this proven? No!
Is this provable? Maybe not!
![Page 116: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/116.jpg)
31
Algorithms to attack crypto
Critical question for ECC security:
How hard is ECDLP?
Standard estimate for “strong”
ECC groups of prime order ‘:
Latest “negating” variants of
“distinguished point” rho methods
break an average ECDLP instance
using ≈0:886√‘ additions.
Is this proven? No!
Is this provable? Maybe not!
So why do we think it’s true?
![Page 117: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/117.jpg)
32
2000 Gallant–Lambert–Vanstone:
inadequately specified statement
of a negating rho algorithm.
![Page 118: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/118.jpg)
32
2000 Gallant–Lambert–Vanstone:
inadequately specified statement
of a negating rho algorithm.
2010 Bos–Kleinjung–Lenstra:
a plausible interpretation of
that algorithm is non-functional.
![Page 119: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/119.jpg)
32
2000 Gallant–Lambert–Vanstone:
inadequately specified statement
of a negating rho algorithm.
2010 Bos–Kleinjung–Lenstra:
a plausible interpretation of
that algorithm is non-functional.
See 2011 Bernstein–Lange–
Schwabe for more history
and better algorithms.
![Page 120: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/120.jpg)
32
2000 Gallant–Lambert–Vanstone:
inadequately specified statement
of a negating rho algorithm.
2010 Bos–Kleinjung–Lenstra:
a plausible interpretation of
that algorithm is non-functional.
See 2011 Bernstein–Lange–
Schwabe for more history
and better algorithms.
Why do we believe that
the latest algorithms work
at the claimed speeds?
Experiments!
![Page 121: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/121.jpg)
33
Similar story for RSA security:
we don’t have proofs for the
best factoring algorithms.
![Page 122: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/122.jpg)
33
Similar story for RSA security:
we don’t have proofs for the
best factoring algorithms.
Code-based cryptography:
we don’t have proofs for the
best decoding algorithms.
![Page 123: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/123.jpg)
33
Similar story for RSA security:
we don’t have proofs for the
best factoring algorithms.
Code-based cryptography:
we don’t have proofs for the
best decoding algorithms.
Lattice-based cryptography:
we don’t have proofs for the
best lattice algorithms.
![Page 124: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/124.jpg)
33
Similar story for RSA security:
we don’t have proofs for the
best factoring algorithms.
Code-based cryptography:
we don’t have proofs for the
best decoding algorithms.
Lattice-based cryptography:
we don’t have proofs for the
best lattice algorithms.
MQ-based cryptography:
we don’t have proofs for the
best system-solving algorithms.
![Page 125: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/125.jpg)
33
Similar story for RSA security:
we don’t have proofs for the
best factoring algorithms.
Code-based cryptography:
we don’t have proofs for the
best decoding algorithms.
Lattice-based cryptography:
we don’t have proofs for the
best lattice algorithms.
MQ-based cryptography:
we don’t have proofs for the
best system-solving algorithms.
Confidence relies on experiments.
![Page 126: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/126.jpg)
34
Where’s my quantum computer?
Quantum-algorithm design
is moving beyond textbook stage
into algorithms without proofs.
Example: subset-sum
exponent ≈0:241 from 2013
Bernstein–Jeffery–Lange–Meurer.
Don’t expect proofs or provability
for the best quantum algorithms
to attack post-quantum crypto.
How do we obtain confidence
in analysis of these algorithms?
Quantum experiments are hard.
![Page 127: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/127.jpg)
35
Where’s my big computer?
Analogy: Public hasn’t carried out
a 280 NFS RSA-1024 experiment.
![Page 128: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/128.jpg)
35
Where’s my big computer?
Analogy: Public hasn’t carried out
a 280 NFS RSA-1024 experiment.
But public has carried out
250, 260, 270 NFS experiments.
Hopefully not too much
extrapolation error for 280.
![Page 129: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/129.jpg)
35
Where’s my big computer?
Analogy: Public hasn’t carried out
a 280 NFS RSA-1024 experiment.
But public has carried out
250, 260, 270 NFS experiments.
Hopefully not too much
extrapolation error for 280.
Vastly larger extrapolation
for the quantum situation.
Imagine attacker performing
280 operations on 240 qubits;
compare to today’s challenges
of 21, 22, 23, 24, 25, 26 qubits.
![Page 130: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/130.jpg)
36
Simulations
2014.04 Chou → Ambainis:
Simulation shows error in
proof of 2003 Ambainis
distinctness algorithm.
![Page 131: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/131.jpg)
36
Simulations
2014.04 Chou → Ambainis:
Simulation shows error in
proof of 2003 Ambainis
distinctness algorithm.
Ambainis: Yes, thanks, will fix.
![Page 132: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/132.jpg)
36
Simulations
2014.04 Chou → Ambainis:
Simulation shows error in
proof of 2003 Ambainis
distinctness algorithm.
Ambainis: Yes, thanks, will fix.
2014.04 Chou → Childs:
Simulation shows that 2003
Childs–Eisenberg distinctness
algorithm is non-functional;
need to take half angle.
![Page 133: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/133.jpg)
36
Simulations
2014.04 Chou → Ambainis:
Simulation shows error in
proof of 2003 Ambainis
distinctness algorithm.
Ambainis: Yes, thanks, will fix.
2014.04 Chou → Childs:
Simulation shows that 2003
Childs–Eisenberg distinctness
algorithm is non-functional;
need to take half angle.
Childs: Yes. Typo, already
fixed in 2005 journal version.
![Page 134: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/134.jpg)
37
Do we know the best attacks?
Maybe, maybe not.
How many researchers have
looked for better attacks?
![Page 135: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/135.jpg)
37
Do we know the best attacks?
Maybe, maybe not.
How many researchers have
looked for better attacks?
Do those researchers
have the right experience?
![Page 136: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/136.jpg)
37
Do we know the best attacks?
Maybe, maybe not.
How many researchers have
looked for better attacks?
Do those researchers
have the right experience?
Did they carefully study
all possible avenues of attack?
![Page 137: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/137.jpg)
37
Do we know the best attacks?
Maybe, maybe not.
How many researchers have
looked for better attacks?
Do those researchers
have the right experience?
Did they carefully study
all possible avenues of attack?
Is this auditable and audited?
![Page 138: Quantum algorithm means an algorithm that a quantum ...2017/06/23 · 4 Quantum computer type 3 (QC3): e ciently computes anything that any physical computer can compute e ciently](https://reader033.vdocument.in/reader033/viewer/2022060906/60a0dcc0e26dac427566af70/html5/thumbnails/138.jpg)
37
Do we know the best attacks?
Maybe, maybe not.
How many researchers have
looked for better attacks?
Do those researchers
have the right experience?
Did they carefully study
all possible avenues of attack?
Is this auditable and audited?
Real-world security systems
cannot avoid these questions.