quantum algorithms daniel j bernstein university of
play

Quantum algorithms Daniel J. Bernstein University of Illinois at - PDF document

Mar 30, 2024 •39 likes •1.42k views

1 Quantum algorithms Daniel J. Bernstein University of Illinois at Chicago Quantum algorithm means an algorithm that a quantum computer can run. i.e. a sequence of instructions, where each instruction is in a quantum computers

  1. 13 2. Convert into reversible gates. Toffoli for q 2 ← q 2 ⊕ q 1 q 0 : ( a 0 ; a 1 ; a 2 ; a 3 ; a 4 ; a 5 ; a 6 ; a 7 ) �→ ( a 0 ; a 1 ; a 2 ; a 7 ; a 4 ; a 5 ; a 6 ; a 3 ). Controlled NOT for q 1 ← q 1 ⊕ q 0 : ( a 0 ; a 1 ; a 2 ; a 7 ; a 4 ; a 5 ; a 6 ; a 3 ) �→ ( a 0 ; a 7 ; a 2 ; a 1 ; a 4 ; a 3 ; a 6 ; a 5 ).

  2. 13 2. Convert into reversible gates. Toffoli for q 2 ← q 2 ⊕ q 1 q 0 : ( a 0 ; a 1 ; a 2 ; a 3 ; a 4 ; a 5 ; a 6 ; a 7 ) �→ ( a 0 ; a 1 ; a 2 ; a 7 ; a 4 ; a 5 ; a 6 ; a 3 ). Controlled NOT for q 1 ← q 1 ⊕ q 0 : ( a 0 ; a 1 ; a 2 ; a 7 ; a 4 ; a 5 ; a 6 ; a 3 ) �→ ( a 0 ; a 7 ; a 2 ; a 1 ; a 4 ; a 3 ; a 6 ; a 5 ). NOT for q 0 ← q 0 ⊕ 1: ( a 0 ; a 7 ; a 2 ; a 1 ; a 4 ; a 3 ; a 6 ; a 5 ) �→ ( a 7 ; a 0 ; a 1 ; a 2 ; a 3 ; a 4 ; a 5 ; a 6 ).

  3. 14 This permutation example was deceptively easy. It didn’t need many operations. For large n , most permutations p need many operations ⇒ slow. Really want fast circuits.

  4. 14 This permutation example was deceptively easy. It didn’t need many operations. For large n , most permutations p need many operations ⇒ slow. Really want fast circuits. Also, it didn’t need extra storage: circuit operated “in place” after computation c 1 ← q 1 q 0 was merged into q 2 ← q 2 ⊕ c 1 . Typical circuits aren’t in-place.

  5. 15 Start from any circuit: inputs b 1 ; b 2 ; : : : ; b i ; b i +1 = 1 ⊕ b f ( i +1) b g ( i +1) ; b i +2 = 1 ⊕ b f ( i +2) b g ( i +2) ; : : : b T = 1 ⊕ b f ( T ) b g ( T ) ; specified outputs.

  6. 15 Start from any circuit: inputs b 1 ; b 2 ; : : : ; b i ; b i +1 = 1 ⊕ b f ( i +1) b g ( i +1) ; b i +2 = 1 ⊕ b f ( i +2) b g ( i +2) ; : : : b T = 1 ⊕ b f ( T ) b g ( T ) ; specified outputs. Reversible but dirty: inputs b 1 ; b 2 ; : : : ; b T ; b i +1 ← 1 ⊕ b i +1 ⊕ b f ( i +1) b g ( i +1) ; b i +2 ← 1 ⊕ b i +2 ⊕ b f ( i +2) b g ( i +2) ; : : : b T ← 1 ⊕ b T ⊕ b f ( T ) b g ( T ) . Same outputs if all of b i +1 ; : : : ; b T started as 0.

  7. 16 Reversible and clean: after finishing dirty computation, set non-outputs back to 0, by repeating same operations on non-outputs in reverse order. Original computation: (inputs) �→ (inputs ; dirt ; outputs). Dirty reversible computation: (inputs ; zeros ; zeros) �→ (inputs ; dirt ; outputs). Clean reversible computation: (inputs ; zeros ; zeros) �→ (inputs ; zeros ; outputs).

  8. 17 Given fast circuit for p and fast circuit for p − 1 , build fast reversible circuit for ( x; zeros) �→ ( p ( x ) ; zeros).

  9. 17 Given fast circuit for p and fast circuit for p − 1 , build fast reversible circuit for ( x; zeros) �→ ( p ( x ) ; zeros). Replace reversible bit operations with Toffoli gates etc. permuting C 2 n + z → C 2 n + z . Permutation on first 2 n entries is ( a 0 ; a 1 ; : : : ; a 2 n − 1 ) �→ ( a p − 1 (0) ; a p − 1 (1) ; : : : ; a p − 1 (2 n − 1) ). Typically prepare vectors supported on first 2 n entries so don’t care how permutation acts on last 2 n + z − 2 n entries.

  10. 18 Warning: Number of qubits ≈ number of bit operations in original p; p − 1 circuits. This can be much larger than number of bits stored in the original circuits.

  11. 18 Warning: Number of qubits ≈ number of bit operations in original p; p − 1 circuits. This can be much larger than number of bits stored in the original circuits. Many useful techniques to compress into fewer qubits, but often these lose time. Many subtle tradeoffs.

  12. 18 Warning: Number of qubits ≈ number of bit operations in original p; p − 1 circuits. This can be much larger than number of bits stored in the original circuits. Many useful techniques to compress into fewer qubits, but often these lose time. Many subtle tradeoffs. Crude “poly-time” analyses don’t care about this, but serious cryptanalysis is much more precise.

  13. 19 Fast quantum operations, part 2 “Hadamard”: ( a 0 ; a 1 ) �→ ( a 0 + a 1 ; a 0 − a 1 ).

  14. 19 Fast quantum operations, part 2 “Hadamard”: ( a 0 ; a 1 ) �→ ( a 0 + a 1 ; a 0 − a 1 ). ( a 0 ; a 1 ; a 2 ; a 3 ) �→ ( a 0 + a 1 ; a 0 − a 1 ; a 2 + a 3 ; a 2 − a 3 ).

  15. 19 Fast quantum operations, part 2 “Hadamard”: ( a 0 ; a 1 ) �→ ( a 0 + a 1 ; a 0 − a 1 ). ( a 0 ; a 1 ; a 2 ; a 3 ) �→ ( a 0 + a 1 ; a 0 − a 1 ; a 2 + a 3 ; a 2 − a 3 ). Same for qubit 1: ( a 0 ; a 1 ; a 2 ; a 3 ) �→ ( a 0 + a 2 ; a 1 + a 3 ; a 0 − a 2 ; a 1 − a 3 ).

  16. 19 Fast quantum operations, part 2 “Hadamard”: ( a 0 ; a 1 ) �→ ( a 0 + a 1 ; a 0 − a 1 ). ( a 0 ; a 1 ; a 2 ; a 3 ) �→ ( a 0 + a 1 ; a 0 − a 1 ; a 2 + a 3 ; a 2 − a 3 ). Same for qubit 1: ( a 0 ; a 1 ; a 2 ; a 3 ) �→ ( a 0 + a 2 ; a 1 + a 3 ; a 0 − a 2 ; a 1 − a 3 ). Qubit 0 and then qubit 1: ( a 0 ; a 1 ; a 2 ; a 3 ) �→ ( a 0 + a 1 ; a 0 − a 1 ; a 2 + a 3 ; a 2 − a 3 ) �→ ( a 0 + a 1 + a 2 + a 3 ; a 0 − a 1 + a 2 − a 3 , a 0 + a 1 − a 2 − a 3 ; a 0 − a 1 − a 2 + a 3 ).

  17. 20 Repeat n times: e.g., (1 ; 0 ; 0 ; : : : ; 0) �→ (1 ; 1 ; 1 ; : : : ; 1). Measuring (1 ; 0 ; 0 ; : : : ; 0) always produces 0. Measuring (1 ; 1 ; 1 ; : : : ; 1) can produce any output: Pr[output = q ] = 1 = 2 n .

  18. 20 Repeat n times: e.g., (1 ; 0 ; 0 ; : : : ; 0) �→ (1 ; 1 ; 1 ; : : : ; 1). Measuring (1 ; 0 ; 0 ; : : : ; 0) always produces 0. Measuring (1 ; 1 ; 1 ; : : : ; 1) can produce any output: Pr[output = q ] = 1 = 2 n . Aside from “normalization” (irrelevant to measurement), have Hadamard = Hadamard − 1 , so easily work backwards from “uniform superposition” (1 ; 1 ; 1 ; : : : ; 1) to “pure state” (1 ; 0 ; 0 ; : : : ; 0).

  19. 21 Simon’s algorithm Assume: nonzero s ∈ { 0 ; 1 } n satisfies f ( x ) = f ( x ⊕ s ) for every x ∈ { 0 ; 1 } n . Can we find this period s , given a fast circuit for f ?

  20. 21 Simon’s algorithm Assume: nonzero s ∈ { 0 ; 1 } n satisfies f ( x ) = f ( x ⊕ s ) for every x ∈ { 0 ; 1 } n . Can we find this period s , given a fast circuit for f ? We don’t have enough data if f has many periods. Assume: { periods } = { 0 ; s } .

  21. 21 Simon’s algorithm Assume: nonzero s ∈ { 0 ; 1 } n satisfies f ( x ) = f ( x ⊕ s ) for every x ∈ { 0 ; 1 } n . Can we find this period s , given a fast circuit for f ? We don’t have enough data if f has many periods. Assume: { periods } = { 0 ; s } . Traditional solution: Compute f for many inputs, sort, analyze collisions. Success probability is very low until #inputs approaches 2 n= 2 .

  22. 22 Simon’s algorithm uses far fewer qubit operations if n is large and reversibility overhead is low.

  23. 22 Simon’s algorithm uses far fewer qubit operations if n is large and reversibility overhead is low. Say f maps n bits to m bits using z “ancilla” bits for reversibility. Prepare n + m + z qubits in pure zero state: vector (1 ; 0 ; 0 ; : : : ).

  24. 22 Simon’s algorithm uses far fewer qubit operations if n is large and reversibility overhead is low. Say f maps n bits to m bits using z “ancilla” bits for reversibility. Prepare n + m + z qubits in pure zero state: vector (1 ; 0 ; 0 ; : : : ). Use n -fold Hadamard to move first n qubits into uniform superposition: (1 ; 1 ; 1 ; : : : ; 1 ; 0 ; 0 ; : : : ) with 2 n entries 1, others 0.

  25. 23 Apply fast vector permutation for reversible f computation: 1 in position ( q; 0 ; 0) moves to position ( q; f ( q ) ; 0). Note symmetry between 1 at ( q; f ( q ) ; 0) and 1 at ( q ⊕ s; f ( q ) ; 0).

  26. 23 Apply fast vector permutation for reversible f computation: 1 in position ( q; 0 ; 0) moves to position ( q; f ( q ) ; 0). Note symmetry between 1 at ( q; f ( q ) ; 0) and 1 at ( q ⊕ s; f ( q ) ; 0). Apply n -fold Hadamard.

  27. 23 Apply fast vector permutation for reversible f computation: 1 in position ( q; 0 ; 0) moves to position ( q; f ( q ) ; 0). Note symmetry between 1 at ( q; f ( q ) ; 0) and 1 at ( q ⊕ s; f ( q ) ; 0). Apply n -fold Hadamard. Measure. By symmetry, output is orthogonal to s .

  28. 23 Apply fast vector permutation for reversible f computation: 1 in position ( q; 0 ; 0) moves to position ( q; f ( q ) ; 0). Note symmetry between 1 at ( q; f ( q ) ; 0) and 1 at ( q ⊕ s; f ( q ) ; 0). Apply n -fold Hadamard. Measure. By symmetry, output is orthogonal to s . Repeat n + 10 times. Use Gaussian elimination to (probably) find s .

  29. 24 Example, 3 bits to 3 bits: f (0) = 4. f (1) = 7. f (2) = 2. f (3) = 3. f (4) = 7. f (5) = 4. f (6) = 3. f (7) = 2.

  30. 24 Example, 3 bits to 3 bits: f (0) = 4. f (1) = 7. 4 ❁ 7 ❁ ❁ ❁ f (2) = 2. 2 3 f (3) = 3. 7 ❁ 4 ❁ f (4) = 7. ❁ ❁ f (5) = 4. 3 2 f (6) = 3. f (7) = 2.

  31. 24 Example, 3 bits to 3 bits: f (0) = 4. f (1) = 7. 4 ❁ 7 ❁ ❁ ❁ f (2) = 2. 2 3 f (3) = 3. 7 ❁ 4 ❁ f (4) = 7. ❁ ❁ f (5) = 4. 3 2 f (6) = 3. f (7) = 2. Complete table shows that f ( x ) = f ( x ⊕ 5) for all x . Let’s watch Simon’s algorithm for f , using 6 qubits.

  32. 25 Step 1. Set up pure zero state: 1 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 :

  33. 25 Step 2. Hadamard on qubit 0: 1 ; 1 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 :

  34. 25 Step 3. Hadamard on qubit 1: 1 ; 1 ; 1 ; 1 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 :

  35. 25 Step 4. Hadamard on qubit 2: 1 ; 1 ; 1 ; 1 ; 1 ; 1 ; 1 ; 1 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 :

  36. 25 Step 5. ( q; 0) �→ ( q; f ( q )): 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 1 ; 0 ; 0 ; 0 ; 0 ; 1 ; 0 ; 0 ; 0 ; 1 ; 0 ; 0 ; 1 ; 0 ; 1 ; 0 ; 0 ; 0 ; 0 ; 1 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 1 ; 0 ; 0 ; 1 ; 0 ; 0 ; 0 :

  37. 25 Step 6. Hadamard on qubit 0: 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 1 ; 1 ; 0 ; 0 ; 1 ; 1 ; 0 ; 0 ; 1 ; 1 ; 0 ; 0 ; 1 ; 1 ; 1 ; 1 ; 0 ; 0 ; 1 ; 1 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 1 ; 1 ; 0 ; 0 ; 1 ; 1 ; 0 ; 0 : Notation: 1 = − 1.

  38. 25 Step 7. Hadamard on qubit 1: 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 1 ; 1 ; 1 ; 1 ; 1 ; 1 ; 1 ; 1 ; 1 ; 1 ; 1 ; 1 ; 1 ; 1 ; 1 ; 1 ; 1 ; 1 ; 1 ; 1 ; 1 ; 1 ; 1 ; 1 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 1 ; 1 ; 1 ; 1 ; 1 ; 1 ; 1 ; 1 :

  39. 25 Step 8. Hadamard on qubit 2: 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 2 ; 0 ; 2 ; 0 ; 0 ; 2 ; 0 ; 2 ; 2 ; 0 ; 2 ; 0 ; 0 ; 2 ; 0 ; 2 ; 2 ; 0 ; 2 ; 0 ; 0 ; 2 ; 0 ; 2 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 2 ; 0 ; 2 ; 0 ; 0 ; 2 ; 0 ; 2 :

  40. 25 Step 8. Hadamard on qubit 2: 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 2 ; 0 ; 2 ; 0 ; 0 ; 2 ; 0 ; 2 ; 2 ; 0 ; 2 ; 0 ; 0 ; 2 ; 0 ; 2 ; 2 ; 0 ; 2 ; 0 ; 0 ; 2 ; 0 ; 2 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 0 ; 2 ; 0 ; 2 ; 0 ; 0 ; 2 ; 0 ; 2 : Step 9. Measure. First 3 qubits are uniform random vector orthogonal to 101: i.e., 000, 010, 101, or 111.

  41. 26 Grover’s algorithm Assume: unique s ∈ { 0 ; 1 } n has f ( s ) = 0. Traditional algorithm to find s : compute f for many inputs, hope to find output 0. Success probability is very low until #inputs approaches 2 n .

  42. 26 Grover’s algorithm Assume: unique s ∈ { 0 ; 1 } n has f ( s ) = 0. Traditional algorithm to find s : compute f for many inputs, hope to find output 0. Success probability is very low until #inputs approaches 2 n . Grover’s algorithm takes only 2 n= 2 reversible computations of f . Typically: reversibility overhead is small enough that this easily beats traditional algorithm.

  43. 27 Start from uniform superposition over all n -bit strings q . Step 1: Set a ← b where b q = − a q if f ( q ) = 0, b q = a q otherwise. This is fast. Step 2: “Grover diffusion”. Negate a around its average. This is also fast. Repeat Step 1 + Step 2 about 0 : 58 · 2 0 : 5 n times. Measure the n qubits. With high probability this finds s .

  44. 28 Normalized graph of q �→ a q for an example with n = 12 after 0 steps: 1.0 0.5 0.0 −0.5 −1.0

  45. 28 Normalized graph of q �→ a q for an example with n = 12 after Step 1: 1.0 0.5 0.0 −0.5 −1.0

  46. 28 Normalized graph of q �→ a q for an example with n = 12 after Step 1 + Step 2: 1.0 0.5 0.0 −0.5 −1.0

  47. 28 Normalized graph of q �→ a q for an example with n = 12 after Step 1 + Step 2 + Step 1: 1.0 0.5 0.0 −0.5 −1.0

  48. 28 Normalized graph of q �→ a q for an example with n = 12 after 2 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0

  49. 28 Normalized graph of q �→ a q for an example with n = 12 after 3 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0

  50. 28 Normalized graph of q �→ a q for an example with n = 12 after 4 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0

  51. 28 Normalized graph of q �→ a q for an example with n = 12 after 5 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0

  52. 28 Normalized graph of q �→ a q for an example with n = 12 after 6 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0

  53. 28 Normalized graph of q �→ a q for an example with n = 12 after 7 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0

  54. 28 Normalized graph of q �→ a q for an example with n = 12 after 8 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0

  55. 28 Normalized graph of q �→ a q for an example with n = 12 after 9 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0

  56. 28 Normalized graph of q �→ a q for an example with n = 12 after 10 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0

  57. 28 Normalized graph of q �→ a q for an example with n = 12 after 11 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0

  58. 28 Normalized graph of q �→ a q for an example with n = 12 after 12 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0

  59. 28 Normalized graph of q �→ a q for an example with n = 12 after 13 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0

  60. 28 Normalized graph of q �→ a q for an example with n = 12 after 14 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0

  61. 28 Normalized graph of q �→ a q for an example with n = 12 after 15 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0

  62. 28 Normalized graph of q �→ a q for an example with n = 12 after 16 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0

  63. 28 Normalized graph of q �→ a q for an example with n = 12 after 17 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0

  64. 28 Normalized graph of q �→ a q for an example with n = 12 after 18 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0

  65. 28 Normalized graph of q �→ a q for an example with n = 12 after 19 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0

  66. 28 Normalized graph of q �→ a q for an example with n = 12 after 20 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0

  67. 28 Normalized graph of q �→ a q for an example with n = 12 after 25 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0

  68. 28 Normalized graph of q �→ a q for an example with n = 12 after 30 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0

  69. 28 Normalized graph of q �→ a q for an example with n = 12 after 35 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0 Good moment to stop, measure.

  70. 28 Normalized graph of q �→ a q for an example with n = 12 after 40 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0

  71. 28 Normalized graph of q �→ a q for an example with n = 12 after 45 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0

  72. 28 Normalized graph of q �→ a q for an example with n = 12 after 50 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0 Traditional stopping point.

  73. 28 Normalized graph of q �→ a q for an example with n = 12 after 60 × (Step 1 + Step 2): 1.0 0.5 0.0 −0.5 −1.0

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Quantum algorithms Daniel J. Bernstein Quantum algorithm means an algorithm that a

Quantum algorithms Daniel J. Bernstein Quantum algorithm means an algorithm that a

1 Quantum algorithms Daniel J. Bernstein Quantum algorithm means an algorithm that a quantum computer can run. i.e. a sequence of instructions, where each instruction is in a quantum computers supported instruction set. How do we

1.53k views • 135 slides
Algorithms for multiquadratic number fields D. J. Bernstein Jens Bauch, Daniel J. Bernstein,

Algorithms for multiquadratic number fields D. J. Bernstein Jens Bauch, Daniel J. Bernstein,

1 Algorithms for multiquadratic number fields D. J. Bernstein Jens Bauch, Daniel J. Bernstein, Henry de Valence, Tanja Lange, Christine van Vredendaal. Short generators without quantum computers: the case of multiquadratics. Eurocrypt

1.13k views • 97 slides
Trapdoor simulation of quantum algorithms Daniel J. Bernstein University of Illinois at Chicago

Trapdoor simulation of quantum algorithms Daniel J. Bernstein University of Illinois at Chicago

Trapdoor simulation of quantum algorithms Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Joint work with: Tung Chou Technische Universiteit Eindhoven Algorithms in CS courses WHAT is your

598 views • 38 slides
What do quantum computers do? Daniel J. Bernstein University of Illinois at Chicago Quantum

What do quantum computers do? Daniel J. Bernstein University of Illinois at Chicago Quantum

1 What do quantum computers do? Daniel J. Bernstein University of Illinois at Chicago Quantum algorithm means an algorithm that a quantum computer can run. i.e. a sequence of instructions, where each instruction is in a quantum

892 views • 76 slides
Introduction to quantum algorithms and introduction to code-based cryptography Daniel J.

Introduction to quantum algorithms and introduction to code-based cryptography Daniel J.

Introduction to quantum algorithms and introduction to code-based cryptography Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Data (state) stored in n bits: an element of { 0 ; 1 } n ,

1.97k views • 138 slides
Trapdoor simulation Algorithms in CS courses of quantum algorithms WHAT is your algorithm?

Trapdoor simulation Algorithms in CS courses of quantum algorithms WHAT is your algorithm?

Trapdoor simulation Algorithms in CS courses of quantum algorithms WHAT is your algorithm? Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Joint work with: Tung Chou Technische

922 views • 70 slides
Quantum circuits for the CSIDH: optimizing quantum evaluation of isogenies Daniel J. Bernstein

Quantum circuits for the CSIDH: optimizing quantum evaluation of isogenies Daniel J. Bernstein

Quantum circuits for the CSIDH: optimizing quantum evaluation of isogenies Daniel J. Bernstein Tanja Lange Chloe Martindale Lorenz Panny quantum.isogeny.org Key bits where all known attacks take 2 operations (naive serial attack metric,

412 views • 16 slides
The libpqcrypto software library for post-quantum cryptography Daniel J. Bernstein and many

The libpqcrypto software library for post-quantum cryptography Daniel J. Bernstein and many

The libpqcrypto software library for post-quantum cryptography Daniel J. Bernstein and many contributors libpqcrypto.org Daniel J. Bernstein Context libpqcrypto.org Daniel J. Bernstein Redesigning crypto for security New requirements for

541 views • 51 slides
Challenges in quantum algorithms for integer factorization D. J. Bernstein University of

Challenges in quantum algorithms for integer factorization D. J. Bernstein University of

1 Challenges in quantum algorithms for integer factorization D. J. Bernstein University of Illinois at Chicago Prelude: What is the fastest algorithm to sort an array? def blindsort(x): while not issorted(x): permuterandomly(x) 2 def

713 views • 50 slides
Quantum walks Daniel J. Bernstein University of Illinois at Chicago Focusing on quantum walks

Quantum walks Daniel J. Bernstein University of Illinois at Chicago Focusing on quantum walks

1 Quantum walks Daniel J. Bernstein University of Illinois at Chicago Focusing on quantum walks as an algorithm-design tool: e.g. Grovers algorithm. e.g. Ambainiss algorithm. Can also study quantum walks on much more general graphs.

2.22k views • 186 slides
Post-quantum cryptography Daniel J. Bernstein University of Illinois at Chicago; Ruhr University

Post-quantum cryptography Daniel J. Bernstein University of Illinois at Chicago; Ruhr University

Post-quantum cryptography Daniel J. Bernstein University of Illinois at Chicago; Ruhr University Bochum Wikipedia: Hoover became a controversial figure as evidence of his secretive abuses of power began to surface. He was found to have

1.21k views • 103 slides
The post-quantum Internet Risk management Daniel J. Bernstein Combining congruences:

The post-quantum Internet Risk management Daniel J. Bernstein Combining congruences:

1 2 The post-quantum Internet Risk management Daniel J. Bernstein Combining congruences: state-of-the-art pre-quantum University of Illinois at Chicago & attack against original DH, Technische Universiteit Eindhoven RSA, and some

2.34k views • 171 slides
Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J.

Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J.

Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel J. Bernstein, Bo-Yin Yang https://eprint.iacr.org/2017/1206.pdf Asymptotically faster quantum algorithms to solve multivariate quadratic equations Daniel

702 views • 45 slides
Post-quantum cryptography Daniel J. Bernstein & Tanja Lange University of Illinois at

Post-quantum cryptography Daniel J. Bernstein & Tanja Lange University of Illinois at

Post-quantum cryptography Daniel J. Bernstein & Tanja Lange University of Illinois at Chicago; Ruhr University Bochum & Technische Universiteit Eindhoven 12 September 2020 Cryptography Sender Receiver Alice Bob Tsai

760 views • 48 slides
Quantum algorithms for the subset-sum problem D. J. Bernstein University of Illinois at Chicago

Quantum algorithms for the subset-sum problem D. J. Bernstein University of Illinois at Chicago

Quantum algorithms for the subset-sum problem D. J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven cr.yp.to/qsubsetsum.html Joint work with: Stacey Jeffery University of Waterloo Tanja Lange Technische

1.2k views • 98 slides
Quantum circuits for the CSIDH: optimizing quantum evaluation of isogenies Daniel J. Bernstein

Quantum circuits for the CSIDH: optimizing quantum evaluation of isogenies Daniel J. Bernstein

Quantum circuits for the CSIDH: optimizing quantum evaluation of isogenies Daniel J. Bernstein Tanja Lange Chloe Martindale Lorenz Panny quantum.isogeny.org Non-interactive key exchange Alice: secret a , public aG . Bob: secret b , public bG

499 views • 28 slides
Is This Algorithm Fast? Topic Number 8 op c u be 8 Problem: given a problem, how fast does

Is This Algorithm Fast? Topic Number 8 op c u be 8 Problem: given a problem, how fast does

Is This Algorithm Fast? Topic Number 8 op c u be 8 Problem: given a problem, how fast does this Algorithm Analysis code solve that problem? Could try to measure the time it takes, but " bit twiddling: 1. (pejorative) An exercise

396 views • 15 slides
Order Analysis of Algorithms Debdeep Mukhopadhyay IIT Madras Sorting problem Input: A

Order Analysis of Algorithms Debdeep Mukhopadhyay IIT Madras Sorting problem Input: A

Order Analysis of Algorithms Debdeep Mukhopadhyay IIT Madras Sorting problem Input: A sequence of n numbers, a1,a2,,an Output: A permutation (reordering) (a1,a2,,an) of the input sequence such that a1 a2

1.33k views • 20 slides
A Measure & Conquer Approach for the Analysis of Exact Algorithms Fabrizio Grandoni Tor

A Measure & Conquer Approach for the Analysis of Exact Algorithms Fabrizio Grandoni Tor

A Measure & Conquer Approach for the Analysis of Exact Algorithms Fabrizio Grandoni Tor Vergata Rome grandoni@disp.uniroma2.it p. 1/69 The Importance of Being Tight (Accurately) measuring the size of relevant quantities is a

970 views • 96 slides
Perfect matchings in O ( n log n ) time in regular bipartite graphs -Ashish Goel, Michael

Perfect matchings in O ( n log n ) time in regular bipartite graphs -Ashish Goel, Michael

Perfect matchings in O ( n log n ) time in regular bipartite graphs -Ashish Goel, Michael Kapralov and Sanjeev Khanna October 20, 2019 -Ashish Goel, Michael Kapralov and Sanjeev Khanna Perfect matchings in regular bipartite graphs October 20,

654 views • 48 slides
CMSC 132: Object-Oriented Programming II Algorithmic Complexity I Department of Computer Science

CMSC 132: Object-Oriented Programming II Algorithmic Complexity I Department of Computer Science

CMSC 132: Object-Oriented Programming II Algorithmic Complexity I Department of Computer Science University of M aryland, College Park Algorithm Efficiency Efficiency Amount of resources used by algorithm Time, space Measuring

456 views • 28 slides
Data Structures + BIG-O Notation Understanding the engineering trade-offs when storing data

Data Structures + BIG-O Notation Understanding the engineering trade-offs when storing data

CSSE 220 Data Structures + BIG-O Notation Understanding the engineering trade-offs when storing data Checkout LinkedListSimple project from public git Checkout SinglyLinkedList homework from git Data Structures Efficient ways to store data

239 views • 9 slides
Chapter 22 Developing Efficient Algorithms Liang, Introduction to Java Programming, Tenth

Chapter 22 Developing Efficient Algorithms Liang, Introduction to Java Programming, Tenth

Chapter 22 Developing Efficient Algorithms Liang, Introduction to Java Programming, Tenth Edition, (c) 2013 Pearson Education, Inc. All 1 rights reserved. Executing Time Suppose two algorithms perform the same task such as search (linear

224 views • 20 slides
Recap: Brents principle Sequential algorithms: time = work Parallel algorithms (PRAM):

Recap: Brents principle Sequential algorithms: time = work Parallel algorithms (PRAM):

Recap: Brents principle Sequential algorithms: time = work Parallel algorithms (PRAM): time T(n) work W(n) Brents princliple: Work matters! 1 / 61 Work efficiency Parallel alg is work-efficient if: Work is the

820 views • 61 slides

More recommend