|
19 | 19 | "jp-MarkdownHeadingCollapsed": true |
20 | 20 | }, |
21 | 21 | "source": [ |
22 | | - "## Introduction\n", |
| 22 | + "The integer factorization problem [[1](#IntegerFactor)] is a famous problem in number theory: given a composite number $N$, find its prime factors. The importance of the problem stems from there being no known efficient (polynomial-time, in the number of bits needed to represent $N$) classical algorithm, and much of modern-day cryptography relies on this fact. In 1994, Peter Shor came up with an efficient _quantum_ algorithm for the problem [[2](#Shor94)], providing one of the first concrete pieces of evidence for the power of quantum computers.\n", |
23 | 23 | "\n", |
24 | | - "The integer factorization problem [[1](#IntegerFactor)] is a famous problem in number theory: given a number $N$ which is composite, find its prime factors. The importance of the problem stems from the fact that no efficient (polynomial-time, in the number of bits needed to represent $N$) classical algorithm is known for it to this day, and much of modern day cryptography relies on this fact. In 1994, Peter Shor came up with an efficient _quantum_ algorithm for the problem [[2](#Shor94)] - providing one of the first concrete pieces of evidence for the power of quantum computers.\n", |
| 24 | + "## Shor's Algorithm\n", |
25 | 25 | "\n", |
26 | | - "### Shor's Algorithm\n", |
| 26 | + "Shor's algorithm consists of a classical part and a quantum subroutine. The steps of the algorithm for factoring an input number $N$, summarized from [[3](#ShorSteps)]:\n", |
27 | 27 | "\n", |
28 | | - "Shor's algorithm consists of a classical part and a quantum subroutine. The steps of the algorithm for factoring an input number $N$, summarized from [[3](#ShorSteps)], are as follows:\n", |
29 | | - "\n", |
30 | | - "1. Pick a random number $1 < a < N$ that is co-prime with $N$. Co-primality can be checked by computing the GCD (greatest common divisor) of $a$ and $N$ - if it is 1 then we have found a co-prime $a$, otherwise we have found a non-trivial factor of $N$ and we are done.\n", |
| 28 | + "1. Pick a random number $1 < a < N$ that is co-prime with $N$. Co-primality can be checked by computing the GCD (greatest common divisor) of $a$ and $N$. If it is 1 then we have a co-prime $a$, otherwise we have a non-trivial factor of $N$ and we are done.\n", |
31 | 29 | "2. Find the period $r$ of the following function, using the quantum period finding algorithm (described in [[4](#PeriodFinding)]): $$f(x) = a^x \\mod N$$\n", |
32 | 30 | "3. If $r$ is odd or $a^{r/2} = -1 \\mod N$, return to step 1 (this event can be shown to happen with probability at most $1/2$).\n", |
33 | 31 | "4. Otherwise, $\\gcd(a^{r/2} \\pm 1, N)$ are both factors of $N$, and computing one of them yields the required result.\n", |
34 | 32 | "\n", |
35 | | - "In this demo, we will factor the number $N=15$ using Shor's algorithm, by applying the quantum subroutine (step 2) with $a=7$. This particular $a$ is chosen since it is co-prime with 15 and satisfies the conditions of step 3, providing us with a high probability of finding a factor of $N$.\n" |
| 33 | + "This demo factors the number $N=15$ using Shor's algorithm by applying the quantum subroutine (step 2) with $a=7$. We choose this particular $a$ since it is co-prime with 15 and satisfies the conditions of step 3, providing us with a high probability of finding a factor of $N$.\n" |
36 | 34 | ] |
37 | 35 | }, |
38 | 36 | { |
39 | 37 | "cell_type": "markdown", |
40 | 38 | "id": "9cc49f8e-2d6a-4a34-ae27-8e6081a10701", |
41 | 39 | "metadata": {}, |
42 | 40 | "source": [ |
43 | | - "## Building the quantum period finding circuit\n", |
| 41 | + "## Building the Quantum Period Finding Circuit\n", |
44 | 42 | "\n", |
45 | | - "We begin by declaring the number of qubits in the upper (counting) register the quantum subroutine uses. In our case, $N = 15$, and according to the algorithm the upper register must contain $q = \\log(Q)$ qubits for $Q$ such that $N^2 \\le Q < 2N^2$, namely $225 < Q < 450$, and therefore $q = 8$. In addition, the second register should be large enough to encode 15, hence:" |
| 43 | + "We begin by declaring the number of qubits in the upper (counting) register that the quantum subroutine uses. In our case, $N = 15$, and according to the algorithm the upper register must contain $q = \\log(Q)$ qubits for $Q$ such that $N^2 \\le Q < 2N^2$; namely, $225 < Q < 450$, and therefore $q = 8$. In addition, the second register should be large enough to encode 15, hence:" |
46 | 44 | ] |
47 | 45 | }, |
48 | 46 | { |
|
67 | 65 | "id": "21042631-a0b7-497a-9a91-2bb8e76e4562", |
68 | 66 | "metadata": {}, |
69 | 67 | "source": [ |
70 | | - "We will implement a Phase Estimation [[5](#PhaseEstimation)] circuit. Each element in the circuit is a controlled operation of: $$|x\\rangle \\rightarrow |x\\cdot a^{2^i}\\mod N \\rangle $$ where $a < N$ is a number such that $\\gcd(a, N)=1$. For this demonstration we picked $a=7$. $i$ is the index of the control qubit, located in the upper register.\n", |
| 68 | + "We implement a Phase Estimation [[5](#PhaseEstimation)] circuit. Each element in the circuit is a controlled operation of $$|x\\rangle \\rightarrow |x\\cdot a^{2^i}\\mod N \\rangle $$ where $a < N$ is a number such that $\\gcd(a, N)=1$. For this demonstration we pick $a=7$. $i$ is the index of the control qubit, located in the upper register.\n", |
71 | 69 | "\n", |
72 | | - "It is quiet involved to implement these unitaries, so for this demo we will make a shortcut, and compute exactly the unitary matrix that implements the computation (which in the general case is not applicable as this pre-processing is exponential). We will do so by calculating the modular-multiplication by $a$ matrix, then using its powers.\n", |
| 70 | + "It is quite involved to implement these unitaries, so for this demo we take a shortcut and compute the exact unitary matrix that implements the computation (which in general is not applicable as this preprocessing is exponential). We do so by calculating the modular-multiplication by $a$ matrix and then using its powers.\n", |
73 | 71 | "\n", |
74 | | - "The function `unitary` is used for decomposing the unitary matrix into quantum gates." |
| 72 | + "The `unitary` function is used for decomposing the unitary matrix into quantum gates." |
75 | 73 | ] |
76 | 74 | }, |
77 | 75 | { |
|
122 | 120 | "id": "545bb4fd-ff8f-4ff8-b86d-d89808d91abb", |
123 | 121 | "metadata": {}, |
124 | 122 | "source": [ |
125 | | - "### Building the complete circuit" |
| 123 | + "### Complete Circuit" |
126 | 124 | ] |
127 | 125 | }, |
128 | 126 | { |
|
138 | 136 | "id": "05072f38-8ffd-482c-9af0-8aa4b404c2f1", |
139 | 137 | "metadata": {}, |
140 | 138 | "source": [ |
141 | | - "We then apply the second layer of the circuit, which consists of the controlled $U^{2^i}$ gates. \n", |
142 | | - "Lastly, we apply an inverse QFT on the counting register, to get the period." |
| 139 | + "We then apply the second layer of the circuit, consisting of the controlled $U^{2^i}$ gates. \n", |
| 140 | + "Lastly, we apply an inverse QFT on the counting register to get the period." |
143 | 141 | ] |
144 | 142 | }, |
145 | 143 | { |
|
156 | 154 | " qv_counting: Output[QArray[QBit, num_counting_qubits]],\n", |
157 | 155 | " qv_auxilliary: Output[QArray[QBit, num_auxilliary_qubits]],\n", |
158 | 156 | ") -> None:\n", |
159 | | - " # start with a hadamard transform in the counting register\n", |
| 157 | + " # start with a Hadamard transform in the counting register\n", |
160 | 158 | " allocate(num_counting_qubits, qv_counting)\n", |
161 | 159 | " hadamard_transform(qv_counting)\n", |
162 | 160 | "\n", |
163 | 161 | " # Prepare the |1> state on the lower register\n", |
164 | 162 | " allocate(num_auxilliary_qubits, qv_auxilliary)\n", |
165 | 163 | " X(qv_auxilliary[0])\n", |
166 | 164 | "\n", |
167 | | - " # Apply the contolled modular-exponentiations using each of the counting qubits\n", |
| 165 | + " # Apply the controlled modular-exponentiations using each of the counting qubits\n", |
168 | 166 | " repeat(\n", |
169 | 167 | " count=num_auxilliary_qubits,\n", |
170 | 168 | " iteration=lambda index: control(\n", |
|
182 | 180 | "id": "579c9843-907e-4454-a92c-6a0a04d0615c", |
183 | 181 | "metadata": {}, |
184 | 182 | "source": [ |
185 | | - "### Quantum entry point\n", |
186 | | - "In order to synthesize the circuit, we define a quantum `main` function. As are we only interested in the output of the counting register, we only define it in the signature of the function.\n", |
| 183 | + "### Quantum Entry Point\n", |
| 184 | + "To synthesize the circuit, we define a quantum `main` function. As we are only interested in the output of the counting register, we only define it in the signature of the function.\n", |
187 | 185 | "\n", |
188 | | - "Next, we translate it to qmod using the `create_model`." |
| 186 | + "Next, we translate it to Qmod using `create_model`." |
189 | 187 | ] |
190 | 188 | }, |
191 | 189 | { |
|
211 | 209 | "id": "08e1a6a0-137d-4c49-a215-97daa2197f5c", |
212 | 210 | "metadata": {}, |
213 | 211 | "source": [ |
214 | | - "We now send the model to the synthesis engine, taking a few seconds:" |
| 212 | + "We now send the model to the synthesis engine, which may take a few seconds:" |
215 | 213 | ] |
216 | 214 | }, |
217 | 215 | { |
|
245 | 243 | { |
246 | 244 | "name": "stdout", |
247 | 245 | "output_type": "stream", |
248 | | - "text": [ |
249 | | - "" |
250 | | - ] |
| 246 | + "text": [] |
251 | 247 | } |
252 | 248 | ], |
253 | 249 | "source": [ |
|
261 | 257 | "tags": [] |
262 | 258 | }, |
263 | 259 | "source": [ |
264 | | - "## Executing the circuit\n", |
| 260 | + "## Executing the Circuit\n", |
265 | 261 | "\n", |
266 | | - "Now, we turn to executing the circuit above, using the simulator:" |
| 262 | + "Now, we execute the circuit above, using the simulator:" |
267 | 263 | ] |
268 | 264 | }, |
269 | 265 | { |
|
342 | 338 | "id": "993ec133-5185-4aec-a396-b0cb6762e9bb", |
343 | 339 | "metadata": {}, |
344 | 340 | "source": [ |
345 | | - "We obtained 4 results $y$ from the circuit, each with probability roughly $1/4$: $0, 64, 128$ and $192$. Dividing by $Q = 256$ we obtain 4 reduced fractions: $0, 1/4, 1/2$ and $3/4$, with two of them having the correct period $r=4$ in the denominator. With this period, we can compute the factors of $N = 15$: $\\gcd(a^{r/2} \\pm 1, N) = \\gcd(7^2 \\pm 1, 15) = 3, 5$.\n", |
| 341 | + "We obtained four $y$ results from the circuit, each with a rough probability of $1/4$: $0, 64, 128$, and $192$. By dividing by $Q = 256$ we obtain four reduced fractions: $0, 1/4, 1/2$, and $3/4$, with two of them having the correct period $r=4$ in the denominator. With this period, we can compute the factors of $N = 15$: $\\gcd(a^{r/2} \\pm 1, N) = \\gcd(7^2 \\pm 1, 15) = 3, 5$.\n", |
346 | 342 | "\n", |
347 | 343 | "## References\n", |
348 | 344 | "\n", |
349 | 345 | "<a id='IntegerFactor'>[1]</a>: [Integer Factorization (Wikipedia)](https://en.wikipedia.org/wiki/Integer_factorization)\n", |
350 | 346 | "\n", |
351 | | - "<a id='Shor94'>[2]</a>: [Shor, Peter W. \"Algorithms for quantum computation: discrete logarithms and factoring.\" Proceedings 35th annual symposium on foundations of computer science. Ieee, 1994.](https://ieeexplore.ieee.org/abstract/document/365700)\n", |
| 347 | + "<a id='Shor94'>[2]</a>: [Shor, Peter W. \"Algorithms for quantum computation: Discrete logarithms and factoring.\" Proceedings 35th annual symposium on foundations of computer science. IEEE, 1994.](https://ieeexplore.ieee.org/abstract/document/365700)\n", |
352 | 348 | "\n", |
353 | 349 | "<a id='ShorSteps'>[3]</a>: [Shor's Algorithm Procedure (Wikipedia)](https://en.wikipedia.org/wiki/Shor%27s_algorithm#Procedure)\n", |
354 | 350 | "\n", |
|
0 commit comments