This is page 1 Printer: Opaque this

Quantum Computation
Andr Berthiaume1 e
Because nature isn't classical, dammit..." Richard P. Feynman
ABSTRACT Historically, Turing machines have been the paradigm by which we de ned computability and e ciency. This is based on Church's thesis that everything e ectively computable can also be computed on a Turing machine. But since our world behaves quantum mechanically, it seems reasonable to also consider computing models that make use of quantum mechanical properties. First stated by Benio Ben82 and Feynman Fey82 , this idea was formalized by Deutsch Deu85 when he introduced his quantum computer and, later on, quantum gate arrays. This paper gives an introduction to quantum computing and brie y looks at a few results in quantum computation, not the least of which is Shor's polynomial time factoring algorithm  Sho94 and Sho95 .

1 The Need for Quantum Mechanics

Why introduce quantum mechanics in computation? The opening quote, if a little blunt, captures the essence of the answer. At the center of computer science are two questions: what problems are computable and how e ciently can they be computed? Historically, probabilistic Turing machines have been the paradigm by which we de ned computability and e ciency. This is based on Church's thesis that everything e ectively computable can also be computed on a Turing machine. But since our world behaves quantum mechanically, it seems reasonable to also consider computing models that make use of quantum mechanical properties. First stated by Benio Ben82 and Feynman Fey82 , this idea was formalized by Deutsch Deu85 when he de ned the rst quantum computing model that made full use ofn quantum superposition. This paper gives an introduction to Deutsch's quantum computing model and brie y looks at a few results in quantum computation, not the least of which is Shor's polynomial time factoring algorithm. Before de ning a quantum computing model, some basic notions of quanCentrum voor Wiskunde en Informatica, Kruislaan 413, 1098 SJ Amsterdam, The Netherlands [email protected]. This article appeared in Complexity Theory Retrospective II'', Springer-Verlag, 1996 Editors: Lane Hemaspaandra and Alan L. Selman. It is reproduced here with Springer-Verlag's kind permission.
1

Andr Berthiaume e

tum mechanics must be introduced. A comprehensive presentation of quantum mechanics is beyond the scope of this paper, but fortunately only the very simplest systems are used for quantum computation: two-state systems or nite groups of two-state systems. The next section introduces the relevant notions for these special cases. Quantum gate arrays will be de ned next and, after a few examples of their capabilities, the results leading to Shor's algorithm will be brie y reviewed. The last section addresses some of the di culties facing the actual construction of a quantum computer. Because of space restriction, it will not be possible to include the historical context which lead to many of the subjects discussed here. Where possible, we will give references for more detailed accounts. For a more exhaustive review of the history of quantum computation dating back almost 50 years, the reader should consult Ben96 .

2 Basic Principles of Quantum Mechanics

We now introduce the basic rules of quantum mechanics through a series of principles. Young's celebrated two-slit experiment will serve as a background to illustrate these principles.

1 x s

A/B

FIGURE 1. Young's two-slits experiment. Curves A and B show the light intensity when only one hole is open. Curve C shows the interference pattern when both holes are open. the curves are exaggerated

In Young's experiment  gure 1, light coming out of a hole in the left wall must go through two small holes in the center wall. A detector on the right wall measures the light intensity at di erent positions along the length of the wall. If only one hole is open, the intensity reaches its maximum at a position directly in line with that hole and the source s. As the detector

1. Quantum Computation

moves away from that position, the intensity slowly fades and eventually vanishes. When both holes are open, the intensity pattern is not the sum of the two one-hole intensities, as one would expect, but an alternation of bright and dark fringes. This e ect is caused by the interference of the light coming out from both holes. Surprisingly, the interference persists even when the source s is dim enough to send only one photon at a time; if many runs are made and a photon count is kept for various positions, the same pattern of bright and dark fringes appears. Each photon seems to interfere with itself. The self-interference appearing in Young's experiment is just one example illustrating that classical intuition cannot be applied to quantum systems. The purpose of this section is not to explain why such strange behavior appears at the quantum level but merely to state the rules for these behaviors. Following Feynman's example FLS64 , these rules are presented as the principles of quantum mechanics. De nition 2.1 For a given experiment, an event is a set of initial and nal conditions. For example, an event in Young's experiment is a photon leaves the source s and arrives in the detector at position x". The goal of quantum mechanics is to predict whether an event can happen or not. The rst principle of quantum mechanics de nes the probability of an event actually happening. First Principle: The probability p of an event is given by the square norm of a complex number called a probability amplitude or simply amplitude. p = k k2 The probability amplitude of an event will be noted as follow:

2.1 Probability Amplitudes

h nal condition j initial condition i

For example, the above event can be written as

detecting a photon at position x given that a photon left the source s. In fact, amplitudes can be treated in the same way as probabilities. Consider again Young's experiment. If a photon leaves the source and arrives at the detector, it must do so by going through the holes in the wall. That is to say, the event hxjsi can be broken down in two sequential events: the

h a photon is detected at position x j a photon leaves s i or more succinctly hxjsi. The bracket notation, due to Dirac, is reminiscent of conditional probabilities and can be read as: hxjsi is the amplitude of

Andr Berthiaume e

photon rst leaves the source s and arrives to the middle wall, then the photon comes out of this middle wall and arrives at the detector. But to go through the middle wall, the photon has two option: either through hole 1 or hole 2. The following two principles indicate how the laws for addition and multiplication of probabilities also apply to amplitudes. Second Principle: If an event can be divided in two sequential subevents, the amplitude of the event is the product of the amplitudes for each of the sub-events. then the amplitude of the event is the sum of the amplitudes for each alternative taken separately. From these two principles: hxjsi = hxjwallihwalljsi 1.1 = hxj1ih1jsi + hxj2ih2jsi 1.2 where hxjii is the amplitude of a photon arriving at x given it came out of hole i and hijsi is the amplitude of a photon entering hole i given that it left the source s. Equation 1.2 implicitly considers terms of the form hxj1ih2jsi or hxj2ih1jsi to be equal to zero. Informally speaking, these would be asking: what is the amplitude that a photon leaves s, goes through hole 1, comes out of hole 2 and then arrives at x?" and similarly for the other case. The answer must include the amplitude of going from hole 1 to hole 2 h2j1i and vice versa h1j2i. So the correct bracket form for the above questions should be: hxj1ih1j2ih2jsi and hxj2ih2j1ih1jsi. One can verify experimentally that whenever a photon is detected entering one hole, it is never detected coming out of the opposite hole. Equations 1.3 and 1.4 express this situation in terms of amplitudes of events. h1j1i = h2j2i = 1 1.3 h1j2i = h2j1i = 0 1.4 No matter where the detector is positioned, the amplitude hxjsi is completely determined by the amplitudes to transit to and from the two holes. For this reason, the holes are natural elements for expressing events. This leads to the following de nition: De nition 2.2 The set B = fi j i is the label of some conditiong is a set of basis states if for all i; j 2 B hijj i = 1 if i = j 0 otherwise and for any initial condition Y and nal condition X , we have X hX jY i = hX jiihijY i
i2B

Third Principle: If an event can occur in several alternative ways,

1. Quantum Computation

Fourth Principle: Any event can be described in terms of a set of

basis states by giving the transition amplitudes to and from those basis states. Young's experiment seems to have only one possible set of basis states namely, B = f1; 2g but actually, for any experiment, there is an in nite number of sets of basis state. Some appear naturally, such as the two holes in this experiment, and others less so. The notion of basis states can be better understood through an analogy with a three dimensional real vector space V and the dot product in that space. Let the three vectors

011 001 001 e = @ 0 A , e = @ 1 A and e = @ 0 A ~ ~ ~

1

be the canonical basis of V and let

1 2

0a 1 0b 1 ~ ~ A = @ a A and B = @ b A
1 2

a3

b3

be two vectors in V . The following is a non-standard yet valid expression ~ ~ for the dot product of A and B :

~ ~ A
B = a1 b1 + a2 b2 + a3 b3 ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ = A
e1 e1
B  + A
e2 e2
B  + A
e3 e3
B 

=

X ~ A
ei ei
B  ~ ~ ~
3

i=1

This last line is similar to the equation for hX jY i in de nition 2.2. The ~ ~ vectors A and B correspond to the two conditions X and Y and the set of canonical basis vectors corresponds to the set of basis states. In this sense, hX jY i  hX j
jY i. The analogy can be pushed further still. Consider the following:

~ B = b1 e1 + b2 e2 + b3 e3 ~ ~ ~
= =

X
3

X
3

i=1 i=1

ei bi ~ ei ei
B  ~ ~ ~

~ ~ ~ This simply is the previous equation for A
B where we abstracted A. ~ is the vector sum of its components along each of the In other words, B

Andr Berthiaume e

basis vectors e1 , e2 and e3. Similarly, the initial states Y of hX jY i can be ~ ~ ~ expressed in terms of the set of basis states by abstracting X . X jY i = jiihijY i 1:5 Note: h
j
i is just a scalar number, so jiihijY i = hijY ijii but the second form is preferred. The left and right halves of h
j
i are named bra and ket respectively. Equation 1.5 de nes the state of an initial condition Y as function of B , the set of basis states. The ket jY i is called a state vector and it lies in a complex vector space Hilbert space yspanned by the basis vector associated with the basis states in B . Similarly, X hX j = hX jj ihj j de nes the state of a nal condition X as function of B . The hX j and jY i ~ could also be written using another set of basis state just as B can be written in a basis other than the canonical one. Section 2.2 and 2.4 will present examples where multiple sets of basis states naturally appear. For a basis set B , the state jY i is said to be in quantum superposition of the basis states in B , if more than one hijY i is non-zero. By the rst principle, the square norm of an amplitude gives a probability of the corresponding event. By the fourth principle, any event can be expressed as a function of the amplitude corresponding to each basis states. Since probabilities must add up to 1, there should be some constraint on the amplitudes: Fifth Principle: For any set of basis states B and for any initial condition Y : X khijY ik2 = 1
i2B j 2B i2B

This follows from the de nition of a set of basis states which has to be complete all possibilities are accounted for and orthogonal hijj i = 0 if i 6= j , 1 otherwise. We leave as an exercise the proof of the following theorem recall that  is the complex conjugate of . Theorem 2.1 For any condition A and B, hBjAi = hAjBi . P From which we derive that if j'i = i2B i jii then X h'j = i hij All these principles can be put together in the following situation: consider a system whose initial condition is expressed by the state vector X jY i = i jii
i2B i2B

1. Quantum Computation

where i = hijY i, the amplitude of the system under consideration in each of the basis states i. Now consider a general nal condition

hX j =

j 2B

j hj j

where i = hX jii. What is the amplitude of nding the system in condition X given that it was initially prepared in Y ?

0 1 X A X ! X hX jY i = @ j hj j i jii =
j 2B i2B i2B

i i

by def. 2.2

The ve principles presented in section 2 are completely general and apply to any quantum system. However, for the sake of clarity, we will limit our attention to systems of interest for quantum computation, namely qubits and quantum registers. We begin by de ning a qubit, the quantum version of bit, as de ned by Schumacher Sch95 . De nition 2.3 A qubit is a quantum state j'i of the form

2.2 Qubits and How to Observe Them

j'i = j0i + j1i where ; 2 C and k k + k k = 1

2 2

The above de nition leaves the actual medium of a qubit completely undened. It is of no importance whether the qubit is encoded in the polarization of a photon, the spin of an atom, the up down orientation of lamp-post or the alive dead state of Schrodinger's poor cat2 as long as the object is treated according to the principles given in this introduction. There is nothing in principle that forbids one from getting quantum mechanical effects with lamp-posts or cats. In practice, however, it might be easier to use photons or atoms. The word easier" should be taken loosely; in the last section, we will discuss brie y the issues regarding actual implementations of qubits and, more generally, quantum computers. The main di erence between qubits and classical bits is that a bit can only be set to either 0 or 1while a qubit j'i can take on any uncountable quantum superposition of j0i and j1i. This means an in nite amount of information could potentially be encoded in a single qubit by appropriately de ning the amplitudes and . Unfortunately, what goes in does not necessarily come out. Quantum mechanics imposes very strict rules as to
My apologies to Simone and Hugin and all other cats who might read this paper.
2

Andr Berthiaume e

how to extract information out of quantum state. This is done through a mathematical construct called an observable. Let j'i be the state of a quantum system. We have a probe P at our disposal to measure some property of j'i. This property could be the direction, the position or even a simple yes no question. We need to model the action of the probe P on the state j'i. De nition 2.4 Let H be the Hilbert space used to represent the state vectors of a quantum system. An observable O is a set of subspaces E1 ; E2 ; : : : ; Ek  H such that these subspaces completely partition H . i.e.

E1  E2 


 Ek = H
and

An observable is the mathematical representation of the probes P . The next principle de nes the e ect of an observation of a state vector. Sixth Principle: Let j'i be a state vector in a state space H and let O = fE1 ; E2 ; : : : ; Ek g be an observable. Since O partitions H , j'i can be expressed as a linear superposition of its components along each of the Ei 's:

8 i; j 2 f1; : : :; kg; i 6= j : Ei ? Ej

j'i =

k X i=1

i j'Ei i

where j'Ei i lies in Ei . Observing the state j'i with O will cause the following: 1. One of the Ei will be selected with probability k i k2 . 2. The state j'i will collapse" to j'Ei i renormalized. 3. The only classical information given by O is which subspace i was selected. All information not in j'Ei i is lost. To each possible output value of the probe corresponds a subspace in the observable. Since all these values are di erent from each other, the corresponding subspace must be orthogonal. Again, any observable is allowed in principle for observing a quantum state. Whether the physical apparatus that corresponds to that speci c observable is easy to build is a di erent matter entirely. The standard observable for a qubit is B = fE0 ; E1 g where E0 and E1 are spanned by the two basis vectors j0i and j1i respectively. An example of a non-standard observable on a qubit is O = fE0 ; E1 g where E0 and E1 are spanned by 1 1 j00 i = p j0i + j1i and j10 i = p j0i , j1i 2 2
0 0 0 0

1. Quantum Computation
0 0

respectively. The reader can check that E0 and E1 have the correct properties of an observable. The next section will emphasize how the information in a qubit is linked to which observable is used to read them.

2.3 Digression in Quantum Cryptography

B and O in section 2.2 have a simple physical implementations. De ne j0i and j1i as horizontally and vertically polarized photons. Then B is a horizontally positioned polarizing lter and O is a polarizing lter set at

If qubits are encoded in the polarization of photons, the two observables

45 degrees from the horizontal. This forms the basic set-up for quantum cryptography. Alice, the sender, wants to send her secret bit to Bob, the receiver. They agree that 0 will be encoded as a photon either in state j0i or j00 i based on a coin ip and a 1 is similarly send as either j1i or j10 i. Bob must read the the photons either with B or O. Table 1.1 shows the various outcomes for each possible choice of encoding by Alice and observable by Bob. As an example, assume Alice's bit is a zero. Her coin- ip instructs Alice Bob sends uses Alice's state relative to Bob result Correctness and probability j0i 0 prob 1 correct 1 p2 j00 i + j10 i 00 =10 prob 50 random 1 p2 j0i + j1i 0 1 prob 50 random j00 i 00 prob 1 correct j1i 1 prob 1 correct 1 p2 j00 i , j10 i 00 =10 prob 50 random 1 p2 j0i , j1i 0 1 prob 50 random j10 i 10 prob 1 correct

j0i

j00 i j1i j10 i

B O B O B O B O

TABLE 1.1. Depending on how Alice will encode her secret bit and what observable will be used by Bob, Bob's read-out of the photon send by Alice will either be correct or completely randomized.

to encode it as a j0i. If Bob chooses the observable B to observe Alice's incoming photon, he will get a 0 outcome with certainty and will know Alice's bit assume Alice discloses her bases to Bob in a later discussion. However, Bob could choose the O observable to read the incoming photon.

10

Andr Berthiaume e

The reader can check that 2 Bob thus has 50 probability of getting the 00 outcome and 50 probability of getting the 10 outcome. Similar arguments hold for each case of table 1.1. To learn more about the importance of this situation, see BBB+ 92 , BBE92 and Bra93 . The point of this digression was to demonstrate that the information of a quantum state is a function of the observable used. The same state j'i observed with two di erent observable can give a de nite answer in one case and a totally randomized answer in the other. 1 j0i = p j00 i + j10 i

2.4 Evolution of a Quantum System

The situations considered up to now were static in the sense that the initial state did not change after being set. Once the initial state vector jY i was de ned, we considered amplitudes of the form hX jY i for some hX j. But to compute something with quantum states, some transformation of the initial state will have to be performed. Suppose an apparatus A is used to execute this transformation on the initial state jY i. The events of interest are now of the type what is the amplitude for the nal condition X given that the initial condition Y went through apparatus A?". In the bracket notation, this is written as The next principle gives the mathematical representation of A. Seventh Principle: State vectors are transformed by unitary matrices. Relative to a set of basis state B, Ai;j i; j 2 B is the amplitude of going from state i to state j . A matrix U is unitary if UU y = U y U = I U y is the conjugate transpose of U . In principle, any unitary transformation on a quantum state is allowed but constructing a physical device corresponding to any given matrix U might pose some technological problems. A simple example of qubit transformation can be made with polarized photons. A polarized photon going through a transparent tank of sugar water will have its polarization slowly rotated3. The amount of rotation depends on the length of the tank and the density of sugar. By appropriately setting these parameters, the tank can be made to induce a 45 degree rotation on incoming photons. If j0i and j1i respectively correspond to horizontally and vertically polarized photon, then the tank has the following
Actually, more than just the polarization will be a ected, but for simplicity, we will ignore these other e ects.
3

hX jAjY i

1. Quantum Computation

11

e ect:

1.6 2 1 j1i will be transformed into p ,j0i + j1i 1.7 2 The transformation induced on the basis states completely determines the matrix A. If j'i = j0i + j1i is shot through the tank, it will come out transformed into state j'0 i where j'0 i = Aj'i = A j0i + j1i = Aj0i + Aj1i by linearity 1 p j0i + j1i = 2 1 + p ,j0i + j1i by eqn. 1.6, 1.7 2 1  , j0i + p  + j1i 1 = p 2 2 Or, in more familiar matrix-and-vector style:   1 1 ,1 ; j'i = A= p 1 1 2 and    p1  ,  ! 1 1 ,1 j'0 i = Aj'i = p 1 1 = p2  +  1 2 2 Another transformation very similar to that induced by A is square root of not". The name is derived form the fact a qubit going through two identical pNot -apparatuses comes out in a state corresponding to the boolean inverse : : of its initial value. The pNot transformation is given below; the reader is encouraged to check that it performs as stated. pNot = 1  1 , i 1 + i : 4 1+i 1,i A qubit can be set, transformed and observed. But to do serious computation, more than a single qubit is required. The next section introduces the last few mathematical tools needed for quantum computation.

1 j0i will be transformed into p j0i + j1i and

2.5 Quantum Registers

Quantum computations generally use more than just one qubit. The mathematical formalism introduced so far must be adapted to the treatment of groups of qubits.

12

Andr Berthiaume e

De nition 2.5 A quantum register is an ordered set of a nite number

of qubits.

De nition 2.6 The standard basis B of an n-qubit quantum register is

B = fjii j i is an n-bit binary stringg Let j' i = j0i + j1i and j' i = j0i + j1i be two qubits composing a 2-qubit quantum register. The state vector ji of the register is de ned as the tensor product of the states j' i and j' i
1 0 1 2 0 1

ji = j' i j' i =

1 2

X ! 0X 1 @ j jj iA i jii
1 1

X
1

i=0

j =0

i;j =0

i j jii

jj i

By de nition, the tensor product maps jii jj i where i and j are basis states to jij i. This allows us to write ji as

ji =

i j jij i

i;j =0

Similarly, let A and B be two unitary matrices corresponding to two apparatuses operating on j'1 i and j'2 i separately. The combined action of A and B on the joint state ji = j'1 i j'2 i is de ned as a 4  4 matrix C where  C = A B = a11 B a12 B a B a B
21 22

It is easily veri ed that the tensor product has the following property A B j'1 i j'2 i = Aj'1 i B j'2 i

and that it preserves unitarity. So far, we seem to only complicate the notation for a basically simple situation: two independent qubits are acted upon by two independent apparatuses. But the point in joining two qubits is speci cally to allow them to be dependent. In fact, not all states of a 2-qubit quantum register can be expressed as the tensor product of single qubit states. An example of such state is 1 ji = p j00i + j11i 2 If ji is observed with the observable corresponding to the standard basis, the results 00" or 11" will be seen each with probability 50, but the results 01" or 10" will never be observed. When the state of an n-qubit

1. Quantum Computation

13

register cannot be expressed as the tensor product of n qubit states, the register is said to be entangled. Similarly, not all 4  4 unitary matrices can be expressed as the tensor product of two 2  2 unitary matrices. One such matrix is 01 0 0 01 B C C =B 0 1 0 0 C @0 0 0 1A 0 0 1 0 which e ects the following mapping of the basis states of the register: if the register's state is such that the rst qubit is 0 no action is performed, otherwise the value of the second qubit is negated. The above matrix performs the operation called controlled-not on two qubits. As such, it is the rst example of a quantum computation introduced here. For the importance of the controlled-not operation, see BBC+ 95 . It is a simple matter to generalize what has been presented in this section to represent the state of an n-qubit register. The general state vector ji of an n-qubit quantum register is

ji =

n, X

and the 2n vectors jii form the set of basis states of the register note that within j
i, the i stands for the binary expansion of the value i. This means that ji is a vector in a 2n dimensional Hilbert space and operations are de ned by 2n  2n unitary matrices. Observables for extracting information from the state vectors are partitions of the 2n dimensional Hilbert space. We are now ready to apply these notions of quantum mechanics to computation.

i=0

i jii

3 Computing with Quantum Registers

The original quantum computing model proposed by Deutsch was essentially a Turing machine, but with the added properties that tape cells and the head's state could be in quantum superposition. Deutsch also constrained the transition function by requiring it to induce a unitary evolution of the Turing machine. This was of course necessary to respect quantum mechanical principles, but it made programming quantum Turing machines even more nightmarish than programming classical ones. Verifying that a given transition function corresponds to a unitary evolution is non-trivial. Bernstein and Vazirani give three rules for verifying that a transition function performs its computation in a unitary fashion BV93 , but even using this method still requires unnatural programming skills. In classical complexity theory, uniform circuit families are also commonly used as a computing model. Turing machine and uniform circuit families

14

Andr Berthiaume e

are e ectively equivalent in computing power in that they can simulate one another with negligible complexity overhead. This makes the use of one or the other a matter of taste. There exists a quantum equivalent to uniform circuit families: quantum gate arrays. They were introduced by Deutsch  Deu89  and studied extensively by many authors see BBC+ 95 for a detailed review of quantum gate arrays. Yao Yao93 has shown that acyclic quantum gate arrays could simulate quantum Turing machines, thus making the use of one or the other a matter of choice. However, since quantum gate arrays allow a more natural way to introduce unitarity in computation, they are emerging as the standard quantum computing model. In what follows, the diagrams and gate array notation are as in BBC+ 95 .

3.1 Quantum Gate Arrays

The diagram below represents a general quantum gate array. The initial basis state of the register is on the left and time ows from left to right. One might think of the particles composing the register as travelling through the di erent gates. At the right end is the observable that extracts information from the register after it has gone through all the gates.

b1 b2 b3 b4 b5 b6 b7

A1

 ::: ::: ::: A2 :: :: :: An O ::: ::: 

The sequence of Ai 's with observable O is what constitutes a quantum program. Formally speaking, the Ai gate should be of some well-de ned form corresponding to some de nition of elementary steps. For the purpose of this paper, it is su cient to consider any quantum gate acting on only one or two qubits to be such an elementary step. The reader is encouraged to consult BBC+ 95 for more details on the notion of elementary quantum gates. Also, in our gate arrays, we will not always specify all the elementary gates: in some cases we will simply convince ourselves that the necessary elementary gates could be written down. This procedure is analogous to writing pseudo-code for classical Turing machine and will provide a better intuitive approach. To illustrate the programming of quantum gate arrays, we will use a variation of the Deutsch-Jozsa Problem DJ92 . First, we de ne two properties of functions from f0; 1gn to f0; 1g: De nition 3.1 A function f : f0; 1gn ! f0; 1g is non-balanced if one of the two values of f has majority.

1. Quantum Computation

15

De nition 3.2 A function f : f0; 1gn ! f0; 1g is non-constant if there

exist x; y 2 f0; 1gn such that f x 6= f y.

Notice that most but not all functions from f0; 1gn to f0; 1g have both properties simultaneously. The modi ed Deutsch-Jozsa problem is described as follow:

Modi ed Deutsch-Jozsa Problem mdjp: Input: a computable function f : f0; 1gn ! f0; 1g Problem: to answer either non-balanced" or non-constant", but the
answer must apply to f . The original Deutsch-Jozsa problem dealt with strings rather than functions and was the rst example of a problem which could be solved exponentially faster on a quantum computer than on a Turing machine DJ92 . By recasting the original problem in the context of promise-problems, Berthiaume and Brassard in BB94 , BB92a and BB92b proved some early results in relativized quantum complexity theory. These results were improved upon rst by Bernstein and Vazirani BV93 and then by Simon Sim94 who proved the following theorem. Theorem 3.1 Simon There exists an oracle relative to which there is a problem solvable in polynomial time with bounded error probability on a quantum computer, but any probabilistic Turing machine with bouded error probability claiming to solve this problem using the oracle will require exponential time on in nitely many inputs. Simon's theorem is the strongest argument in favor of the superiority of quantum computers over Turing machines. Moreover, the quantum gate array used in Simon's proof is similar to the one used by Shor for his factoring algorithm. In this section, we present a solution to the mdjp using quantum gate arrays. This allows us to introduce, in section 4, the gate array used in the proof of theorem 3.1. In section 5, we outline the quantum component of Shor's factoring algorithm. We now present a quantum solution to the mdjp. According to the principles given in section 2, a valid quantum algorithm corresponds to a unitary matrix. But programming in terms of unitary matrices is unnatural to humans who prefer to think in terms of sequential steps. We need to break down the mdjp into a sequence of unitary operations. If each of these sequential steps are simple enough, asserting their unitarity should be a relatively easy task. Just how simple need be these steps? Ideally, they should be broken down to what we de ned as elementary gates, but in some cases, this will be unnecessary. The following theorem Lecerf Lec63 and Bennett Ben73  greatly simpli es quantum thinking:

16

Andr Berthiaume e

Theorem 3.2 Lecerf-Bennett For any Turing machine T computing

a function f there exists a reversible Turing machine T 0 computing hx; f xi on input x and whose running time is within a constant factor of the running time of T . The cost in space is also polynomial in jxj, but all the tape cells used in the process of computing hx; f xi will be reset back to zero reversibly. These tape cells are referred collectively as the workspace. Reversible Turing machines are such that at any point in the computation, two operations are possible: continue the computation forward one step or undo the previous step. For a more precise de nition, see Lan61 or the review in BL85 . Benio Ben82 and Deutsch Deu85 have shown that quantum Turing machines can directly simulate reversible Turing machines. Since quantum Turing machines and thus also to quantum gate arrays are reversible4, we have the following corollary: Corollary 3.3 A Turing-computable function f is always computable on a quantum gate array with a negligible increase in the time complexity. Consider the mdjp. The input function is computable so, by the LecerfBennett theorem, there exists a reversible Turing machine that computes hx; f xi on input x. By de nition of the problem, x is an n-bit value and f x is a single bit. By corollary 3.3, this implies the existence of a unitary matrix F that computes f on n-bit values in the following sense. Consider the quantum gate corresponding to F :

x
0m

0 

x  F fx

0m

F jx; 0; 0m i ,! jx; f x; 0m i

This gate works on an n + 1 + m-qubit register; the top n qubits encode the input x 2 f0; 1gn. Those qubits must have the same value before and after the gate: if they are changed during the computation itself, they must be returned to their initial value . The next qubit, initially set to 0, will have the value of f x at the output of the gate. The last m qubits are the workspace" that comes about in theorem 3.2: before and after the computation, they are set to 0m , but within the gate itself, those qubits will be used and reversibly reset to zero afterwards. We do not specify the
4

Apart from the observation, which is inherently irreversible.

1. Quantum Computation

17

exact circuitry of elementary gates within the F gate, but by theorem 3.2 and corollary 3.3 we are certain that it can be done in accordance with the quantum principles. Also, for clarity, we will not usually display the qubits used as workspace since they serve no purpose outside the gates themselves. Therefore, the above gate F will displayed as follow:

9 = x x : F ; 8
0

f x

F jx; 0i ,! jx; f xi

A remark: informally speaking, unitarity means that information cannot be lost. This means that the value f x cannot simply overwrite the 0 in the last qubit: those values f x and 0 must be combined in a way that allows the recovery of both values. The exclusive-or function is commonly used for this purpose. In the Dirac notation, if the initial of the register is jx; bi then the action of the F gate is actually

F jx; bi = jx; b  f xi

Of course, if b = 0 then F jx; 0i = jx; f xi, which is what we wanted. This property of non-destructive writing will be important later on. Computing a function on an input is ne, but the rules of quantum mechanics allow much more. Recall that by linearity of quantum operations, 1 if the input state is in quantum superposition p2 jx; 0i + jy; 0i then the F gate will compute the superposition of f on both values. 1 1 F p jx; 0i + jy; 0i = p jx; f xi + jy; f yi 2 2 Assume there is a way to unitarily generate through some matrix Sn  a superposition of all possible values of an n qubit register. That is, if the initial state of the register is all zero, Sn transforms it in a superposition of all 2n values of the rst n qubits.

Sn j 0 : :z: 0i = p1 n |
n

2 i=0

n, X

jii

We can see that by rst applying Sn and then F , we can compute in one sweep all possible values for f in quantum superposition.

18

Andr Berthiaume e
0n

8
0

Sn

2 ,1 2 ,1 X X FSn j | : :z: 0; 0i ,! F p1 n 0 ji; 0i ,! p1 n ji; f ii 2 i=0 2 i=0 n

The reader should take careful note of what is meant by the above diagram. While the operator Sn acts on n qubits, its mathematical representation is a 2n  2n unitary matrix. Also, in the expressions below the diagram, it would be more accurate to use Sn I where I is the 2  2 identity matrix since our gate array uses n +1 qubits. I trust the reader will be comfortable with this small abuse of notation throughout the text. We now show how to implement an Sn gate to achieve this form of quantum parallelism. Consider the unitary matrix and associated gate: 1 S1 = p 2

1 1 ,1

S1

It is a simple matter to verify that S1 is indeed unitary. Note also that , S1 1 = S1 . An S1 gate is an elementary gate as it acts only on a single 1 1 qubit: it sends j0i to p2 j0i + j1i and j1i to p2 j0i,j1i. The desired Sn gate acts on a quantum register by sending each qubit individually into a separate S1 gate an example on six qubits is shown here.

S6

S1 S1 S1 S1 S1 S1

The unitary transformation induced by an Sn gate is given by the formula N Sn = n S1 . This has a nice recursive de nition5 : If n 1 then

Sn =

n,1 Sn,1

Sn,1 ,Sn,1

In gate form: for any x 2 f0; 1gn,

5

Note: Sn is a special case of Hadamard matrices.

1. Quantum Computation

19

9 = x Sn ' : ;
2 ,1 X x
i Sn jxi ,! j'i = p1 n ,1 jii 2 i=0

where the operation x
i is the xor of the bitwise and of the strings x and i. Clearly, if x is set to 0n , Sn performs the desired transformation. When outlining the proof of Simon's theorem, the transformation induced by Sn

will be more fully used. With the conjunction of Sn and F gates, a single computation produces all possible values of the function f for each input. But these values are in quantum superposition and we have seen by the sixth principle that only an observable can obtain information from a superposition and this act destroys the original superposition. If our aim is to compute various outputs hx; f xi for all x, then the only observable that could be used is the standard one, B see de nition 2.6.

8 :


B

0n

Sn



But B will only produce a single pair hx; f xi where x is chosen randomly uniformly. To obtain all values of f in this fashion would require on average an exponential number of such runs. This could have been done just as easily using a probabilistic Turing machine by choosing x randomly and computing f x. Deutsch Deu85 proved that quantum parallelism used in this simplistic way cannot produce that values of f any faster than classical machines. To get some form of bene t from superpositions, a more subtle use of quantum parallelism is needed. Consider the following unitary transformation and associated gate:

P=

0 0 ,1

If a qubit is set to 0 nothing happens but if it is set to 1 then the amplitude is multiplied by ,1. This gate encodes" the value" of the qubit into the sign of the amplitude. Now consider the following gate array

20

Andr Berthiaume e

8
0n 0


Sn F
P



where the observable D will be de ned shortly. From our gate de nitions, we know that the state j'i of the register just after the P gate is:
2 ,1 X f i j'i = p1 n ,1 ji; f ii 2 i=0

When that state goes through the nal F gate, the values for f are again computed and non-destructively combined using in our case the xor function. Since f i  f i = 0 for all i 2 f0; 1gn , the nal state before observation is n, 1 2X1 ,1f i ji; 0i j'i = p n 2 i=0 All the manipulations done so far had only one purpose: to transfer the values of f into the amplitudes relative to each of the basis states. The power of quantum computation resides in the interference of these amplitudes and the observable used to read the quantum states. We now de ne that observable. Consider D = fEa; Eb g where the subspace Ea is the one-dimensional space spanned by 2n ,1 X p1 n ji; 0i ji = 2 i=0 and Eb = Ea ? , the orthogonal complement of Ea . Using D in the gate array above allows us to answer the mdjp, that is to determine without errors whether f is non-balanced or non-constant. To see this, recall that D will give the answer a or b with probabilities depending on the amplitudes of j'i in the subspaces Ea and Eb . We must nd the expression of j'i in the basis de ned by D. This is easy since D has only two subspaces, one being one-dimensional. Let and be the projections of j'i in Ea and Eb , then j'i = ji + jb i where jb i is a vector in Eb and of course, ji ? jb i. Observing the nal state j'i with D will give the answer a or b with probability k k2 and k k2 respectively. Since the observable has only two possible answers, k k2 = 1 , k k2 . Also, nding the projection of j'i in the one-dimensional subspace Ea is simple. We now compute the exact expression for , the

1. Quantum Computation

21

projection of j'i along ji. = hj'i 1  2X1 ! 0 2X1 n n 1 , hi; 0j @ p1 , ,1f j jj; 0iA = pn 2 i=0 2n j=0
n n

2 ,1 2 ,1 X X f j = 21n ,1 hi; 0jj; 0i i=0 j =0

But since hi; 0jj; 0i = 1 if and only i = j and zero otherwise, the expression for simpli es to
2 ,1 X f j ,1 = 21 n i=0

We now look at the value of for di erent functions f . If f is a balanced function, the sum for will contain exactly as many 1's as ,1's, so in this case = 0 and D will always give a b answer and never a. If f is a constant function, the value for will either be 1 or ,1, so in this case D always gives the answer a and never b. If f is of any other type, D will answer a or b with various probabilities. To demonstrate that the above quantum gate array solves the mdjp, we need to take the above reasoning backwards. If the answer received from D is a, we know for certain that f could not have been a balanced function since a is never given in that case, so answering non-balanced" is correct. Similarly. if D gives the answer b, then we know for certain that f could not have been a constant function, so answering non-constant" is correct. For cases where f is neither of these those case, D might give any of a and b, but this is not a problem since both answers non-balanced" and non-constant" are correct.

4 Separating Two Classes of Functions

The solution to the modi ed Deutsch-Jozsa problem, like most interesting quantum algorithms or gate arrays depends on the ability to evolve an nqubit register in superposition of all 2n values. In the solution we presented, this operation was performed by the Sn gate. But the transformation induced by Sn is much more subtle. Recall that 1 S1 = p 2

1 1 ,1

22

Andr Berthiaume e

the transformation will be as follow:

Sn,1 n,1 Sn,1 ,Sn,1 If an n-qubit register, initially set to x 2 f0; 1gn , goes through an Sn gate, Sn = S1 Sn,1 =
, 1 2X1 ,1x
i jii Sn jxi = p n 2 i=1
n

and

Where x
i is the xor of the bitwise and of the two strings. We now show how Simon Sim94 used this transformation to prove theorem 3.1. Assume we have a computable function f : f0; 1gn ! f0; 1gm , where m  n. The Lecerf-Bennett theorem still applies, so there exists a quantum gate F that transforms jx; bi into jx; b  f xi for all x 2 f0; 1gn and b 2 f0; 1gm . Consider the following gate array:
0n

0m

Sn

Sn

2 ,1 2 ,1 X X i
j Sn FSn j0n ; 0m i ,! 21n ,1 jj; f ii i=0 j =0

The rst application of Sn allows all values of f to be computed using quantum superposition with the F gate. The second application of Sn creates an elaborate entanglement of the states jj; f ii whose phases are a function of both i and j . In fact, the output state of the gate array is a form of Fourier spectrum of the function f . With this gate array, Simon was able to distinguish e ciently two classes of function: 1-to-1 versus 2-to-1 with a mask. A function f : f0; 1gn ! f0; 1gm is said to be 2-to-1 with a mask s if there exists a non-trivial s 2 f0; 1gn such that for all x 6= x0 , f x = f x0  if and only if x0 = x  s where  is the bitwise xor. Suppose we are given a computable function f : f0; 1gn ! f0; 1gm with a promise that it is either 1-to-1 or 2-to-1 with a mask. The task is to determine which of these hold for f and, in the second case, produce s. Simon proved that this problem can be solved in expected time OnTf n + Gn, where Tf n is the time to compute f on inputs of size n and Gn is the the required to solve an n  n linear system of equations over Z2 . The algorithm will call on average n times the following gate array:

1. Quantum Computation
0n

23

 

Sn

0m

Sn


B



To see how this gate array works, we must do a analysis similar to the one for the mdjp in section 3.1. Let j'i be the state of the register just before the observation.
2 ,1 2 ,1 X X i
j j'i = 21n ,1 jj; f ii i=0 j =0

,1i
j + ,1is
j 2n Two values are possible: if j
s = 0 then i
s = i  s
j so i;j = 1=2n,1. Otherwise, i;j = 0. This means that when the register is observed, only con gurations such that j
s = 0 can be seen. Repeating k times this subroutine will result in k con gurations of this type chosen uniformly and independently. In both of these cases, after an expected On repetitions, we can nd n con guration jj1 ; f i1i; : : : ; jjn ; f in i such that the equations ji
s = 0 are linearly independent. Solving this linear system yields a non-trivial s0 . If f is 1-to-1, this s0 is a random string and if f is 2-to-1 with mask, s0 is that mask. Computing f 0n  and f s0  and comparing the values determines the status of f : if f 0n  6= f s0 , then f is 1-to-1, otherwise f is 2-to-1 with s = s0 as the mask. The proof of Simon's theorem rests on the interaction of phases induced by the double application of Sn with a relativized version of the above problem. Shor's factoring algorithm uses the same trick, but with a re ned version of Sn , called the quantum discrete Fourier transform, and more number theory. The next section will go over the quantum component of the factoring algorithm; the reader may consult Sim94 to see how the relativized version of the above problem is used to prove Simon's theorem.
i;j =

If f is 1-to-1, then all jj; f ii con gurations are di erent, each with amplitude 1=2n. The observable B will yield any of those con gurations with probability 1=22n and k repetitions of this subroutine will result in k congurations of jj; f ii distributed uniformly and independently. However, if there exists a non-trivial s such that for all x 2 f0; 1gn , f x = f x0  if and only if x0 = x  s, then for all i; j 2 f0; 1gn , the congurations jj; f ii and jj; f i  si are identical. Therefore, the amplitude i;j for a particular con guration is:

24

Andr Berthiaume e

5 Shor's Factoring Algorithm

Every integer n has a unique decomposition in prime factors. However, nding this decomposition when n is large is a di cult computational problem. All known classical methods are resolutely ine cient see Adl94  and even the best known classical algorithm, the number eld sieve see LLMP90 , LL93  requires time Oeclog n1=3 log log n2=3 , which is exponential in the size the number of digits, i.e., log n of n. Whether the factoring problem is polynomial or not classically is still unknown. Yet the faith in hardness of this problem is such that the security of many classical cryptographic protocols is based of the impossibility of factoring e ciently. Number theory o ers another interesting problem: nding the order of an element. Given x and n, nd r called the order such that xr  1 mod n. As with the factoring problem, no e cient algorithm is known for solving this problem. But while these problems appear very di erent, they are closely related. Miller Mil76 has shown that, using randomization, one could solve the factoring problem if one had access to an oracle for nding the order of an element. His reduction works as follows: rst, make sure that n is odd and not a prime there are e cient primality testing algorithms. Then, use the following algorithm: Program One-Factor input: n odd integer x  randomf0,: : : ,ng r  use the oracle to nd the order of x mod n Output: if r is odd or xr=2  ,1 mod n then fail else return gcdxr=2 , 1; n Choosing a random number in the range f0; : : :; ng, doing the modular exponentiation and nding the gcd greatest common divisor can all be done in polynomial time see Knu81 . Let k be the number of odd prime factors of n. One can prove that, provided n is odd and non-prime, the above algorithm will return a prime factor of n with probability at least 1 , 1=2k,1 . Repeating this algorithm a polynomial number of times will produce a complete factorization of n. Shor's breakthrough was to discover an e cient quantum algorithm to nd the order of an element. The factoring algorithm is simply Miller's reduction where the oracle call is replaced by a call to this quantum algorithm. The next section describes how to nd the order of an element using quantum superpositions.

5.1 Finding the Order of an Element

We now describe Shor's algorithm to nd the order r of an element x mod n. There are two distinct parts to algorithm: the rst is the quantum component, described next, which produces a value c. Thanks to ap-

1. Quantum Computation

25

proprietly chosen amplitudes, this c has a relationship to r such that a little purely classical post-processing in the second part can e ciently determine r. We describe the quantum component using quantum gate arrays. First, we need to nd m such that n2  2m  2n2. The gate array operates on a 2m-qubit quantum register. Next, we need a gate such that on input ja; 0i, it computes ja; xa mod ni. We known that modular exponentiation can be done classically in polynomial time. So by the Lecerf-Bennett x theorem and corollary 3.3, there exists a quantum gate En that e ciently x gate is shown below. implements this operation. This En

a
0m

 
x En

 

a xa mod n

We only need one more quantum operation. Shor re ned the Sn transformation used by BV93 and Sim94 in the following way: instead of using p phases that were 1= 2m, we now make use of the full spectrum of complex amplitudes. The transformation Am sends a m qubit register in basis state jai to m, 2X1 i 2 p1m e 2mac jci 2 c=0 Recall that for any a + bi 2 C of norm 1, there exists an angle  2 0; 2 such that a + bi = cos  + i sin  = ei . This transformation is called the discrete quantum Fourier transform. The fact that one can e ciently implement such a quantum gate is not immediately clear, if only for the fact that the amplitudes seem to require increasing precision as m grows large. However, Deutsch and Coppersmith Cop94 independently found an e cient solution based on the Fast Fourier Transform algorithm Knu81 , which only requires Om2  elementary quantum gates. The gate array for Shor's algorithm to nd the order r of an element x mod n is:
0m 0m

 

Sm

x En

Am


B



26

Andr Berthiaume e

The Sn gate was de ned in the previous section and only serves to generate a superposition of all possible values for the top half of the register. We then compute in quantum parallel the modular exponentiation of x for all these values and then apply the Fourier Transform Am . The state of the register just prior the observation: is omitting the mod n in the ket for clarity: m, m, 1 2X1 2X1 e 2m jc; xa i iac 2 2m a=0 c=0 Since we are using the standard observable, the observation will yield any basis state jc; xk i with probability
i 1 X e 2mac 2 m 2 a:xa xk
2

Shor proves that this probability vanishes everywhere except for basis states jc; xk i such that there exists an integer d satisfying c d 1 2m , r  2m+1 where the probability is at least 1=3r2. This means that reading the nal state of the register will yield with high probability a value c such that the fraction c=2m is close to d=r. Because 2m n2 , there is only one fraction d=r that satis es the above equality while keeping r n. The algorithm for nding that fraction d=r from c=2m is the post-processing we referred to earlier and can be done e ciently by continued fraction expansion see Knu81 . This produces the r we needed. For a more detailed study of Shor's algorithm including the necessary number theory which was left out here, see Sho95 and EJ96 . Shor's algorithm and Simon's theorem are two of the most important results in quantum complexity theory. Both are strong arguments in favor of the superiority of quantum computing models over classical ones. But if new e cient algorithms are developed on quantum machines, it would be nice to have actual quantum machines on which to run them! The next section considers the obstacles to building quantum mechanical computers.

6 Building a Quantum Computer

Quantum computers o er capabilities unmatched by classical Turing machines. But if quantum computing models could in principle be constructed, there are enormous practical issues still to overcome before reaching this goal. The most serious of these obstacles is the preparation and manipulation of macroscopic physical systems in quantum superposition. This section outlines the di culties and possible solutions to this problems.

1. Quantum Computation

27

Qubits were de ned in section 2.2 as any object having two distinct states whose evolution is considered according to the principles of quantum mechanics. Following those principles, it is possible to have this object in quantum superposition, which permits quantum parallelism. But while experimental physicists have been observing and manipulating atomic and sub-atomic particles in quantum superposition, no one has yet claimed to have observed a lamp-post exhibiting a similar behavior. Why? The explanation has to do with decoherence: the process by which a system in quantum superposition decays to a classical state because of interaction with the environment. We illustrate the problem as follow: a qubit in state j'i = j0i + j1i is put inside a black box. If the box is perfectly sealed, sheilding its interior from the rest of the universe, the qubit remains in state j'i inde nitely. But perfect isolation is impossible: some energy in one form or another always leaks through the box, carrying traces of information of the box's content. Consider a very simple case: a stray electron in state jes i enters the box and interacts with the qubit. The interaction is such that the electron leaves the box in state either je0i or je1i depending whether the qubit was in basis state j0i or j1i. In Dirac notation, this sequence of events is described as follows. Initially, we have two independent systems: a qubit in state j'i and the electron in state jes i. Since they are independent, their joint state is j'i jes i =  j0i + j1i jes i However, once the electron enters the box, it interacts with the qubits. As it leaves the box, the joint state becomes j0i je0 i + j1i je1 i The qubit is still in the box and the electron is on its way yonder, but they now form an entangled system. If the state of the electron is now observed in any way and here any interaction with an object in the lab is considered an observation, the states of the electron will collapse. For simplicity, assume the electron collapses to either je0 i or je1 i. Since the electron and the qubit are entangled, the collapse of one causes the collapse of the other: the electron-qubit system will be in state j0i je0 i with probability k k2 and in state j1i je1 i with probability k k2 . The qubit spontaneously collapses to either j0i or j1i in accordance with the electron's collapse and the quantum superposition lost. No matter how well qubits are isolated, random energy exchanges between the environment and the qubits will cause some decoherence on a time scale that depends on the medium used for a qubit and the conditions under which it operates. In the best cases, coherence is kept for some 104 seconds and in the worst cases, hardly 10,10 seconds. And these gures are for a single qubit only; some decoherence models show the decoherence time dropping exponentially as the number of qubits increases see Unr95

28

Andr Berthiaume e

and MSE95 . But keeping a qubit in quantum superposition is only part of the problem. A quantum computer will have to perform operations on that qubit. The time needed to perform an operation also depends on the medium used for a qubit and the conditions under which it operates. Unfortunately, the quick-action qubits are precisely those that interact easily with the environment, i.e. those having the shortest coherence time see DiV95 . The faster the operations can be performed, the less time there is to perform them! Yet hope still remains. Shor's discovery attracted enough attention that more and more breakthroughs are coming from experimental physics. Many proposals for constructing a quantum computer already exist, such as Fey86 , SW94 , CY94 , Llo93 or DiV95 . Currently, a proposal by Pellizzari, Gardener, Cirac and Zoller using trapped ions technology appears very promising PGCZ95 and the authors even suggest a way to control to a certain extent the decoherence in their implementation. An alternative approach proposed by Deutsch could allow computation on a less than perfect quantum state through a stabilizing scheme the scheme is outlined in BDJ94 and a preliminary analysis is given in Ber95 . In view of this, it seems unlikely that a general purpose quantum computer will be available in the near future. But technological advances in this eld are appearing at an increasing rate. Some researchers are already talking about controlling 3 or 4 qubits for a few operations within ten years. This may not be much of a computer, but it would still be quite an achievement! A more reasonable goal could be to have small special purpose quantum machines. For example, considering that cryptography plays such an important role in today's world, a quantum factoring module would have important consequences. History does have a tendency to repeat itself; were not the rst classical computers used for code breaking?

Acknowledgments: I would like to thank the many people who attended my seminar on quantum computation at CWI in the spring of 1995. Their questions and comments helped to put together the material for sections 2 and 3. I would also like to thank Janos Simon, Lance Fortnow, Stuart Kurtz, Amber Settle and Sophie Laplante for many interesting discussions as well as providing me with an o ce during my short visit to the computer science department of the University of Chicago, where part of this article was written. Also many thanks to Gilles Brassard, Paul Vitanyi, Jim Royer, Amber Settle, Sophie Laplante, Harry Buhrman, Jaap-Henk Hoepman, Barbara Terhal and Alain Tapp for their numerous comments and improvements on early drafts.

1. Quantum Computation

29

7 References
Adl94

L. M. Adleman. Algorithmic number theory | the complexity contribution. In Proceedings of the 35th IEEE Symposium on Foundations of Computer Science, pages 88 113, 1994. BB92a A. Berthiaume and G. Brassard. Oracle quantum computing. In Proceedings of the Workshop on Physics and Computation Physcomp '92, pages 195 199. IEEE Press, October 1992. BB92b A. Berthiaume and G. Brassard. The quantum challenge to structural complexity. In Proceedings of the 7th Annual IEEE Conference on Structure in Complexity, pages 132 137, 1992. BB94 A. Berthiaume and G. Brassard. Oracle quantum computing. Journal of Modern Optics, 4112:2521 2535, 1994. BBB+ 92 C. H. Bennett, F. Bessette, G. Brassard, L. Salvail, and J. Smolin. Experimental quantum cryptography. Journal of Cryptology, 51:3 28, 1992. BBC+ 95 A. Barenco, C. H. Bennett, R. Cleve, D.P. DiVincenzo, N. Margolus, P. Shor, T. Sleator, J. Smolin, and H. Weinfurter. Elementary gates for quantum computation. Physical Review Letters A, 1995. BBE92 C. H. Bennett, G. Brassard, and A Ekert. Quantum cryptography. Scienti c American, pages 50 57, October 1992. BDJ94 A. Berthiaume, D. Deutsch, and R. Jozsa. The stabilisation of quantum computations. In Proceedings of the Workshop on Physics and Computation Physcomp '94, pages 60 62, 1994. Ben73 C. H. Bennett. Logical reversibility of computations. IBM Journal of Res. Develop., 17:525 532, 1973. Ben82 P. A. Benio . Quantum mechanical hamiltonian models of turing machines. Journal of Statistical Physics, 293:515 546, 1982. Ben96 P. A. Benio . Review of quantum computation. To appear in Trends in Statistical Physics by Council of Scienti c Information, Trivandrum, India, 1996. Ber95 A. Berthiaume. L'ordinateur quantique: complexit et stabile isation des calculs. PhD thesis, Dept. d'informatique et de recherche op rationelle, Universit de Montr al, 1995. e e e BL85 C. H. Bennett and R. Landauer. Physical limits of computation. Scienti c American, page 48, July 1985.

30

Andr Berthiaume e

Bra93 BV93 Cop94 CY94 Deu85 Deu89 DiV95 DJ92 EJ96 Fey82 Fey86 FLS64 Knu81 Lan61 Lec63

G. Brassard. Cryptology column | quantum cryptography: A bibliography. Sigact News, 243:16 20, 1993. E. Berstein and U. Vazirani. Quantum complexity theory. In Proceedings of the 25th Annual ACM Symposium on the Theory of Computation, pages 11 20, 1993. D. Coppersmith. An approximate fourier transform useful in quantum computing. Technical report, IBM Research Division, 1994. I. Chuang and Y. Yamamoto. A simple quantum computer, 1994. Submitted to Physical Review A. D. Deutsch. Quantum theory, the Church-Turing principle and the universal quantum computer. Proceedings of the Royal Society, London, A400:97 117, 1985. D. Deutsch. Quantum computational network. Proceedings of the Royal Society, London, A425:73 90, 1989. D. P. DiVincenzo. Two-bit gates are universal for quantum computation. Physical Review Letters A, 501015, 1995. D. Deutsch and R. Jozsa. Rapid solutions of problems by quantum computation. In Proceedings of the Royal Society, London, volume A439, pages 553 558, 1992. A. Ekert and R. Jozsa. Shor's quantum algorithme for factorising numbers. Review of Modern Physics, 1996. to appear. R. P. Feynman. Simulating physics with computers. International Journal of Theoretical Physics, 216 7:467 488, 1982. R. P. Feynman. Quantum mecanical computers. Foundation of Physics, 166:507 531, 1986. R. P. Feynman, R. B. Leighton, and M. Sands. The Feynman Lectures on Physics, volume 3. Addison-Wesley, 1964. D. E. Knuth. The Art of Computer Programming, volume 2. Addison-Wesley, 1981. R. Landauer. Irreversability and heat generation in the computing process. IBM Journal of Research Development, 5183, 1961. Y. Lecerf. Machines de Turing r versibles. R cursive insolubilit e e e en n 2 N de l' quation u = n o  est un isomorphisme de e u codes. In Comptes rendus de l'Acad mie franaise des sciences, e c volume 257, pages 2597 2600, 1963.

1. Quantum Computation

31

LL93

A. K. Lenstra and H. W. Lenstra, Jr. The devellopment of the number eld sieve. Springer-Verlag's Lecture Notes in Mathematics, 1554, 1993. LLMP90 A. K. Lenstra, H. W. Lenstra, Jr., M. S. Manasse, and J. M. Pollard. The number eld sieve. In Proceedings of the 22nd Annual ACM Symposium on the Theory of Computation, pages 564 572, 1990. Llo93 S. Lloyd. A potentially realizable quantum computer. Science, 261:1569 1571, September 1993. Mil76 G. L. Miller. Riemann's hypothesis and tests for primality. Journal of Computer Science, 13:300 317, 1976. MSE95 Palma G. M., K.-A. Suominen, and A. Ekert. Decoherence in quantum registers, 1995. preprint. PGCZ95 T. Pellizzari, S. A. Gardiner, J. I. Cirac, and P. Zoller. Decoherence, continuous observation and quantum computing: A cavity QED model, 1995. Submitted to Physical Review Letters. Sch95 B. Schumacher. On quantum coding. Physical Review Letters A, 1995. in press to appear. Sho94 P. W. Shor. Algorithms for quantum computation: Discrete log and factoring. In Proceedings of the 35th IEEE Symposium on Foundations of Computer Science, pages 20 22, 1994. Sho95 P. W. Shor. Polynomial-time algorithms for prime factorisation and discrete laogarithms on a quantum computer. Submitted to SIAM Journal of Computing, 1995. Sim94 D. Simon. On the power of quantum computation. In Proceedings of the 35th IEEE Symposium on Foundations of Computer Science, pages 116 123, 1994. SW94 T. Sleator and H. Weinfurther. Realizable universal quantum logic gates, 1994. preprint. Unr95 W. G. Unruh. Maintaining coherence in quantum computers. Physical Review Letters A, 51:992 997, 1995. Yao93 A. C.-C. Yao. Quantum circuit complexity. In Proceedings of the 34th IEEE Symposium on Foundations of Computer Science, page 352, 1993.

This is page 32 Printer: Opaque this

Index
Quantum Computation acyclic gate array, 14 building, 26 Deutsch-Jozsa Problem, 15 factoring, 24, 28 Fourier transform, 25 gate array, 14 elementary, 14 Lecerf-Bennett theorem, 15 mdjp, 15 quantum Turing machine, 13 qubit, 7 register, 12 solution to mdjp, 19 solution to Simon's problem, 22 Quantum Mechanics QM amplitude, 3, 4 basis states, 4, 12 bracket notation, h
j
i, 3 decoherence, 27 entanglement, 13, 27 event, 3, 10 Hilbert space, 6, 13 interference, 3, 20 observable, 8 standard, 8, 12 operator, see QM, unitary matrix probability, 3, 6, 10 state vector, 6 collapse, 8 evolution, see QM, unitary matrix joint state, 12 superposition, 6, 7, 17, 26 tensor product, 12 two-slit experiment, 2 unitary matrix, 10, 12, 15 Quantum Cryptography, 9