This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Last revised 3/28/06 LECTURE NOTES ON QUANTUM COMPUTATION Cornell University, Physics 481-681, CS 483; Spring, 2006 c 2006, N. David Mermin III. Breaking RSA Encryption with a Quantum Computer: Shor’s Factoring Algorithm In Simon’s problem we are presented with a subroutine which calculates a function f ( x ). We are told that f satisfies f ( x ) = f ( y ) for distinct x and y if and only if y = x ⊕ a , where ⊕ denotes the bitwise modulo-2 sum of the n-bit integers a and x . The number of times a classical computer must invoke the subroutine to determine a grows exponentially with n , but with a quantum computer it grows only linearly. This is a rather artificial problem, of interest primarily because it gives a simple demonstration of the remarkable computational power a quantum computer can possess. Simon’s problem amounts to finding the unknown period of a function on n-bit integers that is “periodic” under bitwise modulo-2 addition. A much more natural problem is to find the period r of a function on the integers that is periodic under ordinary addition. Such a function f satisfies f ( x ) = f ( y ) for distinct x and y if and only if x and y differ by an integral multiple of r . Finding the period of such a periodic function turns out to be the key to factoring products of large prime numbers, a mathematically natural problem with quite practical applications. One might think that finding the period of a periodic function ought to be easy, but that is only because when one thinks of periodic functions one tends to think of slowly varying continuous functions (like the sine function) whose structure at a small subset of points within a period can give powerful clues about what that period might be. A better kind of periodic function to keep in mind from the beginning is a function on the integers whose values within a period r are completely random, and therefore give no hint whatever of the value of r . The best known classical algorithms for finding the period r of such a periodic function take a time that grows faster than any power of the number n of bits of r (exponentially with n 1 / 3 ). But in 1994 Peter Shor discovered that one can exploit the power of a quantum computer to learn the period r , with probability arbitrarily close to one, in a time that scales only a little faster than n 3 . Shor’s discovery is of considerable practical interest because the ability to find periods efficiently, combined with some number-theoretic tricks, enables one to factor efficiently the product of two large prime numbers. The very great computational effort required by all known classical factorization techniques underlies the security of the widely used 1 RSA 1 method of encryption. Any computer that can efficiently find periods would be an enormous threat to the security of both military and commercial comunications. This is why research into the feasibility of quantum computers is a matter of considerable interest in the worlds of war and business.in the worlds of war and business....
View Full Document
This note was uploaded on 02/01/2008 for the course CS 483 taught by Professor Ginsparg during the Spring '08 term at Cornell University (Engineering School).
- Spring '08