Quantum Computation and the Future Michele Mosca Canada

  • Slides: 47
Download presentation
Quantum Computation and the Future Michele Mosca Canada Research Chair in Quantum Computation 13

Quantum Computation and the Future Michele Mosca Canada Research Chair in Quantum Computation 13 th CACR Information Security Workshop & 5 th Annual Privacy and Security Workshop 28 October 2004

Perimeter Institute is a community of theoretical physicists dedicated to investigating fundamental issues

Perimeter Institute is a community of theoretical physicists dedicated to investigating fundamental issues in theoretical physics. www. perimeterinstitute. ca

www. iqc. ca

www. iqc. ca

Our Research

Our Research

Outline What is quantum information processing? How does quantum mechanics affect computational assumptions? How

Outline What is quantum information processing? How does quantum mechanics affect computational assumptions? How else does quantum mechanics affect information security? Implementing quantum information processing.

Physics and Computation • Information is stored in a physical medium, and manipulated by

Physics and Computation • Information is stored in a physical medium, and manipulated by physical processes. • The laws of physics dictate the capabilities of any information processing device. • Designs of “classical” computers are implicitly based in the classical framework for physics • Classical physics is known to be wrong or incomplete… and has been replaced by a more powerful framework: quantum mechanics.

Computer technology is making devices smaller and smaller… …reaching a point where classical physics

Computer technology is making devices smaller and smaller… …reaching a point where classical physics is no longer a suitable model for the laws of physics.

The design of devices on such a small scale will require engineers to control

The design of devices on such a small scale will require engineers to control quantum mechanical effects. Allowing computers to take advantage of quantum mechanical behaviour allows us to do more than cram increasingly many microscopic components onto a silicon chip… … it gives us a whole new framework in which information can be processed in fundamentally new ways.

A simple experiment in optics …consider a setup involving a photon source, a half-silvered

A simple experiment in optics …consider a setup involving a photon source, a half-silvered mirror (beamsplitter), and a pair of photon detectors photon source beamsplitter

Now consider what happens when we fire a single photon into the device… 50%

Now consider what happens when we fire a single photon into the device… 50% Simplest explanation: beam-splitter acts as a classical coin-flip, randomly sending each photon one way or the other.

The “weirdness” of quantum mechanics… … consider a modification of the experiment… The simplest

The “weirdness” of quantum mechanics… … consider a modification of the experiment… The simplest explanation for the modified setup would still predict a 50 -50 distribution… 100% full mirror The simplest explanation is wrong!

Explanation of experiment … consider a modification of the experiment… The simplest explanation for

Explanation of experiment … consider a modification of the experiment… The simplest explanation for the modified setup would still predict a 50 -50 distribution… 100% full mirror

Quantum mechanics and information Any physical medium capable of representing 0 and 1 is

Quantum mechanics and information Any physical medium capable of representing 0 and 1 is in principle capable of storing any linear combination What does really mean? ? It’s a “mystery”. THE mystery. We don’t understand it, but we can tell you how it works. (Feynman)

Quantum mechanics and information Any physical medium capable of representing 0 and 1 is

Quantum mechanics and information Any physical medium capable of representing 0 and 1 is in principle capable of storing any linear combination How does this affect computational complexity? How does this affect communication complexity? How does this affect information security?

How does quantum mechanics affect computation?

How does quantum mechanics affect computation?

A small ‘classical’ computer NOT

A small ‘classical’ computer NOT

A small ‘classical’ computer (negligible coupling to the environment)

A small ‘classical’ computer (negligible coupling to the environment)

A small ‘classical’ computer

A small ‘classical’ computer

Is this system reliable? l l We do have a theory of classical linear

Is this system reliable? l l We do have a theory of classical linear error correction. But before we worry about stabilizing this system, let’s push forward its capabilities.

A ‘quantum’ gate NOT

A ‘quantum’ gate NOT

A quantum circuit provides an visual representation of a quantum algorithm. initial state quantum

A quantum circuit provides an visual representation of a quantum algorithm. initial state quantum gates time measurement

Quantum parallelism (cannot be feasibly simulated on a classical computer)

Quantum parallelism (cannot be feasibly simulated on a classical computer)

Applications • Simulating quantum mechanical systems • Factoring and Discrete Logs • Hidden subgroup

Applications • Simulating quantum mechanical systems • Factoring and Discrete Logs • Hidden subgroup problems • Amplitude amplification • and more…

Quantum Algorithms Integer Factorization (basis of RSA cryptography): Given N=pq, find p and q.

Quantum Algorithms Integer Factorization (basis of RSA cryptography): Given N=pq, find p and q. Discrete logarithms (basis of DH crypto, including ECC): a, b G , ak = b , find k

Computational Complexity Comparison Classical Quantum Factoring Elliptic Curve Discrete Logarithms (in terms of number

Computational Complexity Comparison Classical Quantum Factoring Elliptic Curve Discrete Logarithms (in terms of number of group multiplications, for n-bit inputs)

Which cryptosystems are threatened by Quantum Computers? ? Information security protocols must be studied

Which cryptosystems are threatened by Quantum Computers? ? Information security protocols must be studied in the context of quantum information processing. The following cryptosystems are insecure against such quantum attacks: • RSA (factoring) • Rabin-Williams (factoring) • El. Gamal (discrete log… including ECC – see Proos and Zalka) • Goldwasser-Micali (factoring) • Buchmann-Williams (principal ideal distance problem) • And others… (see MMath thesis, Michael Brown, IQC)

Amplitude Amplification Consider any function f : X {0, 1}. Find x satisfying f(x)=1.

Amplitude Amplification Consider any function f : X {0, 1}. Find x satisfying f(x)=1. Suppose algorithm A succeeds with probability p. With classical methods, we expect to repeat A a total of time before finding a solution, since each application of A “boosts” the probability of finding a solution by roughly

Amplitude Amplification A quantum mechanical implementation of A succeeds with probability amplitude . With

Amplitude Amplification A quantum mechanical implementation of A succeeds with probability amplitude . With quantum methods, each application of A “boosts” the probability amplitude of finding a solution by roughly i. e. we get a square-root speedup!

Application of Amplitude Amplification: Searching a key space f (x)=1 if and only if

Application of Amplitude Amplification: Searching a key space f (x)=1 if and only if x is the correct n-bit cryptographic key Find an x satisfying f(x)=1. Suppose algorithm A succeeds with probability p=1/2 n. We can iterate A and f times to find such an x. i. e. we need to roughly double our key lengths

Open problems include: • More non-Abelian HSP, including Graph Automorphism • Graph Isomorphism •

Open problems include: • More non-Abelian HSP, including Graph Automorphism • Graph Isomorphism • Short vectors in a lattice • Mc. Eliece cryptosystem (NTRU recently cracked) • NP-complete problems • Several physics simulation problems • Many more…

How does quantum mechanics affect information security?

How does quantum mechanics affect information security?

“No-cloning” theorem There is no procedure that will copy or “clone” an arbitrary quantum

“No-cloning” theorem There is no procedure that will copy or “clone” an arbitrary quantum state, i. e. Such an operation is not linear, and is not permitted by quantum mechanics.

Eavesdropper detection Any attempts to produce pseudo-clones will be detected with significant probability. In

Eavesdropper detection Any attempts to produce pseudo-clones will be detected with significant probability. In general, any scheme to extract information about the state of a quantum system, will disturb the system in a way that can be detected with some probability. This idea motived Wiesner to invent quantum money around 1970. His work was ignored by the scientific community for a decade, until Bennett and Brassard built on these ideas to create quantum key distribution.

Quantum Key Distribution (general idea) quantum bits Alice and Bob measure their qubits Authenticated

Quantum Key Distribution (general idea) quantum bits Alice and Bob measure their qubits Authenticated public channel

Quantum Key Distribution (general idea) Authenticated public channel Alice and Bob publicly discuss the

Quantum Key Distribution (general idea) Authenticated public channel Alice and Bob publicly discuss the information they measured to assess how much information Eve could have obtained. If Eve’s information is very likely to be below a certain constant threshold, they can communicate further and distill out a very private shared key (“privacy amplification”). Otherwise they abandon the key.

• Wireless Sensor Networks • Injectable Tissue Engineering • Nano Solar Cells •

• Wireless Sensor Networks • Injectable Tissue Engineering • Nano Solar Cells • Mechatronics • Grid Computing • Molecular Imaging • Nanoimprint Lithography • Software Assurance • Glycomics • Quantum Cryptography

Objections to the plausibility of large scale quantum computation? ? “Change is bad”

Objections to the plausibility of large scale quantum computation? ? “Change is bad”

Objections to the plausibility of quantum computation? ? is unpleasant A=“Quantum Computers are realistic

Objections to the plausibility of quantum computation? ? is unpleasant A=“Quantum Computers are realistic and are superpolynomially faster than any classical computer for some classical computation problem” B=“classical Strong Church-Turing thesis is false”

Implementations?

Implementations?

Quantum Information is Fragile CLASSICAL 106 e. V 0 1 QUANTUM |0 10 -6

Quantum Information is Fragile CLASSICAL 106 e. V 0 1 QUANTUM |0 10 -6 e. V |1 • low energy • control of operations • superpositions are very fragile • isolation from environment

Quantum Error Correction … allows quantum computation in the presence of noise. A quantum

Quantum Error Correction … allows quantum computation in the presence of noise. A quantum computation of any length can be made as accurate as desired, so long as the noise is below some threshold, e. g. P < 10 -4. Significance: • imperfections and imprecision are not fundamental obstacles to building quantum computers • gives a criterion for scalability Ø guide for experimentalists Ø benchmark for comparing technologies

Proposed Devices for Quantum Computing • Atom traps • Cavity QED • Electron floating

Proposed Devices for Quantum Computing • Atom traps • Cavity QED • Electron floating on helium • Electron trapped by surface acoustic waves • Ion traps • Nuclear magnetic resonance (NMR) • Quantum optics • Quantum dots • Solid state • Spintronics • Superconducting Josephson junctions • Etc…

When will these technologies be implemented? Quantum random number generators: now. Quantum key distribution:

When will these technologies be implemented? Quantum random number generators: now. Quantum key distribution: <10 years; some prototypes already available Small scale quantum computers (e. g. needed for long distance quantum communication): medium term Large scale quantum computers: medium-long term

Conclusions l. Quantum mechanics forces us to redefine the notions of information, information processing,

Conclusions l. Quantum mechanics forces us to redefine the notions of information, information processing, and computational complexity. l. Large scale quantum information processing seems possible, though technologically very challenging to realize; this is a major focus for experimental physics today

Implications for Quantum Information Security We must continually reassess the security of our existing

Implications for Quantum Information Security We must continually reassess the security of our existing information security infrastructure in light of the capabilities of quantum computers. We can exploit the eavesdropper detection that is intrinsic to quantum systems in order to derive new “unconditionally secure” information security protocols. The security depends only on the laws of physics, and not on computational assumptions. Challenge: Incorporating quantum cryptographic protocols and the prospect of quantum computing into the information security infrastructure.