Factoring and period finding I

Once you understand Shor’s period-finding then it is an easy piece of cake to also grasp how you can do factoring of for example a number with two large prime factors $N=pq$ with $p$, $q$ in $\mathbb{P}$.

Today, we won’t go into the details how that is done, but look at a preliminary number theoretic relation, which enables us (in combination with Shor’s period finding) to do factoring. It’s a little difficult to understand the details, but the general picture is quite clear:

The probability is at least $1/2$ that if $a$ is a random member of $G_{pq}$ for prime $p$ and $q$, then the order $r$ of $a$ in $G_{pq}$ satisfies both

$$\begin{equation}r\text{ is even}\label{i}\end{equation} $$

and

$$\begin{equation}a^{r/2}\not\equiv−1 \pmod{pq}\label{ii}\end{equation} $$

where $a$ to the power of it’s order $r$ is equal to $1 \pmod{pq}$. Let’s compress this already mathematical statement a little more. For $a\in G_{pq}$ and $p, q\in\mathbb{P}$ it holds that:

$$\begin{equation}\Pr\{a^{r/2}\not\equiv−1\pmod{pq}\}⩾1/2\end{equation} $$

with $ar\equiv1\pmod{pq}$, where I’ve omitted the $r$ is even part, since the condition $\eqref{ii}$ can be subsumed in $\eqref{i}$. Alright, let’s do some plotting:

$\Pr\{a^{r/2}\not\equiv−1\pmod{pq}\}⩾1/2$

The plot may be displayed rather small, so I’d suggest you click on it: What you’ll see is that all probabilities are larger or equal than $1/2$ for some chosen prime pairs $p$ and $q$. Apparently, the larger $p$ and $q$ the higher the probability that $ar/2\not\equiv−1\pmod{pq}$, which makes sense since there are then a lot more numbers not congruent to $−1$ in $G_{pq}$. Above the prime pairs $(p,q)$ are in the range $(3,3)$…$(19,19)$. When we extend the range then the probabilities get very close to $1$:

$\Pr\{a^{r/2}\not\equiv−1\pmod{pq}\}⩾1/2$

This looks fantastic! Given this relation we can now factor a larger number with prime factors $N=pq$ into it’s components, the details of which will follow in my next post.

01 #!/usr/bin/env python
02 ########################################################################
03 
04 import itertools as it
05 import numpy as np
06 import random
07 import math
08 import gmpy2 as gmp
09 
10 from matplotlib import pyplot as pp
11 
12 ########################################################################
13 
14 def POWERs(a, p, q):
15 	fn = lambda k: a**k % (p*q)
16 	return map(fn, range(p*q))
17 def ORDERs(a, p, q, rem=1):
18 	f1 = lambda t: t[1] == rem
19 	f2 = lambda t: t[0]
20 	return map(f2, filter(f1, enumerate(POWERs(a, p, q))))
21 def ORDER(a, p, q):
22 	return list(it.islice(ORDERs(a, p, q), 1, 2))[0] \
23 		if a % p != 0 and a % q else None
24 def OSAMPLE(p, q, sz):
25 	f1 = lambda _: random.randint(0, p*q - 1)
26 	f2 = lambda a: (a, ORDER(a, p, q))
27 	f3 = lambda t: t[1] is not None
28 	return filter(f3, map(f2, map(f1, range(sz))))
29 def M1(p, q, sz):
30 	fn = lambda t: t[1] % 2 == 0
31 	return sum(map(fn, OSAMPLE(p, q, sz))) / sz
32 def M2(p, q, sz):
33 	fn = lambda t: gmp.powmod(t[0], int(t[1]/2), p*q) != -1
34 	return sum(map(fn, OSAMPLE(p, q, sz))) / sz
35 
36 def PRIMEs(n):
37 	sieve = [True] * n
38 	for i in range(3,int(n**0.5)+1,2):
39 		if sieve[i]: sieve[i*i::2*i]=[False]*int((n-i*i-1)/(2*i)+1)
40 	return [i for i in range(3,n,2) if sieve[i]]
41 
42 def PSAMPLE(sz):
43 	return [(p1, p2) for p1 in PRIMEs(n=sz) for p2 in PRIMEs(n=sz)]
44 
45 ps = PSAMPLE(sz=25)
46 m2 = list(map(lambda p: M2(p[0], p[1], sz=250), ps))
47 
48 for i, p in enumerate(ps):
49 	pass ## pp.text(i, m2[i], '(%s,%s)' % p)
50 
51 pp.title('M2: Pr{a^{order(a)/2} != -1 (mod pq)} for random a in G{pq}')
52 pp.plot(m2, 'b*')
53 pp.grid()
54 pp.show()
55 
56 ########################################################################

Quantum Fourier Transformation II

Alright, let’s have a deeper look at the Quantum Fourier Transformation (QFT):

QFT: Circuit with four Qbits

As you see the particular QFT depicted has four input and four output Qbits, where the boxes with an $\textbf{H}$ inside are Hadamard gates and where the circles are 2-Qbit unitary operators. How do we formalize a QFT? Here you go:

$$\begin{equation}\textbf{U}_{FT}{|x⟩}_n=\frac{1}{\sqrt{2^n}}\times\sum_{y=0}^{2^n-1} e^{2{\pi}ixy/2^n}{|y⟩}_n\end{equation} $$

Essentially, it looks like a bunch of roots of unity summed over $y$. There is further another very beautiful expression of $\textbf{U}_{FT}$, which is based on the $\textbf{H}^{⊗n}$ and $\mathcal{Z}^x$ operators:

$$\begin{equation}\textbf{U}_{FT}{|x⟩}_n={\mathcal{Z}^x}{\textbf{H}^{⊗n}}\end{equation} $$

where $\mathcal{Z}{|y⟩}_n=\exp(2{\pi}iy/2^n)$ and $\textbf{H}^{⊗n} = \sum_{y=0}^{2^n-1}{|y⟩}_n$. Further, the 2-Qbit unitary operators $\textbf{V}_{ij}$ looks like:

$$\begin{equation} \textbf{V}_{ij}=e^{{\pi}i\textbf{n}_i\textbf{n}_j/2^{|i-j|}} \end{equation}$$

where $|i−j|=k$ corresponds to the integer you see in the circles above and $\textbf{n}$ is the number operator $\bigl[\begin{smallmatrix}0&0 \\ 0&1\end{smallmatrix}\bigr]$. Notice how the wires end up upside down, which is another particularity of the $\textbf{U}_{FT}$ transformation. It’s actually quite a bit abstract and difficult to imagine why and how QFT could be useful, but if you remember your regular Fourier transformation, then you will recall that an FT is essentially a mapping to the frequency basis, allowing us to figure out immediately certain periods of a given function.

This is exactly what a QFT delivers too! Just the quantum way, i.e. we will not be able to see all frequencies at once, but we’ll be able to query for the most significant ones (if they have a high probability). So, the trick is to prepare our input and output registers such, that a subsequent QFT will hand over to us just what we have been looking for!

Quantum Fourier Transformation I

So, you want to learn about Quantum Fourier Transformation (QFT), but have no idea about either Quantum Computer Science (QCS) nor so called Qbits? Well, that’s the reason I’m writing this posts: to explain to you what QFT is about!

But let me warn you: It took me about a year to get my heads around even the basics of QCS, and I won’t tell you in the following posts – I’m hoping to produce in the coming weeks and month – each and every single detail! However, I’ll try to provide enough context information so you get the big picture and can go digging yourself for more entanglement with reality! Alright, let’s throw you into the cold water! This is the QFT:

QFT: Quantum Fourier Transformation

Well, it’s a circuit diagram of a QFT with four input and output Qbits. Just wait a minute: “What is a Qbit?” I hear you screaming. I did not explain it yet, did I? And “what are these funny brackets around $|x_i⟩$ and $|y_i⟩$?” And “what is $\textbf{H}$?” Further, “why do you have these numbers in these circles, what do they do?”.

Just slow down, and let me explain: A lonely Qbit is a magical box, since sometimes it’s zero and sometimes one! Often, you have no idea what it will tell you, but sometimes you can gleam an answer by judging its mood. It’s an entirely different beast compared to the classical bit or Cbit, but if you treat it nicely, it will provide you with the answers you have been looking for…

A Qbit is like the oracle of Delphi: offer the correct kind of gifts, and ask whatever your heart desires. If you time your question precisely, you will be rewarded with a revelation. But be careful: Often the oracle provides you with the correct answers, but sometimes it’s just produces junk! So you need to learn to distinguish the truth from the not so true statements.

Another problem with the answers might be, that you may have asked the wrong question: Well, I’d advise you to maybe repeat it to clarify matters, since otherwise, if you set out to destroy an empire you may very possibly doomed yourself!

Alright, after this rather confusing analogies let’s get precise: A Qbit is essentially a vector: A zero $|0⟩$ ket is a column vector equal to $\begin{bmatrix}1,0\end{bmatrix}^T$, and a zero $⟨0|$ bra the corresponding row vector $\begin{bmatrix}1;0\end{bmatrix}$. Further, a one $|1⟩$ ket is the column vector $\begin{bmatrix}0,1\end{bmatrix}^T$, while a one $⟨1|$ bra is the row vector $\begin{bmatrix}0;1\end{bmatrix}$. It’s simple! To be more precise, a $|0⟩$ or $|1⟩$ are the pure states a Qbit can be associated with, whereas the general Qbit looks like:

$$\begin{equation} |ψ⟩=α|0⟩+β|1⟩=\begin{bmatrix}α\\β\end{bmatrix} \end{equation}$$

where $α$ and $β$ are complex numbers. So, I’ve told you that the Qbit $|ψ⟩$ sometimes likes to be a $|0⟩$ and sometimes a $|1⟩$: There is not much you can do, it just does what ever it wants to do! But it’s not completely (uniformly) random – no, there is a pattern! Namely depending on the probabilities $|α^2|$ and $|β^2|$ with:

$$|α^2|+|β^2|=1 $$

it will tell you either $|0⟩$ or $|1⟩$. So, if we can adjust these probabilities we can control and influence the Qbit to run useful calculations. So, the subject of a Qbit should be crystal clear by now. Let’s investigate $\textbf{H}$, which is a so called Hadamard operator: I like to call it a washing machine, where you throw in a $|0⟩$ and a $|1⟩$ and you get the perfect mix! The result is neither a $|0⟩$ nor a $|1⟩$, but somehow both.

So, in crisp mathematical language an $\textbf{H}$ is a matrix (operator) that when multiplied with a column vector produces another column vector, namely:

$$\begin{equation} \textbf{H}|0⟩=\frac{1}{\sqrt2}×(|0⟩+|1⟩)=\frac{1}{\sqrt2}×\begin{bmatrix}1\\1\end{bmatrix} \end{equation}$$

and

$$\begin{equation} \textbf{H}|1⟩=\frac{1}{\sqrt2}×(|0⟩-|1⟩)=\frac{1}{\sqrt2}×\begin{bmatrix}+1\\-1\end{bmatrix} \end{equation}$$

Therefore:

$$\begin{equation} \textbf{H}=\frac{1}{\sqrt2}×\begin{bmatrix}1&+1\\1&-1\end{bmatrix} \end{equation}$$

So far we’ve not encountered anything complicated: Just a bunch of definitions combined with some probabilities to model the inherent uncertainty within the realm of the quantum world.

Now the next question: what was it again? Yes, “in the QFT circuit: what are these funny dots with the numbers?” Well, the answer will be revealed in my next post!

Till then do some multiplications with $\textbf{H}$ and figure out its properties; alright? For example, did you know that $\textbf{H}$ is unitary – figure out what that means and prove it! Further, $\textbf{H}$ is also its own inverse, i.e. $\textbf{H}^2=1$, where the latter is the unity matrix: again prove it, will you?