00 голосов за00 голосов против

0 просмотров50 стр.sefsef

May 22, 2018

qc

© © All Rights Reserved

PDF, TXT или читайте онлайн в Scribd

sefsef

© All Rights Reserved

0 просмотров

00 голосов за00 голосов против

qc

sefsef

© All Rights Reserved

Вы находитесь на странице: 1из 50

OF QUANTUM COMPUTING

notions of quantum computation in purely mathematical terms. In particu-

lar we will deﬁne the notions of q-computation, q-measurement, q-procedure,

q-computer and q-algorithm, and each of them will be illustrated with several

examples. In addition to some low level q-algorithms, we discuss in detail a

good sample of the most relevant discovered in the last years. These include

q-algorithms for the Fourier transform, for telling which alternative occurs for a

Boolean function that is known to be constant or balanced (Deutsch), for data-

base searching (Grover), for estimating the phase of an eigenvalue of a unitary

operator (Kitaev), for ﬁnding the multiplicative order of an integer modulo an-

other integer (Shor) and for factoring an integer (Shor). The possible physical

realizations of the model, and its potential use to obtain gains with respect to

classical algorithms (sometimes even exponential gains), are analyzed in terms

of a standard axiomatic formulation of (ﬁnite dimensional) quantum theory.

Contents

Introduction

1. Preliminaries

2. q-Computations

3. q-Measurements and q-Procedures

4. q-Computers and q-Algorithms

5. Deutsch’s and Grover’s q-Algorithms

6. Phase estimation

7. Modular Order of an Integer

8. Shor’s Factoring q-Algorithm

9. Physical Interpretations

10. Remarks and Proofs

References

* Supported by a JAE-DOC grant from the Junta para la Ampliación de Estudios (CSIC),

the MTM2011-22851 grant (Spain) and the ICMAT Severo Ochoa Project SEV-2011-0087

(Spain).

2 J. RUÉ AND S. XAMBÓ

Introduction

will be presented as a suitable rephrasing of mathematical notions, most notably

complex linear algebra and basic notions of elementary probability theory. Our

aim is to cover from the most basic concepts up to the expression and analysis

of a good sample of the remarkable q-algorithms discovered in the last twenty

ﬁve years.

Since the link to physics is not addressed until a late section, our approach might

be judged as a vacuous game by physicists and engineers, and perhaps even as

an inconsequential story by mathematicians. Yet in our experience the approach

turns out to be surprisingly powerful and illuminating, and we much hope that

this appreciation will be shared by other people as well. Actually, the phrasing

of our scheme is crafted in such a way that the tacit physical meaning will be

apparent for physicists and, we expect, a reliable basis for mathematicians to

appreciate the key physical ideas with minimal eﬀort.

At the earliest stages, the most visible reason for the robustness of the paradigm,

and perhaps also for its esthetical appeal, is its close relation with Boolean

algebra, the mathematical side of classical computing. This relation is rooted

in the fact that the basic playground of q-processing is the complex space H (n)

generated by the set B n of binary vectors of length n, which is the basic arena

of classical computation.

Later, when the q of q-processing is interpreted as genuine quantum feature, the

scheme delivers its full meaning as a mathematical model of interesting physical

phenomena that are being intensively explored in labs around the world and

which hold a broad range of scientiﬁc and technological possibilities for the

years to come.

It may be worth reﬂecting that if computing with classical bits has brought

about the ‘digital era’, dominated by information theory and computer science,

together with all the enabling technologies, the long term development of the

much more comprehensive q-processing is likely to be even mightier and certainly

not less interesting.

1. Preliminaries

used throughout.

QUANTUM COMPUTING 3

j1 , . . . , jn ∈ {0, 1} and j = j1 2n−1 + j2 2n−2 + · · · + jn−1 2 + jn 20 .

Binary vectors. Let B = {0, 1}, the set of binary digits (bits). Then the set

of binary vectors of length n is B n . Its elements are usually written as strings

of bits. For example,

B 3 = {000, 001, 010, 011, 100, 101, 110, 111}.

n) n)

Henceforth the vectors 0 · · · 0 and 1 · · · 1 will be denoted 0n and 1n , respectively.

The binary representation of integers allows us to identify the binary vectors of

length n with the integers in the range 0, . . . , 2n − 1:

j ↔ j1 j2 · · · jn .

B n are the playing ground for classical computations. Actually, a classical

computation of order n can be seen as a map f : B n → B n . If this map

is one-to-one, the computation is said to be reversible. Since every classical

computation can be embedded in a reversible one ( 1),1 classical computations

will be assumed to be reversible unless it is said otherwise explicitely.

Real and comple numbers. The ﬁelds of real and complex numbers will be

denoted R and C, respectively. Given a complex number a = α + βi (α, β ∈ R),

we write ā to denote its conjugate: ā = α − βi. We have āa = α2 + β 2 = |a|2 ,

where |a| denotes the modulus or norm of a. The complex numbers of modulus

1 have the form cos φ + i sin φ = eiφ , φ ∈ R (φ is deﬁned up to integer multiples

of 2π). The set U (1) of unit complex numbers is a multiplicative group.

U (1) i

eiϕ

ϕ 1

n

q-Vectors. We will write H (n) = C2 and we will say that this is the space of

q-vectors of order n. These spaces are the playing ground for q-procedures, just

as the sets B n are the playing ground for classical computations. In standard

mathematical notation, the elements a in H (n) are complex column vectors of

dimension or length 2n :

4 J. RUÉ AND S. XAMBÓ

a0

a1

a = , aj ∈ C.

..

.

a2n −1

The q-vector a can be written in the form

1 0 0

0 1 0

a = a0 .. + a1 . + · · · + a2n −1 . .

. .

. . .

0 0 1

∑

This can be compressed as a = j aj u j , where u j is the q-vector whose j-th

component is 1 and with all other components 0.

∑

Dirac’s notation. Instead of u j we will write |j⟩. Thus we have a = j aj |j⟩.

Regarding j as a binary vector of length n, we see that H (n) is the complex

vector space with basis B n .

Example 1.1 (n = 1: One q-bit).

[ ] [ ] [ ]

a0 1 0

a = = a0 |0⟩ + a1 |1⟩ = a0 + a1 .

a1 0 1

a = a0 |0⟩ + a1 |1⟩ + a2 |2⟩ + a3 |3⟩

= a00 |00⟩ + a01 |01⟩ + a10 |10⟩ + a11 |11⟩

a0 a00 1 0 0 0

a a 0 1 0 0

1 01

= = = a00 + a01 + a10 + a11

a2 a10 0 0 1 0

a3 a11 0 0 0 1

Here the 0 in |0⟩ is an integer and those in |00⟩ are bits. This abuse of notation

is basically harmless, as we can infer the meaning from the context. Note also

that |1⟩ (1 an integer) and |01⟩ (0 and 1 are bits) refer to the same basis vector,

and that it is required to write the bit 0 on the left.

Example 1.3 (Hadamard q-vector of order n). The Hadamard q-vector of order

n is deﬁned as

( )

h (n) = ρn |0⟩ + |1⟩ + · · · + |2n − 1⟩ ,

√

where ρ = 1/ 2 (see the table on page 49 for a list of frequently used symbols).

QUANTUM COMPUTING 5

Linear maps. Let us recall that a C-linear map T : H (n) → H (n) (also called

an operator ) is determined by the 2n images t j = T |j⟩, for

∑ ∑ ∑

T aj |j⟩ = aj T (|j⟩) = aj t j .

j j j

Moreover, given any set of q-vectors {t j }0≤j<2n , there is a (unique) linear map

T : H (n) → H (n) such that T |j⟩ = t j . In the sequel, this observation will be

the basic method used to prescribe operators. Properties of T are usually a

reﬂection of properties of the t j . For example, the map T is bijective if and

only if the vectors t j are linearly independent.

just the bracket, of a and b , ⟨a |b ⟩, is deﬁned by

∑

⟨a |b ⟩ = āj bj .

j

are orthogonal. Note that ⟨a |a ⟩ = |a |2 , where

|a |2 = |a0 |2 + |a1 |2 + · · · + |a2n −1 |2

(the norm squared of a ). If |a | = 1, we say that a is a unit vector. If x is any

non-zero q-vector, x / |x | is a unit q-vector. This vector is denoted xb or u (x ).

Note also that ⟨u j |u k ⟩ = δij . This means that the u j are pairwise orthogo-

nal unit vectors (this property is expressed by saying that the {u j } form an

orthonormal basis). In Dirac’s notation this is written as ⟨j|k⟩ = δjk .

′

Tensor product. Let a ∈ H (n) and a ′ ∈ H (n ) . Then the tensor product of

a and a ′ , denoted a ⊗a b ′ , is the vector in H (n+n′ ) whose components are aj a′j ′ ,

with (j, j ′ ) in lexicographic order.

For example, ′

[ ] [ ] a0 a0

′ a0 a′1

b 0 =

a0 a

⊗ ′ ′ .

a1 a1 a1 a0

a1 a′1

∑ ∑

Proposition 1.4. If a = j aj |j⟩ and a ′ = j ′ a′j ′ |j ′ ⟩, then

∑ ′

b ′=

a ⊗a aj a′j ′ |j · 2n + j ′ ⟩.

j,j ′

of entries preceding it (these entries are a0 , a1 , . . . , aj−1 ). Now the claim follows

because the number of entries preceding the entry aj a′j ′ in a ⊗a b ′ is j ′ +j ·2n′ .

6 J. RUÉ AND S. XAMBÓ

′

If we think of j and j ′ as binary numbers, then j·2n +j ′ is just the binary number

obtained by concatenating the binary representations of j and j ′ . In practice

this number is simply written as jj ′ , and so we get the following expression for

the tensor product:

∑

b ′=

a ⊗a aj a′j ′ |jj ′ ⟩.

j,j ′

The tensor product |j⟩⊗|j

b ′ ⟩ = |j⟩|j ′ ⟩ = |jj ′ ⟩.

|j⟩⊗|j

b 2 ⟩⊗

|j1 ⟩⊗|j b · · · ⊗|j

b n ⟩ = |j1 ⟩|j2 ⟩ · · · |jn ⟩ = |j1 j2 · · · jn ⟩

Example 1.5. Let h (n) be the Hadamard q-vector of order n (see Example 1.3).

Then

( ) ( ) ( )

b |0⟩ + |1⟩ ⊗

h (n) = ρn |0⟩ + |1⟩ ⊗ b ···⊗

b |0⟩ + |1⟩ .

In fact, the right hand side is equal to

∑ ∑

ρn |j1 ⟩ · · · |jn ⟩ = ρn |j⟩ = h (n) .

j1 ,...,jn ∈B j∈B n

′ ′

b ′ is bilinear,

Remark 1.6. The map H (n) × H (n ) → H (n+n ) , (a , a ′ ) 7→ a ⊗a

and hence induces a linear map

′ ′

H (n) ⊗ H (n ) → H (n+n ) , a ⊗ a ′ 7→ a ⊗a

b ′.

′

This map is an isomorphism, as it sends the basis {|j⟩ ⊗ |j ′ ⟩} of H (n) ⊗ H (n )

′

to the basis {|jj ′ ⟩} of H (n+n ) . In particular we have an isomorphism

n)

H (n) ≃ H (1) ⊗ · · · ⊗ H (1) .

Because of the isomorphism given by a ⊗ a ′ 7→ a ⊗a

b

write ⊗ instead of ⊗.

be decomposable. The basis vectors |j1 j2 · · · jn ⟩ = |j1 ⟩|j2 ⟩ · · · |jn ⟩ are examples

of decomposable vectors. In general, however, q-vectors are not decomposable.

For example, it is easy to check that |00⟩ + |11⟩ ∈ H (2) cannot be written

in the form (a0 |0⟩ + a1 |1⟩)(b0 |0⟩ + b1 |1⟩). Using a terminology originated in

physics (see page 39), non-decomposable q-vectors are said to be entangled and

decomposable q-vectors are also called composite.

QUANTUM COMPUTING 7

2. q-Computations

U † = [ūkj ] = U T .

that

U = [ujk ]0≤j, k<2n , ujk ∈ C

and

U U † = I2n ,

where I2n denotes the identity matrix of dimension 2n .

The set of unitary matrices of dimension 2n , U (2n ), will be denoted U (n) . With

the standard multiplication of matrices, U (n) is a group. In detail, this means

the following:

q-computation of order n.

q-computations of order n is a q-computation of order n.

inverse of a q-computation of order n is a q-computation of order n.

vector. As in classical computations, we say that b is the q-output of U with

q-input a .

′

Example 2.1. If U ∈ U (n) and U ′ ∈ U (n ) , deﬁne the map

′ ′

U ⊗ U ′ : H (n+n ) → H (n+n )

′

such that |jj ′ ⟩ = |j⟩|j ′ ⟩ 7→ U |j⟩ U ′ |j ′ ⟩. Then U ⊗ U ′ ∈ U (n+n ) . This map

′

actually satisﬁes |a ⟩|a ′ ⟩ 7→ U |a ⟩ U ′ |a ′ ⟩ for all a ∈ H (n) and a ′ ∈ H (n ) .

Similarly, if U ∈ U (1) , then we can deﬁne U ⊗n ∈ U (n) by the relation

U ⊗n |j⟩ = U |j1 ⟩ U |j2 ⟩ · · · U |jn ⟩.

Example 2.2 (Classical reversible computations). Given a classical computation

of order n, f : B n → B n , we can deﬁne a linear map Uf : H (n) → H (n) by the

relations

Uf |j⟩ = |f (j)⟩.

If f is reversible, then Uf is a q-computation, as it maps the orthonormal basis

{|j⟩} to the orthonormal basis {|f (j)⟩} (a permutation of the former). We will

say that Uf is the q-computation associated to the classical reversible computa-

tion f .

8 J. RUÉ AND S. XAMBÓ

Some of the examples below are just special cases of this general example.

Remark 2.3. The q-computations of order n are vastly more abundant than the

classical reversible computations of order n. This is already clear for n = 1,

for in this case Not is the only classical reversible computation of order 1

diﬀerent from the identity, whereas the q-computations of order 1 depend on

four continuous parameters (cf. Example 2.4).

by a diagram like this:

{ ..

.

n U

If we want to represent the q-input a and q-output b , the diagram can be

modiﬁed as follows:

n { U

a b

In the case where a = |j1 ⟩ · · · |jn ⟩, the input is represented as follows:

|j1 i

|j2 i

..

.

|jn−1 i

|jn i

Example 2.4 (n = 1). It is easy to check that the matrix

[ ]

u0 u1

U =e iα

, α ∈ R, u0 , u1 ∈ C, u0 ū0 + u1 ū1 = 1

−ū1 ū0

we may write U = eiα U ′ with det(U ′ ) = 1 (this follows from U U † = I2 , so

that

[ det(U]) is a unit complex) and then U ′ ∈ U (1) has necessarily the form

u0 u1

if its inverse has to coincide with its adjoint.

−ū1 ū0

U

Remark 2.5. For later reference, let us consider a more explicit construction of

the q-computations of order 1.2 With the notations of the previous example,

2 Here, and in the remaining of the section, we closely follow [15], Section 4.2.

QUANTUM COMPUTING 9

the relation u0 ū0 + u1 ū1 = 1 implies that there is a unique θ ∈ [0, π] such that

|u0 | = cos 2θ and |u1 | = sin 2θ . It follows that u0 = e−iλ cos 2θ and u1 = −eiµ sin 2θ ,

λ, µ ∈ R (the choice of signs is for later convenience) and so

[ ] [ ]

u 0 u1 e−iλ cos 2θ −eiµ sin 2θ

= −iµ

−ū1 ū0 e sin 2θ eiλ cos 2θ

If we do the replacements λ = (β + γ)/2, µ = (γ − β)/2 (β, γ ∈ R), then we can

write [ ]

e−iλ cos 2θ −eiµ sin 2θ

= Rz (β)Ry (θ)Rz (γ)

e−iµ sin 2θ eiλ cos 2θ

where we deﬁne

[ ] [ ]

e−iφ/2 0 cos 2θ − sin 2θ

Rz (φ) = , R y (θ) = .

0 eiφ/2 sin 2θ cos 2θ

with determinant 1) has the form

U (θ, β, γ) = Rz (β)Ry (θ)Rz (γ).

The geometrical meaning of this statement, closely related to rotations in Eu-

clidean 3-space, will be considered in Section 9.

Special cases

a) Pauli matrices

[ ] [ ] [ ] [ ]

1 0 0 1 0 −i 1 0

I2 = , X = σx = , Y = σy = , Z = σz = .

0 1 1 0 i 0 0 −1

Notice that the matrix X can be deﬁned by the relations

X|0⟩ = |1⟩, X|1⟩ = |0⟩.

This means that X is the q-computation corresponding to the classical Boolean

operator Not (negation) :

X|j⟩ = |Not(j)⟩ .

In terms of the Boolean sum of bits, we have Not(j) = 1 + j, as 1 + 0 = 1 and

1 + 1 = 0. Brieﬂy, X|j⟩ = |1 + j⟩.

X Y Z

10 J. RUÉ AND S. XAMBÓ

φ

Rz (φ) = cos φ2 I2 − i sin φ2 Z = e−i 2 Z

Ry (θ) = cos 2θ I2 − i sin 2θ Y = e−i 2 Y .

θ

[ ]

−i ψ cos ψ2 −i sin ψ2

Rx (ψ) = cos ψ2 I2 − i sin ψ2 X = e 2

X

= .

−i sin ψ2 cos ψ2

U = eiα AXBXC,

with A, B, C ∈ SU (1) and ABC = I2 (this will be called an Euler decomposition

of U ). Indeed, if U = eiα Rz (β)Ry (θ)Rz (γ), it is enough to set

A = Rz (β)Ry ( 2θ )

B = Ry (− 2θ )Rz (− β+γ

2 )

C = Rz ( γ−β

2 )

The proof is a staightforward computation ( 2).

[ ] [ ]2 [ ]

1 1 1 1 1 0

The matrix is self-adjoint and =2 . It follows that

1 −1 1 −1 0 1

the matrix [ ] {

1 1 |0⟩ 7→ ρ(|0⟩ + |1⟩)

H=ρ

1 −1 |1⟩ 7→ ρ(|0⟩ − |1⟩)

is a q-computation of order 1. To write H in the[form of Example

] 2.4, note that

u0 u1

H = (−i)(iH) and check that iH has the form with u0 = u1 = i.

−ū1 ū0

The q-computation H ⊗n (see the second part of the Example 2.1) will appear

often in the following. Notice that using the notation of Example 1.3 we have

the following identity:

H ⊗n (|0n ⟩) = h (n) .

QUANTUM COMPUTING 11

These are the matrices of the form

[ ] [ α ]

1 0 iα e−i 2 0

Sα = = e 2 α

0 eiα 0 ei 2

Sα

In particular we deﬁne

[ ] ] [

1 0 1 0

S = Sπ/2 = and T = Sπ/4 = .

0 i 0 eiπ/4

√

Note that T 4 = S 2 = X, which is sometimes written as S = Not.

S T

C12 (U )|0j2 ⟩ = |0j2 ⟩, C12 (U )|1j2 ⟩ = |1⟩U |j2 ⟩.

[ ]

u00 u01

In matrix form we have, if U = ,

u10 u11

1 0 0 0

0 1 0 0

C12 (U ) =

0 0 u00 u01

0 0 u10 u11

|j1 i

|j2 i U

N12 |0j2 ⟩ = |0j2 ⟩, N12 |1j2 ⟩ = |1⟩|1 + j2 ⟩,

which can be written more compactly as

N12 |j1 j2 ⟩ = |j1 ⟩|j1 + j2 ⟩.

This shows that N12 : H (2) → H (2) is the q-computation corresponding to the

classical computation Cnot : B 2 → B 2 such that

00 7→ 00, 01 7→ 01, 10 7→ 11, 11 7→ 10

12 J. RUÉ AND S. XAMBÓ

bit if and only if the ﬁrst bit is 1, it is a Not on the second bit “controlled”

by the ﬁrst bit, which means that it is conditional to the ﬁrst bit having the

value 1.

In matrix form,

1 0 0 0

0 0

1 0

N12 = .

0 0 0 1

0 0 1 0

|j1 i |j1 i

|j2 i ⊕ |j1 + j2 i

C21 (U ) is deﬁned in an analogous way. For example, the matrix form of N21 =

C21 (X) is

0 1 0 0

1 0

0 0

N21 =

0 0 1 0

0 0 0 1

|j1 i ⊕ |j1 + j2 i

|j2 i |j2 i

More generally, in the case of order n, we can deﬁne the q-computations Cr,s (U ),

where r, s ∈ {1, . . . , n} are two distinct position indices, in the same way. This

q-computation acts by U on the s-th bit when the r-th bit is 1, and otherwise

acts as the identity. In the special case U = X, we let Nr,s = Cr,s (X). This

negates the s-th q-bit if and only if the value of the r-th q-bit is 1. Here are

some illustrations:

N4,1 |10101⟩ = |10101⟩, C4,1 (U )|10101⟩ = |10101⟩

N4,1 |10111⟩ = |00111⟩, C4,1 (U )|10111⟩ = (U |1⟩)|0111⟩.

Example 2.8. The q-computation C12 (U ) is quite diﬀerent from I2 ⊗ U . In fact,

the matrix of the latter is

u00 u01 0 0

u 0

10 u11 0

0 0 u00 u01

0 0 u10 u11

Thus (I2 ⊗ U )|00⟩ = |0⟩ U |0⟩ = u00 |0⟩|0⟩ + u10 |0⟩|1⟩, whereas C12 (U )|00⟩ = |00⟩.

QUANTUM COMPUTING 13

Example 2.9 (No cloning). In its most basic form, the no-cloning theorem is the

assertion that there is no q-computation U of order 2 that satisﬁes

U (|b⟩|0⟩) = |b⟩|b⟩,

for b ∈ {0, 1}. Indeed, consider |x⟩ = ρ(|b⟩ + |b′ ⟩) and b′ = 1 + b. Then we have

{

|x⟩|x⟩ = ρ2 (|b⟩|b⟩ + |b⟩|b′ ⟩ + |b′ ⟩|b⟩ + |b′ ⟩|b′ ⟩)

U (|x⟩|0⟩) = ,

ρU (|b⟩|0⟩ + |b′ ⟩|0⟩) = ρ(|b⟩|b⟩ + |b′ ⟩|b′ ⟩)

which is a contradiction.

Example 2.10. The swap gate is the q-computation of order 2 corresponding to

the classical swap j1 j2 7→ j2 j1 :

|j1 j2 ⟩ 7→ |j2 j1 ⟩

Since it leaves |00⟩ and |11⟩ ﬁxed and interchanges |01⟩ and |10⟩, its matrix is

1 0 0 0

0 0 1 0

0 1 0 0

0 0 0 1

|j1 i |j2 i

|j2 i |j1 i

Example 2.11. The Toﬀoli gate is the q-computation of order 3 corresponding

to the classical computation j1 j2 j3 7→ (j1 · j2 ) + j3 . It negates the bit j3 precisely

when j1 = j2 = 1, so it is a doubly controlled negation. It interchanges |110⟩

and |111⟩, leaving all other basis vectors ﬁxed. It follows that its matrix is

1 0 0 0 0 0 0 0

0 1 0 0 0 0 0 0

0 0 1 0 0 0 0 0

0 0 0 1 0 0 0 0

0 0 0 0 1 0 0 0

0 0 0 0 0 1 0 0

0 0 0 0 0 0 0 1

0 0 0 0 0 0 1 0

|j1 i |j1 i

|j2 i |j2 i

L

|j3 i |(j1 · j2 ) + j3 i

14 J. RUÉ AND S. XAMBÓ

a classical reversible computation of order 3 that deﬁnes a reversible version of

Nand: if j3 = 1, then j3′ = Nand(j1 , j2 ). For further details, 1.

to the classical computation 0j2 j3 7→ 0j2 j3 and 1j2 j3 7→ 1j3 j2 . In other words,

it is a controlled-swap. It interchanges |110⟩ and |101⟩ and leaves all other basis

vectors ﬁxed. Hence its matrix is

1 0 0 0 0 0 0 0

0 1 0 0 0 0 0 0

0 0 1 0 0 0 0 0

0 0 0 1 0 0 0 0

0 0 0 0 1 0 0 0

0 0 0 0 0 0 1 0

0 0 0 0 0 1 0 0

0 0 0 0 0 0 0 1

|j1 i |j1 i

|j2 i |j3 i

|j3 i |j2 i

Not(j1 ). Thus the Fredkin gate can also be used to implement a reversible

version of classical computation.

of a quantum computation we need to include the operation of measuring a set

L = {l1 , . . . , lr } ⊆ {1, . . . , n} of q-bits. In the following, a ∈ H (n) will denote

a unit q-vector. We think of this vector as the current state of a q-register of

lenght n (the q-memory).

we can form the subspace EM ⊆ H (n) generated by the basis vectors |j⟩ such

that jL = M , where jL = jl1 · · · jlr . Its dimension is 2n−r . The orthogonal

projection of a to EM is the vector

∑

aM

L = aj |j⟩.

jL =M

QUANTUM COMPUTING 15

we conclude that

∑

a = aML

M ∈B n

and that

∑ 2

1 = |a |2 = a M

L

,

M

2

so that the numbers pM = a M L

deﬁne a probability distribution on {M } =

r

B . The q-measurement or q-observation of the q-bits at the positions l1 , . . . , lr ,

which we will denote ML (a ), is deﬁned as consisting of the following two aspects:

(ii ) it resets the q-memory state to u (a M b denotes the

L ), where u (x ) = x

unit vector deﬁned by the non-zero q-vector x .

L ̸= 0.

Notice that if M is the outcome of a trial, then a M

The q-vectors a M

L are said to be the collapses of a with respect to the posi-

tions L.

Since a q-measurement produces a classical binary vector M and a new q-

memory state, ML will be represented graphically as

aM

L

a ML

M

The fat line on the right represents the classical value supplied by the q-meas-

urement and the thin one the collapsed state.

Example 3.1. As an illustration, let’s look to a few special cases. Consider

the case n = 3. If we measure the third q-bit, M3 (a ), then there ∑ are two

possible values, 0 and 1, and the corresponding collapses are a 03 = jk ajk0 |jk0⟩

∑ 2 2

and a 1 =

3 jk ajk1 |jk1⟩. Their probabilities are p0 = a 0 and p1 = a 1 .

3 3

Similarly, for M13 (a ) there are four possible outcomes and the corresponding

13 = ar0s |r0s⟩ + ar1s |r1s⟩ (rs ∈ B ), with probabilities prs =

collapses are a rs 2

2

|a 13 | .

rs

In the case when L = {1, . . . , n}, we write simply M (a ). In that case the

possible outcomes are the elements j ∈ B n and the corresponding collapses are

aj |j⟩, with probabilities |aj |2 . In this context, the coeﬃcient aj is usually called

the (probability) amplitude of |j⟩, and the probability of this result is pj = |aj |2 :

the probability is the norm squared of the amplitude. If n = 3, for instance, then

there are eight possible outcomes for M (a ) = M123 (a ) and the corresponding

2

123 = arst |rst⟩ (rst ∈ B ) with probabilities prst = |arst | .

collapses are a rst 3

16 J. RUÉ AND S. XAMBÓ

or a q-measurement, that are applied successively to |0 · · · 0⟩ (this is the default

initial state of the q-memory). Since procedures are meant to produce results,

usually the last action is a q-measurement.

numbers of n bits with a uniform probability distribution:

Random

a = H ⊗n |0 . . . 0⟩ = H|0⟩ · · · H|0⟩, M (a )

Indeed, from the Example 1.3 we know that a is the Hadamard q-vector h (n)

and the amplitude of any binary vector of length n is 1/ρn , and so its probability

is (1/ρn )2 = 1/2n .

1. q-Memory

A store capable of holding any unit q-vector a ∈ H (n) . We will say that a is

the q-memory state, or simply the state.

The operations 2, 3 and 4 below, which we will call elementary procedures, are

to be applied successively, one at a time, to the current state. We also assume

that when the q-computer is switched on, the q-memory is set to the state

|0 · · · 0⟩ = |0n ⟩ (default state).

This is the action of U on the l-th q-bit. More precisely, it is the q-computation

deﬁned as follows:

| · · · jl · · · ⟩ = | · · · ⟩ |jl ⟩ | · · · ⟩ 7→ | · · · ⟩ U |jl ⟩ | · · · ⟩.

This kind of elementary q-procedures will be called U -gates. An U -gate will

be called restricted if U is the Hadamard matrix H or one of the phase shift

matrices S = Sπ/2 or T = Sπ/4 .

This q-computation negates the s-th q-bit if (an only if) the r-th q-bit is |1⟩.

It is the linear map which is the identity on the basis q-vectors of the form

QUANTUM COMPUTING 17

| · · · 1j · · · 0k · · · ⟩ 7→ | · · · 1j · · · 1k · · · ⟩

| · · · 1j · · · 1k · · · ⟩ 7→ | · · · 1j · · · 0k · · · ⟩

This elementary procedure has been explained in detail in the previous section.

ures only. We will say that a q-algorithm is internal if it does not involve

measurements. A q-algorithm (internal or not) will be called restricted if it only

involves restricted U -gates.

As a measure of the complexity of a q-algorithm we take the number of elemen-

tary gates it involves. A q-algorithm is polynomial if its complexity is bounded

by a polynomial in n.

Example 4.1 (Swap[r, s]). This internal q-algorithm is deﬁned as follows:

Swap[r, s]

Nr,s , Ns,r , Nr,s

=

|ki |ji |ki ⊕ ⊕ |ji

The q-computation performed by this algorithm amounts to interchanging the

r-th and s-th q-bits, which means that it is equal to the linear map deﬁned by

| · · · jr · · · js · · · ⟩ 7→ | · · · js · · · jr · · · ⟩

This statement is a direct consequence of the fact that it holds for classical

computations. Indeed, for any pair of bits, (x, y), we have:

N1,2 (x, y) = (x, x + y),

N2,1 (x, x + y) = (x + x + y, x + y) = (y, x + y),

N1,2 (y, x + y) = (y, y + x + y) = (y, x).

Example 4.2 (Multiple H). Consists in applying the Hadamard gate H at any

index on a given list L ⊆ {1, . . . , n} of positions:

Hadamard[L]

for l ∈ L do Rl (H)

18 J. RUÉ AND S. XAMBÓ

for the q-procedure |j⟩ 7→ (H ⊗m |j1 · · · jm ⟩)|jm+1 · · · jn ⟩. This algorithm will be

denoted Hadamard[m]. In the case m = n, it is a q-algorithm for H ⊗n and

instead of Hadamard[n] we will simple write Hadamard.

Similar algorithms can be devised replacing H by any U ∈ U (1) . For example,

U ⊗n can be computed by the following q-algorithm:

for l ∈ {1, . . . , n} do Rl (U )

Example 4.3 (q-algorithm associated to a classical algorithm).

If f : B n → B n is a reversible computation, then there is a classical algorithm

that computes f . This algorithm is a sequence of logical gates that are either a

Not or a Nand. Even more, adding auxiliary bits if necessary, we may assume

that the Nand are reversible. Then the algorithm can be translated into a q-

procedure consisting of q-gates that are either a Pauli X gate or a Toﬀoli gate.

This q-procedure will become a q-algorithm if we can ﬁnd a q-algorithm for

the Toﬀoli gate. A solution to this question can be expressed by the following

diagram (cf. [15], Exercise 4.24):

≡ T† ⊕ T† ⊕ S

⊕ H ⊕ T† ⊕ T ⊕ T† ⊕ T H

Toffoli

R3 (H), N2,3 , R3 (T † ), N1,3 , R3 (T ), N2,3 , R3 (T † ), N1,3 , R3 (T ), R3 (H),

R2 (T † ), N2,3 , R2 (T † ), N1,2 , R2 (S), R1 (T )

Example 4.4. In this example we show an algorithm for the q-procedure Cr,s (U ),

U ∈ U (1) , r, s ∈ {1, . . . , n} distinct position indices (see the Example 2.7 for

the deﬁnition). For this it we will use an Euler decomposition of U (see Remark

2.6):

U = eiα AXBXC, ABC = I2 .

With these notations, the q-algorithm is as follows:

Control[r, s, U ]

Rs (C), Nr,s , Rs (B), Nr,s , Rs (A), Rr (Sα )

We shall assume r = 1 and s = 2, as the argument can be easily adapted to the

general case. Note that if j1 = 0, then the N1,2 and R1 (Sα ) act as the identity

and hence, since ABC = I2 , Control also acts as the identity. If j1 = 1, then

the action on |j2 ⟩ is AXBXC|j2 ⟩ and on |j1 ⟩ = |1⟩ by the phase factor eiα :

|1⟩|j2 ⟩ 7→ eiα |1⟩ AXBXC|j2 ⟩ = |1⟩ U |j2 ⟩.

QUANTUM COMPUTING 19

Sα

≡

U C ⊕ B ⊕ A

tain a q-algorithm for the q-procedure C{1,...,n},n+1 (U ) deﬁned by the relations

{

|1n ⟩|1 + jn+1 ⟩ if j = 1n

|j⟩|jn+1 ⟩ 7→

|j⟩|jn+1 ⟩ otherwise

following recursive recipe:

Control[{1, . . . , n}, n + 1, U ]

Control[{2, . . . , n}, n + 1, V ]

Control[{1, . . . , n − 1}, n, X]

Control[{2, . . . , n}, n + 1, V † ]

Control[{1, . . . , n − 1}, n, X]

Control[{1, . . . , n − 1}, n + 1, V ]

In other words, an n-controlled U -gate is reduced to ﬁve (n − 1)-controlled U -

gates. This is more easily grasped pictorially. Consider, for instance, the case

n = 3:

≡

⊕ ⊕

U V V† V

If the ﬁrst q-bit is |0⟩, then the action on the third q-bit is V V † = I2 . If the

second q-bit is |0⟩, then the action on the third q-bit is I2 . If the third q-bit

is |0⟩, and the ﬁrst and second are |1⟩, then the action on the third q-bit is

V † V = I2 . Finally, if the three q-bits are |1⟩, then the action on the third q-bit

is V 2 = U .

Example 4.6 (Action of U ∈ SU (1) on a plane). Consider the plane P = [|j⟩, |k⟩]

spanned by two diﬀerent basis vectors |j⟩ and |k⟩. Then we can let U =

[[a, b], [c, d]] ∈ SU (1) act on that plane in the obvious way: U |j⟩ = a|j⟩ + b|k⟩

and U |k⟩ = c|j⟩ + d|k⟩. Moreover, we can extend this action to H (n) so that

20 J. RUÉ AND S. XAMBÓ

computation (we will write Uj,k to denote it). Note, for example, that if j = 1

and k = 2, then the matrix of our q-computation is U ⊕ I2n −2 .

The aim of this example is to indicate how to get a q-algorithm for Uj,k . In

fact, by the previous example, it will be enough to show how to resolve Uj,k by

means of simple and multicontrol U -gates. The simplest case is when |j⟩ and

|k⟩ have the form

|j⟩ = |x⟩|0⟩|y⟩, |k⟩ = |x⟩|1⟩|y⟩.

Indeed, in this case U |j⟩ = a|j⟩ + b|k⟩ = |x⟩(a|0⟩ + b|1⟩)|y⟩ = |x⟩(U |0⟩)|y⟩,

U |k⟩ = |x⟩(U |1⟩)|y⟩ (similar computation), and therefore Uj,k is a multicontrol

U -gate, in the sense that if |l⟩ = |x′ ⟩|b⟩|y ′ ⟩, then Uj,k |l⟩ = |l⟩ if x ̸= x′ or y ̸= y ′

and otherwise it is equal to |x⟩(U |b⟩)|y⟩. Note that if the controlling value of a

bit is 0, then we can reduce it to the standard controlling value 1 and two X

gates, as shown in the picture (the white circle is to indicate that the control

value is 0):

≡ X X

U U

position from j and in r − 1 positions from k. By induction we may assume

that there is a q-algorithm to compute Uj ′ ,k , for the case r = 1 has already been

established. Now a q-algorithm for Uj,k is obtained on noticing that it coincides

with Xj,j ′ Uj ′ ,k Xj,j ′ , where Xj,j ′ is deﬁned so that Xj,j ′ |j⟩ = |j ′ ⟩, Xj,j ′ |j ′ ⟩ = |j⟩

and Xj,j ′ |l⟩ = |l⟩ if l ̸= j, j ′ . Since Xj,j ′ is a (form of) multicontrol-Not, it can

be computed by a q-algorithm, and thus so it can Uj,k .

Example 4.7 (Fourier Transform). The Fourier transform (FT) on H (n) is the

linear operator

∑

F : H (n) → H (n) , |j⟩ 7→ f j = ρn ξ jk |k⟩,

k

2π π

where ξ = ξn = ei 2n = ei 2n−1 .

Observe that F ∈ U (n) :

1 ∑ (j ′ −j)k

⟨f j |f j ′ ⟩ = ξ = δjj ′ ,

2n

k

QUANTUM COMPUTING 21

for, if l ̸= 0,

n −1

2∑ n

lk (ξ l )2 − 1

ξ = = 0.

(ξ l − 1)

k=0

√ how to produce a internal q-algorithm to obtain F .

We have, with ρ = 1/ 2,

n −1

2∑

2πijk

F |j⟩ = ρ n

e 2n |k⟩

k=0

( )

∑ 2πij

k1 k

+ 22 +···+ k2n

n

=ρ n

e 21 2 |k1 · · · kn ⟩

k1 ,...,kn ∈B

∑ ⊗

n 2πijkl

= ρn e 2l |kl ⟩

k1 ,...,kn ∈B l=1

⊗n ( )

2πij

= ρn |0⟩ + e 2l |1⟩ .

l=1

But

j jn jn−1 jn−(l−1) ( )

= + + · · · + + jl + · · · + j1 2 n−l−1

.

2l 2l 2l−1 2

Since the part enclosed in parenthesis is an integer, the l-th tensor factor in the

previous expression is equal to

jn

iπ

|0⟩ + e 2l−1 · · · eiπjn−(l−1) |1⟩

Therefore

( )( jn

)

F |j⟩ = ρn |0⟩ + eiπjn |1⟩ |0⟩ + eiπ 2 eiπjn−1 |1⟩ · · ·

( jn j2

)

(∗) |0⟩ + eiπ 2n−1 · · · eiπ 2 eiπj1 |1⟩ .

If we write this tensor product in reverse order, with one ρ for each factor,

( jn j2

) ( jn

)

ρ |0⟩ + eiπ 2n−1 · · · eiπ 2 eiπj1 |1⟩ ρ |0⟩ + eiπ 2n−2 · · · eiπj2 |1⟩ · · ·

( ) ( )

· · · ρ |0⟩ + eiπjn /2 eiπjn−1 |1⟩ ρ |0⟩ + eiπjn |1⟩ ,

then for the l-th factor we have

( j

)

jn

iπ n−l iπ l+1

ρ |0⟩ + e 2 ···e 2 e |1⟩ = Rn−l · · · R1 H|jl ⟩

iπjl

where Rs means, for the l-th bit, Cl+s,l (Siπ/2s ). So we have the following q-

algorithm:

22 J. RUÉ AND S. XAMBÓ

QFT

for l ∈ {1, . . . , n} do

Rl (H)

for s ∈ {1, . . . , n − l} do Cl+s,l (Siπ/2s )

for l ∈ {1, . . . , ⌊n/2⌋} do Swap[l, n − l + 1]

This shows that QFT computes F with complexity O(n2 ). The swaps at the

end are meant to restore the original order.

Here is a diagram to illustrate the case n = 4.

|j1 i H R1 R2 R3

|j2 i H R1 R2

|j3 i H R1

|j4 i H

Remark 4.8. Let us point out, for later reference, that the formula (∗) can be

written in the form

F |j⟩ = ρn (|0⟩ + e2πi 0.jn |1⟩)(|0⟩ + e2πi 0.jn−1 jn |1⟩) · · · (|0⟩ + e2πi 0.j1 j1 ···jn |1⟩),

where, for binary digits b1 , b2 , . . . ,

b1 b2

0.b1 b2 · · · = + 2 + ···

2 2

The q-algorithms presented so far provide nice illustrations of the following

general result:

Theorem 4.9 (Universality of the U and Cnot gates).

1) Any q-computation can be realized by an internal q-algorithm.

2) For any q-computation U there exists a restricted internal q-algorithm

which approximates U to any wanted degree.

In this section we present two archtypal q-algorithms. The ﬁrst, due to Deutsch–

Josza [5], takes a Boolean function which is known to be constant or balanced

and decides exactly which of the two possibilities actually occurs in O(n) steps.

This is quite remarkable if we remember that the classical solution may require

up to 2n−1 +1 steps (see below) and that q-algoritms are, in general, intrinsically

probabilistic.

QUANTUM COMPUTING 23

The second,

√ due to Grover [6], searches for an item in an unordered list of length

N in O( N ) steps. In this case the complexity gain is quite signiﬁcant, as the

classical complexity is O(N ), but the solution may be incorrect with a small

probability. This fact need not be as bad as it could seem, because usually it

is possible to recognize whether the returned item is the one we were searching

for, with the idea that, if it is not, we can run the search again.

is either constant or balanced (this means that the sets f −1 (0) and f −1 (1) have

the same cardinal). Then the Deutsch’s problem consists in deciding which of

the two possibilities holds.

The classical solution is based on evaluating f on successive elements of B n .

This process stops as soon as either we have found two diﬀerent values, in

which case f has to be balanced, or else the number of evaluations has exceeded

2n−1 , in which case f must be constant. Since the worse case requires 2n−1 + 1

evaluations, the complexity of this procedure is exponential in n.

following Deutsch–Jozsa q-procedure:

1. Initialize a q-computer of order n + 1 with |u 1 ⟩ = |0⟩.n)

. .|0⟩|1⟩.

2. Using Example 4.2, obtain

n −1

2∑

⊗(n+1)

|u 2 ⟩ = H |u 1 ⟩ = ρ n+1

|j⟩(|0⟩ − |1⟩).

j=0

putation B n × B → B n × B , (x, b) 7→ (x, b + f (x)) and let |u 3 ⟩ = Ufe|u 2 ⟩.

Since

U (|j⟩|b⟩) = |j⟩|b + f (j)⟩

we clearly have

n −1

2∑

|u 3 ⟩ = ρ n+1

|j⟩(|f (j)⟩ − |1 + f (j)⟩).

j=0

2∑

n

−1 ∑

ρn+1 (−1)f (j) |j⟩(|0⟩ − |1⟩) = ρn+1 (−1)f (j1 ···jn ) |j1 · · · jn ⟩(|0⟩ − |1⟩).

j=0 jr ∈B

24 J. RUÉ AND S. XAMBÓ

4. Compute |u 4 ⟩ = (H ⊗n ⊗ I2 ) |u 3 ⟩. Since

(H ⊗n ⊗ I2 )|j1 · · · jn ⟩(|0⟩ − |1⟩) = (H|j1 ⟩) · · · (H|jn ⟩)(|0⟩ − |1⟩)

∏

n

= ρn (|0⟩ + (−1)jr |1⟩)(|0⟩ − |1⟩)

r=1

∑

=ρ n

(−1)j·k |k1 · · · kn ⟩(|0⟩ − |1⟩),

ks ∈B

where j · k = j1 k1 + · · · + jn kn is the scalar product of the binary vectors j and

k, we ﬁnd

∑ ∑

|u 4 ⟩ = ρ2n+1 (−1)j·k+f (j1 ···jn ) |k1 · · · kn ⟩(|0⟩ − |1⟩),

ks ∈B jr ∈B

which can be summarized as

∑

ρ2n+1 (−1)j·k+f (j) |k⟩(|0⟩ − |1⟩).

j,k

∑

Let us look at the coeﬃcient ak = ρ2n+1 j (−1)j·k+f (j) of |k⟩(|0⟩ − |1⟩) in

∑

this expression. If f is constant, ak = ρ2n+1 (−1)f (0) j (−1)j·k , so that a0 =

∑

(−1)f (0) ρ and ak = 0 for k ̸= 0. If f is balanced then a0 = ρ2n+1 j (−1)f (j) = 0,

and clearly ak ̸= 0 for some k ̸= 0. We can summarize these ﬁndings as follows:

{

ρ|0⟩ (|0⟩ − |1⟩) iff is constant,

|u 4 ⟩ = ∑

k̸=0 ak |k⟩ (|0⟩ − |1⟩) iff is balanced,

5. The last step consists in measuring the ﬁrst n q-bits. If f is constant, the

result is 0 with centainty, and if f is balanced, then we obtain a non-zero integer.

Hence, the algorithm decides exactly whether f is constant or not.

balanced, this q-algorithm returns 0 if and only if f is constant. We will work at

order n + 1 and we will let fe denote the classical reversible computation deﬁned

by (x, b) 7→ (x, b + f (x)), x ∈ B n , b ∈ B .

QUANTUM COMPUTING 25

Deutsch[f ]

→|0n ⟩|0⟩

Rn+1 (X) →|0 · · · 0⟩|1⟩

∑n ( )

Hadamard[n] →ρn+1 2j=0−1 |j⟩ |0⟩ − |1⟩

∑n ( )

Ufe →ρn+1 2j=0−1 (−1)f (j) |j⟩ |0⟩ − |1⟩

∑ ∑ ( )

Hadamard[n] → ρ2n+1 k j (−1)j·k+f (j) |k⟩ |0⟩ − |1⟩

//ρ|0n ⟩(|0⟩ − |1⟩) if f is constant, and

∑

// j̸=0 aj |j⟩(|0⟩ − |1⟩) if f is balanced.

M{1,...,n} →M

if M = 0 then Constant else Balanced

Grover’s search

Suppose {j → xj | j = 0, . . . , N − 1} is a database with N = 2n items. If we are

to search for the j such that xj satisﬁes some condition, like ﬁnding the position

of a given number in a random list, in the worst case we will have to examine

all the N items. In any case, to ﬁnd a randomly chosen value x we will need,

on the average, N/2 tests.

The remarkable√ discovery of Grover [6, 7] is that there is a q-algorithm with

complexity O( N/M ) that ﬁnds an x satisfying the condition, where M is the

number of solutions to the query.3

with the j such that xj satisﬁes (does not satisfy) the condition in question.

Consider the map f : B n → B such that

{

0 if j ∈ J0

f (j) = .

1 if j ∈ J1

1 ∑ 1 ∑

a =√ |j⟩ and b =√ |j⟩.

N − M j∈J M j∈J

0 1

3 Grover’s q-algorithm is probabilistic, in the sense that there is a small probability p that

the outcome of a run does not satisfy the condition. As it is customary is such cases, running

the algorithm some fixed number of times k (this does not change the complexity) will yield an

answer that may be wrong with probability pk , a value that usually is negligibly small already

for small k.

26 J. RUÉ AND S. XAMBÓ

ing to the solutions (non-solutions) of our query. Note also that

√ √

(n) N −M M φ φ

h = a+ b = cos( )a + sin( )b ,

N N 2 2

√

where the last equality deﬁnes φ ∈ (0, π) uniquely: φ = 2 arcsin( M/N ).

b

h(n)

a

ϕ/2

Remark 5.1. Using the trigonometric formulae for the double angle we get that

√ √

2 M N −M N −2M

sin(φ) = N , cos(φ) = N .

tions of order n, which we denote Gf and K. The deﬁnition of Gf is as follows

(j ∈ B n ): {

−|j⟩ if j ∈ J1

Gf (|j⟩) =

|j⟩ if j ∈ J0

In other words, Gf is the reﬂexion with respect to the space spanned by the

non-solutions. In particular, Gf (a ) = a and Gf (b ) = −b . Therefore we also

have

( (φ) (φ) ) (φ) (φ)

Gf (h (n) ) = Gf cos a + sin b = cos a − sin b.

2 2 2 2

The q-computation K, which does not depend on f , is deﬁned as

∑

K(x ) = (2x − xj )|j⟩,

j

1 ∑

where x = Av(x ) = N j xj , the average of the amplitudes xj of x (we say

that K is the inversion with respect to the mean). This linear map is indeed a

q-computation, for it preserves the norm:

∑

|K(x )|2 = (2x − xj )(2x̄ − x̄j )

j

∑ ∑ ∑

= 4N xx̄ − 2x̄ xj − 2x x̄j + xj x̄j

j j j

= |x |2 .

QUANTUM COMPUTING 27

( ) ( )

1. Let u 0 = h (n) = cos⌊ φ2 ⌋a + sin φ2 b .

π

2. For j = 1, . . . , m = , deﬁne u j = K(Gf (u j−1 )).

2φ

3. Return M (u m ).

The main reason why this procedure works is that in the plane spanned by a

and b the map KGf is a rotation of amplitude φ. Actually it is enough to show

that

Ka = cos(φ)a + sin(φ)b

and

K(−b ) = − sin(φ)a + cos(φ)b ,

and this follows from a straightfoward computation using the deﬁnition of K

and the formulae in Remark 5.1 ( 5). In particular we have

2j + 1 2j + 1

u j = a cos φ + b sin φ.

2 2

This tells us that the optimal choice for the number m of iterations in step 2 is

the least positive integer such that u m is closest to b , and this clearly occurs

when m is the nearest integer to

π φ π

( − )/φ = − 1/2,

2 2 2φ

⌊ ⌋

π√

that is, when m = ⌊ 2φ ⌋ =

π

.4

4 arcsin( M/N )

π π√

m≤ √ ≤ N/M .

4 arcsin M/N 4

⌊ √ ⌋

Hence also m ≤ π4 N/M . Since 4x π

− 4 arcsin(x)

π

< 1 for all x ∈ (0, 1), we also

⌊ √ ⌋

have π4 N/M ≤ m + 1. A more detailed study shows that when x → 0 the

⌊π⌋ ⌊ π

⌋

intervals in which 4x = 4 arcsin(x) + 1 become negligibly small compared to

⌊π⌋ ⌊ π

⌋ ⌊ √ ⌋

the intervals in which 4x = 4 arcsin(x) . Thus if we iterate π4 N/M times

the loop in step 2 of Grover’s q-procedure, we would get the right number of

rotations most of the time and otherwise we would go one step beyond, which

in practice gives a q-vector that is almost as good as the previous one.

is p = sin2 ( 2m+1 2m+1 √1

2 φ), as sin( 2 φ) M is the amplitude in u m of any of the

M solutions. Similarly, the probability of obtaining an erroneous answer is

is ⌊x⌋.

2

28 J. RUÉ AND S. XAMBÓ

q = cos2 ( 2m+1

2 φ). Since the speciﬁcation on m entails that

2m+1

2 φ=

π

2 + ε, with

|ε| ≤ φ/2, we see that

π

p = sin2 ( + ε) = cos2 (ε) = cos2 (|ε|)

2

(φ) ( (√ )) M

≥ cos2 = cos2 arcsin M/N =1− .

2 N

Hence also q = 1 − p ≤ M/N .

Example 5.3. Let us illustrate the ideas so far with the case n = 8 and M = 1.

We get N = 256, φ = 7.166643◦ , m = 12. The slope of the vector u 12 is

89.583042◦ and the probability of success is p = 0.999947. Note that p is much

closer to 1 than the lower bound 1 − M/N = 1 − 1/256 = 0.996094. The

probability of error is q = 0.000053, again much closer to 0 than the upper

bound M/N = 1/256 = 0.003906.

12 11

b 10

9

8

7

6

5

4

3

2

1

ϕ

0

ϕ/2 a

Grover’s n

f (1) > 0, this q-algorithm computes Grover’s q-procedure for f . We will

work at order n + 1 and we will let fe denote the classical reversible computation

deﬁned by (x, b) 7→ (x, b + f (x)), x ∈ B n , b ∈ B . As before, the corresponding

q-computation will be denoted Uf˜. We will use the notations m and u j (j =

0, 1, . . . , m) from the forgoing discussion.

It is easy to phrase the sought q-algorithm Grover[f ] in terms of q-algorithms

GroverG[f ] and GroverK for Gf and K:

QUANTUM COMPUTING 29

Grover[f, m]

→ |0n ⟩

Hadamard → u 0 = h (n)

for j ∈ {1, . . . , m} do

GroverK GroverG[f ] |u j−1 ⟩ → |u j ⟩

M (u m ) →M

To describe GroverG[f ] we will also work at order n + 1. The last q-bit plays

an ancillary role and initially it is supposed to be in the state |1⟩. Since at the

end it will recover this state, GroverG[f ] is revealed by looking at the ﬁnal

state of the q-bits other than the last.

GroverG[f ]

→ |x ⟩|1⟩

∑

// Set x = x 0 + x 1 , x i = j∈Ji xj |j⟩, i = 0, 1.

( )

Rn+1 (H) → ρ |x 0 ⟩|0⟩ + |x 1 ⟩|0⟩ − |x 0 ⟩|1⟩ − |x 1 ⟩|1⟩

( )

Uf˜ → ρ |x 0 ⟩|0⟩ + |x 1 ⟩|1⟩ − |x 0 ⟩|1⟩ − |x 1 ⟩|0⟩

= (|x 0 ⟩ − |x 1 ⟩)(H|1⟩)

Rn+1 (H) → |Gf x ⟩|1⟩

GroverK

→ |x ⟩

Hadamard

for l ∈ {1, . . . , n} do

Rl (X)

//This loop acts as X ⊗n

C{2,...,n},1 (Z)

//Z to ﬁrst q-bit controlled by all the others.

for l ∈ {1, . . . , n} do

Rl (X)

//X ⊗n

Hadamard → |K(x )⟩

observations:

30 J. RUÉ AND S. XAMBÓ

1) K = 2Ph (n) − IN , where Pa denotes the orthogonal projector onto a (for unit

a , Pa x = ⟨a |x ⟩a ). Indeed, the claim follows immediately from the relation

∑ ∑ ∑

Ph (n) x = ⟨h (n) |x ⟩h (n) = ρ2n ( xj ) |j⟩ = Av(x ) |j⟩

and the deﬁnition of K.

( )

2) K = H ⊗n 2P|0n ⟩ − IN H ⊗n . This is a direct consequence of the formula

U Pa U −1 = PU a , where U is a arbitrary q-computation and a any q-vector, and

the preceding formula. Note that if we apply U Pa U −1 to U x we obtain U a if

x = a and 0 if x is orthogonal to a .

3) IN − 2P|0n ⟩ = X ⊗n C{2,...,n},1 (Z)X ⊗n . Note that IN − 2P|0n ⟩ changes the sign

of |0n ⟩ and is the identity on all |j⟩ with j ̸= 0n . In relation to the right hand side

of the formula, observe that C{2,...,n},1 (Z), and hence the whole composition, will

do nothing on |j⟩ if not all j2 , . . . , jn are 0. If j2 = · · · jn = 0, then C{2,...,n},1 (Z)

applies Z to |j̄1 ⟩, and, by the deﬁnition of Z (Z|0⟩ = |0⟩, Z|1⟩ = −|1⟩), this

action does nothing if j1 = 1 and changes its sign if j1 = 0.

4) The analysis of Grover’s q-algorithm has to be completed with a q-algorithm

for C{2,...,n},1 (Z). But this can be obtained as indicated in the Example 4.5.

6. Phase estimation

The corresponding eigenvalue can be written in the form e2πiφ , with φ ∈ [0, 1).

Assuming that U and u are known, then the phase estimation problem consists

in obtaining r bits φ1 , . . . , φr , for a given r, of the binary expansion 0.φ1 φ2 · · ·

of φ.

The aim of this section is to phrase and analyze the interesting q-algorithm

discovered by Kitaev [11] to solve this problem.

Since we need some ancillary q-bits, say m, we will work in H (m) × H (n) . The

algorithm assumes that we can initialize H (n) with the q-vector u and also

l−1

that we are able to perform the ‘controlled’ q-computations Cm−l+1 (U 2 ), for

l = 1, . . . , n, deﬁned on H (m) × H (n) as follows:

{

2l−1

( ) |φ1 · · · φm ⟩|u

( ⟩ l−1 ) if φm−l+1 = 0

Cm−l+1 (U ) |φ1 · · · φm ⟩|u ⟩ =

|φ1 · · · φm ⟩ U 2 |u ⟩ if φm−l+1 = 1

QUANTUM COMPUTING 31

Kitaev’s q-algorithm

Kitaev[U, u ]

0. → |0m ⟩|u ⟩

1. Hadamard[m] → |h (m) ⟩|u ⟩

2. for l ∈ 1..m do

l−1

Cm−l+1 (U 2 )

3. QFT† [m]

4. M{1,...,m}

We will analyze this algorithm in two steps, denoted A and B below. In the

ﬁrst we will assume that φ = 0.φ1 · · · φm and in the second we will look at the

general case. The following diagram illustrates the steps 0-2.

m−1

ϕ)

H ... |1i

..

..

. .

|0i

2

H |0i + e2πi(2 ϕ)

|1i

...

m

|0i

1

H ... |0i + e2πi(2 ϕ)

|1i

|0i 0

H ... |0i + e2πi(2 ϕ)

|1i

...

...

|ui

...

U2

m−1

n .. U U2 U4 ..

. .

...

l−1 l−1

A. The action of U 2 only changes |u ⟩ by a factor, either 1 or e2πi2 φ de-

pending on whether the controlling bit is |0⟩ or |1⟩. Now this factor may be

moved next to the controlling bit and therefore the state at the end of the loop

2 can be written in the form

( m−1 φ

)( m−2 φ

) ( 0

)

(1) ρm |0⟩ + e2πi2 |1⟩ |0⟩ + e2πi2 |1⟩ · · · |0⟩ + e2πi2 φ |1⟩ .

( )( ) ( )

(2) ρm |0⟩ + e2πi 0.φm |1⟩ |0⟩ + e2πi 0.φm−1 φm |1⟩ · · · |0⟩ + e2πi 0.φ1 ···φm |1⟩ ,

as e2πik = 1 for any integer k. But by the Remark 4.8, this expression is equal

to F |φ⟩, which is computed by the q-algorithm QFT (Example 4.7). Thus it

is clear that we recover the state |φ⟩|u ⟩ by applying F † ⊗ I2n , where F † is the

inverse of F . We have denoted QFT† [m] the q-algorithm for F † that is obtained

32 J. RUÉ AND S. XAMBÓ

by carrying out QFT in reverse order. Thus Kitaev supplies φ exactly in the

case where φ can be expressed with m bits.

F † ⊗ I2n does not give the q-vector |φ⟩|u ⟩, but a super-

m bits. In this case, ∑

position of the form al |l⟩|u ⟩. As we will show below, this diﬃculty can be

overcome in order to obtain the ﬁrst r bits of φ provided r ≤ m.

By expanding the product in the formula (2), we see that it can be writen in

the form

m −1

2∑

ρ m

e2πiφk |k⟩|u ⟩.

k=0

The result in step 3 is

m −1

2∑ 2∑−1m 2∑−1 m

( †

)

e− 2m |l⟩|u ⟩

2πikl

ρ m 2πiφk

e F |k⟩ |u ⟩ = ρ2m e2πiφk

k=0 k=0 l=0

m −1 (2m −1

2∑

)

∑ m

=ρ 2m 2πi(φ−l/2 )k

e |l⟩|u ⟩

l=0 k=0

m −1

2∑ m m

1 − e2πi(φ−l/2 )2

=ρ 2m

|l⟩|u ⟩

l=0

1 − e2πi(φ−l/2m )

Finally the result of step 4, the measurement of the ﬁrst m bits, is also clear: it

will be an m-bit integer l drawn with probability5

( )

1 − e2πi(φ−l/2m )2m 2 2

− l/2m 2m

4m 4m sin π φ ( )

(∗) pl = ρ =ρ

1 − e2πi(φ−l/2m ) sin2 π φ − l/2m

With this distribution law we can now estimate what are the chances that the

ﬁrst r bits of l (0 < r ≤ m) agree with f = φ1 · · · φr . Indeed, using the

probabilities pl one can show ( 6) that

( ) 1

(∗∗) p |2m φ − l| > 2m−r ≤ .

2(2m−r − 2)

Therefore we can guarantee that r bits are correct with probability 1 − ε if

1

2(2m−r −2)

≤ ε, a relation that is equivalent to

( )

1

m ≥ r + log2 2 + .

2ε

(1 − eiα )(1 − e−iα ) = 2 − (eiα + e−iα ) = 2(1 − cos α).

QUANTUM COMPUTING 33

ordN (a), the order of a positive integer a modulo a positive integer N , provided

(a, N ) = 1. By deﬁnition, r = ordN (a) is the least positive integer such that

ar ≡ 1 mod N or, in other words, the order of a seen as an element of the

group Z∗N .

From a classical point of view, ﬁnding ordN (a) is related to the search of the

divisors of ϕ(N ) (where ϕ denotes the classical Euler’s totient function), which

has exponential complexity in terms of n = log2 (N ) (see [1] for details). By con-

trast, Shor’s q-algorithm produces a probabilistic solution which is polynomial

in n.

First let us ﬁx some notations. Set r = ordN (a) and n = ⌈log2 (N )⌉. Next deﬁne

the q-computation Ua = Ua,N of order n by the relation

{

|aj mod N ⟩ if j < N

Ua |j⟩ =

|j⟩ if N ≤ j < 2n .

is bijective (a permutation map). The inverse q-computation is Ua−1 ,N . Finally

deﬁne, for every s ∈ {0, . . . , r − 1}, the q-vector of order n

∑

r−1

e−2πij r |aj mod N ⟩.

s

us =

j=0

∑

r−1

e−2πij r |aj+1 mod N ⟩ = e2πi r u s ,

s s

Ua u s =

j=0

s

which means that u s is an eigenvector of Ua,N with eigenvalue e2πi r .

At this point it would seem natural to apply Kitaev’s q-algorithm to estimate

s

the phase s/r of e2πi r , with the idea that the information gained in this way

could give us precious information about r. However this does not work, since

the eigenvector u s would be known only if r were already known.

Fortunately this can be circumvented with the observation that

1 ∑

r−1

√ |u s ⟩ = |1n ⟩.

r s=0

⌈ 1

⌉

Indeed, if in Kitaev’s q-algorithm we set m = 2n + 1 + 2 + 2ε and we let the

initial state be |0m ⟩|1n ⟩, then, with probability (1−ε)/r, we will get an estimate

34 J. RUÉ AND S. XAMBÓ

s

1 1

− φ̃ ≤ 2n+1 ≤ 2

r 2 2r

and hence, letting s/r = s′ /r′ with (s′ , r′ ) = 1, the inequality

′

s 1

−φ e ≤ ′ 2

r′ 2r

also holds. By a well known result in continued fractions (see [8]), s′ /r′ must be

a convergent of φ.e As φ e is a rational number, its set of convergents is ﬁnite and

can be computed by the continued fraction algorithm. Summarizing, the choice

of m in the phase estimation procedure assures that, with a probability of 1 − ε,

there exists a convergent φ e such that its denominator is either r if (s, r) = 1 or

a divisor of r if (s, r) ̸= 1.

If (s, r) = 1 then r is the order of a. This fact can be checked directly computing

arn mod N where sn /rn is a convergent of φ. e If (s, r) ̸= 1, then ar mod N is

not equal to 1, and we need to repeat the phase estimation algorithm in order

to get an estimation such that (s, r) = 1. Using the prime number theorem

(see [1]), one can show that repeating the algorithm O(n) times, with high

probability we get an estimation φ e with a convergent s/r such that (s, r) = 1

( 7).

( )

The number of steps of the whole q-algorithm is O n4 : the more complex ( )

step is associated to the continued fraction algorithm, with complexity O n3 ,

which needs to be repeated O(n) times in order to assure, with high probability,

a convergent s/r such that (s, r) = 1.

With further

( improvements

) of these ideas (see [15]) the complexity can be re-

duced to O n3 .

Shor’s order-finding

Let 1 < a < N be positive integers such that (a, N ) = 1 and ε > 0 a (small)

real number. The algorithm described below ﬁnds r = ordN (a) with probability

1 − ε with an average number of iterations which is O(n). The total complexity

is O(n4 ). The algorithm ContFrac returns, given a rational number, the list of

the denominators of its convergents ( 8).

QUANTUM COMPUTING 35

Shor-Order[a, N, ε]

( )

n = ⌈log2 (N )⌉, m = 2n + 1 + log2 2 + 1

2ε

//Working q-space: H (m) ⊗ H (n)

0. → |0m ⟩|0n ⟩

∑m

1. Hadamard[m] → ρm 2j=0−1 |j⟩|0n ⟩

m ∑ ∑2m −1 2πij s

2. Ua,N → ρ√r r−1 e r |j⟩|u s ⟩

∑

s=0

j=0

⟩

g

3. QFT† [m] → √1r r−1

s=0 s/r |u s ⟩

4. M = M{1,...,n} g

→ s/r

5. ContFrac →D

′

6. for r ∈ D do

′

if ar mod N = 1, return r′

7. return Not-successful

//r′ |r, and r′ = r in O(n) iterations

Since the condition r′ = r is met in O(n) iterations, we will get the correct order

r with an average time O(n4 ). This is the algorithm we need in the next Section

and will be denoted Shor-Order(a, N ).

divisors of a big positive integer N . The diﬃculty of this problem (by classical

algorithms) provides a basis for eﬃcient criptographic algorithms [18]. Amaz-

ingly, the quantum framework permits a solution whose complexity is polyno-

mial in n = log2 (N ). The key idea is to reduce, by a well known procedure, the

factoring problem to and order-ﬁnding problem and then use the q-algorithm

Shor-Order studied in Section 7 to solve the latter.

Thus we ﬁrst review how to go from factoring to order-ﬁnding and then we will

formulate the q-algorithm Shor-Factor by calling Shor-Order.

are eﬃcient classical algorithms to decide whether N is a primer power pr ,6

henceforth we will assume that N is not a prime power. It is also harmless to

assume that N is odd. It will be enough to ﬁnd a proper divisor d of N , for

then N = d · (N/d) and we can proceed recursively with the factors d and N/d.

⌊ ⌋

6 If N = mr , m > 1, then r ≤ log (N ). For each such r, r > 1, let m = N 1/r and check

2

whether mr = N . If the equality holds, N is an exact power and factoring N is reduced to

factoring m. Otherwise N is not an exact power and hence, in particular, not a prime power.

36 J. RUÉ AND S. XAMBÓ

Now the main observation is that we can obtain a proper factor of N if we are

able to produce an integer x ∈ {2, . . . , N − 1} such that

(1) (x, N ) = 1;

(2) r = ordN (x) is even.

r

(3) x 2 + 1 is not divisible by N .

Indeed, since by deﬁnition r is the least positive integer such that xr = 1

mod

( r N ) (the

( rcondition

) 1 implies that this number exists), we see that xr − 1 =

r r

x 2 − 1 x 2 + 1 is divisible by N . Since neither x 2 − 1 nor x 2 + 1 is divisible

r r

by N , it follows that(a prime factor

r

) r

) either x 2 − 1 or x 2 + 1.

of N( must divide

Therefore either gcd x 2 − 1, N or gcd x 2 + 1, N is a proper divisor of N .

So we are led to the question of ﬁnding an x satisfying the three conditions

above. As we will see, this can be accomplished, with good chances, by picking

x at random in {2, . . . , N − 1}. Indeed, iﬀ (x, N ) > 1, then d = (x, N ) is a

proper divisor of N and we are done. So we may assume that (x, N ) = 1, and

r

hence that r = ordN (x) exists. How likely are we that r is even and x 2 + 1 is

not divisible by N ? The following proposition provides the answer we need.

Proposition 8.1. Let N be a positive integer with m ≥ 2 distinct prime factors.

Then the density of the set

{x ∈ Z∗N | r = ordN (x) is even and x 2 + 1 is not divisible by N }

r

in Z∗N is ≥ 1 − 1

2m−1

.

Proof. See 9.

Example 8.2. Consider the number N = 904279, which is odd and not a prime

power. We pick a number x at random in {1, . . . , N − 1} (say as the value

of random(N)). In our case we got x = 743579. We check that (x, N ) = 1

(gcd(x,N)→1), so r = ordN (x) ( exists. We

) get r = 150396, as the value of

r

order(x,N). This is even and x 2 − 1, N gives the (prime) divisor 907 and

( r )

x 2 + 1, N gives the (prime) divisor 997. Finally we check that N = 907 · 997.

section, we assume that N is an odd positive integer which is not a prime power.

QUANTUM COMPUTING 37

Shor-Factor[N ]

x, r, d

1. random(N) →x

2. if d = (x, N ) > 1, return d

3. Shor-Order(x, N ) →r

4. if r ≡ 1( mod 2, go) to 1.

r

5. if d = x 2 − 1, N > 1 return d

r

6. if x 2 + 1 mod

( r N = 0,)go to 1.

7. return d = x 2 + 1, N

The complexity of Shor-Factor is determined by step 3, and so its average

cost is O(n4 ), n = log2 (N ).

A more detailed analysis ( 10) shows that the average number of go to in steps

4 and 6 is O(1).

9. Physical interpretations

iomatic) physical terms. For a deeper understanding of the physics involved, see

for example [20, 10, 21].

vector space E endowed with a Hermitian scalar product ⟨x |y ⟩ (i.e., linear in y

and conjugate-linear in x ). For the purposes of quantum computation we may

also asume that E has ﬁnite dimension.

The non-zero vectors x ∈ E represent (pure) states of Σ, and two non-zero

vectors x , y ∈ E represent the same state if and only if there exists ξ ∈ C such

that y = ξx .

In particular, any state can be represented by a unitary vector u (determined

up to a phase factor eiα ). Thus the state space of Σ is the projective space

associated to E (it is usually denoted PE).

Following Dirac’s notations, we will write |u ⟩ to denote the state corresponding

to u (in projective geometry it is denoted [u ]). If v ∈ E is arbitrary, but

non-zero, we have |v ⟩ = |v̂ ⟩, where v̂ is the unit vector v / |v |.

a = α + βi and a′ = α′ + β ′ i, we can form the state |au + a′ u ′ ⟩. Such states

are said to be a quantum superposition of the states |u ⟩ and |u ′ ⟩ and are often

38 J. RUÉ AND S. XAMBÓ

the points on the line determined by |u ⟩ and |u ′ ⟩.

⟨Ax |y ⟩ = ⟨x |Ay ⟩.

If we express A with respect to an orthonormal basis, it is easy to check that

this condition is equivalent to A = A† . In other words,

observable ≡ self-adjoint operator

∑

(3) A= aj Pj ,

j

eigenvectors of A with eigenvalue aj , namely

Ej = {x ∈ E | Ax = aj x }.

of the eigenvalues aj , with probability

pj = |Pj u |2 = ⟨u |Pj u ⟩,

and also that Σ is reset to the state Pj u (or, more precisely, to |Pj u ⟩). Notice

∑ ∑ ∑

that u = j Pj u and hence 1 = |u |2 = j |Pj u |2 = j pj , as the Ej are pair-

wise orthogonal. Note also that ⟨u |Pj u ⟩ − |Pj u |2 = ⟨u |Pj u ⟩ − ⟨Pj u |Pj u ⟩ =

⟨u − Pj u |Pj u ⟩ = 0, since u − Pj u is orthogonal to Ej by deﬁnition of Pj .

In particular, if u ∈ Ej , then the observation yields aj with certainty and Σ

remains in the state |u ⟩.

Example 9.1. If F is a linear subspace of E, the orthogonal projection PF :

E → F is an observable with eigenvalues 1 and 0: E1 = F and E0 = F † . The

observables of this form are called propositions or eventualities. Note that the

probability of measuring 1, if the system is in the state u ∈ E, is |PF (u )|2 .

The formula (3) shows that any observable is a linear combination with real

coeﬃcients (the values aj ) of eventualities (the projector Paj is the eventuality

corresponding to the space Ej = Eaj ). Seen in this light, an observable can be

identiﬁed with a list of pairs {(a1 , E1 ), ..., (ar , Er )}, where a1 , . . . , ar ∈ R (the

possible values of the observable) and E1 , . . . , Er ⊆ E are linear subspaces of E

such that E = E1 ⊕ · · · ⊕ Er and Ej ⊥ Ek for j ̸= k. The non-zero vectors of

Ej represent states for which the measured value is aj with certainty and the

non-zero vectors in the orthogonal Ej⊥ = ⊕k̸=j Ek represent states for which the

measured value is ̸= aj with certainty. Note that the probability of obtaining

aj agrees with the probability of observing 1 for the eventuality deﬁned by Ej .

QUANTUM COMPUTING 39

environment is not aﬀected by Σ) in the time interval [0, t], there exists a unitary

operator

U :E→E

such that

b = Ua

represents the state of Σ at time t if a ∈ E represents the state of Σ at time 0.

Example 9.2. If H is an observable, the operator

U = eiHt

†

is unitary, as U † = e−iH t = e−iHt = U −1 . It is customary to say that U = eiHt

is the time evolution deﬁned by the Hamiltonian H.

E ′ , then the associated space of the composite system Σ + Σ′ is E ⊗ E ′ , with

the natural hermitian bracket deﬁned by the relation

⟨x ⊗ x ′ |y ⊗ y ′ ⟩ = ⟨x |y ⟩ · ⟨x ′ |y ′ ⟩.

or |u u ′ ⟩, and it is thought as the state of the composite system corresponding

to the state |u ⟩ of Σ and |u ′ ⟩ of Σ′ . We will say that they are composite

states. Note, however, that in general the states of the composite system are

not composite states. A simple example is given by |u 1 ⊗ u ′1 ⟩ + |u 2 ⊗ u ′2 ⟩ if

u 1 , u 2 ∈ E (respectively u ′1 , u ′2 ∈ E ′ ) are orthogonal unit vectors ( 11). Since

the non-composite states are superposition of composite states (any vector in

E ⊗ E ′ is a sum of composite vectors), the non-composite states are called

entagled states.

Example 9.3 (q-bits). The states of a spin- 12 particle (system Σ(1) ) can be

thought as points lying on the sphere S 2 of radius 1 (in suitable units).

The complex space associated to this system according to axiom 1 is C2 (spinor

space).

This fact can be argued as follows.

P = P (ξ) of

S 2 = {(x, y, z) ∈ R3 |x2 + y 2 + z 2 = 1}

( )

2x 2y x2 + y 2 − 1

P = , , .

x2 + y 2 + 1 x2 + y 2 + 1 x2 + y 2 + 1

40 J. RUÉ AND S. XAMBÓ

z

N

P (ξ)

ξ = x + iy

inverse map is given by

x y

(x, y, z) 7→ +i , for z < 1,

1−z 1−z

and N = [0, 0, 1] 7→ ∞, for z = 1.

b ≃ PC2 = P1 ,

C C

[1, ξ] when ξ0 ̸= 0, and to [0, 1] if ξ0 = 0. Thus we have a bijective map

b → P1 , ξ 7→ [1, ξ], ∞ 7→ [0, 1].

C C

{

ξ = ξ1 /ξ0 if ξ0 ̸= 0

[ξ0 , ξ1 ] 7→

∞ if ξ0 = 0

Σ(1) .

Note. The sphere S 2 , with the structure of P1C , is called the Riemann sphere. It

is the simplest compact Riemann surface. In quantum computation references,

it is often called the Bloch sphere or even the Poincaré–Bloch sphere.

Remark 9.4. Let P = (x, y, z) be a point of S 2 and deﬁne φ as the argument of

x + iy and θ as the angle between OP and ON , where O is the center of the

sphere. The relation between the spherical coordinates (φ, θ) and the cartesian

coordinates (x, y, z) is given by the formulas

(4) x = sin θ cos φ, y = sin θ sin φ, z = cos θ.

QUANTUM COMPUTING 41

b corresponding to P (x, y, z) is

The point in C

x y sin θ cos φ sin θ sin φ sin θ

ξ= +i = +i = eiφ = eiφ cot 2θ .

1−z 1−z 1 − cos θ 1 − cos θ 1 − cos θ

Since this corresponds to the point

[1, eiφ cot 2θ ] ∼ [e−iφ/2 sin 2θ , eiφ/2 cos 2θ ] ∈ P1C ,

we conclude that

(5) p = e−iφ/2 sin 2θ |0⟩ + eiφ/2 cos 2θ |1⟩ ∈ P1C

is the point corresponding to P under the identiﬁcation S 2 ≃ P1C . The pic-

ture below illustrates this relation and also shows some special cases (up to a

normalization factor).

|1i

θ

|0i − |1i

P

ϕ

|0i + |1i

|0i

p=e −iϕ/2

sin( 2θ )|0i + eiϕ/2 cos( 2θ )|1i

Remark 9.5. The formula (5) shows that Rz (α)(p ) corresponds to ρz (α)(P ),

where ρz (α) denotes the rotation about the axis Oz of amplitude α. This is a

special case of a well known relation between matrices U ∈ SU (1) and rotations

of S 2 . This relation can be explained as follows.

[ ]

u 0 u1

We can view a matrix U = ∈ SU (1) as a linear map C2 → C2 :

−ū1 ū0

[ ] [ ]

ξ0 ξ0

7→ U . This map induces a projective map of P1C ,

ξ1 ξ1

[ξ0 , ξ1 ] 7→ [u0 ξ0 + u1 ξ1 , −ū1 ξ0 + ū0 ξ1 ]

b → C,

b :C

and hence a map U b

ū0 ξ − ū1

ξ 7→ , ∞ 7→ ū0 /u1 .

u1 ξ + u 0

42 J. RUÉ AND S. XAMBÓ

( )

e : S 2 → S 2 such that U

This map induces, in turn, the map U e (P (ξ)) = P U

bξ .

[ ] [ ] [ ]

e−iφ/2 0 cos θ2 sin θ2 cos ψ2 −i sin ψ2

Rz (φ) = , Ry (θ) = , Rx (ψ) =

0 eiφ/2 − sin θ2 cos θ2 −i sin ψ2 cos ψ2

z (φ), ρy (θ) = Ry (θ) and

ρx (ψ) = R^x (ψ) are the rotations of amplitude φ, θ and ψ about the axes z, y

and x, respectively. This, together with the relations

p = e−φ/2 sin 2θ |0⟩ + eφ/2 cos 2θ |1⟩ = Rz (φ)Ry (θ)|1⟩,

show that, in terms of S 2 ,

P = ρz (φ)ρy (θ)N,

whose geometric content is clear by the deﬁnitions of φ and θ. Conversely, this

relation, together with the interpretation of Rz and Ry , provides a proof of the

formula for p .

Example 9.6 (q-Registers). By Axiom 4 (Entanglement) and the formula H (n) ≃

H (1) ⊗· · ·⊗H (1) , the space H (n) is the associated space of Σ(n) = Σ(1) +· · ·+Σ(1)

(n summands), the system composed of n q-bits. By analogy with the classical

bit registers, it is called a q-register of order n.

Now Axiom 3 (Unitary dynamics) tells us that the time evolution of Σ(n) is

given by a unitary matrix of order 2n . In other words, the time evolution of

Σ(n) is a q-computation.

Finally, Axiom 2 (Observables) indicates that the [optional] operation M(b ) at

the end of q-programs corresponds to the operation of measuring the (diagonal)

observable ∑

L= j|j⟩⟨j| (that is, L|k⟩ = k|k⟩ for all k)

j

( )

when Σ(n) is in the state |b ⟩. Note that H (n) j = C|j⟩, hence Pj b = bj |j⟩ and

pj = |bj |2 .

suﬃcient, in order to execute q-programs of order n on a physical support, to

have a quantum register and “implementations” of the operations

M (b )

Rj (U ) [with U ∈ {H, Uπ/2 , Uπ/4 } in the restricted case]

Cj,k

A quantum computer (of order n) is a quantum register Σ(n) endowed with such

implementations.

QUANTUM COMPUTING 43

Its main beauty is that such a computer allows us to perform (or approximate)

any q-computation.

allelism. This stems from the possibility of initializing the q-computation in

states such as the Hadamard q-input

1

h (n) = √ (|0⟩ + |1⟩ + · · · |2n − 1⟩) ,

2n

which has the following features:

Hence, any operation of the quantum computer acts on all numbers simulta-

neously. This “explains” why the quantum computer can be much faster than

a classical computer.

In general, the usefulness of the algorithms (as Shor’s order-ﬁnding, for in-

stance) is based in the fact that after its execution the amplitudes of “useful

numbers” are high and the others are small.

Let us mention here the “problem of decoherence”, which arises from the fact

that interactions with the environment can quickly “perturb” the states of Σ(n)

(uncontrolled entanglement between states of the environment and states of

Σ(n) ). Such problems in the road of building quantum computers are of a

physical and technological nature. Research in many labs around the world is

focussed on those questions, with continuous progress and in many directions

( 12).

More references. In addition to the references given so far, here are a few

more books, ordered by year of publication, that the reader may ﬁnd interesting

to delve more deeply into the study of quantum computing or, more generally,

quantum information processing: [17], [12, 13], [19], [3, 4], [14], [9], [2].

I 1 (p. 3, p. 14). It is a well known fact that any classical computation can be

resolved into a sequence of logical gates that are either Not acting on a single

bit or Nand acting on two bits (instead of Nand we could use any of a number

of 2-bit gates, like And, Or or Xor; the choice of Nand is just a convenience

for our presentation). Therefore it is enough to embed Nand into a reversible

computation f . This can be accomplished with f : B 3 → B 3 that interchanges

110 and 111 and is the identity otherwise. Indeed, in the following table of f ,

44 J. RUÉ AND S. XAMBÓ

f (x) 000 001 010 011 100 101 111 110

we see the Nand embedded by looking at the boldfaced bits. Notice that this

embedding involves the four 3-bit vectors ending with 1, and that for these f

acts as ij1 7→ ijNand(i, j) = ij(1 + i · j).

I 2 (p. 10). For the proof, we follow the indications given in [16], Section 2.2.4.

We will use the relations

XRy (θ)X = Ry (−θ), XRz (φ)X = Rz (−φ).

Notice that XM (respectively M X) interchanges the rows (columns) of M . The

claim follows from this and the deﬁnitions of Ry (θ) and Rz (φ). Hence we can

write (the φ in the third equality is an arbitrary auxiliary angle):

Rz (β)Ry (θ)Rz (γ) = Rz (β)Ry (θ/2)Ry (θ/2)Rz (γ)

= Rz (β)Ry (θ/2)XRy (−θ/2)XRz (γ)

= Rz (β)Ry (θ/2)XRy (−θ/2)Rz (φ)Rz (−φ)XRz (γ)

= Rz (β)Ry (θ/2)XRy (−θ/2)Rz (φ)XRz (φ + γ)

= AXBXC

with

A = Rz (β)Ry (θ/2), B = Ry (−θ/2)Rz (φ), C = Rz (φ + γ).

Finally, since ABC = Rz (2φ + β + γ), it is enough to choose φ = −(β + γ)/2,

which means that

( ) ( ) ( )

A = Rz (β)Ry 2θ , B = Ry (− φ2 )Rz − β+γ 2 , C = R z

γ−β

2 ,

as claimed.

I 3 (p. 22). This result is not used in this article, but its proof is interesting

and so we outline it.

Let U = [ujk ] ∈ U (n) and set N = 2n . Then U = eiα U1 U2 · · · UN −1 , with α ∈ R

and where Ul = Ul,l+1 · · · Ul,N , with Ul,j an element of SU (1) acting on the plane

[|l⟩, |j⟩] in the standard form (using the reference |j⟩ and |k⟩) and acting as the

identity on any |k⟩ such that k ̸= l, j. This expression of U can be constructed

as follows. The matrix U1,2 is taken as the identity if u21 = 0 and otherwise as

[ ] √

u11 /ρ −ū21 /ρ

, ρ = |u11 |2 + |u12 |2 ,

u21 /ρ ū11 /ρ

†

so that the entry 21 of the matrix U1,2 U is 0. Deﬁning U1,3 , ..., U1,N in a similar

† †

way, we achieve that all entries of the ﬁrst column of U ′ = U1,N · · · U1,2 U , other

than the entry 11, are 0. Since U ′ is unitary, so that any two of its columns are

QUANTUM COMPUTING 45

orthogonal, all entries of the ﬁrst row of U ′ , other than the entry 11, are also 0.

Since the entry 11 of U ′ is a unit complex number, we see that there is α1 ∈ R

† †

such that e−iα1 U1,N · · · U1,2 U has the form

[ ]

1 0n

† , V ∈ U (N −1) .

0n V

with Ul,j an element of SU (1) acting on the plane [|l⟩, |j⟩] and as the identity

on any |k⟩, k ̸= l, j. Finally the claim follows by deﬁning α = α1 + β and

U1 = U1,2 U1,3 · · · U1,N . Note that the number of the Ul,j diﬀerent from the

identity is at most N (N − 1)/2.

The proof can be completed on noticing that in the Example 4.6 we established

that the Ul,j can be expressed as a product of U -gates and Nr,s -gates.

I 4 (p. 22). We refer to Section 4.5.3 of [15] for a sketch of how the proof goes.

But even in this encyclopedic book we read that providing all the details “is a

little beyond our scope” (p. 198). A more complete proof, including the more

subtle mathematical details, can be found in [16]. In particular it contains a full

proof of the key fact that if cos α = cos2 (π/8), then α/π is irrational (Lemma

3.1.8).

1 √N −M

√

I 5 (p. 27). Since Av(a ) = N N −M = N − M /N ,

√

∑( √ √ ) ∑ 2 N −M

K(a ) = 2 N − M /N − 1/ N − M |j⟩ + |j⟩

N

j∈J0 j∈J1

√ √

∑ N − 2M ∑ 2 M N −M

= √ |j⟩ + √ |j⟩

j∈J

N N − M j∈J

N M

0 1

= cos(φ)a + sin(φ)b .

√ √

Similarly, since Av(v ) = M/N M = M /N ,

( √ ) ( √ )

∑ 2 M ∑ 2 M 1

K(b ) = |j⟩ + −√ |j⟩

N N M

j∈J0 j∈J1

( √ √ )

∑ 2 M N −M 1 ∑ ( 2M − N )

= √ |j⟩ + √ |j⟩

j∈J

N N −M j∈J

N M

0 1

= sin(φ)a − cos(φ)b .

Observe that the relations above imply that K is, on the space spanned by a

and b , the symmetry with respect to h (n) = cos(φ/2)a + sin(φ/2)b . Indeed,

let u α = cos(α)a + sin(α)b (thus h (n) = u φ/2 ) and let Rφ denote the rotation

46 J. RUÉ AND S. XAMBÓ

= Rφ−π/2 u −φ/2 = u φ/2−π/2 = −k (n) .

−(2m−r +1)

∑ 2∑

m−1

pl + pl .

l=−2m−1 +1 l=(2m−r +1)

Now the bound (∗∗), p. 32, can be derived from the explicit expression (∗) for

pl (page 32). We refer to [15] for further details.

I 7 (p. 34). The Prime Number Theorem asserts that the number of primes

r

which are smaller than r is asymptotically equal to log(r) . Hence, the probability

of choosing (uniformly) a random prime number 0 < s < r is asymptotically

equal to

1 1

p(0 < s < r, s is prime) = p ∼ > .

log r log N

Then the expected number of iterations in order to ﬁnd a prime number s < r

is equal to:

∞

∑ ∞

∑ p 1

i(1 − p)

i−1

p=p i(1 − p)i−1 = = ∼ log(r) < log(N ).

(1 − (1 − p)) 2 p

i=1 i=1

Hence, after not more than log(N ) = O(n) choices, we expect to choose a value

of s which is prime with r.

a vector of integers [x0 , x1 , . . . , xn ], with xj > 0 for j = 1, . . . , n. The relation

between x and [x0 , x1 , . . . , xn ] can be displayed as a ‘continuous fraction’:

1

x = x0 +

1

x1 +

..

.

1

xn−1 +

xn

QUANTUM COMPUTING 47

continuous fraction can be expressed by the recursive formula

1

[x0 , x1 , . . . , xn ] = x0 +

[x1 , . . . , xn ]

The rational numbers cj = [x0 , x1 , . . . , xj ], j = 0, 1, . . . , n, are called the con-

vergents of the number x. The list of denominators {d0 , d1 , . . . , dn } of these

convergents can be computed recursively as follows:

d0 = 1, d 1 = x1 , dj = xj dj−1 + dj−2 (j = 2, ..., n)

Actually it is easy to prove by induction that cj = mj /dj , where

m0 = x0 , m1 = x1 x0 + 1, mj = xj mj−1 + mj−2 (j = 2, ..., n)

It follows that the list {d0 , d1 , ..., dn } can be computed by the following algo-

rithm:

ContFrac(x):=

a=floor(x), k=1, d={0,1}

while x!=a and j<n do

x=1/(x-a)

a=floor(x)

d=d|{a*d.(j-1)+d.(j-2)}

j=j+1

return tail(d)

( ) 1

p x ∈ Z∗N | r = ordN (x) is odd or x 2 + 1 is divisible by N ≥ m .

r

2

α1 α

We start writing N = p1 . . . pm , where p1 , . . . , pm are distinct prime numbers.

m

α

Then, Z∗N = Z∗pα1 × · · · × Z∗pαmm . Write xj for the reduction of x mod pj j , and

1

rj for the order of xj in Z∗αj . Denote by dj the biggest exponent such that 2dj

pj

divides rj . Denote by d the biggest exponent such that 2d divides r. Then, it is

r

easy to show that if r is odd or if r is even and x 2 ≡ −1 mod N , then dj = d

for all d.

α

To conclude, we use that if 2dj is the largest power of 2 dividing φ(pj j ), then

( )

1

p x ∈ Z∗N | 2dj divides ordpαj (x) =

j 2

r

ordN (x) is even and x 2 + 1 is not divisible by N }, when x is chosen uniformly

48 J. RUÉ AND S. XAMBÓ

equal to:

∞

∑ ∞

∑ 1 2m−1 1

i(1 − p)

i−1

p=p i(1 − p)i−1 = ≤ m−1 = 1 + m−1 .

p 2 −1 2 −1

i=1 i=1

′ ′

∑ orthonormal basis of E , then a general vector of E ⊗ E has ′the form

an

aj,j ′ u j ⊗ u j ′ . On the other hand, the composite vector x ⊗ x has the

j,j ′ ∑ ∑ ∑

form j,j ′ aj aj ′ u j ⊗ u j ′ if x = j aj u j and x ′ = j ′ aj ′ u j ′ . Now this vector

may not be equal to u 1 ⊗ u ′1 + u 2 ⊗ u ′2 , for this would in particular require

that the inconsistent relations a0 a′0 = 1, a1 a′1 = 1, a0 a′1 = 0 were satisﬁed.

I 12 (p. 43). There is an explosion of activity in the last years, and especially

since 2006, as seen, for example, in

http://en.wikipedia.org/wiki/Quantum computer

In the latter, in particular, there are over a dozen lines of inquiry aiming at the

realization of a quantum computer.

References

[1] T. Apostol. Introduction to Analytic Number Theory. Undergraduate Texts in Mathemat-

ics. Springer-Verlag, 1976.

[2] F. Benatti, M. Fannes, R. Floreanini, and D. (editors) Petritis. Quantum information,

computation and cryptography. An introductory survey of theory, technology and experi-

ments, volume 808 of Lecture Notes in Physics. Springer, 2010.

[3] Giuliano Benenti, Giulio Casati, and Giuliano Strini. Principles of quantum computation

and information, volume I: Basic cocepts. World Scientific, 2004.

[4] Giuliano Benenti, Giulio Casati, and Giuliano Strini. Principles of quantum computation

and information, volume II: Basic tools and special topics. World Scientific, 2007.

[5] D. Deutsch and R. Jozsa. Rapid solution of problems by quantum computation. Proc Roy

Soc Lond A, 439:553–558, October 1992.

[6] L. K. Grover. A fast quantum mechanical algorithm for database search. Annual ACM

Symposium on Theory of Computing, pages 212–219, 1996.

[7] L. K. Grover. From Schrödinger’s equation to quantum search algorithm. American Jour-

nal of Physics, 69(7):769–777, 2001.

[8] G. H. Hardy and E. M. Wright. An Introduction to the Theory of Numbers. Oxford Uni-

versity Press, 2008 (6th edition, revised by D. R. Heath-Brown and J. H. Silvermann; 1st

edition published in 1938).

[9] G. Jaeger. Quantum Information –An overview. Springer, 2007.

[10] A. Kitaev, A. H. Shen, and M. N. Vyalyi. Classical and quantum computation, volume 47

of Graduate Studies in Mathematics. American Mathematical Society, 2002.

QUANTUM COMPUTING 49

[11] A. Y. Kitaev. Quantum measurements and the abelian stabilizer problem. Electr. Coll.

Comput. Complex., 3:article no. 3, 22 pp., 1995.

[12] S. J. Jr. Lomonaco, editor. Quantum computation: A grand mathematical challenge for the

twenty-first century and the millenium, volume 58 of Proceedings of Symposica in Applied

Mathematics. American Mathematical Society, 2002.

[13] S. J. Jr. Lomonaco and H Brand, editors. Quantum computation and information, volume

305 of Contemporary Mathematics. American Mathematical Society, 2002.

[14] D. Mermin. Quantum Computer Science: An Introduction. Cambridge University Press,

2007.

[15] M. A. Nielsen and I. L. Chuang. Quantum Computation and Quantum Information. Cam-

bridge University Press, 2000 (5th printing 2005).

[16] K. R. Parthasarathy. Lectures on Quantum Computation, Quantum Error Correcting

Codes and Information Theory. Narosa Publishing House, 2006. (For the Tata Institute

of Fundamental Research, international distribution by AMS).

[17] A. O. Pittenger. An Introduction to Quantum Computing Algorithms. Progress in Com-

puter Science and Applied Logic. Birkhuser, 2000.

[18] R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and

public-key cryptosystems. Commun. ACM, 21(2):120–126, 1978.

[19] Joachim Stolze and Dieter Suter. Quantum Computing: a Short Course from Theory to

Experiment. Physics Textbook. Wiley-VCH, 2008. Second, updated and enlarged edition.

[20] A. Sudbery. Quantum mechanics and the particles of nature. An outline for mathemati-

cians. Cambridge University Press, 1988 (reprinting, with corrections, of 1986 edition).

[21] Steven Weinberg. Lectures on quantum mechanics. Cambridge University Press, 2013.

0n 0 . n. . 0

1n 1 . n. . 1

∑

⟨a |b ⟩ Scalar product of a and b j aj b j

b ,a ⊗ b

a ⊗b Tensorial product of a and b

B Set of binary digits {0, 1}

C12 (U ) Controlled-U

|j⟩ Ket of j

F Quantum Fourier Transform

I2n Identity matrix of dimension 2n

n

H (n) Space of q-vectors of order n C2

(∑ n )

2 −1

h (n) Hadamard q-vector of lenght n ρn j=0 |j⟩

1 1

H Hadamard matrix ρ

1 −1

ML (a ) q-measurement of a at the positions {l1 , . . . , lr }

Nr,s Controlled negation Cr,s (X)

√

ρ 1/ 2

50 J. RUÉ AND S. XAMBÓ

cos θ2 − sin θ2

Ry (φ)

sin θ2 cos θ2

e−iθ/2 0

Rz (θ)

0 eiθ/2

1

σx = X Pauli matrix x

1

−i

σy = Y Pauli matrix y

i

1

σz = Z Pauli matrix z

−1

1 0

Sα Shift matrix of angle α

0 eiα

Swap[r, s] Transposition of bits r and s

(n)

U Group of unitary matrices of dimension 2n

U ⊗ U′ Tensorial product of matrices

†

U Adjoint matrix UT

U ⊗n U ⊗ . n. . ⊗U

Cantoblanco UAM, 28049 Madrid, Spain.

Matemàtica Aplicada II, Universitat Politècnica de Catalunya, Edifici OMEGA,

c/ Jordi Girona 1-3, 08034 Barcelona, Spain.

E-mail address: juanjo.rue@icmat.es, sebastia.xambo@upc.edu

## Гораздо больше, чем просто документы.

Откройте для себя все, что может предложить Scribd, включая книги и аудиокниги от крупных издательств.

Отменить можно в любой момент.