Simon's problem

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

In the computational complexity theory and quantum computing, Simon's problem is a computational problem that can be solved exponentially faster on a quantum computer than on a classical (or traditional) computer. Although the problem itself is of little practical value, it can be proved that a quantum algorithm can solve this problem exponentially faster than any known classical algorithm.[1]

The problem is set in the model of decision tree complexity or query complexity and was conceived by Daniel Simon in 1994.[2] Simon exhibited a quantum algorithm, usually called Simon's algorithm, that solves the problem exponentially faster than any deterministic or probabilistic classical algorithm, requiring exponentially less computation time (or more precisely, queries) than the best classical probabilistic algorithm.

This problem yields an oracle separation[clarification needed] between the complexity classes BPP and BQP, unlike the separation provided by the Deutsch–Jozsa algorithm, which separates P and EQP.

Simon's algorithm was also the inspiration for Shor's algorithm[citation needed]. Both problems are special cases of the Abelian hidden subgroup problem, which is now known to have efficient quantum algorithms.

Problem description[edit]

Given a function (implemented by a black box or oracle) , promised to satisfy the property that, for some , we have, for all ,

if and only if

In the case , then is required to be a one-to-one function (otherwise it is a two-to-one function, that is, two inputs map to the same output). Note that if and only if .

So, in other words, is a function such that , for all and given some fixed and unknown .

The problem is to find .

Example[edit]

For example, if , then the following function is an example of a function that satisfies the required and just mentioned property:

000 101
001 010
010 000
011 110
100 000
101 110
110 101
111 010

In this case, (i.e. the solution). It can easily be verified that every output of occurs twice, and the two input strings corresponding to any one given output have bitwise XOR equal to . For example, the input strings and are both mapped (by ) to the same output string . If we XOR and we obtain , that is

.

Note that, in this example, the function is indeed a two-to-one function.

Problem hardness[edit]

Intuitively, this is a very hard problem to solve in a "classical" way, even if one uses randomness and accepts a small probability of error. The intuition behind the hardness is reasonably simple: if you want to solve the problem classically, you need to find two different inputs and for which . There is not necessarily any structure in the function that would help us to find two such inputs: more specifically, we can discover something about (or what it does) only when, for two different inputs, we obtain the same output. In any case, we would need to guess different inputs before being likely to find a pair on which takes the same output.

Overview of Simon's algorithm[edit]

Idea[edit]

The high-level idea behind Simon's algorithm is to "probe" (or "sample") a quantum circuit (see the picture below) "enough times" to find (linearly independent) n-bit strings, that is

such that the following equations are satisfied

where , and , for and for .

So, this linear system contains linear equations in unknowns (i.e. the bits of ), and the goal is to solve it to obtain . Note that is fixed for a given function . Note also that we may not find a (unique) solution.

Simon's quantum circuit[edit]

Quantum circuit representing/implementing Simon's algorithm

The quantum circuit (see the picture) is the implementation (and visualization) of the quantum part of Simon's algorithm.

A quantum state of all zeros is first prepared (this can easily be done). Half of this state is then transformed using a Hadamard transform. The result is then fed into an "oracle" (or "black box"), which knows how to compute . After that, part of the output produced by the "oracle" is transformed using another Hadamard transform. Finally, a measurement on the overall resulting quantum state is performed. It is during this measurement that we retrieve the n-bit strings, , mentioned in the previous sub-section.

Simon's algorithm can be thought of as an iterative algorithm (which makes use of a quantum circuit) followed by a (possibly) "classical" algorithm to find the solution to a linear system of equations.

Simon's algorithm[edit]

In this section, each part of Simon's algorithm is explained (in detail). It may be useful to look at the picture of Simon's quantum circuit above while reading each of the following sub-sections.

Input[edit]

Simon's algorithm starts with the input , where is the quantum state with zeros.

(The symbol is the typical symbol used to represent the tensor product. To not clutter the notation, the symbol is sometimes omitted: for example, in the previous sentence, is equivalent to . In this article, it is (often) used to remove ambiguity or to avoid confusion.)

Example[edit]

So, for example, if , then the initial input is

.

First Hadamard transformation[edit]

After that, the input (as described in the previous sub-section) is transformed using a Hadamard transform. Specifically, the Hadamard transform (note that the tensor product can also be applied to matrices) is applied to the first qubits, that is, to the "partial" state , so that the composite state after this operation is

where denotes any n-bit string (i.e. the summation is over any n-bit string). The term can be factored out of the summation because it does not depend on (i.e. it is a constant with respect to ). Note that .

Example[edit]

Suppose (again) , then the input is and the Hadamard transform is

If we now apply to the first , i.e. to the state

we obtain

To obtain the final composite quantum state, we can now tensor product with , that is

Oracle[edit]

We then call the oracle or black-box ( in the picture above) to compute the function on the transformed input , to obtain the state

Second Hadamard transformation[edit]

We then apply the Hadamard transform to the states of the first qubits of the state , to obtain

where can either be or , depending on , where , for . So, for example, if and , then , which is an even number. Thus, in this case, . Note that is always a non-negative number.

Let's now rewrite

as follows

This manipulation will be convenient to understand the explanations in the next sections. Note that we have switched the order of the summations.

Measurement[edit]

After having performed all previously described operations, at the end of the circuit, a measurement is performed.

There are now two possible cases we need to consider separately

  • or
  • , where .

First case[edit]

Let's first analyze the (special) case , which means that is (by requirement) a one-to-one function (as explained above in the "problem description").

Let's keep in mind that the quantum state before the measurement is

Now, the probability that the measurement results in each string is

One way to see that the previous equation is true is to note that

because the two vectors only differ in the ordering of their entries, given that is one-to-one.

The value of the right-hand side, that is

is more easily seen to be .

Thus, when , the outcome is simply a uniformly distributed -bit string.

Second case[edit]

Let's now analyze the case , where . Note that, in this case, is a two-to-one function, that is, there are two inputs that map to the same output of .

The analysis performed in the first case is still valid for this second case, that is, the probability to measure any given string can still be represented as

However, in this second case, we still need to figure out what this value of is. Let's see why in the following explanations.

Let . Let (i.e. is some output of the function ), then note that, for every , there is one (and only one) , such that ; moreover, we also have , which is equivalent to (see "the problem description" section above for a review of this concept).

Hence, we have

Given that , then we can rewrite the coefficient as follows

Given that , then we can further write the expression above as

So, can further be written as

Odd number[edit]

Now, if is an odd number, then . In that case,

Consequently, we have

Given that , then we never have this case, that is, no string is seen (after the measurement) in this case.

(This is the case where we have destructive interference.)

Even number[edit]

If, instead, is an even number (e.g. zero), then . In that case,

So, we have

Note that .

(This is the case where we have constructive interference.)

So, in summary, for this second case, we have the following probabilities

Classical post-processing[edit]

When we run the circuit (operations) above, there are two cases:

  • in the (special) case where , the measurement results in each string with probability
  • in the case (where ), the probability to obtain each string is given by

Thus, in both cases, the measurement results in some string that satisfies , and the distribution is uniform over all of the strings that satisfy this constraint.

Is this enough information to determine ? The answer is "yes", provided that the process (above) is repeated several times (and a small probability of failure is accepted). Specifically, if the above process is run times, we get strings , such that

This is a system if linear equations in unknowns (i.e. the bits of ), and the goal is to solve it to obtain . Note that each of the that we obtain after each measurement (for each "round" of the process) is, of course, the result of a measurement, so it is known (at the end of each "round").

We only get a unique non-zero solution if we are "lucky" and are linearly independent. The probability that are linearly independent is at least

If we have linear independence, we can solve the system to get a candidate solution and test that . If , we know that , and the problem has been solved. If , it must be that (because, if this were not so, the unique non-zero solution to the linear equations would have been ). Either way, once we have linear independence, we can solve the problem.

Complexity[edit]

Simon's algorithm requires queries to the black box, whereas a classical algorithm would need at least queries. It is also known that Simon's algorithm is optimal in the sense that any quantum algorithm to solve this problem requires queries.[3][4]

See also[edit]

References[edit]

  1. ^ Arora, Sanjeev and Barak, Boaz. Computational Complexity: A Modern Approach. Cambridge University Press. 
  2. ^ Simon, D.R. (1995), "On the power of quantum computation", Foundations of Computer Science, 1996 Proceedings., 35th Annual Symposium on: 116–123, retrieved 2011-06-06 
  3. ^ Koiran, P.; Nesme, V.; Portier, N. (2007), "The quantum query complexity of the Abelian hidden subgroup problem", Theoretical Computer Science, 380 (1-2): 115–126, doi:10.1016/j.tcs.2007.02.057, retrieved 2011-06-06 
  4. ^ Koiran, P.; Nesme, V.; Portier, N. (2005), "A quantum lower bound for the query complexity of Simon's Problem", Proc. ICALP, 3580: 1287–1298, arXiv:quant-ph/0501060Freely accessible, Bibcode:2005quant.ph..1060K, retrieved 2011-06-06