-
Buildings for Synthesis with Clifford+R
Authors:
Mark Deaconu,
Nihar Gargava,
Amolak Ratan Kalra,
Michele Mosca,
Jon Yard
Abstract:
We study the problem of exact synthesis for the Clifford+R gate set and give the explicit structure of the underlying Bruhat-Tits building for this group. In this process, we also give an alternative proof of the arithmetic nature of the Clifford+R gate set.
We study the problem of exact synthesis for the Clifford+R gate set and give the explicit structure of the underlying Bruhat-Tits building for this group. In this process, we also give an alternative proof of the arithmetic nature of the Clifford+R gate set.
△ Less
Submitted 13 October, 2025;
originally announced October 2025.
-
A Complete and Natural Rule Set for Multi-Qutrit Clifford Circuits
Authors:
Sarah Meng Li,
Michele Mosca,
Neil J. Ross,
John van de Wetering,
Yuming Zhao
Abstract:
We present a complete set of rewrite rules for n-qutrit Clifford circuits where n is any non-negative integer. This is the first completeness result for any fragment of quantum circuits in odd prime dimensions. We first generalize Selinger's normal form for n-qubit Clifford circuits to the qutrit setting. Then, we present a rewrite system by which any Clifford circuit can be reduced to this normal…
▽ More
We present a complete set of rewrite rules for n-qutrit Clifford circuits where n is any non-negative integer. This is the first completeness result for any fragment of quantum circuits in odd prime dimensions. We first generalize Selinger's normal form for n-qubit Clifford circuits to the qutrit setting. Then, we present a rewrite system by which any Clifford circuit can be reduced to this normal form. We then simplify the rewrite rules in this procedure to a small natural set of rules, giving a clean presentation of the group of qutrit Clifford unitaries in terms of generators and relations.
△ Less
Submitted 20 August, 2025;
originally announced August 2025.
-
qLUE: A Quantum Clustering Algorithm for Multi- Dimensional Datasets
Authors:
Dhruv Gopalakrishnan,
Luca Dellantonio,
Antonio Di Pilato,
Wahid Redjeb,
Felice Pantaleo,
Michele Mosca
Abstract:
Clustering algorithms are at the basis of several technological applications, and are fueling the development of rapidly evolving fields such as machine learning. In the recent past, however, it has become apparent that they face challenges stemming from datasets that span more spatial dimensions. In fact, the best-performing clustering algorithms scale linearly in the number of points, but quadra…
▽ More
Clustering algorithms are at the basis of several technological applications, and are fueling the development of rapidly evolving fields such as machine learning. In the recent past, however, it has become apparent that they face challenges stemming from datasets that span more spatial dimensions. In fact, the best-performing clustering algorithms scale linearly in the number of points, but quadratically with respect to the local density of points. In this work, we introduce qLUE, a quantum clustering algorithm that scales linearly in both the number of points and their density. qLUE is inspired by CLUE, an algorithm developed to address the challenging time and memory budgets of Event Reconstruction (ER) in future High-Energy Physics experiments. As such, qLUE marries decades of development with the quadratic speedup provided by quantum computers. We numerically test qLUE in several scenarios, demonstrating its effectiveness and proving it to be a promising route to handle complex data analysis tasks -- especially in high-dimensional datasets with high densities of points.
△ Less
Submitted 7 July, 2024; v1 submitted 29 June, 2024;
originally announced July 2024.
-
Improving the Fidelity of CNOT Circuits on NISQ Hardware
Authors:
Dohun Kim,
Minyoung Kim,
Sarah Meng Li,
Michele Mosca
Abstract:
We introduce an improved CNOT synthesis algorithm that considers nearest-neighbour interactions and CNOT gate error rates in noisy intermediate-scale quantum (NISQ) hardware. Compared to IBM's Qiskit compiler, it improves the fidelity of a synthesized CNOT circuit by about 2 times on average (up to 9 times). It lowers the synthesized CNOT count by a factor of 13 on average (up to a factor of 162).…
▽ More
We introduce an improved CNOT synthesis algorithm that considers nearest-neighbour interactions and CNOT gate error rates in noisy intermediate-scale quantum (NISQ) hardware. Compared to IBM's Qiskit compiler, it improves the fidelity of a synthesized CNOT circuit by about 2 times on average (up to 9 times). It lowers the synthesized CNOT count by a factor of 13 on average (up to a factor of 162).
Our contribution is twofold. First, we define a $\textsf{Cost}$ function by approximating the average gate fidelity $F_{avg}$. According to the simulation results, $\textsf{Cost}$ fits the error probability of a noisy CNOT circuit, $\textsf{Prob} = 1 - F_{avg}$, much tighter than the commonly used cost functions. On IBM's fake Nairobi backend, it matches $\textsf{Prob}$ to within $10^{-3}$. On other backends, it fits $\textsf{Prob}$ to within $10^{-1}$. $\textsf{Cost}$ accurately quantifies the dynamic error characteristics and shows remarkable scalability. Second, we propose a noise-aware CNOT routing algorithm, NAPermRowCol, by adapting the leading Steiner-tree-based connectivity-aware CNOT synthesis algorithms. A weighted edge is used to encode a CNOT gate error rate and $\textsf{Cost}$-instructed heuristics are applied to each reduction step. NAPermRowCol does not use ancillary qubits and is not restricted to certain initial qubit maps. Compared with algorithms that are noise-agnostic, it improves the fidelity of a synthesized CNOT circuit across varied NISQ hardware. Depending on the benchmark circuit and the IBM backend selected, it lowers the synthesized CNOT count up to $56.95\%$ compared to ROWCOL and up to $21.62\%$ compared to PermRowCol. It reduces the synthesis $\textsf{Cost}$ up to $25.71\%$ compared to ROWCOL and up to $9.12\%$ compared to PermRowCol. Our method can be extended to route a more general quantum circuit, giving a powerful new tool for compiling on NISQ devices.
△ Less
Submitted 30 May, 2024;
originally announced May 2024.
-
Field demonstration of a fully managed, L1 encrypted 3-node network with hybrid relayed-QKD and centralized symmetric classical key management
Authors:
N. Makris,
A. Papageorgopoulos,
K. Tsimvrakidis,
P. Konteli,
Y. Gautier,
M. Terenziani,
E. Daudin,
D. Ntoulias,
T. Fragkioudakis,
I. Meletios,
M. Mosca,
D. Hobbs,
T. Rosati,
I. Papastamatiou,
O. Prnjat,
K. Koumantaros,
D. Mitropoulos,
Jean-Robert Morax,
Bruno Huttner,
O. K. Christodoulopoulos,
G. T. Kanellos,
D. Syvridis
Abstract:
We successfully demonstrated a fully-managed, field-deployed, three-node QKD ring network with L1-OTNsec encryption, that employs a hybrid scheme of QKD and classical yet quantum-safe centrally-generated symmetric keys to support point-to-point and relay consumers.
We successfully demonstrated a fully-managed, field-deployed, three-node QKD ring network with L1-OTNsec encryption, that employs a hybrid scheme of QKD and classical yet quantum-safe centrally-generated symmetric keys to support point-to-point and relay consumers.
△ Less
Submitted 13 March, 2024;
originally announced March 2024.
-
Assessing the Benefits and Risks of Quantum Computers
Authors:
Travis L. Scholten,
Carl J. Williams,
Dustin Moody,
Michele Mosca,
William Hurley,
William J. Zeng,
Matthias Troyer,
Jay M. Gambetta
Abstract:
Quantum computing is an emerging technology with potentially far-reaching implications for national prosperity and security. Understanding the timeframes over which economic benefits and national security risks may manifest themselves is vital for ensuring the prudent development of this technology. To inform security experts and policy decision makers on this matter, we review what is currently k…
▽ More
Quantum computing is an emerging technology with potentially far-reaching implications for national prosperity and security. Understanding the timeframes over which economic benefits and national security risks may manifest themselves is vital for ensuring the prudent development of this technology. To inform security experts and policy decision makers on this matter, we review what is currently known on the potential uses and risks of quantum computers, leveraging current research literature.
The maturity of currently-available quantum computers is not yet at a level such that they can be used in production for large-scale, industrially-relevant problems, and they are not believed to currently pose security risks. We identify 2 large-scale trends -- new approximate methods (variational algorithms, error mitigation, and circuit knitting) and the commercial exploration of business-relevant quantum applications -- which, together, may enable useful and practical quantum computing in the near future.
Crucially, these methods do not appear likely to change the required resources for cryptanalysis on currently-used cryptosystems. From an analysis we perform of the current and known algorithms for cryptanalysis, we find they require circuits of a size exceeding those that can be run by current and near-future quantum computers (and which will require error correction), though we acknowledge improvements in quantum algorithms for these problems are taking place in the literature. In addition, the risk to cybersecurity can be well-managed by the migration to new, quantum-safe cryptographic protocols, which we survey and discuss.
Given the above, we conclude there is a credible expectation that quantum computers will be capable of performing computations which are economically-impactful before they will be capable of performing ones which are cryptographically-relevant.
△ Less
Submitted 13 February, 2024; v1 submitted 29 January, 2024;
originally announced January 2024.
-
Synthesis and Arithmetic of Single Qutrit Circuits
Authors:
Amolak Ratan Kalra,
Michele Mosca,
Dinesh Valluri
Abstract:
In this paper we study single qutrit circuits consisting of words over the Clifford$+D$ cyclotomic gate set, where $D=\text{diag}(\pmξ^{a},\pmξ^{b},\pmξ^{c})$, $ξ$ is a primitive $9$-th root of unity and $a,b,c$ are integers. We characterize classes of qutrit unit vectors $z$ with entries in $\mathbb{Z}[ξ, \frac{1}χ]$ based on the possibility of reducing their smallest denominator exponent (sde) w…
▽ More
In this paper we study single qutrit circuits consisting of words over the Clifford$+D$ cyclotomic gate set, where $D=\text{diag}(\pmξ^{a},\pmξ^{b},\pmξ^{c})$, $ξ$ is a primitive $9$-th root of unity and $a,b,c$ are integers. We characterize classes of qutrit unit vectors $z$ with entries in $\mathbb{Z}[ξ, \frac{1}χ]$ based on the possibility of reducing their smallest denominator exponent (sde) with respect to $χ:= 1 - ξ,$ by acting an appropriate gate in Clifford$+D$. We do this by studying the notion of `derivatives mod $3$' of an arbitrary element of $\mathbb{Z}[ξ]$ and using it to study the smallest denominator exponent of $HDz$ where $H$ is the qutrit Hadamard gate and $D$. In addition, we reduce the problem of finding all unit vectors of a given sde to that of finding integral solutions of a positive definite quadratic form along with some additional constraints. As a consequence we prove that the Clifford$+D$ gates naturally arise as gates with sde $0$ and $3$ in the group $U(3,\mathbb{Z}[ξ, \frac{1}χ])$ of $3 \times 3$ unitaries with entries in $\mathbb{Z}[ξ, \frac{1}χ]$. We illustrate the general applicability of these methods to obtain an exact synthesis algorithm for Clifford$+R$ and recover the previous exact synthesis algorithm in \cite{kmm}. The framework developed to formulate qutrit gate synthesis for Clifford$+D$ extends to qudits of arbitrary prime power.
△ Less
Submitted 18 February, 2025; v1 submitted 14 November, 2023;
originally announced November 2023.
-
A square-root speedup for finding the smallest eigenvalue
Authors:
Alex Kerzner,
Vlad Gheorghiu,
Michele Mosca,
Thomas Guilbaud,
Federico Carminati,
Fabio Fracas,
Luca Dellantonio
Abstract:
We describe a quantum algorithm for finding the smallest eigenvalue of a Hermitian matrix. This algorithm combines Quantum Phase Estimation and Quantum Amplitude Estimation to achieve a quadratic speedup with respect to the best classical algorithm in terms of matrix dimensionality, i.e., $\widetilde{\mathcal{O}}(\sqrt{N}/ε)$ black-box queries to an oracle encoding the matrix, where $N$ is the mat…
▽ More
We describe a quantum algorithm for finding the smallest eigenvalue of a Hermitian matrix. This algorithm combines Quantum Phase Estimation and Quantum Amplitude Estimation to achieve a quadratic speedup with respect to the best classical algorithm in terms of matrix dimensionality, i.e., $\widetilde{\mathcal{O}}(\sqrt{N}/ε)$ black-box queries to an oracle encoding the matrix, where $N$ is the matrix dimension and $ε$ is the desired precision. In contrast, the best classical algorithm for the same task requires $Ω(N)\text{polylog}(1/ε)$ queries. In addition, this algorithm allows the user to select any constant success probability. We also provide a similar algorithm with the same runtime that allows us to prepare a quantum state lying mostly in the matrix's low-energy subspace. We implement simulations of both algorithms and demonstrate their application to problems in quantum chemistry and materials science.
△ Less
Submitted 15 November, 2023; v1 submitted 7 November, 2023;
originally announced November 2023.
-
Graphical CSS Code Transformation Using ZX Calculus
Authors:
Jiaxin Huang,
Sarah Meng Li,
Lia Yeh,
Aleks Kissinger,
Michele Mosca,
Michael Vasmer
Abstract:
In this work, we present a generic approach to transform CSS codes by building upon their equivalence to phase-free ZX diagrams. Using the ZX calculus, we demonstrate diagrammatic transformations between encoding maps associated with different codes. As a motivating example, we give explicit transformations between the Steane code and the quantum Reed-Muller code, since by switching between these…
▽ More
In this work, we present a generic approach to transform CSS codes by building upon their equivalence to phase-free ZX diagrams. Using the ZX calculus, we demonstrate diagrammatic transformations between encoding maps associated with different codes. As a motivating example, we give explicit transformations between the Steane code and the quantum Reed-Muller code, since by switching between these two codes, one can obtain a fault-tolerant universal gate set. To this end, we propose a bidirectional rewrite rule to find a (not necessarily transversal) physical implementation for any logical ZX diagram in any CSS code.
Then we focus on two code transformation techniques: code morphing, a procedure that transforms a code while retaining its fault-tolerant gates, and gauge fixing, where complimentary codes can be obtained from a common subsystem code (e.g., the Steane and the quantum Reed-Muller codes from the [[15,1,3,3]] code). We provide explicit graphical derivations for these techniques and show how ZX and graphical encoder maps relate several equivalent perspectives on these code-transforming operations.
△ Less
Submitted 1 September, 2023; v1 submitted 5 July, 2023;
originally announced July 2023.
-
T-count and T-depth of any multi-qubit unitary
Authors:
Vlad Gheorghiu,
Michele Mosca,
Priyanka Mukhopadhyay
Abstract:
While implementing a quantum algorithm it is crucial to reduce the quantum resources, in order to obtain the desired computational advantage. For most fault-tolerant quantum error-correcting codes the cost of implementing the non-Clifford gate is the highest among all the gates in a universal fault-tolerant gate set. In this paper we design provable algorithm to determine T-count of any $n$-qubit…
▽ More
While implementing a quantum algorithm it is crucial to reduce the quantum resources, in order to obtain the desired computational advantage. For most fault-tolerant quantum error-correcting codes the cost of implementing the non-Clifford gate is the highest among all the gates in a universal fault-tolerant gate set. In this paper we design provable algorithm to determine T-count of any $n$-qubit ($n\geq 1$) unitary $W$ of size $2^n\times 2^n$, over the Clifford+T gate set. The space and time complexity of our algorithm are $O\left(2^{2n}\right)$ and $O\left(2^{2n\mathcal{T}_ε(W)+4n}\right)$ respectively. $\mathcal{T}_ε(W)$ ($ε$-T-count) is the (minimum possible) T-count of an exactly implementable unitary $U$ i.e. $\mathcal{T}(U)$, such that $d(U,W)\leqε$ and $\mathcal{T}(U)\leq\mathcal{T}(U')$ where $U'$ is any exactly implementable unitary with $d(U',W)\leqε$. $d(.,.)$ is the global phase invariant distance. Our algorithm can also be used to determine the (minimum possible) T-depth of any multi-qubit unitary and the complexity has exponential dependence on $n$ and $ε$-T-depth. This is the first algorithm that gives T-count or T-depth of any multi-qubit ($n\geq 1$) unitary. For small enough $ε$, we can synthesize the T-count and T-depth-optimal circuits. Our results can be used to determine the minimum count (or depth) of non-Clifford gates required to implement any multi-qubit unitary with a universal gate set consisting of Clifford and non-Clifford gates like Clifford+CS, Clifford+V, etc. To the best of our knowledge, there were no such optimal-synthesis algorithm for arbitrary multi-qubit unitaries in any universal gate set.
△ Less
Submitted 9 February, 2023; v1 submitted 19 October, 2021;
originally announced October 2021.
-
Fast predictions of lattice energies by continuous isometry invariants of crystal structures
Authors:
Jakob Ropers,
Marco M Mosca,
Olga Anosova,
Vitaliy Kurlin,
Andrew I Cooper
Abstract:
Crystal Structure Prediction (CSP) aims to discover solid crystalline materials by optimizing periodic arrangements of atoms, ions or molecules. CSP takes weeks of supercomputer time because of slow energy minimizations for millions of simulated crystals. The lattice energy is a key physical property, which determines thermodynamic stability of a crystal but has no simple analytic expression. Past…
▽ More
Crystal Structure Prediction (CSP) aims to discover solid crystalline materials by optimizing periodic arrangements of atoms, ions or molecules. CSP takes weeks of supercomputer time because of slow energy minimizations for millions of simulated crystals. The lattice energy is a key physical property, which determines thermodynamic stability of a crystal but has no simple analytic expression. Past machine learning approaches to predict the lattice energy used slow crystal descriptors depending on manually chosen parameters. The new area of Periodic Geometry offers much faster isometry invariants that are also continuous under perturbations of atoms. Our experiments on simulated crystals confirm that a small distance between the new invariants guarantees a small difference of energies. We compare several kernel methods for invariant-based predictions of energy and achieve the mean absolute error of less than 5kJ/mole or 0.05eV/atom on a dataset of 5679 crystals.
△ Less
Submitted 11 August, 2021;
originally announced August 2021.
-
A (quasi-)polynomial time heuristic algorithm for synthesizing T-depth optimal circuits
Authors:
Vlad Gheorghiu,
Michele Mosca,
Priyanka Mukhopadhyay
Abstract:
We investigate the problem of synthesizing T-depth optimal quantum circuits over the Clifford+T gate set. First we construct a special subset of T-depth 1 unitaries, such that it is possible to express the T-depth-optimal decomposition of any unitary as product of unitaries from this subset and a Clifford (up to global phase). The cardinality of this subset is at most $n\cdot 2^{5.6n}$. We use nes…
▽ More
We investigate the problem of synthesizing T-depth optimal quantum circuits over the Clifford+T gate set. First we construct a special subset of T-depth 1 unitaries, such that it is possible to express the T-depth-optimal decomposition of any unitary as product of unitaries from this subset and a Clifford (up to global phase). The cardinality of this subset is at most $n\cdot 2^{5.6n}$. We use nested meet-in-the-middle (MITM) technique to develop algorithms for synthesizing provably \emph{depth-optimal} and \emph{T-depth-optimal} circuits for exactly implementable unitaries. Specifically, for synthesizing T-depth-optimal circuits, we get an algorithm with space and time complexity $O\left(\left(4^{n^2}\right)^{\lceil d/c\rceil}\right)$ and $O\left(\left(4^{n^2}\right)^{(c-1)\lceil d/c\rceil}\right)$ respectively, where $d$ is the minimum T-depth and $c\geq 2$ is a constant. This is much better than the complexity of the algorithm by Amy et al.(2013), the previous best with a complexity $O\left(\left(3^n\cdot 2^{kn^2}\right)^{\lceil \frac{d}{2}\rceil}\cdot 2^{kn^2}\right)$, where $k>2.5$ is a constant. We design an even more efficient algorithm for synthesizing T-depth-optimal circuits. The claimed efficiency and optimality depends on some conjectures, which have been inspired from the work of Mosca and Mukhopadhyay (2020). To the best of our knowledge, the conjectures are not related to the previous work. Our algorithm has space and time complexity $poly(n,2^{5.6n},d)$ (or $poly(n^{\log n},2^{5.6n},d)$ under some weaker assumptions).
△ Less
Submitted 13 September, 2022; v1 submitted 8 January, 2021;
originally announced January 2021.
-
Reducing the CNOT count for Clifford+T circuits on NISQ architectures
Authors:
Vlad Gheorghiu,
Jiaxin Huang,
Sarah Meng Li,
Michele Mosca,
Priyanka Mukhopadhyay
Abstract:
While mapping a quantum circuit to the physical layer one has to consider the numerous constraints imposed by the underlying hardware architecture. Connectivity of the physical qubits is one such constraint that restricts two-qubit operations, such as CNOT, to "connected" qubits. SWAP gates can be used to place the logical qubits on admissible physical qubits, but they entail a significant increas…
▽ More
While mapping a quantum circuit to the physical layer one has to consider the numerous constraints imposed by the underlying hardware architecture. Connectivity of the physical qubits is one such constraint that restricts two-qubit operations, such as CNOT, to "connected" qubits. SWAP gates can be used to place the logical qubits on admissible physical qubits, but they entail a significant increase in CNOT-count. In this paper we consider the problem of reducing the CNOT-count in Clifford+T circuits on connectivity constrained architectures, like noisy intermediate-scale quantum (NISQ) computing devices. We "slice" the circuit at the position of Hadamard gates and "build" the intermediate {CNOT,T} sub-circuits using Steiner trees, significantly improving on previous methods. We compared the performance of our algorithms while mapping different benchmark and random circuits to some well-known architectures such as 9-qubit square grid, 16-qubit square grid, Rigetti 16-qubit Aspen, 16-qubit IBM QX5 and 20-qubit IBM Tokyo. Our methods give less CNOT-count compared to Qiskit and TKET transpiler as well as using SWAP gates. Assuming most of the errors in a NISQ circuit implementation are due to CNOT errors, then our method would allow circuits with few times more CNOT gates be reliably implemented than the previous methods would permit.
△ Less
Submitted 10 October, 2022; v1 submitted 24 November, 2020;
originally announced November 2020.
-
PQFabric: A Permissioned Blockchain Secure from Both Classical and Quantum Attacks
Authors:
Amelia Holcomb,
Geovandro C. C. F. Pereira,
Bhargav Das,
Michele Mosca
Abstract:
Hyperledger Fabric is a prominent and flexible solution for building permissioned distributed ledger platforms. Access control and identity management relies on a Membership Service Provider (MSP) whose cryptographic interface only handles standard PKI methods for authentication: RSA and ECDSA classical signatures. Also, MSP-issued credentials may use only one signature scheme, tying the credentia…
▽ More
Hyperledger Fabric is a prominent and flexible solution for building permissioned distributed ledger platforms. Access control and identity management relies on a Membership Service Provider (MSP) whose cryptographic interface only handles standard PKI methods for authentication: RSA and ECDSA classical signatures. Also, MSP-issued credentials may use only one signature scheme, tying the credential-related functions to classical single-signature primitives. RSA and ECDSA are vulnerable to quantum attacks, with an ongoing post-quantum standardization process to identify quantum-safe drop-in replacements. In this paper, we propose a redesign of Fabric's credential-management procedures and related specifications in order to incorporate hybrid digital signatures, protecting against both classical and quantum attacks using one classical and one quantum-safe signature. We create PQFabric, an implementation of Fabric with hybrid signatures that integrates with the Open Quantum Safe (OQS) library. Our implementation offers complete crypto-agility, with the ability to perform live migration to a hybrid quantum-safe blockchain and select any existing OQS signature algorithm for each node. We perform comparative benchmarks of PQFabric with each of the NIST candidates and alternates, revealing that long public keys and signatures lead to an increase in hashing time that is sometimes comparable to the time spent signing or verifying messages itself. This is a new and potentially significant issue in the migration of blockchains to post-quantum signatures.
△ Less
Submitted 23 December, 2020; v1 submitted 13 October, 2020;
originally announced October 2020.
-
The asymptotic behaviour and a near linear time algorithm for isometry invariants of periodic sets
Authors:
Daniel Widdowson,
Marco Mosca,
Angeles Pulido,
Vitaliy Kurlin,
Andrew I Cooper
Abstract:
The fundamental model of a periodic structure is a periodic point set up to rigid motion or isometry. Our recent paper in SoCG 2021 defined isometry invariants (density functions), which are complete in general position and continuous under perturbations. This work introduces much faster isometry invariants (average minimum distances), which are also continuous and distinguish some sets that have…
▽ More
The fundamental model of a periodic structure is a periodic point set up to rigid motion or isometry. Our recent paper in SoCG 2021 defined isometry invariants (density functions), which are complete in general position and continuous under perturbations. This work introduces much faster isometry invariants (average minimum distances), which are also continuous and distinguish some sets that have identical density functions. We explicitly describe the asymptotic behaviour of the new invariants for a wide class of sets including non-periodic. The proposed near linear time algorithm processed a dataset of hundreds of thousands of real structures in a few hours on a modest desktop.
△ Less
Submitted 11 May, 2021; v1 submitted 5 September, 2020;
originally announced September 2020.
-
A polynomial time and space heuristic algorithm for T-count
Authors:
Michele Mosca,
Priyanka Mukhopadhyay
Abstract:
This work focuses on reducing the physical cost of implementing quantum algorithms when using the state-of-the-art fault-tolerant quantum error correcting codes, in particular, those for which implementing the T gate consumes vastly more resources than the other gates in the gate set. More specifically, we consider the group of unitaries that can be exactly implemented by a quantum circuit consist…
▽ More
This work focuses on reducing the physical cost of implementing quantum algorithms when using the state-of-the-art fault-tolerant quantum error correcting codes, in particular, those for which implementing the T gate consumes vastly more resources than the other gates in the gate set. More specifically, we consider the group of unitaries that can be exactly implemented by a quantum circuit consisting of the Clifford+T gate set, a universal gate set. Our primary interest is to compute a circuit for a given $n$-qubit unitary $U$, using the minimum possible number of T gates (called the T-count of unitary $U$). We consider the problem COUNT-T, the optimization version of which aims to find the T-count of $U$. In its decision version the goal is to decide if the T-count is at most some positive integer $m$. Given an oracle for COUNT-T, we can compute a T-count-optimal circuit in time polynomial in the T-count and dimension of $U$. We give a provable classical algorithm that solves COUNT-T (decision) in time $O\left(N^{2(c-1)\lceil\frac{m}{c}\rceil}\text{poly}(m,N)\right)$ and space $O\left(N^{2\lceil\frac{m}{c}\rceil}\text{poly}(m,N)\right)$, where $N=2^n$ and $c\geq 2$. This gives a space-time trade-off for solving this problem with variants of meet-in-the-middle techniques. We also introduce an asymptotically faster multiplication method that shaves a factor of $N^{0.7457}$ off of the overall complexity. Lastly, beyond our improvements to the rigorous algorithm, we give a heuristic algorithm that outputs a T-count-optimal circuit and has space and time complexity $\text{poly}(m,N)$, under some assumptions. While our heuristic method still scales exponentially with the number of qubits (though with a lower exponent, there is a large improvement by going from exponential to polynomial scaling with $m$.
△ Less
Submitted 6 October, 2021; v1 submitted 22 June, 2020;
originally announced June 2020.
-
Voronoi-based similarity distances between arbitrary crystal lattices
Authors:
Marco Michele Mosca,
Vitaliy Kurlin
Abstract:
This paper develops a new continuous approach to a similarity between periodic lattices of ideal crystals. Quantifying a similarity between crystal structures is needed to substantially speed up the Crystal Structure Prediction, because the prediction of many target properties of crystal structures is computationally slow and is essentially repeated for many nearly identical simulated structures.…
▽ More
This paper develops a new continuous approach to a similarity between periodic lattices of ideal crystals. Quantifying a similarity between crystal structures is needed to substantially speed up the Crystal Structure Prediction, because the prediction of many target properties of crystal structures is computationally slow and is essentially repeated for many nearly identical simulated structures. The proposed distances between arbitrary periodic lattices of crystal structures are invariant under all rigid motions, satisfy the metric axioms and continuity under atomic perturbations. The above properties make these distances ideal tools for clustering and visualizing large datasets of crystal structures. All the conclusions are rigorously proved and justified by experiments on real and simulated crystal structures reported in the Nature 2017 paper "Functional materials discovery using energy-structure-function maps".
△ Less
Submitted 25 February, 2020;
originally announced February 2020.
-
On speeding up factoring with quantum SAT solvers
Authors:
Michele Mosca,
João Marcos Vensi Basso,
Sebastian R. Verschoor
Abstract:
There have been several efforts to apply quantum SAT solving methods to factor large integers. While these methods may provide insight into quantum SAT solving, to date they have not led to a convincing path to integer factorization that is competitive with the best known classical method, the Number Field Sieve. Many of the techniques tried involved directly encoding multiplication to SAT or an e…
▽ More
There have been several efforts to apply quantum SAT solving methods to factor large integers. While these methods may provide insight into quantum SAT solving, to date they have not led to a convincing path to integer factorization that is competitive with the best known classical method, the Number Field Sieve. Many of the techniques tried involved directly encoding multiplication to SAT or an equivalent NP-hard problem and looking for satisfying assignments of the variables representing the prime factors. The main challenge in these cases is that, to compete with the Number Field Sieve, the quantum SAT solver would need to be superpolynomially faster than classical SAT solvers. In this paper the use of SAT solvers is restricted to a smaller task related to factoring: finding smooth numbers, which is an essential step of the Number Field Sieve. We present a SAT circuit that can be given to quantum SAT solvers such as annealers in order to perform this step of factoring. If quantum SAT solvers achieve any speedup over classical brute-force search, then our factoring algorithm is faster than the classical NFS.
△ Less
Submitted 21 October, 2019;
originally announced October 2019.
-
Pauli Partitioning with Respect to Gate Sets
Authors:
Andrew Jena,
Scott Genin,
Michele Mosca
Abstract:
Measuring the expectation value of Pauli operators on prepared quantum states is a fundamental task in a multitude of quantum algorithms. Simultaneously measuring sets of operators allows for fewer measurements and an overall speedup of the measurement process. We investigate the task of partitioning a random subset of Pauli operators into simultaneously-measurable parts. Using heuristics from col…
▽ More
Measuring the expectation value of Pauli operators on prepared quantum states is a fundamental task in a multitude of quantum algorithms. Simultaneously measuring sets of operators allows for fewer measurements and an overall speedup of the measurement process. We investigate the task of partitioning a random subset of Pauli operators into simultaneously-measurable parts. Using heuristics from coloring random graphs, we give an upper bound for the expected number of parts in our partition. We go on to conjecture that allowing arbitrary Clifford operators before measurement, rather than single-qubit operations, leads to a decrease in the number of parts which is linear with respect to the lengths of the operators. We give evidence to confirm this conjecture and comment on the importance of this result for a specific near-term application: speeding up the measurement process of the variational quantum eigensolver.
△ Less
Submitted 17 July, 2019;
originally announced July 2019.
-
Quantum circuit optimizations for NISQ architectures
Authors:
Beatrice Nash,
Vlad Gheorghiu,
Michele Mosca
Abstract:
Currently available quantum computing hardware platforms have limited 2-qubit connectivity among their addressable qubits. In order to run a generic quantum algorithm on such a platform, one has to transform the initial logical quantum circuit describing the algorithm into an equivalent one that obeys the connectivity restrictions.
In this work we construct a circuit synthesis scheme that takes…
▽ More
Currently available quantum computing hardware platforms have limited 2-qubit connectivity among their addressable qubits. In order to run a generic quantum algorithm on such a platform, one has to transform the initial logical quantum circuit describing the algorithm into an equivalent one that obeys the connectivity restrictions.
In this work we construct a circuit synthesis scheme that takes as input the qubit connectivity graph and a quantum circuit over the gate set generated by $\{\text{CNOT},R_{Z}\}$ and outputs a circuit that respects the connectivity of the device. As a concrete application, we apply our techniques to Google's Bristlecone 72-qubit quantum chip connectivity, IBM's Tokyo 20-qubit quantum chip connectivity, and Rigetti's Acorn 19-qubit quantum chip connectivity. In addition, we also compare the performance of our scheme as a function of sparseness of randomly generated quantum circuits.
Note: Recently, the authors of arXiv:1904.00633 independently presented a similar optimization scheme. Our work is independent of arXiv:1904.00633, being a longer version of the seminar presented by Beatrice Nash at the Dagstuhl Seminar 18381: Quantum Programming Languages, pg. 120, September 2018, Dagstuhl, Germany, slide deck available online at https://materials.dagstuhl.de/files/18/18381/18381.BeatriceNash.Slides.pdf.
△ Less
Submitted 24 April, 2020; v1 submitted 3 April, 2019;
originally announced April 2019.
-
Novel Technique for Robust Optimal Algorithmic Cooling
Authors:
Sadegh Raeisi,
Mária Kieferová,
Michele Mosca
Abstract:
Heat-bath algorithmic cooling (HBAC) provides algorithmic ways to improve the purity of quantum states. These techniques are complex iterative processes that change from each iteration to the next and this poses a significant challenge to implementing these algorithms. Here, we introduce a new technique that on a fundamental level, shows that it is possible to do algorithmic cooling and even reach…
▽ More
Heat-bath algorithmic cooling (HBAC) provides algorithmic ways to improve the purity of quantum states. These techniques are complex iterative processes that change from each iteration to the next and this poses a significant challenge to implementing these algorithms. Here, we introduce a new technique that on a fundamental level, shows that it is possible to do algorithmic cooling and even reach the cooling limit without any knowledge of the state and using only a single fixed operation, and on a practical level, presents a more feasible and robust alternative for implementing HBAC. We also show that our new technique converges to the asymptotic state of HBAC and that the cooling algorithm can be efficiently implemented; however, the saturation could require exponentially many iterations and remains impractical. This brings HBAC to the realm of feasibility and makes it a viable option for realistic application in quantum technologies.
△ Less
Submitted 9 June, 2019; v1 submitted 12 February, 2019;
originally announced February 2019.
-
Benchmarking the quantum cryptanalysis of symmetric, public-key and hash-based cryptographic schemes
Authors:
Vlad Gheorghiu,
Michele Mosca
Abstract:
Quantum algorithms can break factoring and discrete logarithm based cryptography and weaken symmetric cryptography and hash functions. In order to estimate the real-world impact of these attacks, apart from tracking the development of fault-tolerant quantum computers it is important to have an estimate of the resources needed to implement these quantum attacks.
For attacking symmetric cryptograp…
▽ More
Quantum algorithms can break factoring and discrete logarithm based cryptography and weaken symmetric cryptography and hash functions. In order to estimate the real-world impact of these attacks, apart from tracking the development of fault-tolerant quantum computers it is important to have an estimate of the resources needed to implement these quantum attacks.
For attacking symmetric cryptography and hash functions, generic quantum attacks are substantially less powerful than they are for today's public-key cryptography. So security will degrade gradually as quantum computing resources increase. At present, there is a substantial resource overhead due to the cost of fault-tolerant quantum error correction. We provide estimates of this overhead using state-of-the-art methods in quantum fault-tolerance. We use state-of-the-art optimized circuits, though further improvements in their implementation would also reduce the resources needed to implement these attacks. To bound the potential impact of further circuit optimizations we provide cost estimates assuming trivial-cost implementations of these functions. These figures indicate the effective bit-strength of the various symmetric schemes and hash functions based on what we know today (and with various assumptions on the quantum hardware), and frame the various potential improvements that should continue to be tracked. As an example, we also look at the implications for Bitcoin's proof-of-work system.
For many of the currently used asymmetric (public-key) cryptographic schemes based on RSA and elliptic curve discrete logarithms, we again provide cost estimates based on the latest advances in cryptanalysis, circuit compilation and quantum fault-tolerance theory. These allow, for example, a direct comparison of the quantum vulnerability of RSA and elliptic curve cryptography for a fixed classical bit strength.
△ Less
Submitted 7 February, 2019; v1 submitted 6 February, 2019;
originally announced February 2019.
-
Factoring semi-primes with (quantum) SAT-solvers
Authors:
Michele Mosca,
Sebastian R. Verschoor
Abstract:
The assumed computationally difficulty of factoring large integers forms the basis of security for RSA public-key cryptography, which specifically relies on products of two large primes or semi-primes. The best-known factoring algorithms for classical computers run in sub-exponential time. Since integer factorization is in NP, one can reduce this problem to any NP-hard problem, such as Boolean Sat…
▽ More
The assumed computationally difficulty of factoring large integers forms the basis of security for RSA public-key cryptography, which specifically relies on products of two large primes or semi-primes. The best-known factoring algorithms for classical computers run in sub-exponential time. Since integer factorization is in NP, one can reduce this problem to any NP-hard problem, such as Boolean Satisfiability (SAT). While reducing factoring to SAT has proved to be useful for studying SAT solvers, attempting to factor large integers via such a reduction has not been found to be successful.
Shor's quantum factoring algorithm factors any integer in polynomial time, although large-scale fault-tolerant quantum computers capable of implementing Shor's algorithm are not yet available, so relevant benchmarking experiments for factoring via Shor's algorithm are not yet possible. In recent years, however, several authors have attempted factorizations with the help of quantum processors via reductions to NP-hard problems. While this approach may shed some light on some algorithmic approaches for quantum solutions to NP-hard problems, in this paper we study and question the practical effectiveness of this approach for factoring large numbers. We find no evidence that this is a viable path toward factoring large numbers, even for scalable fault-tolerant quantum computers, as well as for various quantum annealing or other special purpose quantum hardware.
△ Less
Submitted 22 October, 2019; v1 submitted 4 February, 2019;
originally announced February 2019.
-
Fault tolerant resource estimation of quantum random-access memories
Authors:
Olivia Di Matteo,
Vlad Gheorghiu,
Michele Mosca
Abstract:
Quantum random-access look-up of a string of classical bits is a necessary ingredient in several important quantum algorithms. In some cases, the cost of such quantum random-access memory (qRAM) is the limiting factor in the implementation of the algorithm. In this paper we study the cost of fault-tolerantly implementing a qRAM. We construct and analyze generic families of circuits that function a…
▽ More
Quantum random-access look-up of a string of classical bits is a necessary ingredient in several important quantum algorithms. In some cases, the cost of such quantum random-access memory (qRAM) is the limiting factor in the implementation of the algorithm. In this paper we study the cost of fault-tolerantly implementing a qRAM. We construct and analyze generic families of circuits that function as a qRAM, discuss opportunities for qubit-time tradeoffs, and estimate their resource costs when embedded in a surface code.
△ Less
Submitted 22 January, 2020; v1 submitted 4 February, 2019;
originally announced February 2019.
-
The Engineering of a Scalable Multi-Site Communications System Utilizing Quantum Key Distribution (QKD)
Authors:
Piotr K. Tysowski,
Xinhua Ling,
Norbert Lütkenhaus,
Michele Mosca
Abstract:
Quantum Key Distribution (QKD) is a means of generating keys between a pair of computing hosts that is theoretically secure against cryptanalysis, even by a quantum computer. Although there is much active research into improving the QKD technology itself, there is still significant work to be done to apply engineering methodology and determine how it can be practically built to scale within an ent…
▽ More
Quantum Key Distribution (QKD) is a means of generating keys between a pair of computing hosts that is theoretically secure against cryptanalysis, even by a quantum computer. Although there is much active research into improving the QKD technology itself, there is still significant work to be done to apply engineering methodology and determine how it can be practically built to scale within an enterprise IT environment. Significant challenges exist in building a practical key management service for use in a metropolitan network. QKD is generally a point-to-point technique only and is subject to steep performance constraints. The integration of QKD into enterprise-level computing has been researched, to enable quantum-safe communication. A novel method for constructing a key management service is presented that allows arbitrary computing hosts on one site to establish multiple secure communication sessions with the hosts of another site. A key exchange protocol is proposed where symmetric private keys are granted to hosts while satisfying the scalability needs of an enterprise population of users. The key management service operates within a layered architectural style that is able to interoperate with various underlying QKD implementations. Variable levels of security for the host population are enforced through a policy engine. A network layer provides key generation across a network of nodes connected by quantum links. Scheduling and routing functionality allows quantum key material to be relayed across trusted nodes. Optimizations are performed to match the real-time host demand for key material with the capacity afforded by the infrastructure. The result is a flexible and scalable architecture that is suitable for enterprise use and independent of any specific QKD technology.
△ Less
Submitted 7 December, 2017;
originally announced December 2017.
-
On the CNOT-complexity of CNOT-PHASE circuits
Authors:
Matthew Amy,
Parsiad Azimzadeh,
Michele Mosca
Abstract:
We study the problem of CNOT-optimal quantum circuit synthesis over gate sets consisting of CNOT and Z-basis rotations of arbitrary angles. We show that the circuit-polynomial correspondence relates such circuits to Fourier expansions of pseudo-Boolean functions, and that for certain classes of functions this expansion uniquely determines the minimum CNOT cost of an implementation. As a corollary…
▽ More
We study the problem of CNOT-optimal quantum circuit synthesis over gate sets consisting of CNOT and Z-basis rotations of arbitrary angles. We show that the circuit-polynomial correspondence relates such circuits to Fourier expansions of pseudo-Boolean functions, and that for certain classes of functions this expansion uniquely determines the minimum CNOT cost of an implementation. As a corollary we prove that CNOT minimization over CNOT and phase gates is at least as hard as synthesizing a CNOT-optimal circuit computing a set of parities of its inputs. We then show that this problem is NP-complete for two restricted cases where all CNOT gates are required to have the same target, and where the circuit inputs are encoded in a larger state space. The latter case has applications to CNOT optimization over more general Clifford+T circuits.
We further present an efficient heuristic algorithm for synthesizing circuits over CNOT and Z-basis rotations with small CNOT cost. Our experiments show a 23% reduction of CNOT gates on average across a suite of Clifford+T benchmark circuits, with a maximum reduction of 43%.
△ Less
Submitted 13 August, 2018; v1 submitted 5 December, 2017;
originally announced December 2017.
-
Improved reversible and quantum circuits for Karatsuba-based integer multiplication
Authors:
Alex Parent,
Martin Roetteler,
Michele Mosca
Abstract:
Integer arithmetic is the underpinning of many quantum algorithms, with applications ranging from Shor's algorithm over HHL for matrix inversion to Hamiltonian simulation algorithms. A basic objective is to keep the required resources to implement arithmetic as low as possible. This applies in particular to the number of qubits required in the implementation as for the foreseeable future this numb…
▽ More
Integer arithmetic is the underpinning of many quantum algorithms, with applications ranging from Shor's algorithm over HHL for matrix inversion to Hamiltonian simulation algorithms. A basic objective is to keep the required resources to implement arithmetic as low as possible. This applies in particular to the number of qubits required in the implementation as for the foreseeable future this number is expected to be small. We present a reversible circuit for integer multiplication that is inspired by Karatsuba's recursive method. The main improvement over circuits that have been previously reported in the literature is an asymptotic reduction of the amount of space required from $O(n^{1.585})$ to $O(n^{1.427})$. This improvement is obtained in exchange for a small constant increase in the number of operations by a factor less than $2$ and a small asymptotic increase in depth for the parallel version. The asymptotic improvement are obtained from analyzing pebble games on complete ternary trees.
△ Less
Submitted 11 June, 2017;
originally announced June 2017.
-
Parallelizing quantum circuit synthesis
Authors:
Olivia Di Matteo,
Michele Mosca
Abstract:
Quantum circuit synthesis is the process in which an arbitrary unitary operation is decomposed into a sequence of gates from a universal set, typically one which a quantum computer can implement both efficiently and fault-tolerantly. As physical implementations of quantum computers improve, the need is growing for tools which can effectively synthesize components of the circuits and algorithms the…
▽ More
Quantum circuit synthesis is the process in which an arbitrary unitary operation is decomposed into a sequence of gates from a universal set, typically one which a quantum computer can implement both efficiently and fault-tolerantly. As physical implementations of quantum computers improve, the need is growing for tools which can effectively synthesize components of the circuits and algorithms they will run. Existing algorithms for exact, multi-qubit circuit synthesis scale exponentially in the number of qubits and circuit depth, leaving synthesis intractable for circuits on more than a handful of qubits. Even modest improvements in circuit synthesis procedures may lead to significant advances, pushing forward the boundaries of not only the size of solvable circuit synthesis problems, but also in what can be realized physically as a result of having more efficient circuits.
We present a method for quantum circuit synthesis using deterministic walks. Also termed pseudorandom walks, these are walks in which once a starting point is chosen, its path is completely determined. We apply our method to construct a parallel framework for circuit synthesis, and implement one such version performing optimal $T$-count synthesis over the Clifford+$T$ gate set. We use our software to present examples where parallelization offers a significant speedup on the runtime, as well as directly confirm that the 4-qubit 1-bit full adder has optimal $T$-count 7 and $T$-depth 3.
△ Less
Submitted 14 October, 2016; v1 submitted 23 June, 2016;
originally announced June 2016.
-
Estimating the cost of generic quantum pre-image attacks on SHA-2 and SHA-3
Authors:
Matthew Amy,
Olivia Di Matteo,
Vlad Gheorghiu,
Michele Mosca,
Alex Parent,
John Schanck
Abstract:
We investigate the cost of Grover's quantum search algorithm when used in the context of pre-image attacks on the SHA-2 and SHA-3 families of hash functions. Our cost model assumes that the attack is run on a surface code based fault-tolerant quantum computer. Our estimates rely on a time-area metric that costs the number of logical qubits times the depth of the circuit in units of surface code cy…
▽ More
We investigate the cost of Grover's quantum search algorithm when used in the context of pre-image attacks on the SHA-2 and SHA-3 families of hash functions. Our cost model assumes that the attack is run on a surface code based fault-tolerant quantum computer. Our estimates rely on a time-area metric that costs the number of logical qubits times the depth of the circuit in units of surface code cycles. As a surface code cycle involves a significant classical processing stage, our cost estimates allow for crude, but direct, comparisons of classical and quantum algorithms.
We exhibit a circuit for a pre-image attack on SHA-256 that is approximately $2^{153.8}$ surface code cycles deep and requires approximately $2^{12.6}$ logical qubits. This yields an overall cost of $2^{166.4}$ logical-qubit-cycles. Likewise we exhibit a SHA3-256 circuit that is approximately $2^{146.5}$ surface code cycles deep and requires approximately $2^{20}$ logical qubits for a total cost of, again, $2^{166.5}$ logical-qubit-cycles. Both attacks require on the order of $2^{128}$ queries in a quantum black-box model, hence our results suggest that executing these attacks may be as much as $275$ billion times more expensive than one would expect from the simple query analysis.
△ Less
Submitted 30 November, 2016; v1 submitted 30 March, 2016;
originally announced March 2016.
-
T-count optimization and Reed-Muller codes
Authors:
Matthew Amy,
Michele Mosca
Abstract:
In this paper, we study the close relationship between Reed-Muller codes and single-qubit phase gates from the perspective of $T$-count optimization. We prove that minimizing the number of $T$ gates in an $n$-qubit quantum circuit over CNOT and $T$, together with the Clifford group powers of $T$, corresponds to finding a minimum distance decoding of a length $2^n-1$ binary vector in the order…
▽ More
In this paper, we study the close relationship between Reed-Muller codes and single-qubit phase gates from the perspective of $T$-count optimization. We prove that minimizing the number of $T$ gates in an $n$-qubit quantum circuit over CNOT and $T$, together with the Clifford group powers of $T$, corresponds to finding a minimum distance decoding of a length $2^n-1$ binary vector in the order $n-4$ punctured Reed-Muller code. Moreover, we show that the problems are polynomially equivalent in the length of the code. As a consequence, we derive an algorithm for the optimization of $T$-count in quantum circuits based on Reed-Muller decoders, along with a new upper bound of $O(n^2)$ on the number of $T$ gates required to implement an $n$-qubit unitary over CNOT and $T$ gates. We further generalize this result to show that minimizing small angle rotations corresponds to decoding lower order binary Reed-Muller codes. In particular, we show that minimizing the number of $R_Z(2π/d)$ gates for any integer $d$ is equivalent to minimum distance decoding in $\mathcal{RM}(n - k - 1, n)^*$, where $k$ is the highest power of $2$ dividing $d$.
△ Less
Submitted 13 August, 2018; v1 submitted 27 January, 2016;
originally announced January 2016.
-
On the robustness of bucket brigade quantum RAM
Authors:
Srinivasan Arunachalam,
Vlad Gheorghiu,
Tomas Jochym-O'Connor,
Michele Mosca,
Priyaa Varshinee Srinivasan
Abstract:
We study the robustness of the bucket brigade quantum random access memory model introduced by Giovannetti, Lloyd, and Maccone [Phys. Rev. Lett. 100, 160501 (2008)]. Due to a result of Regev and Schiff [ICALP '08 pp. 773], we show that for a class of error models the error rate per gate in the bucket brigade quantum memory has to be of order $o(2^{-n/2})$ (where $N=2^n$ is the size of the memory)…
▽ More
We study the robustness of the bucket brigade quantum random access memory model introduced by Giovannetti, Lloyd, and Maccone [Phys. Rev. Lett. 100, 160501 (2008)]. Due to a result of Regev and Schiff [ICALP '08 pp. 773], we show that for a class of error models the error rate per gate in the bucket brigade quantum memory has to be of order $o(2^{-n/2})$ (where $N=2^n$ is the size of the memory) whenever the memory is used as an oracle for the quantum searching problem. We conjecture that this is the case for any realistic error model that will be encountered in practice, and that for algorithms with super-polynomially many oracle queries the error rate must be super-polynomially small, which further motivates the need for quantum error correction. By contrast, for algorithms such as matrix inversion [Phys. Rev. Lett. 103, 150502 (2009)] or quantum machine learning [Phys. Rev. Lett. 113, 130503 (2014)] that only require a polynomial number of queries, the error rate only needs to be polynomially small and quantum error correction may not be required. We introduce a circuit model for the quantum bucket brigade architecture and argue that quantum error correction for the circuit causes the quantum bucket brigade architecture to lose its primary advantage of a small number of "active" gates, since all components have to be actively error corrected.
△ Less
Submitted 10 December, 2015; v1 submitted 11 February, 2015;
originally announced February 2015.
-
The Asymptotic Cooling of Heat-Bath Algorithmic Cooling
Authors:
Sadegh Raeisi,
Michele Mosca
Abstract:
The purity of quantum states is a key requirement for many quantum applications. Improving the purity is limited by fundamental laws of thermodynamics. Here we are probing the fundamental limits for a natural approach to this problem, namely heat-bath algorithmic cooling(HBAC). The existence of the cooling limit for HBAC techniques was proved by Schulman et al. in, the limit however remained unkno…
▽ More
The purity of quantum states is a key requirement for many quantum applications. Improving the purity is limited by fundamental laws of thermodynamics. Here we are probing the fundamental limits for a natural approach to this problem, namely heat-bath algorithmic cooling(HBAC). The existence of the cooling limit for HBAC techniques was proved by Schulman et al. in, the limit however remained unknown for the past decade. Here for the first time we find this limit. In the context of quantum thermodynamics, this corresponds to the maximum extractable work from the quantum system.
△ Less
Submitted 2 December, 2014; v1 submitted 11 July, 2014;
originally announced July 2014.
-
An algorithm for the T-count
Authors:
David Gosset,
Vadym Kliuchnikov,
Michele Mosca,
Vincent Russo
Abstract:
We consider quantum circuits composed of Clifford and T gates. In this context the T gate has a special status since it confers universal computation when added to the (classically simulable) Clifford gates. However it can be very expensive to implement fault-tolerantly. We therefore view this gate as a resource which should be used only when necessary. Given an n-qubit unitary U we are interested…
▽ More
We consider quantum circuits composed of Clifford and T gates. In this context the T gate has a special status since it confers universal computation when added to the (classically simulable) Clifford gates. However it can be very expensive to implement fault-tolerantly. We therefore view this gate as a resource which should be used only when necessary. Given an n-qubit unitary U we are interested in computing a circuit that implements it using the minimum possible number of T gates (called the T-count of U). A related task is to decide if the T-count of U is less than or equal to m; we consider this problem as a function of N=2^n and m. We provide a classical algorithm which solves it using time and space both upper bounded as O(N^m poly(m,N)). We implemented our algorithm and used it to show that any Clifford+T circuit for the Toffoli or the Fredkin gate requires at least 7 T gates. This implies that the known 7 T gate circuits for these gates are T-optimal. We also provide a simple expression for the T-count of single-qubit unitaries.
△ Less
Submitted 19 August, 2013;
originally announced August 2013.
-
Polynomial-time T-depth Optimization of Clifford+T circuits via Matroid Partitioning
Authors:
Matthew Amy,
Dmitri Maslov,
Michele Mosca
Abstract:
Most work in quantum circuit optimization has been performed in isolation from the results of quantum fault-tolerance. Here we present a polynomial-time algorithm for optimizing quantum circuits that takes the actual implementation of fault-tolerant logical gates into consideration. Our algorithm re-synthesizes quantum circuits composed of Clifford group and T gates, the latter being typically the…
▽ More
Most work in quantum circuit optimization has been performed in isolation from the results of quantum fault-tolerance. Here we present a polynomial-time algorithm for optimizing quantum circuits that takes the actual implementation of fault-tolerant logical gates into consideration. Our algorithm re-synthesizes quantum circuits composed of Clifford group and T gates, the latter being typically the most costly gate in fault-tolerant models, e.g., those based on the Steane or surface codes, with the purpose of minimizing both T-count and T-depth. A major feature of the algorithm is the ability to re-synthesize circuits with additional ancillae to reduce T-depth at effectively no cost. The tested benchmarks show up to 65.7% reduction in T-count and up to 87.6% reduction in T-depth without ancillae, or 99.7% reduction in T-depth using ancillae.
△ Less
Submitted 13 December, 2013; v1 submitted 8 March, 2013;
originally announced March 2013.
-
Solving the Shortest Vector Problem in Lattices Faster Using Quantum Search
Authors:
Thijs Laarhoven,
Michele Mosca,
Joop van de Pol
Abstract:
By applying Grover's quantum search algorithm to the lattice algorithms of Micciancio and Voulgaris, Nguyen and Vidick, Wang et al., and Pujol and Stehlé, we obtain improved asymptotic quantum results for solving the shortest vector problem. With quantum computers we can provably find a shortest vector in time $2^{1.799n + o(n)}$, improving upon the classical time complexity of…
▽ More
By applying Grover's quantum search algorithm to the lattice algorithms of Micciancio and Voulgaris, Nguyen and Vidick, Wang et al., and Pujol and Stehlé, we obtain improved asymptotic quantum results for solving the shortest vector problem. With quantum computers we can provably find a shortest vector in time $2^{1.799n + o(n)}$, improving upon the classical time complexity of $2^{2.465n + o(n)}$ of Pujol and Stehlé and the $2^{2n + o(n)}$ of Micciancio and Voulgaris, while heuristically we expect to find a shortest vector in time $2^{0.312n + o(n)}$, improving upon the classical time complexity of $2^{0.384n + o(n)}$ of Wang et al. These quantum complexities will be an important guide for the selection of parameters for post-quantum cryptosystems based on the hardness of the shortest vector problem.
△ Less
Submitted 25 January, 2013;
originally announced January 2013.
-
Practical approximation of single-qubit unitaries by single-qubit quantum Clifford and T circuits
Authors:
Vadym Kliuchnikov,
Dmitri Maslov,
Michele Mosca
Abstract:
We present an algorithm, along with its implementation that finds T-optimal approximations of single-qubit Z-rotations using quantum circuits consisting of Clifford and T gates. Our algorithm is capable of handling errors in approximation down to size $10^{-15}$, resulting in optimal single-qubit circuit designs required for implementation of scalable quantum algorithms. Our implementation along w…
▽ More
We present an algorithm, along with its implementation that finds T-optimal approximations of single-qubit Z-rotations using quantum circuits consisting of Clifford and T gates. Our algorithm is capable of handling errors in approximation down to size $10^{-15}$, resulting in optimal single-qubit circuit designs required for implementation of scalable quantum algorithms. Our implementation along with the experimental results are available in the public domain.
△ Less
Submitted 13 March, 2014; v1 submitted 31 December, 2012;
originally announced December 2012.
-
Asymptotically optimal approximation of single qubit unitaries by Clifford and T circuits using a constant number of ancillary qubits
Authors:
Vadym Kliuchnikov,
Dmitri Maslov,
Michele Mosca
Abstract:
We present an algorithm for building a circuit that approximates single qubit unitaries with precision ε using O(log(1/ε)) Clifford and T gates and employing up to two ancillary qubits. The algorithm for computing our approximating circuit requires an average of O(log^2(1/ε)log log(1/ε)) operations. We prove that the number of gates in our circuit saturates the lower bound on the number of gates r…
▽ More
We present an algorithm for building a circuit that approximates single qubit unitaries with precision ε using O(log(1/ε)) Clifford and T gates and employing up to two ancillary qubits. The algorithm for computing our approximating circuit requires an average of O(log^2(1/ε)log log(1/ε)) operations. We prove that the number of gates in our circuit saturates the lower bound on the number of gates required in the scenario when a constant number of ancillae are supplied, and as such, our circuits are asymptotically optimal. This results in significant improvement over the current state of the art for finding an approximation of a unitary, including the Solovay-Kitaev algorithm that requires O(log^{3+δ}(1/ε)) gates and does not use ancillae and the phase kickback approach that requires O(log^2(1/ε)log log(1/ε)) gates, but uses O(log^2(1/ε)) ancillae.
△ Less
Submitted 6 December, 2012; v1 submitted 4 December, 2012;
originally announced December 2012.
-
Quantum Key Distribution in the Classical Authenticated Key Exchange Framework
Authors:
Michele Mosca,
Douglas Stebila,
Berkant Ustaoglu
Abstract:
Key establishment is a crucial primitive for building secure channels: in a multi-party setting, it allows two parties using only public authenticated communication to establish a secret session key which can be used to encrypt messages. But if the session key is compromised, the confidentiality of encrypted messages is typically compromised as well. Without quantum mechanics, key establishment ca…
▽ More
Key establishment is a crucial primitive for building secure channels: in a multi-party setting, it allows two parties using only public authenticated communication to establish a secret session key which can be used to encrypt messages. But if the session key is compromised, the confidentiality of encrypted messages is typically compromised as well. Without quantum mechanics, key establishment can only be done under the assumption that some computational problem is hard. Since digital communication can be easily eavesdropped and recorded, it is important to consider the secrecy of information anticipating future algorithmic and computational discoveries which could break the secrecy of past keys, violating the secrecy of the confidential channel.
Quantum key distribution (QKD) can be used generate secret keys that are secure against any future algorithmic or computational improvements. QKD protocols still require authentication of classical communication, however, which is most easily achieved using computationally secure digital signature schemes. It is generally considered folklore that QKD when used with computationally secure authentication is still secure against an unbounded adversary, provided the adversary did not break the authentication during the run of the protocol.
We describe a security model for quantum key distribution based on traditional classical authenticated key exchange (AKE) security models. Using our model, we characterize the long-term security of the BB84 QKD protocol with computationally secure authentication against an eventually unbounded adversary. By basing our model on traditional AKE models, we can more readily compare the relative merits of various forms of QKD and existing classical AKE protocols. This comparison illustrates in which types of adversarial environments different quantum and classical key agreement protocols can be secure.
△ Less
Submitted 26 June, 2012;
originally announced June 2012.
-
Fast and efficient exact synthesis of single qubit unitaries generated by Clifford and T gates
Authors:
Vadym Kliuchnikov,
Dmitri Maslov,
Michele Mosca
Abstract:
In this paper, we show the equivalence of the set of unitaries computable by the circuits over the Clifford and T library and the set of unitaries over the ring $\mathbb{Z}[\frac{1}{\sqrt{2}},i]$, in the single-qubit case. We report an efficient synthesis algorithm, with an exact optimality guarantee on the number of Hadamard and T gates used. We conjecture that the equivalence of the sets of unit…
▽ More
In this paper, we show the equivalence of the set of unitaries computable by the circuits over the Clifford and T library and the set of unitaries over the ring $\mathbb{Z}[\frac{1}{\sqrt{2}},i]$, in the single-qubit case. We report an efficient synthesis algorithm, with an exact optimality guarantee on the number of Hadamard and T gates used. We conjecture that the equivalence of the sets of unitaries implementable by circuits over the Clifford and T library and unitaries over the ring $\mathbb{Z}[\frac{1}{\sqrt{2}},i]$ holds in the $n$-qubit case.
△ Less
Submitted 27 February, 2013; v1 submitted 22 June, 2012;
originally announced June 2012.
-
A meet-in-the-middle algorithm for fast synthesis of depth-optimal quantum circuits
Authors:
Matthew Amy,
Dmitri Maslov,
Michele Mosca,
Martin Roetteler
Abstract:
We present an algorithm for computing depth-optimal decompositions of logical operations, leveraging a meet-in-the-middle technique to provide a significant speed-up over simple brute force algorithms. As an illustration of our method we implemented this algorithm and found factorizations of the commonly used quantum logical operations into elementary gates in the Clifford+T set. In particular, we…
▽ More
We present an algorithm for computing depth-optimal decompositions of logical operations, leveraging a meet-in-the-middle technique to provide a significant speed-up over simple brute force algorithms. As an illustration of our method we implemented this algorithm and found factorizations of the commonly used quantum logical operations into elementary gates in the Clifford+T set. In particular, we report a decomposition of the Toffoli gate over the set of Clifford and T gates. Our decomposition achieves a total T-depth of 3, thereby providing a 40% reduction over the previously best known decomposition for the Toffoli gate. Due to the size of the search space the algorithm is only practical for small parameters, such as the number of qubits, and the number of gates in an optimal implementation.
△ Less
Submitted 25 January, 2013; v1 submitted 4 June, 2012;
originally announced June 2012.
-
A new spin on quantum cryptography: Avoiding trapdoors and embracing public keys
Authors:
Lawrence M. Ioannou,
Michele Mosca
Abstract:
We give new arguments in support of \emph{signed quantum key establishment}, where quantum cryptography is used in a public-key infrastructure that provides the required authentication. We also analyze more thoroughly than previous works the benefits that quantum key establishment protocols have over certain classical protocols, motivated in part by the various objections to quantum key establishm…
▽ More
We give new arguments in support of \emph{signed quantum key establishment}, where quantum cryptography is used in a public-key infrastructure that provides the required authentication. We also analyze more thoroughly than previous works the benefits that quantum key establishment protocols have over certain classical protocols, motivated in part by the various objections to quantum key establishment that are sometimes raised. Previous knowledge of quantum cryptography on the reader's part is not required for this article, as the definition of "quantum key establishment" that we use is an entirely classical and black-box characterization (one need only trust that protocols satisfying the definition exist).
△ Less
Submitted 14 September, 2011;
originally announced September 2011.
-
Unconditionally-secure and reusable public-key authentication
Authors:
Lawrence M. Ioannou,
Michele Mosca
Abstract:
We present a quantum-public-key identification protocol and show that it is secure against a computationally-unbounded adversary. This demonstrates for the first time that unconditionally-secure and reusable public-key authentication is possible in principle with (pure-state) public keys.
We present a quantum-public-key identification protocol and show that it is secure against a computationally-unbounded adversary. This demonstrates for the first time that unconditionally-secure and reusable public-key authentication is possible in principle with (pure-state) public keys.
△ Less
Submitted 14 August, 2011;
originally announced August 2011.
-
Generalized self-testing and the security of the 6-state protocol
Authors:
Matthew McKague,
Michele Mosca
Abstract:
Self-tested quantum information processing provides a means for doing useful information processing with untrusted quantum apparatus. Previous work was limited to performing computations and protocols in real Hilbert spaces, which is not a serious obstacle if one is only interested in final measurement statistics being correct (for example, getting the correct factors of a large number after runni…
▽ More
Self-tested quantum information processing provides a means for doing useful information processing with untrusted quantum apparatus. Previous work was limited to performing computations and protocols in real Hilbert spaces, which is not a serious obstacle if one is only interested in final measurement statistics being correct (for example, getting the correct factors of a large number after running Shor's factoring algorithm). This limitation was shown by McKague et al. to be fundamental, since there is no way to experimentally distinguish any quantum experiment from a special simulation using states and operators with only real coefficients.
In this paper, we show that one can still do a meaningful self-test of quantum apparatus with complex amplitudes. In particular, we define a family of simulations of quantum experiments, based on complex conjugation, with two interesting properties. First, we are able to define a self-test which may be passed only by states and operators that are equivalent to simulations within the family. This extends work of Mayers and Yao and Magniez et al. in self-testing of quantum apparatus, and includes a complex measurement. Second, any of the simulations in the family may be used to implement a secure 6-state QKD protocol, which was previously not known to be implementable in a self-tested framework.
△ Less
Submitted 1 June, 2010;
originally announced June 2010.
-
Algorithms for Quantum Computers
Authors:
Jamie Smith,
Michele Mosca
Abstract:
This paper surveys the field of quantum computer algorithms. It gives a taste of both the breadth and the depth of the known algorithms for quantum computers, focusing on some of the more recent results. It begins with a brief review of quantum Fourier transform based algorithms, followed by quantum searching and some of its early generalizations. It continues with a more in-depth description of…
▽ More
This paper surveys the field of quantum computer algorithms. It gives a taste of both the breadth and the depth of the known algorithms for quantum computers, focusing on some of the more recent results. It begins with a brief review of quantum Fourier transform based algorithms, followed by quantum searching and some of its early generalizations. It continues with a more in-depth description of two more recent developments: algorithms developed in the quantum walk paradigm, followed by tensor network evaluation algorithms (which include approximating the Tutte polynomial).
△ Less
Submitted 7 January, 2010; v1 submitted 5 January, 2010;
originally announced January 2010.
-
Quantum Coins
Authors:
Michele Mosca,
Douglas Stebila
Abstract:
One of the earliest cryptographic applications of quantum information was to create quantum digital cash that could not be counterfeited. In this paper, we describe a new type of quantum money: quantum coins, where all coins of the same denomination are represented by identical quantum states. We state desirable security properties such as anonymity and unforgeability and propose two candidate q…
▽ More
One of the earliest cryptographic applications of quantum information was to create quantum digital cash that could not be counterfeited. In this paper, we describe a new type of quantum money: quantum coins, where all coins of the same denomination are represented by identical quantum states. We state desirable security properties such as anonymity and unforgeability and propose two candidate quantum coin schemes: one using black box operations, and another using blind quantum computation.
△ Less
Submitted 6 November, 2009;
originally announced November 2009.
-
Interacting boson problems are QMA-hard
Authors:
Tzu-Chieh Wei,
Michele Mosca,
Ashwin Nayak
Abstract:
Computing the ground-state energy of interacting electron (fermion) problems has recently been shown to be hard for QMA, a quantum analogue of the complexity class NP. Fermionic problems are usually hard, a phenomenon widely attributed to the so-called sign problem occurring in Quantum Monte Carlo simulations. The corresponding bosonic problems are, according to conventional wisdom, tractable. H…
▽ More
Computing the ground-state energy of interacting electron (fermion) problems has recently been shown to be hard for QMA, a quantum analogue of the complexity class NP. Fermionic problems are usually hard, a phenomenon widely attributed to the so-called sign problem occurring in Quantum Monte Carlo simulations. The corresponding bosonic problems are, according to conventional wisdom, tractable. Here, we discuss the complexity of interacting boson problems and show that they are also QMA-hard. In addition, we show that the bosonic version of the so-called N-representability problem is QMA-complete, as hard as its fermionic version. As a consequence, these problems are unlikely to have efficient quantum algorithms.
△ Less
Submitted 20 May, 2009;
originally announced May 2009.
-
Public-key cryptography based on bounded quantum reference frames
Authors:
Lawrence M. Ioannou,
Michele Mosca
Abstract:
We demonstrate that the framework of bounded quantum reference frames has application to building quantum-public-key cryptographic protocols and proving their security. Thus, the framework we introduce can be seen as a public-key analogue of the framework of Bartlett et al. (Phys. Rev. A 70, 032307), where a private shared reference frame is shown to have cryptographic application. The protocol we…
▽ More
We demonstrate that the framework of bounded quantum reference frames has application to building quantum-public-key cryptographic protocols and proving their security. Thus, the framework we introduce can be seen as a public-key analogue of the framework of Bartlett et al. (Phys. Rev. A 70, 032307), where a private shared reference frame is shown to have cryptographic application. The protocol we present in this paper is an identification scheme, which, like a digital signature scheme, is a type of authentication scheme. We prove that our protocol is both reusable and secure under the honest-verifier assumption. Thus, we also demonstrate that secure reusable quantum-public-key authentication is possible to some extent.
△ Less
Submitted 14 August, 2011; v1 submitted 30 March, 2009;
originally announced March 2009.
-
The Case for Quantum Key Distribution
Authors:
Douglas Stebila,
Michele Mosca,
Norbert Lütkenhaus
Abstract:
Quantum key distribution (QKD) promises secure key agreement by using quantum mechanical systems. We argue that QKD will be an important part of future cryptographic infrastructures. It can provide long-term confidentiality for encrypted information without reliance on computational assumptions. Although QKD still requires authentication to prevent man-in-the-middle attacks, it can make use of e…
▽ More
Quantum key distribution (QKD) promises secure key agreement by using quantum mechanical systems. We argue that QKD will be an important part of future cryptographic infrastructures. It can provide long-term confidentiality for encrypted information without reliance on computational assumptions. Although QKD still requires authentication to prevent man-in-the-middle attacks, it can make use of either information-theoretically secure symmetric key authentication or computationally secure public key authentication: even when using public key authentication, we argue that QKD still offers stronger security than classical key agreement.
△ Less
Submitted 2 December, 2009; v1 submitted 17 February, 2009;
originally announced February 2009.
-
Efficient discrete-time simulations of continuous-time quantum query algorithms
Authors:
R. Cleve,
D. Gottesman,
M. Mosca,
R. D. Somma,
D. L. Yonge-Mallo
Abstract:
The continuous-time query model is a variant of the discrete query model in which queries can be interleaved with known operations (called "driving operations") continuously in time. Interesting algorithms have been discovered in this model, such as an algorithm for evaluating nand trees more efficiently than any classical algorithm. Subsequent work has shown that there also exists an efficient…
▽ More
The continuous-time query model is a variant of the discrete query model in which queries can be interleaved with known operations (called "driving operations") continuously in time. Interesting algorithms have been discovered in this model, such as an algorithm for evaluating nand trees more efficiently than any classical algorithm. Subsequent work has shown that there also exists an efficient algorithm for nand trees in the discrete query model; however, there is no efficient conversion known for continuous-time query algorithms for arbitrary problems.
We show that any quantum algorithm in the continuous-time query model whose total query time is T can be simulated by a quantum algorithm in the discrete query model that makes O[T log(T) / log(log(T))] queries. This is the first upper bound that is independent of the driving operations (i.e., it holds even if the norm of the driving Hamiltonian is very large). A corollary is that any lower bound of T queries for a problem in the discrete-time query model immediately carries over to a lower bound of Ω[T log(log(T))/log (T)] in the continuous-time query model.
△ Less
Submitted 26 November, 2008;
originally announced November 2008.
-
Approximating Fractional Time Quantum Evolution
Authors:
L. Sheridan,
D. Maslov,
M. Mosca
Abstract:
An algorithm is presented for approximating arbitrary powers of a black box unitary operation, $\mathcal{U}^t$, where $t$ is a real number, and $\mathcal{U}$ is a black box implementing an unknown unitary. The complexity of this algorithm is calculated in terms of the number of calls to the black box, the errors in the approximation, and a certain `gap' parameter. For general $\mathcal{U}$ and l…
▽ More
An algorithm is presented for approximating arbitrary powers of a black box unitary operation, $\mathcal{U}^t$, where $t$ is a real number, and $\mathcal{U}$ is a black box implementing an unknown unitary. The complexity of this algorithm is calculated in terms of the number of calls to the black box, the errors in the approximation, and a certain `gap' parameter. For general $\mathcal{U}$ and large $t$, one should apply $\mathcal{U}$ a total of $\lfloor t \rfloor$ times followed by our procedure for approximating the fractional power $\mathcal{U}^{t-\lfloor t \rfloor}$. An example is also given where for large integers $t$ this method is more efficient than direct application of $t$ copies of $\mathcal{U}$. Further applications and related algorithms are also discussed.
△ Less
Submitted 23 April, 2009; v1 submitted 21 October, 2008;
originally announced October 2008.
