Invitation to a Contemporary Physics (2004)
.pdf
6.9. Hardware and Error Correction |
215 |
6.8.1Summary
An unstructured database of N records can be sorted in O(N) steps classically, but
√
only O( N ) steps quantum mechanically. The Grover algorithm for doing that starts with the uniform state of all records to enable maximal parallel processing, then it uses the sorting criterion to design a filter to weed out the unwanted records. When this filtering procedure is carried out a suitable number of times, what is left is the desired record.
6.9 Hardware and Error Correction
All these nice quantum algorithms are useless unless we can build quantum gates to process them. That unfortunately is a di cult task for control gates, so much so that the largest quantum computer available, as of December 2001, is a 7-qubit system built by the IBM group, using the NMR scheme (to be discussed later). Earlier, in 2000, IBM also announced a 5-qubit device, each qubit being supplied by a fluorine atom in a single molecule.
To build a quantum computer, we must choose a medium to store the qubits, find ways to prepare an initial state, and means to read out the final state. We must also construct the quantum gates needed to manipulate the data, while maintaining coherence throughout their operations. Some of these problems have been solved in small prototypes, but not yet for large computers.
The amount of time it takes to carry out a gate operation is also an important parameter. The speed of the computer depends on it, and whether the state can stay coherent during that time may also depend on it. The ability to maintain coherence over a su ciently long time depends on the careful choice of the system and the basis states. Detailed discussion of this type tends to be technical so we will skip it.
For most systems, initial states and 1-bit gates are relatively simple to construct (see Sec. 6.4).
The final state of the particle can be read bit-by-bit using fluorescence, as depicted in the picture below. To do so an auxiliary state |aux which couples strongly to |1 is required. Suppose |aux is an energy νf above |1 . Shining an electromagnetic pulse of frequency νf on the particle in state |1 causes it to jump to |aux , and then it will relax into the ground state by emitting a fluorescent photon. Thus a florescent photon is present for |1 but not for |0 . If the particle is in a schizophrenic state, then the probability of detecting a photon is proportional to its probability to be in state |1 . Since the act of measurement generally changes the state of the particle, to get the probability we must repeat the calculation a su cient number of times. This will not change the estimate of the number of steps for an e cient algorithm if the number of repetitions is insignificant compared to that number of steps.
216 |
Quantum Computation and Information |
Needless to say, we may also take the occupation of |0 rather than |1 to fluoresce.
|aux |
|
|
|
|
|
|
|
|
|
|
|
|
|1 |
|
|
|
|
|
|
|0
2-bit controlled gates are much harder to construct, because of the necessary correlation between the control qubit and the data qubit. Its fabrication depends on the system as will be discussed later. In fact, the ability to produce 2-bit control gates is an important criterion for choosing the system.
We come to the question of errors. Errors are unavoidable, even in a classical computer. The problem is worse in a quantum computer because additional errors can creep in through decoherence and the quantum gate operations. To keep the calculation reliable, there must be ways to recognize the errors and the means to correct them. If errors occur too frequently, then there is nothing one can do except to build a better computer. If errors occurs infrequently, then there are well-known mechanisms in classical computers to recognize and correct for them. These go under names such as parity and majority voting; duplication and repetition are the keys. In a quantum computer, there are more ways for errors to occur, so a builtin error correction algorithm is even more crucial. We cannot do it quite like the classical way, because of the no-cloning theorem, and because we must correct for a continuous change between |0 and |1 , not just flips between 0 and 1. Nevertheless, the ideas are very similar, though the details are far more complicated, and beyond our present scope.
The number of steps in a quantum algorithm given previously assumes an idealized situation where no error correction is necessary. Since quantum error correction codes are longer than classical error correction codes, taking them into account will reduce the advantage we gained for a quantum algorithm over a classical algorithm. How much that sets us back depends on the quality of the quantum computer, which is inversely related to the length of the error correction code.
In the remainder of this section, we shall describe some systems used to experiment with the construction of qubits and quantum gates. We will concentrate on 2-qubit correlation, in some way the most di cult objective to achieve, but absolutely needed for the construction of 2-bit control gates.
6.9.1 Trapped Ions
This system consists of a string of ions placed in a linear Paul trap. A linear Paul trap is a device using static and radio-frequency electric fields to confine charged particles along a line. Each ion, depicted below by a round dot, represents a qubit with its two selected levels. The entire chain of ions is laser cooled and vibrates
6.9. Hardware and Error Correction |
217 |
together, either in its vibrational ground state, or the first excited state, thus creating another qubit (called phonons) which is depicted by a pair of thick lines. The phonon is clearly coupled to the qubit of each ion because an ion is part of the chain.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Suppose the ground state |0 and the excited state |1 of each ion is separated by an energy di erence ν, and the ground state |0 and the first excited state |1 of the phonon is separated by νp ν. The energy levels of the 2-bit state |phonon, ion can be taken to be 0, νp, ν, (ν + νp), respectively for the states |00 , |10 , |01 , |11 . Notice the di erence between this level structure and that of two ions. The energy di erence between |1 and |0 depends on what state the phonon is in. In other words, there is a correlation between the two qubits. This correlation can be used to construct control gates:
|
|
|aux |
|
|
|
¯(h ν + νp) |
|
|11 |
|
||
¯hν |
|
|01 |
|
¯hνp |
|
|10 |
|
||
0 |
|
|00 |
|
Let us illustrate this point by constructing a cu gate in which u leaves |0 unchanged but adds a minus sign to |1 . In this construction an auxiliary level |aux of the ion must be present, say with an energy νaux above |11 .
A pulse of frequency νaux shone on the ion for a suitable amount of time can cause |11 to jump to |aux and then back to itself, gaining a minus sign. None of the other states are a ected because that particular frequency cannot excite any others. In this way it accomplishes what the desired cu gate sets out to do.
This scheme works for a |phonon, ion state but not a |ion, ion state, because of the lack of direct coupling between the two ions. To see this more clearly, assume again that there is an auxiliary state |aux in an ion. Since the two ions are identical, this state will be present in the other ion as well. Now a pulse shone on one ion can cause its |1 state to jump to |aux and back, but that would be the case whether
218 |
Quantum Computation and Information |
the other ion is in state |0 or |1 . This lack of correlation makes it impossible for either ion to act as a control bit.
6.9.2Photons
In this system, 0 is represented by a photon coming in one direction, and 1 is represented by a photon coming from an orthogonal direction. The 1-bit gate of this system is shown in the first graph in Sec. 6.4.
For detection of photons, one can use charge coupled devices (CCD) and photomultipliers. However, single photon detectors are not yet well developed.
Production is more tricky, because we need to have exactly one photon in the channel. A laser pulse produces many photons, but if we make it su ciently weak, then the probability of having two or more photons can be made arbitrarily small. However, in that case, there is also a higher probability of having no photon, than having one. This would severely a ect the speed of the computer, but even without worrying about that, we must also have a non-destructive way to find out when a photon is present to do the calculation. This can be achieved through non-linear optics. Material exists that can convert one photon into two less energetic ones. One of these two photons is detected destructively in the usual way, but the other is untouched so it can go on to do its job.
What eventually fails this simple system is the great di culty in constructing 2-bit gates. For that, we need two photons to interact to produce correlations. Photons hardly interact directly, but in principle, this can be achieved through some non-linear material by using the Kerr e ect.
The Kerr e ect refers to a dependence of the index of reflection of a material on the intensity of the beam. In this system, the 2-bit states |01 and |10 are represented by two photons traveling in opposite directions, and the 2-bit states |00 and |11 are represented by photons traveling in the same direction. This causes the intensity to go up and a shift in the index of refraction of the material to occur, thus causing a relative phase shift between the states |00 and |11 on the one hand, and |01 and |10 on the other hand. This correlation can be exploited to construct 2-bit controlled gates.
The problem is, all known Kerr materials have a weak dependence on the intensity. Moreover, these materials cause a lot of absorption. To overcome the first problem, the Kerr material the photons go through has to be thick, but then we run into the second problem, which nobody knows how to solve at the moment.
6.9.3Nuclear Magnetic Resonance (NMR)
In the presence of a static magnetic field, the two degenerate levels of a spin- 12 nucleus split up. The size of this Zeeman e ect depends on the strength of the
6.9. Hardware and Error Correction |
219 |
magnetic field, as well as the magnitude of the nuclear magnetic moment. Since the magnetic moment of a particle is inversely proportional to its mass, nuclear magnetic moments are small because nuclei are heavy. The resonance frequency between the Zeeman doublets of a hydrogen nucleus is typically around 500 MHz in a 11.7 tesla magnetic field. This radio-frequency pulse has a wavelength much larger than the size of an atom, so it is very di cult to target the pulse at a single nucleus unless the atoms are very far apart. The other di culty is the weakness of the signal generated by a single nucleus, because of the smallness of its magnetic moment. The only recourse then is for the pulse to address many molecules and their nuclei all at once, usually in a solution to allow free movements of the molecules.
There is another di culty, arising from the small energy di erence between the Zeeman doublet, because it is far smaller than the thermal energy at room temperature. As a result, the system is no longer in its ground state, as thermal excitation causes both |0 and |1 to be occupied, though the occupation number of the ground state |0 is slightly larger than that of the |1 state. We shall refer to this e ect as thermal pollution. How can we separate a |0 from a |1 then? And, since we are not targeting individual nuclei, how can we get several qubits out of the system?
The second problem is solved by using, in the solution, molecules with several atoms. In the ideal situation, (the nucleus of) each atom of the molecule represents a di erent bit. The reason why this works is the same reason why NMR is useful in chemistry. The magnetic field felt by the nucleus is shielded by the electronic cloud in the molecule. Thus, depending on its local electronic environment, the NMR frequency may di er from nucleus to nucleus. In chemistry this is used to probe the environment of the nucleus, namely, the molecular structure. For our purpose, we use this property to set up several distinct qubits, if their corresponding nuclei have su ciently di erent NMR frequencies. By using (or detecting) radio pulses of the right frequency, we can selectively address (or detect) a particular qubit. For example, if the Zeeman frequency of the ith nucleus is νi, then a |1 state in the ith bit will yield an NMR line of frequency νi when it decays, whereas such a line will be absent if this bit is |0 . By counting which of these lines is present, we will be able to tell which bits are 1 and which bits are 0.
As mentioned before, a 7-qubit NMR quantum computer has been successfully constructed by IBM. Unfortunately, we cannot expect a sizable quantum computer to be built this way because it is very hard to scale up NMR computers indefinitely. To do so, we need to find a molecule large enough whose distinct NMR signals for di erent nuclei can be controlled. Even so, thermal pollution, which increases with the number of qubits, will eventually drown out the signal and render the computer unworkable.
Still, pretending there is no thermal pollution, let us see how gates can be constructed in this system. 1-bit gates are constructed in the usual way by suitable radio pulses. 2-bit controlled gates require interactions between two nuclei, which
220 |
Quantum Computation and Information |
fortunately is naturally present in the form s1s2νN , where s1 = ±21 and s2 = ±12 indicate the |1 /|0 state of each nucleus. This interaction is small — νN ν1, ν2 — nevertheless it causes the energy of the first nucleus to depend on the state of the second nucleus, and vice versa, as is the case between the ion bit and the phonon bit in the ion-trap system. We can therefore exploit this correlation in a similar way to construct control gates.
Finally, let us consider how thermal pollution is dealt with. Suppose n1 and n0 are respectively the number of nuclei in the states |1 and |0 , with n0 > n1. We can consider this as having (n0 − n1) nuclei in the quantum state |0 , in the midst of an incoherent background of n1 nuclei found equally in the two states. It can be shown that this incoherent background is not a ected by unitary gate operations, so in the idealized situation we can ignore it and concentrate only on what the |0 state is doing as it goes through the gates. At the end, the incoherent background has to be subtracted out to get the final answer. Since the incoherent background is much larger than the signal, this gets to be very di cult when too many qubits are involved.
6.9.4 Other Systems
None of the systems considered above seem to be ideal for scaling up the size of the quantum computer. Solid state devices like quantum dots (see Chapter 5) and superconductors may have a better chance in that regard. There is now an active program in these areas, but the success is still fragmentary. Only more research will be able to tell what the best system is going to be.
6.9.5Summary
Practical issues in the construction of a quantum computer are briefly discussed. Maintenance of coherence and the ability to construct 2-bit control gates are two of the most important issues governing the selection of a practical medium. Among them, systems using ion traps, photons, and nuclear magnetic resonance are separately discussed.
6.10Cryptography
We might think that cryptography is for spies — not so in this electronic age. If you do not want people to snoop on your communications, if you do not want information on your credit card to be stolen when shopping on the Internet, and if you do not want your transaction with the bank to be known to others, you have to encrypt your message before you communicate. In modern browsers this is done for you automatically, using the RSA public key system. This and a private key system
6.10. Cryptography |
221 |
will be discussed in this section, with special attention to how quantum technology may a ect their outcome.
To begin with, we shall always assume the original message (known as the plaintext) to be expressed in integers. For example, we may use a two-digit decimal number to represent every key on the computer keyboard. The numbers 0 to 9 could be represented by 01 to 09, the 26 lower case letters ‘a’ to ‘z’ could be represented by 11 to 36, and the 26 upper case letters ‘A’ to ‘Z’ could be represented by 41 to 66, leaving 99 to represent space, and all other numbers up to 98 to represent the punctuation marks and the rest. The plaintext message ‘Send me 1000 dollars’ will appear in numerical form as 59 15 24 14 99 23 15 99 01 00 00 00 99 14 25 22 22 11 28 29.
This ad hoc system of convention is not in use; it is presented here just for simple illustration. There are more standard conversion schemes, like the ASCII code, which are usually used. We shall always assume that the sender and the receiver have agreed on which conversion scheme is being used, so that when the plaintext is sent directly, they can understand each other. The method of encryption discussed below is independent of the conversion scheme.
For security reasons, instead of sending the message over an open channel, the sender A (often known as Alice) converts the plaintext numbers into coded numbers, which only the intended receiver B (often known as Bob) can decipher. An eavesdropper E (often known as Eve) may be able to intercept the string of coded numbers, but she will have absolutely no idea what they mean.
6.10.1Private Key System
In this system, both A and B possess a highly guarded string of numbers, known as a private key. A codes her message by combining the numbers in the plaintext with the numbers of the private key in some reversible manner. When B receives the coded message, he simply reverses the process, combining the coded message with the private key to get back the plaintext.
Let us illustrate this with the ad hoc conversion scheme above, taking as the private key k the numerical value of π with the decimal removed:
k = 3141592653589793238462643383279502884197169399375 . . .
In practice we would never use such an obvious private key that every scientist can guess at, but for illustrative purpose this would do.
Since each character of the ad hoc system is given by a number between 0 and 99, we shall separate the string of numbers in the plaintext p and the private key k into pairs. We can create the coded number c by adding the corresponding pairs in p and k, modulo 100. For example, the coded message c for the plaintext ‘Send me 1000 dollars’ appears as follows:
222 |
Quantum Computation and Information |
||||||
|
S |
e |
n d |
m |
e |
1 |
0 |
|
p 59 15 24 14 99 23 15 99 01 00 |
||||||
|
k 31 41 59 26 53 58 97 93 23 84 |
||||||
|
c 90 56 83 40 52 81 12 92 24 84 |
||||||
|
0 |
0 |
d o |
l |
l |
a r |
s |
|
p 00 00 99 14 25 22 22 11 28 29 |
||||||
|
k 62 64 33 83 27 95 02 88 41 97 |
||||||
|
c 62 64 32 97 52 17 24 99 69 26 |
||||||
When B receives the coded message c, all he has to do is subtract k from it (modulo 100) to recover the plaintext p.
The private key system is absolutely secure if the key is as long as the message, kept confidential, and used only once. In practice that is almost impossible to achieve. To compromise, we might have a key of finite number of digits, 2L say, and we can use it to code blocks of plaintext L characters long. We can also use the same key in several messages, but we must make sure that it is not used too often, for if many messages coded the same way have been intercepted, then there may be ways to figure out the key because some letters are statistically used more frequently than others. For that reason the private key k has to be changed often, but then the di culty is how to communicate the new private key between A and B in a secure way. It is here that quantum properties can help.
According to the no-cloning theorem discussed in Sec. 6.4, quantum states cannot be copied faithfully without altering them. It is essentially this property that allows a private key to be transmitted securely between A and B. To illustrate how this is done, let us discuss the system of C.H. Bennett and G. Brassard using polarized photons. In practice, it is not easy to communicate quantum information over a large distance, because of decoherence and absorption. However, using optical fibers, this scheme has now been carried out successfully over many kilometers.
In this scheme, A sends B her private key over an open channel. The key is sent in binary using linearly polarized photons to represent 0 and 1. The trick is to transmit them randomly between two polarization bases. In one basis, to be denoted by , photons polarized along the x-direction represent a 1 and photons polarized along the y-direction represent a 0. In the other basis, to be denoted by , photons polarized along the 45◦ line represent a 1, and photons polarized along the 135◦ line represent a 0. The polarized states of one basis is an equal superposition of the states in another basis, so according to the probability rules of quantum mechanics, a 0 in the basis has equal probability of being read o as a 0 or a 1 in the basis.
To begin with, A sends the private key she invented to B using randomly one of these two basis for each bit. The random basis provides the coding and the security, as we shall see. Not knowing what basis A uses to send out a bit, B will detect the coded message using another random set of bases of his choice. For a given bit
6.10. Cryptography |
223 |
being sent out, say 0, B will detect it as a 0 if he happens to use the same basis she uses, but B will detect it with equal probability either as a 0 or a 1 if he happens to use the other basis.
Now A and B talk over an open channel to tell each other the bases they used for each bit, and then they keep only those bits where they happen to use the same basis. This shortened message is known as the sifted key. In doing so of course they have to agree on a way to authenticate themselves so that no imposter can get into the act at this point.
Suppose the signal sent from A is intercepted by E before it gets to B. Depending on the basis E uses, she may or may not get the right bit that A sends out, and she will not know. After intercepting a bit, E either resends it in the state she detects it, or not. If she does not resend it, then B will have a lost bit and that bit will be discarded in the sifted key. If she resends it to B, and that happens to be the wrong bit because E is using the wrong basis, then the sifted key determined by B may not be identical to the sifted key possessed by A. To guard against this, A and B have to get on the open channel again to compare a portion of the sifted key. If every bit of this test portion coincides, chances are that there are no eavesdroppers. In that case they discard this tested portion (which has become open knowledge) and use the remainder of the sifted key as their final private key. If some of the bits of the test portion do not coincide, then there could either be a transmission error, or an indication of the presence of an eavesdropper. If the number of disputed bits is small, they can still use the sifted key as the private key after discarding the tested portion. In that case if E is present, she will only get a small portion of the private key which is likely to be useless to her. The details of this can be worked out mathematically to determine how small a portion is tolerable.
Let us illustrate this with an example, in which no disputed bits occur in the tested portion. The original message from A is given in the first two lines, and the received message in B’s basis is given in the next two lines. The sifted key is indicated in the fifth line, and the tested bits are indicated by a × in the sixth line, leaving the final private key in the last line:
A’s basis |
|
||||||||||||
A’s message |
1 |
1 |
0 |
1 |
0 |
0 |
0 |
0 |
1 |
1 |
0 |
1 |
0 |
B’s basis |
|
||||||||||||
received message 1 |
1 |
0 |
1 |
1 |
0 |
0 |
0 |
1 |
1 |
1 |
1 |
0 |
|
sifted key |
1 |
|
0 |
1 |
|
0 |
0 |
0 |
1 |
|
|
1 |
0 |
test portion |
|
|
× × |
|
|
× × |
|
|
|
× |
|
||
private key |
1 |
|
|
|
|
0 |
|
|
1 |
|
|
|
0 |
To summarize, a raw key in binary is transmitted from A to B via the two linearly polarized states of a photon. To ensure security, each bit is sent out randomly using one of the two polarization bases, or . B detects the bits in a set of random bases of his choice, so the received bit coincides with the transmitted bit when
224 |
Quantum Computation and Information |
A and B happen to use the same basis for that bit. Subsequent to the message, A and B compare their bases openly and retain only those bits for which their bases are the same. This constitutes the sifted key. To test whether an eavesdropper is present, they take the same portion from each sifted key to compare them over an open channel. If they are almost identical, a private key is obtained by discarding this test portion from the sifted key. Otherwise, the method fails.
6.10.2The RSA Public Key System
In the private key system, the sender and the receiver both possess the same private key. In the public key system, B supplies everybody with a public key which can be used to code their messages to B. To decode these messages, B keeps a secret key to himself. This system is convenient because the secret private key does not have to be transmitted. Moreover, everybody can send B a coded message that only B can decipher. The drawback is that this system is not absolutely secure, though it can be designed so that it is almost impossible to break, not with the present computational power anyway. We shall illustrate this system with a very famous scheme invented by R. Rivest, A. Shamir, and L. Adleman, known as RSA encryption. It works as follows.
B picks two large prime numbers, p and q, and computes from them two public keys N and k, which he broadcasts, and a secret key s, which he retains. The public key N is simply N = pq, and the second public key k is any number which has no common factor with p −1 nor q −1. The secret key is computed using the following formula:
s = kφ(φ(N))−1 mod φ(N) ,
where φ(N) is the Euler function defined below.
Given a positive integer n, φ(n) is defined to be the number of integers less than n which has no common factor with n. In this regard the number 1 is always considered to have no common factor with n, so φ(n) ≥ 1. If n is a prime number,
then no factor less than n has a common factor with it, |
so φ(n) = n − 1. If |
N = pq where both p, q are prime numbers, then φ(N) |
= (p − 1)(q − 1) for |
the following reason. The only number less than N that has a common factor with N is either an integral multiple of p, and there are q − 1 of them whose product with p is less than N, or, an integral multiple of q, and there are p − 1 of them. So the number of integers smaller than N with no common factor with it is (pq − 1) − (q − 1) − (p − 1) = (p − 1)(q − 1) = φ(N).
As an example for the computation of these three keys, let us suppose p = 11 and q = 13. Then N = 143. We may pick k to be any number without a common factor with p − 1 = 10 and q − 1 = 12. Let us pick k = 7 in this example. From the formula above, φ(N) = (p − 1)(q − 1) = 120, and one can find out from tables