Results 1  10
of
1,113
PolynomialTime Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer
 SIAM J. on Computing
, 1997
"... A digital computer is generally believed to be an efficient universal computing device; that is, it is believed able to simulate any physical computing device with an increase in computation time by at most a polynomial factor. This may not be true when quantum mechanics is taken into consideration. ..."
Abstract

Cited by 1277 (4 self)
 Add to MetaCart
(Show Context)
A digital computer is generally believed to be an efficient universal computing device; that is, it is believed able to simulate any physical computing device with an increase in computation time by at most a polynomial factor. This may not be true when quantum mechanics is taken into consideration. This paper considers factoring integers and finding discrete logarithms, two problems which are generally thought to be hard on a classical computer and which have been used as the basis of several proposed cryptosystems. Efficient randomized algorithms are given for these two problems on a hypothetical quantum computer. These algorithms take a number of steps polynomial in the input size, e.g., the number of digits of the integer to be factored.
A Fast Quantum Mechanical Algorithm for Database Search
 ANNUAL ACM SYMPOSIUM ON THEORY OF COMPUTING
, 1996
"... Imagine a phone directory containing N names arranged in completely random order. In order to find someone's phone number with a probability of , any classical algorithm (whether deterministic or probabilistic)
will need to look at a minimum of names. Quantum mechanical systems can be in a supe ..."
Abstract

Cited by 1135 (10 self)
 Add to MetaCart
Imagine a phone directory containing N names arranged in completely random order. In order to find someone's phone number with a probability of , any classical algorithm (whether deterministic or probabilistic)
will need to look at a minimum of names. Quantum mechanical systems can be in a superposition of states and simultaneously examine multiple names. By properly adjusting the phases of various operations, successful computations reinforce each other while others interfere randomly. As a result, the desired phone number can be obtained in only steps. The algorithm is within a small constant factor of the fastest possible quantum mechanical algorithm.
Quantum complexity theory
 in Proc. 25th Annual ACM Symposium on Theory of Computing, ACM
, 1993
"... Abstract. In this paper we study quantum computation from a complexity theoretic viewpoint. Our first result is the existence of an efficient universal quantum Turing machine in Deutsch’s model of a quantum Turing machine (QTM) [Proc. Roy. Soc. London Ser. A, 400 (1985), pp. 97–117]. This constructi ..."
Abstract

Cited by 574 (5 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper we study quantum computation from a complexity theoretic viewpoint. Our first result is the existence of an efficient universal quantum Turing machine in Deutsch’s model of a quantum Turing machine (QTM) [Proc. Roy. Soc. London Ser. A, 400 (1985), pp. 97–117]. This construction is substantially more complicated than the corresponding construction for classical Turing machines (TMs); in fact, even simple primitives such as looping, branching, and composition are not straightforward in the context of quantum Turing machines. We establish how these familiar primitives can be implemented and introduce some new, purely quantum mechanical primitives, such as changing the computational basis and carrying out an arbitrary unitary transformation of polynomially bounded dimension. We also consider the precision to which the transition amplitudes of a quantum Turing machine need to be specified. We prove that O(log T) bits of precision suffice to support a T step computation. This justifies the claim that the quantum Turing machine model should be regarded as a discrete model of computation and not an analog one. We give the first formal evidence that quantum Turing machines violate the modern (complexity theoretic) formulation of the Church–Turing thesis. We show the existence of a problem, relative to an oracle, that can be solved in polynomial time on a quantum Turing machine, but requires superpolynomial time on a boundederror probabilistic Turing machine, and thus not in the class BPP. The class BQP of languages that are efficiently decidable (with small errorprobability) on a quantum Turing machine satisfies BPP ⊆ BQP ⊆ P ♯P. Therefore, there is no possibility of giving a mathematical proof that quantum Turing machines are more powerful than classical probabilistic Turing machines (in the unrelativized setting) unless there is a major breakthrough in complexity theory.
Strengths and weaknesses of quantum computing
, 1996
"... Recently a great deal of attention has focused on quantum computation following a sequence of results [4, 16, 15] suggesting that quantum computers are more powerful than classical probabilistic computers. Following Shor’s result that factoring and the extraction of discrete logarithms are both solv ..."
Abstract

Cited by 381 (10 self)
 Add to MetaCart
Recently a great deal of attention has focused on quantum computation following a sequence of results [4, 16, 15] suggesting that quantum computers are more powerful than classical probabilistic computers. Following Shor’s result that factoring and the extraction of discrete logarithms are both solvable in quantum polynomial time, it is natural to ask whether all of NP can be efficiently solved in quantum polynomial time. In this paper, we address this question by proving that relative to an oracle chosen uniformly at random, with probability 1, the class NP cannot be solved on a quantum Turing machine in time o(2 n/2). We also show that relative to a permutation oracle chosen uniformly at random, with probability 1, the class NP ∩ co–NP cannot be solved on a quantum Turing machine in time o(2 n/3). The former bound is tight since recent work of Grover [13] shows how to accept the class NP relative to any oracle on a quantum computer in time O(2 n/2).
Selecting Cryptographic Key Sizes
 TO APPEAR IN THE JOURNAL OF CRYPTOLOGY, SPRINGERVERLAG
, 2001
"... In this article we offer guidelines for the determination of key sizes for symmetric cryptosystems, RSA, and discrete logarithm based cryptosystems both over finite fields and over groups of elliptic curves over prime fields. Our recommendations are based on a set of explicitly formulated parameter ..."
Abstract

Cited by 323 (8 self)
 Add to MetaCart
(Show Context)
In this article we offer guidelines for the determination of key sizes for symmetric cryptosystems, RSA, and discrete logarithm based cryptosystems both over finite fields and over groups of elliptic curves over prime fields. Our recommendations are based on a set of explicitly formulated parameter settings, combined with existing data points about the cryptosystems.
Elementary Gates for Quantum Computation
, 1995
"... We show that a set of gates that consists of all onebit quantum gates (U(2)) and the twobit exclusiveor gate (that maps Boolean values (x, y)to(x, x⊕y)) is universal in the sense that all unitary operations on arbitrarily many bits n (U(2 n)) can be expressed as compositions of these gates. We in ..."
Abstract

Cited by 280 (11 self)
 Add to MetaCart
We show that a set of gates that consists of all onebit quantum gates (U(2)) and the twobit exclusiveor gate (that maps Boolean values (x, y)to(x, x⊕y)) is universal in the sense that all unitary operations on arbitrarily many bits n (U(2 n)) can be expressed as compositions of these gates. We investigate the number of the above gates required to implement other gates, such as generalized DeutschToffoli gates, that apply a specific U(2) transformation to one input bit if and only if the logical AND of all remaining input bits is satisfied. These gates play a central role in many proposed constructions of quantum computational networks. We derive upper and lower bounds on the exact number of elementary gates required to build up a variety of two and threebit quantum gates, the asymptotic number required for nbit DeutschToffoli gates, and make some observations about the number required for arbitrary nbit unitary operations.
Faulttolerant quantum computation
 In Proc. 37th FOCS
, 1996
"... It has recently been realized that use of the properties of quantum mechanics might speed up certain computations dramatically. Interest in quantum computation has since been growing. One of the main difficulties in realizing quantum computation is that decoherence tends to destroy the information i ..."
Abstract

Cited by 264 (5 self)
 Add to MetaCart
(Show Context)
It has recently been realized that use of the properties of quantum mechanics might speed up certain computations dramatically. Interest in quantum computation has since been growing. One of the main difficulties in realizing quantum computation is that decoherence tends to destroy the information in a superposition of states in a quantum computer, making long computations impossible. A further difficulty is that inaccuracies in quantum state transformations throughout the computation accumulate, rendering long computations unreliable. However, these obstacles may not be as formidable as originally believed. For any quantum computation with t gates, we show how to build a polynomial size quantum circuit that tolerates O(1 / log c t) amounts of inaccuracy and decoherence per gate, for some constant c; the previous bound was O(1 /t). We do this by showing that operations can be performed on quantum data encoded by quantum errorcorrecting codes without decoding this data. 1.
Faulttolerant quantum computation by anyons
, 2003
"... A twodimensional quantum system with anyonic excitations can be considered as a quantum computer. Unitary transformations can be performed by moving the excitations around each other. Measurements can be performed by joining excitations in pairs and observing the result of fusion. Such computation ..."
Abstract

Cited by 229 (3 self)
 Add to MetaCart
(Show Context)
A twodimensional quantum system with anyonic excitations can be considered as a quantum computer. Unitary transformations can be performed by moving the excitations around each other. Measurements can be performed by joining excitations in pairs and observing the result of fusion. Such computation is faulttolerant by its physical nature.