ABSTRACT

1
A Quantum Algorithm for Testing for Mersenne
Primes
Kyle Box and Harsh Mathur Department of Physics,
CWRU 10900 Euclid Ave., Cleveland, OH 44106
ABSTRACT In this project we will be looking for a
quantum algorithm to solve a specific number
theory problem - testing for Mersenne primes.
Prime numbers play an important role in modern
life, mostly in various data encryption schemes,
and Mersenne primes have a particularly
interesting and simple structure They are primes
which are one less than a power of 2. Currently,
Shors Algorithm is the only quantum algorithm
for an important problem that is better than its
classical counterpart. The algorithm is used for
factoring integers, which classically requires
exponential time. Shors Algorithm only requires
time polynomial in the log of the integer. This
project will attempt to find a quantum algorithm
that will successfully test whether a number if a
Mersenne prime, and ideally will perform faster
than classical algorithms. QUANTUM COMPUTING
The usefulness of this gate is that it takes a
basis qbit into a superposition of the two basis
qbits, with equal probability of measuring each.
By chaining together n Hadamard gates, an n-bit
quantum register is put in a superposition of
, , ..., which which can then be sent
into other gates for parallelization as described
above. Just like classical gates, we can denote
the Hadamard gate schematically. There are some
other problems that quantum computers need to
address. Classically, bits can be created and
destroyed at will they are just electrical
pulses. Quantum mechanically, the qbits are
encoded on physical components that can not be
arbitrarily created and destroyed. This means
that any qbits used just within a gate -- helper
qbits -- need to be provided as input and output
and, in fact, may have their states changed
through the course of the computation. This issue
can be addressed by requiring the quantum gates
be reversible, which effectively allows us to
ignore any consideration of additional qbits
because we can return them to their initial
states. Unfortunately, most gates are not
reversible, such as the three 2-bit classical
gates we introduced (AND, OR, XOR). The simplest
way to resolve this is to provide the quantum
gate with separate input and output registers in
other words, a quantum gate that implements the
function f is a transformation of the form
. MERSENNE PRIMES
We can then write xy as For each xi, we can
decompose y in a similar fashion to obtain xiy
(yn-1xi) ltlt (n-1) (yn-1xi) ltlt (n-2)
(y1xi) ltlt 1 (y0xi) ltlt 0 vastly reducing the
complexity. Note that this is equivalent to
multiplying each bit in y by xi without modifying
the order.
xy (xn-1ltlt (n-1) xn-2 ltlt (n-2) x1 ltlt 1 x0 ltlt 0)y
(xn-1y) ltlt (n-1) (xn-2y) ltlt (n-2) (x1y) ltlt 1 (x0y) ltlt 0
Thus, we introduce the single bit multiplier m1.
It takes 2 input bits and produces 1 output bit,
without the need for any auxiliary bits. Its
black box schematic, was also shows its explicit
function, is indicated in figure 6. From the
single bit multiplier, we can introduce the
1xn-bit multiplier mn. Based on the
decompositions above, it is a series of m1 gates,
as indicated in figure 7. Finally, we can combine
the mn in series,
Figure 6 Black box schematic for m1.
Classical computers store their data in classical
bits, which contain the discrete values 0 or 1.
Arithmetic is performed on this bits via gates
the NOT gate is the simplest non-trivial gate,
and it merely inverts the bit and 0 becomes a 1
and a 1 becomes a 0. This and the identity gate
represent all possible actions on a single bit.
With 2 input bits, we have a total of 4 possible
input values. Every input has 2 possible outputs,
giving us 24 16 possible actions. There are
three gates that are particularly interesting
the AND, OR, and XOR gates, whose actions are
shown in table 1.
Input Bits AND OR XOR
0 0 0 0 0
0 1 0 1 1
1 0 0 1 1
1 1 1 1 0
series, along with adders, to construct the
general n bit multiplier Mn, as shown in figure
8. Note that some additional notations were
adopted thicker lines represent multiple qbits
in parallel (called a bus), and the red digit
represents its width (so the bus y is a n-qbit
wide number, as expected). The bit shift is
handled by just appending 0s to the end of the
least significant bit, which also results in
widening the bus. An X at the end of a wire
indicates that it will not be used after that
point for auxiliary bits, this means we can
re-use them after properly returning them to 0.
Figure 1 Actions of classical AND, OR, and XOR
gates.
Prime numbers have always interested
mathematicians, although for most of history the
were only interesting from a mathematical
standpoint. Some primes have been grouped into
subcategories, where they follow some simpler
pattern, but there is no known overall pattern
for all primes. Interesting properties have been
observed, such as the Ulam spiral shown in figure
5, but the effect is unexplained. One such
category of primes are the Mersenne primes, which
are prime Mersenne numbers. Mersenne numbers are
simply numbers for the form 2n-1. This simplicity
is especially clear in a binary representation
Mersenne numbers are all 1s. Most existing
quantum algorithms are based on number
theoretical problems, which is a good indication
that this is a promising field for exploration.
It is due to this fact and the simple form of
Mersenne primes that this specific problem was
chosen as a good possibility for a quantum
algorithm.
Figure 7 Construction of the mn multiplier from
the m1 multiplier.
Multiple gates can be chained together to
introduce more complicated arithmetic. A full
adder, which is used to perform the addition of
two bits, is composed of just 2 AND gates, 2 XOR
gates, and 1 OR gate. The adder has three inputs
(the two bits to add and a carry in bit) and two
outputs (result of the sum and the carry out
bit) the gate-level implementation is shown in
figure 2a using the typical symbols for each
gate. Chaining together n full adders results in
an n-bit ripple carry adder, as in figure 2c. As
it turns out, all classical algorithms can be
implemented with some combination of the
identity, NOT, AND, OR, and XOR gates. Quantum
computers operate on a similar principle. The
data is stored in a quantum bit (qbit for short).
However, these qbits are encoded as states in
some two-level quantum mechanical system (the
typical example is the spin of an electron spin
up corresponds to , and spin down is ). The
two qbits must compose a basis of the system
then any state in the system
Figure 8 Construction of the nxn bit multiplier
from simpler gates.
With the multiplication handled, we next need to
handle the subtraction. The simplest way would be
to encode our number using 2s complement, but
this means our multiplier needs to handle
negative numbers (which it does not). A simpler
approach is to recognize that we can make the
result mod Mp after every multiplication and
subtraction step, and note that k 2 (mod Mp)
k Mp 2 (mod Mp) Then instead of subtracting
2, we can add Mp 2, and ignore the problem of
negative numbers. The final step is the modulus
function. Fortunately, there is a lemma we can
use to make this step much simpler. k (k mod
2n) floor(k / 2n) (mod 2n 1) The first term
is equivalent to taking the first n qbits of the
number, while the second is equivalent to taking
all but the first n qbits. Thus, we need only
break the qbit into two distinct sections, add
them through an adder, and repeat until we have n
or fewer qbits. Since the largest value we can
have at the end of any modulus is 2n2, the
largest value at the end of the multiplicative
and additive step is (2n2)(2n2) 2n1 2
22n 2n2 4 2n 3 lt 22n for n gt 0. Hence,
this operation converges in at most 2 steps. The
only problem case is when k 0 (mod Mp) then
our algorithm will give a answer of Mp instead of
0. This can be handled by checking explicitly for
Mp at the end of the modulus step, or outright
ignoring it and continuing into the next step
with the value Mp we are not actually required
to take the modulus at every step, but it is
convenient to do so to reduce space constraints.
Figure 5Ulam spiral, created by writing the
first n integers in a spiral with 1 at the center
and marking primes. Image courtesy Wikipedia
http//en.wikipedia.org/wiki/Ulam_Spiral
Figure 2 a) Implementation (top left), b) black
box schematic (top right) of a full adder, and c)
a 4-bit adder (bottom). Images courtesy of
Wikipedia http//en.wikipedia.org/wiki/Adder_28e
lectronics29
CLASSICAL ALGORITHM Before working on a quantum
algorithm, the classical algorithm needs to be
understood. The most common algorithm is the
Lucas-Lehmer test, which is a simple recurrence
relationship. The relation starts by defining s0
4, si si-12 2 the first three terms of the
sequence are 4, 14, and 194. Then 2p-1 is prime
if and only if sp-20 (mod Mp). The running time
of the algorithm on the number 2p-1 is O(p3),
with the recurrence loop running p times and the
multiplication having O(p2) complexity in each
loop. Taking advantage of the FFT, the
multiplication step can be sped up
slightly. APPROACH The initial approach was to
consider a quantum implementation of the
classical algorithm, and then look for potential
areas of speed-up. Unfortunately, we are unable
to use the powerful parallelization available to
us directly, but there are other potential
tricks. Another possible approach is to attempt
to build a completely new algorithm from the
beginning, without any consideration to the
classical algorithm, but with the limited
timeframe this approach was deemed too unlikely
to produce a result. The classical algorithm
consists of two major parts, which requires the
implementation of three gates. The first is the
arithmetic part, which requires a multiplication
gate (or a potentially simpler squaring gate) and
an addition gate. The second part is the modulus,
which requires a modulus gate. Research into
addition gates has been done, and many
implementations have been proposed (references?).
Thus we must handle the creation of a
multiplication and modulus gate. Research into a
quantum algorithm for multiplication is scarce,
although a quantum algorithm based on Booth's
multiplication algorithm for signed numbers has
been proposed. Since our numbers will be
positive, we can ignore a sign bit and thus we
need not consider address the problem of signed
numbers. The approach taken to implement
multiplication is based on the manual way of
doing it. First, we note that we can express a
binary number d as dn-1 ltlt (n-1) dn-2 ltlt (n-2)
d1 ltlt 1 d0 ltlt 0 where ltlt m represents a
bit shift to the left by m digits.
system can be represented a superposition of
and . One way to view a qbit is by the Bloch
sphere, a geometrical representation of a qbit,
which is shown in figure 3. The state ? is
represented by
, and as long as ? is not 0gt or 1gt the
representation is unique.
Just as classical computers store larger sets of
data by putting bits together, we can have n
entangled particles each encoding a separate qbit
of an n-qbit system. Such a collection of
entangled qbits is called a quantum register.
Unlike classical registers, which have definite
values, a n qbit quantum register can be in a
superposition of all 2n possible states. Our
notation is to write a quantum register simply as
, where x is the decimal equivalent of the
binary number xn-1xn-2x1x0. This superposition
allows for a huge amount of parallelization when
we perform a single operation on a range of
values. Classically we must calculate f(0), f(1),
... one at a time, for a total of 2n operation.
Quantum mechanically, we can put our register in
a superposition of aaa, , and perform the
calculation on this superposition. The end result
is a superposition
The final algorithm, as implemented quantum
mechanically, is an iterative process just like
the classical algorithm. The work at each step is
shown in figure 9 the output is fed back into
the same series
Figure 9 The iterative step of the final
algorithm. Si is fed back into the same gates
until the desired value is reached.
Figure 3 Bloch sphere representation of a qbit.
Image courtesy of Wikipedia http//en.wikipedia.o
rg/wiki/Bloch_sphere
of gates until we obtain sp-2, which we check for
equivalence to 0 (mod Mp) to determine if Mp is
prime. There are a few notational things to note,
again. The red numbers indicate the width of each
bus. The dark red indicates how we split the bus
MSB stands for most significant bits and LSB
stands for least significant bits. FUTURE
WORK There is much room for improvement in our
algorithm. The multiplication gate is far from as
efficient as possible, but time constraints
prevented a heavy focus on its optimization. In
particular, one could attempt to implement the
classical multiplication algorithm, which by
itself is faster than our implementation.
Furthermore, the most efficient multiplication
implementation takes advantage of the fast
Fourier transform. This is suggestive that the
quantum Fourier transform may be employed for
further speed increase. The modulus step is
probably as efficient as it can get, unless there
is some quantum mechanical trick for speed up
with the general modulus algorithm that makes it
faster than the trick we employed. References D
raper, Thomas G. Addition on a Quantum
Computer. 2000 Aug 7. arXiv.org. 14 April
2008 lthttp//arxiv.org/abs/quant-ph/0008033
gt Mermin N. Quantum Computer Science. Cambridge
Cambridge University Press, 2007.
superposition of , , ...
What took us 2n operations classically takes 1
quantum mechanically! Unfortunately, there is no
way to extract all this information. As soon as
we take a measurement to find one of the values,
the state collapses into one of the two basis
vectors and we lose all other information. A
common trick with quantum algorithms, them, is to
find a way to manipulate the output superposition
so that we have a high probability of obtaining
useful information. Shor employed this trick in
his factoring algorithm, which runs exponentially
faster than any classical factoring
algorithm. Exactly like classical computers,
arithmetic on quantum computers is performed via
quantum gates, which are implemented as operators
on various numbers of qbits. Due to the property
of superposition, there are infinitely more
possible quantum gates than classical gates. Of
course, the identity and the NOT gates are
possible, but there is also the particularly
useful Hadamard Hadamard gate, whichis defined
as .