Measurement-based Uncomputation Applied to Controlled Modular Multiplication
aa r X i v : . [ qu a n t - ph ] F e b Measurement-based Uncomputation Applied to Controlled Modular Multiplication
Panjin Kim and Daewan Han The Affiliated Institute of ETRI, Daejeon 34044, Korea ∗ This is a brief report on a particular use of measurement-based uncomputation. Though notappealing in performance, it may shed light on optimization techniques in various quantum circuits.
Circuit implementations of quantum algorithms oftenconfront a need for uncomputation to get rid of inter-mediate information. As an example relevant to thiswork, all known circuit implementations of Shor algo-rithm carefully deal with the issue. See, Beauregard’scomment on a garbage bit appearing in his modular ad-dition . The usual way of handling the uncomputation isto apply Bennett’s method , but recent progress in thefield explores a new direction .To illustrate the idea of measurement-based uncompu-tation, consider a bijective function f : x y and itsstandard quantum implementation U f : | x i| i 7→ | x i| y i .Since f is bijective, the information on x can be com-pletely removed while y remains still . An immediateway to do so is to find a circuit for f − and apply-ing it, typically resulting in doubling the cost. Now in-stead of computing f − , assume a unitary transforma-tion is applied to the first register locally, leading to astate P x ′ c ( x ′ , y ) | x ′ i| y i , where c ( x ′ , y ) is a probabilityamplitude. The probability amplitude is dependent notonly on x ′ but also on y if x and y have been entan-gled in the first place. If one carries out the measure-ment on the first register getting X ′ , the state wouldcollapse into (cid:2) c ( X ′ , y ) / | c ( X ′ , y ) | (cid:3) | X ′ i| y i . The phase c ( X ′ , y ) / | c ( X ′ , y ) | can be corrected by manipulating thesecond register since X ′ is known and the register is hold-ing the information on y . The first register is cleanlyseparated from the second register, thus X ′ can safely bereturned to 0 by any local means.One emphasis must be put on the efficiency ofthe method. Computation-based uncomputation allowsmore concrete resource estimates for the algorithms asthe number of gates and qubits would be the only con-cern, whereas measurement-based one further requiresintermediate measurements and classical feedback pro-cesses which can hardly be compared with other quantumresources as of the time of writing. Readers are kindlyadvised to take this direction as one of the options even ifit reduces the gate depth without involving more qubits.This report examines the use of measurement-baseduncomputation in controlled modular multiplication thatworks as an oracle in Shor algorithm in the query model.To be specific, the goal is to find a quantum circuit for U Shor : | i| x i| i w √ (cid:16) | i| x i| i w + | i| a x i| i w (cid:17) , (1)where the left-most ket is a single qubit state (data qubithereafter), the second register is space for encoding inte-gers, a x is x multiplied by a constant a modulo N ∈ Z , and | i w is a work register consisting of a certain num-ber of qubits. Efficient implementation of this kind ofoperation has been studied thoroughly (see, for exam-ple, Refs. 6 and 7 and related materials therein), but thepurpose of this work is not to insist on the optimality.Readers are assumed to be familiar with quantum arith-metics appearing in Shor algorithm. Understanding ofany explicit circuit construction is helpful, but Refs. 2and 8 could be the most easily accessible ones.Assuming a circuit for modular multiplication U M : | x i| y i w
7→ | x i| y + a x i w is given, a naive way to achievethe goal is to make use of C - U M , a controlled version of U M as follows: | i| x i| i wH (cid:16) | i| x i| i w + | i| x i| i w (cid:17) / √ C - U M (cid:16) | i| x i| i w + | i| x i| { a } [ x ] i w (cid:17) √ C -Swap (cid:16) | i| x i| i w + | i| a x i| x i w (cid:17) √ C - U M (cid:16) | i| x i| i w + | i| a x i| x − { a − } [ a x ] i w (cid:17) √ , (2)where H is a Hadamard gate, C -Swap is a controlledswap operation that roughly costs n (= ⌈ log N ⌉ ) Toffoligates, and multipliers and multiplicands are surroundedby curly and square brackets, respectively. The abovescheme is frequently adopted in the literature, notably bythe circuit designs with a small number of qubits .This scheme can be improved such that the role of C - U M is replaced by U M . A controlled version of a cer-tain operation is usually more expensive than its uncon-trolled counter-part, and thus replacing C - U M by U M likely leads to savings in cost. Note however that theamount of benefit depends on the underlying additioncircuit which is beyond the scope of this report. Theidea is to make use of the value 0 as multiplicands asmentioned in Ref. 6. The following procedure may helpreaders understand it. The coefficient 1 / √ | i| x i| i wH i| x i| i w + | i| x i| i wC -cp i| x i| i w + | i| x i| x i wU M i| x + { a − } [0] i| i w + | i| x + { a − } [ x ] i| x i wC -Swap i| x i| i w + | i| x i| a x i wU M i| x − { a − } [0] i| i w + | i| x − { a − } [ a x ] i| a x i w C -Swap i| x i| i w + | i| a x i| i w , (3)where C -cp is a controlled string copy requiring at most n Toffoli gates. Compared with Eq. (2), the above schemeeliminates a need for controlling two U M operations atthe cost of extra 2 n Toffoli gates.Measurement-based uncomputation can further mod-ify the scheme. The first five lines in Eq. (3) are appliedin the same way. Beginning with | i| x i| i w + | i| x i| a x i ,we apply U M to get | i| x i| i w + | i| x i| a x i U M i| x −{ a − − } [0] i| i w + | i| x −{ a − − } [ a x ] i| a x i w = | i| x i| i w + | i| a x i| a x i w . (4)The task is to transform | a x i w into | i w with as smallnumber of non-Clifford gates involved as possible. Phasekick-back technique with an appropriate Deutsch-Jozsa or Grover type oracle can be exploited as follows. Ap-plying Walsh-Hadamard transformation WH on the workregister of the last expression in Eq. (4) leads to | i| x i| i w + | i| a x i| a x i wWH X s e πi ( ~s · | i| x i| s i w + X s e πi ( ~s · a x ) | i| a x i| s i w , (5)where the symbols with an overhead arrow should be readas vectors in Z n and dot product is inner product modulo2. Normalization constants are still omitted from theexpression. Now measurement in computational basis iscarried out on work register giving rise to | i| x i| s i w + e πi ( ~ s · a x ) | i| a x i| s i w , (6)which is essentially equivalent to | i| x i| i w + e πi ( ~ s · a x ) | i| a x i| i w as the work register is no longerentangled with other qubits. To get rid of the remainingphase, observe that it is ± ~ s · a x . Let S = { s α , s β , ... } be an ordered set of nonzero digits in themeasured string s , f ( y ) = e πi~ s · ~y , and Y = { y α , y β , ... } bean ordered set of digits to be multiplied by s i ∈ S upon ~ s · ~y . Inspection tells us that f ( y ) = (cid:26) +1 , if P α y α ≡ − , if P α y α ≡ U f : | y i 7→ f ( y ) | y i , we would have | i| x i| i w + e πi ( ~ s · a x ) | i| a x i| i wU f i| x i| i w + | i| a x i| i w . (8)An oracle can be constructed as follows. Let us de-note positions of nonzero digits in the string s by α, β, γ, δ, ..., ψ, ω . Beginning with the position α in thesecond register, apply a controlled-NOT (CNOT) gatewith the qubit at α being a control and the qubit at β be-ing a target, i.e., CNOT αβ . Subsequent gates CNOT βγ ,CNOT γδ ,..., CNOT ψω are also applied in that order. Ap-plying a Toffoli gate with the data qubit and the qubitat ω position in the second register being controls and anoracle qubit in |−i = ( | i + | i ) / √ x and a x , completing the procedure. Figure 1 illustrates theprocedure assuming the measured string s is 10111. o { S ec o nd re g i s t er d a t a qub i t X H H X FIG. 1. Grover-type oracle U f : | y i 7→ f ( y ) | y i for s = 10111,where | i o is an oracle qubit that can be chosen from any idlequbit in the work register. We conclude the report with a complexity analysis.Compared with Eq. (2), the controlled modular multipli-cation with measurement-based uncomputation replacestwo C - U M s by U M s at the cost of n Toffoli gates. In sum,it will likely save O ( n ) Toffoli gates, but the advantageis not dramatic as most U M implementations involve atleast O ( n ) Toffoli gates. Although the specific applica-tion examined in this report is not able to fully utilizethe measurement-based uncomputation, we believe thisdirection is worth further investigating. ∗ [email protected] P. W. Shor, in
Proceedings 35th Annual Symposium onFoundations of Computer Science (1994) pp. 124–134. S. Beauregard, Quantum Info. Comput. , 175–185 (2003). C. H. Bennett, IBM Journal of Research and Development , 525 (1973). C. Gidney, Quantum , 74 (2018). A. Y. Kitaev, Russian Mathematical Surveys , 1191 (1997). R. Rines and I. Chuang, arXiv preprint arXiv:1801.01081(2018). C. Gidney and M. Eker˚a, arXiv preprint arXiv:1905.09749(2019). V. Vedral, A. Barenco, and A. Ekert, Phys. Rev. A ,147 (1996). Y. Takahashi and N. Kunihiro, Quantum Info. Comput. , 184–192 (2006). T. H¨aner, M. Roetteler, and K. M. Svore, Quantum Info.Comput. , 673 (2017). D. Deutsch and R. Jozsa, Proceedings of the Royal Societyof London. Series A: Mathematical and Physical Sciences , 553 (1992). L. K. Grover, Phys. Rev. Lett.79