Hidden subgroup problem
The hidden subgroup problem (HSP) is a topic of research in mathematics and theoretical computer science. The framework captures problems such as factoring, discrete logarithm, graph isomorphism, and the shortest vector problem. This makes it especially important in the theory of quantum computing because Shor's algorithm for factoring in quantum computing is an instance of the hidden subgroup problem for finite abelian groups, while the other problems correspond to finite groups that are not abelian.
Problem statement
Given a group [math]\displaystyle{ G }[/math], a subgroup [math]\displaystyle{ H \leq G }[/math], and a set [math]\displaystyle{ X }[/math], we say a function [math]\displaystyle{ f : G \to X }[/math] hides the subgroup [math]\displaystyle{ H }[/math] if for all [math]\displaystyle{ g_1, g_2 \in G, f(g_1) = f(g_2) }[/math] if and only if [math]\displaystyle{ g_1 H = g_2 H }[/math]. Equivalently, [math]\displaystyle{ f }[/math] is constant on the cosets of H, while it is different between the different cosets of H.
Hidden subgroup problem: Let [math]\displaystyle{ G }[/math] be a group, [math]\displaystyle{ X }[/math] a finite set, and [math]\displaystyle{ f : G \to X }[/math] a function that hides a subgroup [math]\displaystyle{ H \leq G }[/math]. The function [math]\displaystyle{ f }[/math] is given via an oracle, which uses [math]\displaystyle{ O(\log |G| + \log |X|) }[/math] bits. Using information gained from evaluations of [math]\displaystyle{ f }[/math] via its oracle, determine a generating set for [math]\displaystyle{ H }[/math].
A special case is when [math]\displaystyle{ X }[/math] is a group and [math]\displaystyle{ f }[/math] is a group homomorphism in which case [math]\displaystyle{ H }[/math] corresponds to the kernel of [math]\displaystyle{ f }[/math].
Motivation
The hidden subgroup problem is especially important in the theory of quantum computing for the following reasons.
- Shor's algorithm for factoring and for finding discrete logarithms (as well as several of its extensions) relies on the ability of quantum computers to solve the HSP for finite abelian groups.
- The existence of efficient quantum algorithms for HSPs for certain non-abelian groups would imply efficient quantum algorithms for two major problems: the graph isomorphism problem and certain shortest vector problems (SVPs) in lattices. More precisely, an efficient quantum algorithm for the HSP for the symmetric group would give a quantum algorithm for the graph isomorphism.[1] An efficient quantum algorithm for the HSP for the dihedral group would give a quantum algorithm for the [math]\displaystyle{ \operatorname{poly}(n) }[/math] unique SVP.[2]
Algorithms
There is an efficient quantum algorithm for solving HSP over finite abelian groups in time polynomial in [math]\displaystyle{ \log|G| }[/math]. For arbitrary groups, it is known that the hidden subgroup problem is solvable using a polynomial number of evaluations of the oracle.[3] However, the circuits that implement this may be exponential in [math]\displaystyle{ \log|G| }[/math], making the algorithm not efficient overall; efficient algorithms must be polynomial in the number of oracle evaluations and running time. The existence of such an algorithm for arbitrary groups is open. Quantum polynomial time algorithms exist for certain subclasses of groups, such as semi-direct products of some abelian groups.
Algorithm for abelian groups
The algorithm for abelian groups uses representations, i.e. homomorphisms from [math]\displaystyle{ G }[/math] to [math]\displaystyle{ \mathrm{GL}_k(\mathbb{C}) }[/math], the general linear group over the complex numbers. A representation is irreducible if it cannot be expressed as the direct product of two or more representations of [math]\displaystyle{ G }[/math]. For an abelian group, all the irreducible representations are the characters, which are the representations of dimension one; there are no irreducible representations of larger dimension for abelian groups.
Defining the quantum fourier transform
The quantum fourier transform can be defined in terms of [math]\displaystyle{ \mathrm{Z}_N }[/math], the additive cyclic group of order [math]\displaystyle{ N }[/math]. Introducing the character[math]\displaystyle{ \chi_j(k) = \omega^{jk}_N = e^{2\pi i \frac{jk}{N}}, }[/math]the quantum fourier transform has the definition of[math]\displaystyle{ F_N |j\rangle = \frac{1}{\sqrt{N}} \sum_{k = 0}^N \chi_j(k) |k\rangle. }[/math]Furthermore we define [math]\displaystyle{ |\chi_j\rangle = F_N |j\rangle }[/math]. Any abelian group can be written as the direct product of multiple cyclic groups [math]\displaystyle{ \mathrm{Z}_{N_1} \times \mathrm{Z}_{N_2} \times \ldots \times \mathrm{Z}_{N_m} }[/math]. On a quantum computer, this is represented as the tensor product of multiple registers of dimensions [math]\displaystyle{ N_1, N_2, \ldots, N_m }[/math] respectively, and the overall quantum fourier transform is [math]\displaystyle{ F_{N_1} \otimes F_{N_2} \otimes \ldots \otimes F_{N_m} }[/math].
Procedure
The set of characters of [math]\displaystyle{ G }[/math] forms a group [math]\displaystyle{ \widehat{G} }[/math] called the dual group of [math]\displaystyle{ G }[/math]. We also have a subgroup [math]\displaystyle{ H^\perp \leq \widehat{G} }[/math] of size [math]\displaystyle{ |G|/|H| }[/math] defined by[math]\displaystyle{ H^\perp = \{\chi_g : \chi_g(h) = 1\text{ for all }h \in H\} }[/math]For each iteration of the algorithm, the quantum circuit outputs a element [math]\displaystyle{ g \in G }[/math] corresponding to a character [math]\displaystyle{ \chi_g \in H^\perp }[/math], and since [math]\displaystyle{ \chi_g(h) = {1} }[/math] for all [math]\displaystyle{ h \in H }[/math], it helps to pin down what [math]\displaystyle{ H }[/math] is.
The algorithm is as follows:
- Start with the state [math]\displaystyle{ |0\rangle |0\rangle }[/math], where the left register's basis states are each element of [math]\displaystyle{ G }[/math], and the right register's basis states are each element of [math]\displaystyle{ X }[/math].
- Create a superposition among the basis states of [math]\displaystyle{ G }[/math] in the left register, leaving the state [math]\displaystyle{ \frac{1}{\sqrt{|G|}} \sum_{g \in G} |g\rangle |0\rangle }[/math].
- Query the function [math]\displaystyle{ f }[/math]. The state afterwards is [math]\displaystyle{ \frac{1}{\sqrt{|G|}} \sum_{g \in G} |g\rangle |f(g)\rangle }[/math].
- Measure the output register. This gives some [math]\displaystyle{ f(s) }[/math] for some [math]\displaystyle{ s \in G }[/math], and collapses the state to [math]\displaystyle{ \frac{1}{\sqrt{|H|}} \sum_{h \in H} |s + h\rangle |f(s)\rangle }[/math] because [math]\displaystyle{ f }[/math] has the same value for each element of the coset [math]\displaystyle{ s + {H} }[/math]. We discard the output register to get [math]\displaystyle{ \frac{1}{\sqrt{|H|}} \sum_{h \in H} |s + h\rangle }[/math].
- Perform the quantum fourier transform, getting the state [math]\displaystyle{ \frac{1}{\sqrt{|H|}} \sum_{h\in H} |\chi_{s + h}\rangle }[/math].
- This state is equal to [math]\displaystyle{ \sqrt{\frac{|H|}{|G|}} \sum_{\chi_g \in H^\perp} \chi_g(s) |g\rangle }[/math], which can be measured to learn information about [math]\displaystyle{ H }[/math].
- Repeat until [math]\displaystyle{ H }[/math] (or a generating set for [math]\displaystyle{ H }[/math]) is determined.
The state in step 5 is equal to the state in step 6 because of the following:[math]\displaystyle{ \begin{align}
\frac{1}{\sqrt{|H|}} \sum_{h \in H} |\chi_{s + h}\rangle
&=\frac{1}{\sqrt{|H||G|}} \sum_{h \in H} \sum_{g \in G} \chi_{s + h}(g)|g\rangle \\
&=\frac{1}{\sqrt{|H||G|}} \sum_{g \in G} \chi_s(g) \sum_{h \in H} \chi_h(g)|g\rangle \\
&=\frac{1}{\sqrt{|H||G|}} \sum_{g \in G} \chi_g(s) \left(\sum_{h \in H} \chi_g(h)\right) |g\rangle \\
&=\sqrt{\frac{|H|}{|G|}} \sum_{\chi_g \in H^\perp} \chi_g(s) |g\rangle
\end{align} }[/math]For the last equality, we use the following identity:
Theorem — [math]\displaystyle{ \sum_{h \in H} \chi_g(h) = \begin{cases} |H| & \chi_g \in H^\perp \\ 0 & \chi_g \notin H^\perp \end{cases} }[/math]
This can be derived from the orthogonality of characters. The characters of [math]\displaystyle{ G }[/math] form an orthonormal basis:[math]\displaystyle{ \frac{1}{\vert H\vert}\sum_{h \in H} \chi_g(h)\chi_{g'}(h) = \begin{cases} 1 & g = g' \\ 0 & g \neq g' \end{cases} }[/math]We let [math]\displaystyle{ \chi_{g'} }[/math] be the trivial representation, which maps all inputs to [math]\displaystyle{ 1 }[/math], to get[math]\displaystyle{ \sum_{h \in H} \chi_g(h) = \begin{cases} \vert H\vert & g\text{ is trivial} \\ 0 & g\text{ is not trivial}\end{cases} }[/math]Since the summation is done over [math]\displaystyle{ H }[/math], [math]\displaystyle{ \chi_{g} }[/math] also being trivial only matters for if it is trivial over [math]\displaystyle{ H }[/math]; that is, if [math]\displaystyle{ \chi_{g} \in H^\perp }[/math]. Thus, we know that the summation will result in [math]\displaystyle{ \vert H\vert }[/math] if [math]\displaystyle{ \chi_g \in H^\perp }[/math] and will result in [math]\displaystyle{ 0 }[/math] if [math]\displaystyle{ \chi_g \notin H^\perp }[/math].
Each measurement of the final state will result in some information gained about [math]\displaystyle{ H }[/math] since we know that [math]\displaystyle{ \chi_g(h) = 1 }[/math] for all [math]\displaystyle{ h \in H }[/math]. [math]\displaystyle{ H }[/math], or a generating set for [math]\displaystyle{ H }[/math], will be found after a polynomial number of measurements. The size of a generating set will be logarithmically small compared to the size of [math]\displaystyle{ G }[/math]. Let [math]\displaystyle{ T }[/math] denote a generating set for [math]\displaystyle{ H }[/math], meaning [math]\displaystyle{ \langle T\rangle = H }[/math]. The size of the subgroup generated by [math]\displaystyle{ T }[/math] will be doubled when a new element [math]\displaystyle{ t \notin T }[/math] is added to it, because [math]\displaystyle{ H }[/math] and [math]\displaystyle{ t + H }[/math] are disjoint and because [math]\displaystyle{ H, t+H \subseteq \langle \{t\}\cup T\rangle }[/math]. Therefore, the size of a generating set [math]\displaystyle{ |T| }[/math] satisfies[math]\displaystyle{ |T| \leq \log|H| \leq \log|G| }[/math]Thus a generating set for [math]\displaystyle{ H }[/math] will be able to be obtained in polynomial time even if [math]\displaystyle{ G }[/math] is exponential in size.
Instances
Many algorithms where quantum speedups occur in quantum computing are instances of the hidden subgroup problem. The following list outlines important instances of the HSP, and whether or not they are solvable.
Problem | Quantum Algorithm | Abelian? | Polynomial time solution? |
---|---|---|---|
Deutsch's problem | Deutsch's algorithm; Deutsch-Jozsa algorithm | Yes | Yes |
Simon's problem | Simon's algorithm | Yes | Yes |
Order finding | Shor's order finding algorithm | Yes | Yes |
Discrete logarithm | Shor's algorithm § Discrete logarithms | Yes | Yes |
Period finding | Shor's algorithm | Yes | Yes |
Abelian stabilizer | Kitaev's algorithm[4] | Yes | Yes |
Graph Isomorphism | None | No | No |
Shortest vector problem | None | No | No |
See also
References
- ↑ Mark Ettinger; Peter Høyer (1999). "A quantum observable for the graph isomorphism problem". arXiv:quant-ph/9901029.
- ↑ Oded Regev (2003). "Quantum computation and lattice problems". arXiv:cs/0304005.
- ↑ Mark Ettinger; Peter Hoyer; Emanuel Knill (2004). "The quantum query complexity of the hidden subgroup problem is polynomial". Information Processing Letters 91: 43–48. doi:10.1016/j.ipl.2004.01.024. Bibcode: 2004quant.ph..1083E.
- ↑ Kitaev, Alexei (November 20, 1995). "Quantum measurements and the Abelian Stabilizer Problem". arXiv:quant-ph/9511026.
External links
- Richard Jozsa: Quantum factoring, discrete logarithms and the hidden subgroup problem
- Chris Lomont: The Hidden Subgroup Problem - Review and Open Problems
- Hidden subgroup problem on arxiv.org
Original source: https://en.wikipedia.org/wiki/Hidden subgroup problem.
Read more |