Efficient communication for the list problem

Efficient communication for the list problem

Joran van Apeldoorn

July 18, 2014

Bachelorthesis

Main Supervisor: prof. dr. Harry Buhrman Supervisors: dr. Leen Torenvliet

prof. dr. Hans Maassen

Abstract

This thesis starts with an introduction to communication complexity. After the basics are laid out we move on to a specific problem, the so-called list problem. In this scenario one party needs to communicate a binary string to the other with the extra help that the receiving party has a list of the possible strings that could be send. However, what is on the list is unknown to the sender so multiple rounds of communication will be needed to make use of the list. As show by Naor et al. [8] multi-round communication can be exponentially better than single round communication. Furthermore, 2-round communication is almost optimal and 4-rounds will suffice to get optimal communication. Our main result is that in this case, efficiently calculable protocols will suffice. We show this by modifying the protocol found Naor et al. to use linear maps instead of general functions.

After the first two chapters we move into the domain of quantum computations. One chapter gives a introduction into the field, followed by an other that looks at some interesting results that arise when using quantum communication for variations of the list problem. We will end by discussing the still open questions.

Title: Efficient communication for the list problem

Author: Joran van Apeldoorn, jorants@gmail.com, 10182780 Main Supervisor: prof. dr. Harry Buhrman

Second Supervisor: dr. Leen Torenvliet Third Supervisor: dr. Hans Maassen

Second corrector: prof. dr. Jean-Sebastien Caux Date: July 18, 2014

Korteweg-de Vries Instituut voor Wiskunde Universiteit van Amsterdam

Science Park 904, 1098 XH Amsterdam http://www.science.uva.nl/math

Acknowledgments

Mostly I want to thank my thesis advisers. First of all Harry Buhrman for suggesting the subject and taking the time to sit down with me time and time again to help me when I got stuck. Secondly Leen Torenvliet, when I first went looking for a subject he introduced me to Harry and since then, despite not being my main adviser, he has taken the time to come to all the meetings with Harry. Last but not least I would like to thank Hans Maasen who helped me look at the problem in a different way and helped me to word to problems and solutions in an understandable manner. Finally I also want to thank my friends and family, who, despite studying (arts) history, literature or film, still took the time to act like my stories about Alice, Bob and lists were interesting.

Contents

1 Introduction 5

2 Overview of communication complexity 7

2.1 The model . . . 7

2.1.1 Protocols . . . 7

2.1.2 Bounds and complexity . . . 8

2.2 Some variations . . . 9

2.2.1 Promise . . . 9

2.2.2 Limit the amount of rounds . . . 10

3 The list problem 12 3.1 A lower bound . . . 12

3.2 Finding a protocol . . . 15

3.2.1 2-rounds . . . 15

3.2.2 4-rounds . . . 18

4 Overview of quantum computations 24 4.1 The qubit . . . 24 4.2 Multiple bits . . . 24 4.3 Manipulating states . . . 25 4.3.1 bit flip . . . 25 4.3.2 phase flip . . . 26 4.3.3 Hadamard . . . 26 4.3.4 Controlled not . . . 26 4.4 Quantum teleportation . . . 27 4.5 Deutsch-Jozsa . . . 28 4.6 Distributed Deutsch-Jozsa . . . 30

5 Quantum computations and lists 32 5.1 Notes on graphs . . . 32

5.2 fixed Hamming distance . . . 33

6 Discussion 35 6.1 Classical . . . 35

6.2 Quantum . . . 35

7 Popular summary 37

A Python code for protocol simulation 39

Chapter 1

Introduction

In daily life communication plays an enormous role, whether it is to ask for the nearest post office, giving a lecture on quantum computing or to tell someone you love them, we are constantly exchanging information. It is such a big part of us that it is surprising how bad we can be at communication sometimes. To give some examples, most people have that one uncle at their family parties that tells way to detailed stories about things you already know, or have read a way to detailed manual while all you want to know is which button turns the blender on.

Both cases are day-to-day examples of what can go wrong in one-way communi-cation. It is not without a reason that all languages have a way of asking questions built into them. If we can tell our uncle that we are just interested in one detail or call the help desk of our local blender manufacturer to ask how to turn it on, we can save a lot of time, or more precisely, a lot of words.

Our normal language is not very efficient. Luckily computers can do a lot better. In the field of communication complexity we ask ourselves what the most efficient protocol of communicating certain information is. In particular, we will look at the difference between single-round and multi-round communication. Apart from the obvious fact that a one sided conversation is less efficient, a proof by Naor et al. [8] shows that for a lot of purposes four rounds is all we need to be efficient.

The case we will focus on most is the one where the receiver has a list of possible messages he can get. The general idea is that he can ask a smart but short question, the answer of which will be enough to determine which message needs to be sent. A real world example would be where your friend is going out with some people and you are wondering with whom. Instead of asking for all the names, you could ask to which bar they are going. Since you know the people in question pretty well, this is enough to determine who is going. The name of a bar is probably a lot shorter than the names of all the people that are going. Or possibly some other night, when you and your friends are out and are reminiscing about old times, instead of retelling the whole past night, just saying ”remember the night that we ...” will probably be enough.

In real life we are not always interested in the shortest communication, just chatting with your friends can be nice. However, computers don’t care for just chatting, the shortest way to get a message across is of great importance in networked computing. Database look-ups based on big keys can possibly be speeded up a lot when we account for the fact that only a limited set of keys is present. We call this class of communication problems the list problem.

CHAPTER 1. INTRODUCTION

This thesis consists of two parts, each containing a chapter as introduction into the field and a chapter looking at the list problem within this field. The first part is about classical communication, the second part is about quantum communication.

Notation

We will use the following notation:

• Fk is a finite field with k elements. We will also use this notation for the set

{0, · · · , k} when we don’t care about the operations defined on it.

• we will write f (x) = O(g(x)) if and only if for large values of x, f (x) ≤ M |g(x)| for a fixed M .

• log will always mean the 2-log. we will write logk for the k-log and ln for the

natural logarithm. When the context implies that the result of the logarithm should be an integer, for example because it is the number of elements in a set, or the number of bits, we will assume that the logarithm is rounded upwards.

Chapter 2

Overview of communication

complexity

In this chapter we will give a broad overview of communication complexity. We will describe the basic model and go on to discuss possible variations, the main theorems and some interesting examples. For those who have a basic knowledge of the field it should not be a problem to skip ahead to the second chapter. Most information in this chapter is based on a book by Kushilevitz and Nisan [6],

2.1

The model

In the field of communication complexity we are concerned with two parties, nor-mally called Alice and Bob. They both receive some information and have to solve a problem together while keeping the communication to a minimum. In more formal terms, we fix two sets X and Y , the input domain. We also fix a set of solutions

Z and a problem f : X × Y → Z. Now Alice will receive an x ∈ X and Bob will

receive a y ∈ Y and their goal is to both know f (x, y) ∈ Z.

2.1.1

Protocols

It is important to know both parties saw this situation coming and have agreed on a protocol P beforehand. This may sound restricting but when we think about it, we do the same for communicating with our regular languages, we have to agree on the language we are speaking if we want to communicate.

So what is a protocol? We will look at the communication in a bit-by-bit manner. At each point in time the protocol will have to tell us:

1. If the protocol is finished or not. 2. If not, who is to send the next bit. 3. What bit will that be?

4. If the protocol is finished, what is f (x, y)?

These decisions are based on x and y and on the communication up till that point.

The communication up to the kth bit can be described by a transcript tk ∈ Fk2. Since

CHAPTER 2. OVERVIEW OF COMMUNICATION COMPLEXITY

transcript, since this is the only mutual information. This gives a function T : (D ⊂

F∗2) → {Alice, Bob, Done}, where D is the set of all possible transcripts. After this,

if Alice or Bob will have to send the next bit , they will use PA: X × F∗2 → F2 and

PB : Y × F∗2 → F2 to determine what to send.

While this model is handy for someone who has to implement an algorithm, it is less so for us as the algorithm designers. We will view the protocol as a tree. On

each internal node there is a function Ai(x) or Bj(y) that will give the next bit. We

will move left on a zero and right on a one. Each leaf of the tree has a value in Z that is the resulting answer. See figure 2.1

A0(x) B1(y) B3(y) z7 z8 B4(y) z9 A10(y) z11 z12 A2(x) z5 z6

Figure 2.1: An example of a communication protocol. In this case the complexity is 4

2.1.2

Bounds and complexity

We are now ready to define the communication complexity, CC(f ) of a problem. We are interested in the worst-case scenario, this is equal to the longest branch in the tree, so we define the cost of a protocol P as the depth of the tree. The complexity

CC(f ) is the minimum cost over all protocols that compute f .

Most of the time it will be hard to determine CC(f ) and we will only be able to give an upper bound in the form of a protocol and a lower bound due to a minimal transfer of information being needed. If we can get the lower bound to match the cost of a protocol we will have found a optimal protocol.

Example 2.1. _{Let us look at the following problem: X = Y = F}n

2, Z = F2 and

f = P AR denotes the parity of xy (the number of ones modulo 2). We find two

bounds:

• Since both parties need to compute P AR(x, y) and the function really depends on both inputs, both need to send at least one bit to the other: CC(P AR) ≥ 2 • We can use the following algorithm to compute P AR(X, Y ):

1. Alice computes a = P AR(x) and sends this to Bob. 2. Bob computes b = P AR(y) and sends this to Alice. 3. Now both compute a ⊕ b to find P AR(x, y)

This protocol always takes 2 bits, so CC(P AR) ≤ 2.

2.2. SOME VARIATIONS A0 = P AR(x) B1 = P AR(y) 0 1 B2 = P AR(y) 1 0

Figure 2.2: A protocol for the parity problem, the depth and so the cost is 2. We can now conclude that CC(P AR) = 2 and that the protocol is optimal. See Figure 2.2 for a tree representation of the protocol.

The tree view of protocols allows us to set some general lower bounds, for example

Lemma 2.2. Let Z0 be the range of f (Z0 = f (X, Y )). then

CC(f ) ≥ log |Z0|

Proof. Since all values in Z0 _{are possible outcomes, any protocol P will need to have}

at least |Z0_{| leafs, one for each outcome. A binary tree with |Z}0_{| leafs has depth at}

least log |Z0_|.

2.2

Some variations

Now that we we have laid out the basic model, we can start tuning it to our needs by making some slight modifications to it.

2.2.1

Promise

We want to introduce the concept of a promise, this means that Alice and Bob got some extra information about their x and y beforehand. If we would be talking about numbers a very simple promise could be that x + y is even.

More precise, we don’t allow all the pairs (x, y) ∈ X × Y to be given to Alice and Bob. We only allow the pairs in a specific subset D ⊂ X × Y that is known to both parties. Let us discuss an example we will encounter again later in Chapter 4 when we look at quantum communication. First however, we need a simple definition

Definition 2.3 (Hamming distance). The hamming distance dH(x, y) of two bit

strings is the number of bits they differ on.

Example 2.4. _{Again we have X = Y = F}n₂. However, this time we look at the

subset of X × Y so that dH(x, y) = 0 or dH(x, y) = n₂. If dH(x, y) = 0 then the

strings are equal, if dH(x, y) = n₂ then we call the strings balanced. The goal is to

determine which of the two is the case. If we need to determine the distance between two random strings we need to send over all the bits, however since we have our

promise, we only need to send n

CHAPTER 2. OVERVIEW OF COMMUNICATION COMPLEXITY

2.2.2

Limit the amount of rounds

So far we have looked at communication at a bit-by-bit basis, this is however not very realistic. In real live we normally send packages of information. We will define a round as a sequence of bits all send by one person. In real world applications we can have a lot of benefits by limiting the amount of rounds, with as most extreme case a maximum of one round.

Definition 2.5. CCk(f ) is the communication complexity when we limit ourselves

to protocols using a maximum of k rounds. CC∞(f ) denotes the communication

with an unlimited number of rounds.

One important note to make is that problems f (x, y) for which the answer should be known to both parties and that are solvable with a 1-round protocol can only

depend on one of the variables, so either f (x, y) = f0_{(x) or f (x, y) = f}0_{(y). This}

means that if we are interested in 1-round communication, we will often require only one of the parties to know the answer.

We can now prove the following relation:

Lemma 2.6. CC∞(f ) ≥ log CC1(f )

Proof. Without loss of generality we say that the one round protocol is from Alice

to Bob. First we will look at a multi-round protocol with cost k. If we view this

protocol as a tree, it will have depth k and so it will have a maximum of 2k_{− 1}

nodes. In particular, there are less than 2k_{− 1 nodes on which Alice has to send a}

bit. Since the bit for each node only depends on Alice her input, she can compute the bits for all the nodes beforehand. Now a simple one round protocol becomes possible: Alice computes all the bits for all the nodes and sends these to Bob. There

are less than 2k_{− 1 nodes, so this takes less than 2}k_{− 1 bits. Using this information,}

Bob can mimic the whole multi-round protocol and find the answer without any further communication. this means that

CC1(f ) ≤ 2k− 1 ≤ 2CC∞(f )− 1 ≤ 2CC∞(f )

By taking the log on both sides we find the lemma.

There are also some examples of problems where there is no difference between single and multi round protocols:

Example 2.7. Again we have X = Y . The problem to solve is the equality function,

so the goal is to determine whether x = y or not. We will only consider the case where just Bob needs to know the answer. The proof consists of two parts:

n ≤ CC∞(eq): We look at the set of inputs (α, α) ∈ X × Y . Each of these should

have a different transcript, since otherwise the transcripts would also be the same as for (α, β), seeing that at no point in the protocol Alice or Bob would see the difference between the inputs (we will look at this more precise in the next chapter). This is problematic since the same transcripts should produce the same answer, we conclude that the transcripts for all the (α, α) pairs should

be differ-end. Since there are 2n _{of these inputs there should be at least 2}n

leafs in the tree so the tree is at least of depth n.

2.2. SOME VARIATIONS

CC1(eq) ≤ n: Allice can just send her whole input.

We use CC∞(eq) ≤ CC1(eq) so

n ≤ CC∞(eq) ≤ CC1(eq) ≤ n

Chapter 3

The list problem

In this section we will consider the following problem:

Problem statement _{Bob receives a list of d bit strings in F}n₂. Alice receives one

of these strings, their goal is for Bob to know which string she received. In the notation we used in Chapter 2; the problem is the function list(x, y) = x, with the

promise on the inputs that x ∈ y. As in the last chapter, we will write CCk(list)

for the communication complexity of this problem when k rounds are allowed. We will consider the difference between single and multi-round communication. As found by Naor et al. [8] multi round communication can be exponentially better than one round. Also, four rounds are almost as good as the theoretical minimum. All the protocols they used to proof this used random functions. Random func-tions can be very hard to calculate and store, so while their proof showed the ex-istence of very efficient protocols when it comes to communication, those protocols had a big trade off when it came to computation complexity. We will show that the same methods hold if we only allow efficiently calculable functions.

For this we will look at two sets of functions. The first is the functions that give the remainder after division by a prime number. The prime numbers will be of polynomial size in the variables n and d and so calculating the remainder will be an efficient operation. The second set of functions consists of all linear maps. Applying a linear maps is the same as calculating a matrix-vector-product, since the input and output are both small, this too will be a efficient operation.

3.1

A lower bound

Before we go on to find the protocols, we first prove some lower bounds. This will allow us to compare the protocols we will find to the lower bounds and draw some conclusions on the efficiency of the protocols.

Theorem 3.1. CC1(list) = n

Proof. It is clear that the one message that can be send has to go from Alice to

Bob. Now assume that CC1(list) = k < n and so that there is a protocol that uses

only k bits, we will show that this can never be a valid protocol for all inputs. Such

a protocol is function f : Fn

2 → Fk2 that gives Alice’s message for each input. Since

3.1. A LOWER BOUND

k < n _{also |F}k_{2| < |F}n₂|. So there have to be two inputs x1 and x2 that will result

in the same message. This means that if Bob would have a list containing both x1

and x2, the protocol would be inconclusive since he will never be able to distinguish

between the two. We can conclude that CC1(list) ≥ n.

Since Alice can just send her n-bit input we find that CC1(list) = n.

Lemma 3.2. CC∞(list) ≥ log d

Proof. If we view the communication as a tree, we know that there are at least d

leafs, one for every possible outcome Bob can expect. A binary tree with d leafs needs to have at least a depth of log d.

Lemma 3.3. CC∞(list) ≥ log n

Proof. We use Lemma 2.6 and that CC1(list) = n

Theorem 3.4. CC∞(list) ≥ max{log d, log n}

Proof. Combine Lemma 3.2 and Lemma 3.3

remark It is important to note that if d is of the same order as 2n _{we will never}

be able to get a big speedup since log d will be of order n. In general we will assume

that d ∈ O(nk_{) for some k}

Example 3.5. We look at the simple case where n = 8 and d = 2. Say Bob receives

the list

• 11001010 • 11101110

And Alice receives the first string: 11001010.

If we only allow one round of communication, Alice will need to send here full

n= 8 bits, as explained above.

However, with multiple rounds Bob can communicate information about his list back to Alice. He could for example tell here the first index on which the two strings differ, Alice then sends back the bit she has on that index. This would take only log n + 1 = 4 bits.

The exponential gain in this specific case bring us to ask if we could find a general multi round protocol that gives an exponential gain. We will get back tot this in Section 3.2. First we will prove a better lower bound. The proof was given by Harry Buhrman and is not yet published [2]. We will start with a simple Lemma about the transcripts of communication. The more general version of this Lemma introduces the concept of combinatorial rectangles, a very strong concept for proving lower bounds in communication complexity that we did not get to in Chapter 2. We will however use the following property:

Lemma 3.6. [6] If for a protocol P, two inputs (x1, L1) and (x2, L2) will result in

CHAPTER 3. THE LIST PROBLEM

Proof. If we look at P as a binary tree, then the transcript is a path trough this

tree. We will have to show that the path is the same for (x2, L1) as for the other

two inputs.

At any node along the path of (x2, L1) there are two possibilities:

• Alice send the next bit. As seen in Chapter 2, the bit she will send is Ai(x2),

where Ai is the function belonging to that node. So she will send the same bit

for (x2, L1) as for (x2, L2), which in turn is the same as (x1, L1), and we will

move along the path in the same way for all three inputs.

• Bob send the next bit. Just as before, the bit he will send is Bj(L1). So he

will send the same bit for (x2, L1) as for (x1, L1), which in turn is the same as

(x2, L2), and we will move along the path in the same way for all three inputs.

We can now conclude that the path, and so the transcript of the communication, will be the same for all three inputs.

Using the last Lemma and the following definition of a cover free family we will be able to prove a stronger lower bound.

Definition 3.7. Let F = {F1, · · · , FN} be a family of sets. We call F a d-cover free

family if for all {Fα1, · · · , Fαd} = S ⊂ F and for all F

0 _{∈ F − S we have F}0 _{6⊂S S.}

In other words, if no subset of d sets can cover any other set.

Lemma 3.8. [5] If F = {F1, · · · , FN} is a d-cover free family then

|[F | ≥ d

2_{log N}

4 log d + o(1)

Theorem 3.9. [2] CC∞(list) ≥ 2 log(d − 1) + log n − log log(d − 1) − 3

Proof. Let Fx be the set of all possible transcripts of communication for a protocol

if Alice receives x as input. We will show that {Fx|x ∈ Fn2} is a (d − 1)-cover free

family, we can then use Lemma 3.8 to prove the lower bound from the theorem.

We will start by picking any d − 1 sets Fx1, · · · , Fxd−1 and we will show that

for any other set Fx0, we have Fx0 6⊆ S{Fx1, · · · , Fxd−1} and so {Fx|x ∈ F

n 2} is a

(d − 1)-cover free set.

To do so we will use the list L0 = {x0, · · · , xd−1}. We claim that the transcript

generated by (x0, L0) is in Fx0 but not in any of the other sets Fxi. We do so by

contradiction, assume it is in Fxi, than there is some L

0 _{such that the transcript}

for (xi, L0) is the same as that for (x0, L0). Now by Lemma 3.6 we find that the

transcript for (xi, L0) is the same as that for (x0, L0). But this would mean that Bob

can not distinguish between x0 and xi if he has received L0, making the protocol

invalid. We conclude that the transcript of (x0, L0) can not be in any of the other

Fxi, so {Fx|x ∈ F

n

2} is a (d − 1)-cover free family.

If there are k distinct transcripts, then there has to be at least one transcript that is longer than log k. Using this and Lemma 3.8 we find:

CC∞≥ log | [ {Fx|x ∈ Fn2}| ≥ log (d − 1) 2_n 4 log(d − 1) + o(1)

≥ 2 log(d − 1) + log n − log log(d − 1) − 3

3.2. FINDING A PROTOCOL

3.2

Finding a protocol

In the last section we already found an optimal protocol for the one round commu-nication and a lower bound on the multi-round commucommu-nication, we will now discuss a few multi-round protocols that save a lot of communication.

3.2.1

2-rounds

In this section we will take a look at 2-round protocols. In all cases that we will look at, Bob will ask Alice to compute the value of her input under a specific function and send the result back to him. He will pick a function so that all entries in his list have a different image under the function, allowing him to use Alice her answer to recognize her element in his list.

As showed by Naor et al. [8] we can pick the possible functions in a way that allows Bob to describe each with a small identifier and so that the result will be sufficiently small to. They however looked at random functions and did not care about the computation complexity nor the memory needed to save such a function. We will prove that the same results hold for efficiently calculable functions, starting with the remainder after division.

Definition 3.10. We say that two integers x1 and x2 collide under a prime number

p if x1 ≡ x2 mod p. A prime number p is said to scatter a list L if no two integers

in L collide under p.

Remark - remainder theorem Given two distinct integers x, y below 2n _{= N ,}

there can be at most log_cN = n

log c primes pi > c such that x and y collide under pi

This is because if there where k such primes with k ≥ log_cN, we would get a

contradiction: On one hand, by the Chinese remainder theorem we would find x ≡ y mod p1p2· · · pk.

On the other hand:

x, y ≤2n _{= c}logc2n ≤ ck ≤ p

1p2· · · pk

But this would mean that x = y, which is not the case.

Lemma 3.11. For every list L of d integers below 2n_{, there exists a prime number}

p ≤2nd2 _{that scatters the list.}

Proof. (based on a proof from the Kolmogorov complexity [7]) We consider primes

between c and 2c. Let us first fix xi and xj from our list (with i 6= j). Then there

are at most log_c2n ₌ n

log c primes p between c and 2c with xi ≡ xj mod p. If we do

the same for all 1

2d(d−1) pairs in our list we find that there are at most

1

2d(d−1)

n log c

primes that cause a collision in our list. By the prime number theorem there are

at least 2c

ln 2c − c

ln c primes between c and 2c, we can approximate this by

c

log c. Now,

taking c = nd2 _{we have} nd2

log nd2 primes of which a maximum of

1

2d(d − 1)

n log nd2 will

CHAPTER 3. THE LIST PROBLEM

The protocol Using the above we can construct a very simple 2-round protocol:

1. Bob calculates which prime scatters his list and sends this to Alice using log 2nd2 _bits.

2. Alice calculates her value modulus this number and sends that back, also using log 2nd2 _bits.

The total cost is then 2 log 2nd2 _{= 4 log d + 2 log n + 2 bits.}

This result is significant as it proves that we can actually get close to the lower bound we found in the last section. In fact we can do even better for two round communication, in their proof Naor et al. found a 2-round protocol that used only 3 log d + log n + 4 bits, using a similar proof we find that we can do almost as good using the remainder under prime number division instead of general functions:

Lemma 3.12. There exists a set P of nd primes below 4nd2 _{such that for each list}

of size d at least one prime in P will scatter that list.

Proof. Pick some random set P of nd prime numbers below 4nd2_{. As shown in the}

last proof, less than nd2

log 2nd2 of the

2nd2

log 2nd2 primes below 4nd

2 _{won’t scatter a specific}

list. This means that if we pick a random prime it will have a lees then 1

2 chance of

not scattering a specific list. If we take the nd primes of our set P we have a less

than 1

2nd chance that none of them will scatter the list. In total we have

2n d  = 2 n₍₂n_{− 1) · · · (2}n_{− d + 1)} d! <2 nd

possible lists. Now by the union bound over all lists, the chance that there is a list which none of the primes will scatter it is strictly less than 1 so the chance that our set P will scatter all lists is bigger than 0. We conclude that there has to be a set

P that does have the desired properties.

The protocol The protocol that follows from this is almost the same as the last

time. Bob and Alice fix a set P with the properties described above in advance. 1. Bob calculates which prime scatters his list and sends the index in the set P

to Alice in log nd bits.

2. Alice calculates her value modulus the corresponding prime number and sends

that back, using log 4nd2 _bits.

The total cost this time is log nd + log 4nd2 _{= 3 log d + 2 log n + 2. The only}

difference with the result by Naor et al. is an extra log n term, this is because the size of the primes does not only depend on the size of the list,but also on the size of the integers. However, in most cases the 3 log d term will be dominant and the extra log n bits will not make a significant difference.

A more significant difference can be found if we look at the computation com-plexity. Where we used the remainder under division, Naor et al. used random

functions f : {0, 1}n _{→ {0, 1}}log nd_{. A proof from Kolmogorov complexity shows us}

that a random function in general has a high circuit complexity [7]. For us this means that writing such a function down in closed form is not an option if we still

3.2. FINDING A PROTOCOL

want to be efficient. The only other way to store the function is by storing a list of

all function values in memory. This are 2n _{values of length log d for each of the nd}

functions, resulting in a O(nd2₂n_{) memory usage.}

For the primes in the last protocol we only need to use log 4nd2 _{bits for each of}

the nd primes, resulting in O(nd log(4nd2_{)) bits, an exponential improvement. If}

we are really short on memory we could use the use the first protocol given above, this will cost an extra log d − 2 bits of communication, but it will bring the memory

footprint down to O(log 4nd2_).

The last protocol works well once the set P of primes has been found. In the worst-case Bob will have to test all nd primes for all d elements in his list, resulting

in nd2 _{operations. However, finding the set P of nd primes is more problematic}

since each possible set of primes has to be tested for each list: 2n d  ·4nd 2 nd  ∈ Ω(22n₎

Luckily, once such a set is found for a certain n and d it can be stored and used forever.

At this point Naor et al. go on to find a 4-round protocol that brings the communication down to ∼ 2 log d. Sadly the proof they use doesn’t work well when we use the remainder under prime numbers instead of random functions. Luckily, we can use random linear maps instead of prime numbers, these are also efficiently computable. Before we look at the 4-round protocol with linear maps, we will first proof that they can replace the prime numbers in our 2-round protocol.

Definition 3.13. In agreement with before, we say that two integers x1 and x2

collide under a linear map f if f (x1) = f (x2). A linear map f is said to scatter a

list L if no two integers in L collide under f .

Lemma 3.14. There exists a set M of nd linear maps f : {0, 1}n _{→ {0, 1}}log(d2₎₊₁

such that for each list of size d at least one map in M will scatter that list.

Proof. We will look at a map as an (n × log(d2_{) + 1)-matrix with entries from F}

2.

We can write an n-bit number as an n-dimensional vector, after applying the map

we get a log(d2_{) + 1 dimensional vector. As with Lemma 3.11 we will first look at}

just two elements, x and y, and and a single random linear map. For x and y to

collide under f they will have to collide on every element of the resulting log nd2

dimensional vector. This means that we can look at one row of f at a time. Such a row is just an n-dimensional vector and the resulting element after applying the map to x or y is the inner product with x or y.

Lets call the row R, we are interested in the probability of it causing x and y to collide on the resulting element, or in other words, the chance that R · x = R · y.

Since x and y are different, there is at least one index i such that xi 6= yi. Without

loss of generality, assume that xi = 1 and yi = 0. If R · x = R · y for a row R than

we can find a row R0 _{for which R · x 6= R · y by flipping the ith bit in R. This is}

because R · y = R0_{· y, since y is zero on the ith bit, but R · x 6= R}0_{· x, since x is one}

on the changed bit. This means that for every row that causes a collision, there is one that does not. The reverse is also true, meaning that exactly half the rows will cause a collision.

For a collision to happen on all bits, all of the log(d2_{) + 1 rows have to fall in}

this half, leaving only (2n−1₎log(d2₎₊₁

of the (2n₎log d2

CHAPTER 3. THE LIST PROBLEM

in 2log d2₊₁

= 2d2 _{maps. Now, just as before with the prime numbers, we have less}

than d2 _{pairs in a list, meaning that less than d}2 _{in 2d}2 _{maps will cause a collision,}

and thus we get a probability of less than 1

2 that a random linear map will cause a

collision for a specific list.

Now we continue just as in Lemma 3.12: we can look at a set M of nd random linear maps, the probability that all will cause a collision will be become less then

1

2nd. There are again less than 2nd lists, so by using the union bound we find that

the probability of all maps in M causing a collision for some list is less than 1. We conclude that there is a set M of nd linear maps such that for each list there will always be a map in M that will not cause a collision.

The last Lemma showed that we can use linear maps instead of prime numbers in the two round protocol. Further more, since the size of the function value does no longer depend on n, it allows us to bring down the amount of bits with an other log n bits. This makes our efficiently calculable protocol just as good when it comes to communication as the one found by Naor et al.

3.2.2

4-rounds

The 2-round protocol found by Naor et al. and the efficient variation we made on it in the last section showed that is was possible to get very close to the lower bound

found in Lemma 3.9, our best 2-round protocol was only a factor 3

2 higher. Naor et

al. also found a 4-round protocol that used only 2 log d + 2 log n + 5 bits [8]. In this section we will show that, just like in the 2-round case, an efficiently computable protocol can be used with the same amount of communication. We will again do this by replacing random functions by linear maps.

Definition 3.15. We say a set of integers collides under a map f if all elements

in the set are mapped to the same value by f . A largest collision under f in a list

L is a subset of L that collides and for which there is no larger subset of L that

also collides. the largest number of collisions in L is the size of such a set. We will abbreviate“largest number of collisions” by LNC.

The protocol, as found by Naor et al. is as follows:

1. Bob finds a map f : Fn

2 → F log d

2 in a previously agreed upon set of size nd,

with a LNC less than log d for this list, and sends an identifier of this map to Alice in log nd bits.

2. Alice calculates the result of her value under this map and sends that back in log d bits.

3. Bob can now filter out all but log d possible elements from his list since there are at most log d elements that would have been mapped to the value Alice send him.

4. They use the 2-round protocol with 3 log log d + log n bits to send Alice her input.

The proof mostly consists of showing that for a fixed list there is a probability of

at least 1

2 that a random map has a LNC less than log d. After this we continue like

3.2. FINDING A PROTOCOL

in the 2-round case: we take nd maps so the probability of them all having a LNC

bigger than log d will be less than 1

2nd. There are less than 2nd lists, so by the union

bound the probability that there is a list such that all maps in a set of nd random maps will will have a too high LNC will be less than 1. We conclude that there has to be a set so that for every list, at least one map will will not send more than log d elements to the same value.

We will now first show how Naor et al. has proven this for random, not necessarily linear, maps .

Random functions _{They looked at maps f : F}n_{2 → F}log d₂ . We are interested

in the probability of more than log d elements being mapped to one value under a random map. It will be enough to look at the probability of log d + 1 elements colliding, since if more elements collide, then there is always a subset of log d + 1 elements that collides.

For a list of size d there are d

log d+1
subsets of size log d + 1 that could collide.

There are d different values on which such a subset can collide. The probability of

colliding on one value is 1

(d)log d+1 since all the elements have to be send to the same

value. The resulting probability by the union bound will be d d log d
(d)log d+1 < d (log d + 1)! < 1 2

They conclude that the chance that the LNC is higher than log d is under 1

2

Example 3.16. The main idea of the last proof was that for two elements to collide,

the chance was 1

d. for three it would bee

1

d2. In other words, each added element

would bring the probability down by a factor 1

d.

This approach will not work for prime numbers; in the last step we use that the probability of each element colliding with the previous ones is stochastically independent of the last one. However, with our primes we can find a list for which this is not true. Since two elements collide under a prime number if there difference contains that prime as a factor, we could create a list so that all the differences contain the same prime factors:

• 4 • 10 • 16

If we now take a random prime number and see that 4 and 10 collide, then, since there difference is 6, we know the prime is either 2 or 3. However, the difference between 4 and 16 in 12, which contains both possibilities as a factor. So for this list, if the first two elements collide, than all elements collide. This is clearly not stochasticly independent so the proof given by Naor et al. will not work.

Example 3.17. A similar problem arises with linear maps. If we look at the

fol-lowing list: • 0000

CHAPTER 3. THE LIST PROBLEM

• 0001 • 0010 • 0011

Now assume that we have a map f for which the first three elements collide. We know that 0000 will go to zero for every map, so for the first two to collide, all rows in our map should be of the form ? ? ?0. Because the third element should also go to zero we know that all rows look like ? ? 00. However, now the fourth element already goes to zero and thus collides with the rest, again showing that stochastic independence does not hold.

We will have to find an other approach to prove that linear maps will not cause to many collisions on one value. The solution comes from a paper by Alon et al. [1].

Their proof showed that for a random linear map to Flog d2 we have

P(LN C > C log d log log d) < 1 32 with C a constant.

We will present the main proof here, we will however not recite their whole paper again and so will not prove the following two Lemmas here.

Lemma 3.18. [1] For every  >0 there is a constant c such that if we take a subset

L of Fn

2 and an integer k > 0 so |L| ≥ ck2k: for a uniform random linear map or

affine map T _{: F}n

2 → Fk2 we get:

P_{(T (L) = F}k₂) ≥ 1 − 

Lemma 3.19. [1] let L be a finite subset of Fn2 with density

|L|

2n = 1 − α < 1 and let

t be an integer so _{0 ≤ t < n. Then for a uniform random linear map T : F}n

2 → Ft2

we get:

P_{(T (L) 6= F}t₂) ≤ αn−t−log t−log log1_α

Overview of the proof We want to prove that P (E1) is small, where E1 stands

for the event that a linear map has a too high LNC. To do this we will introduce an other event E2 so that P (E2) is small but P (E2|E1) is large.

Before we go into the details of E1 and E2 there is an important note on how

we will pick a map h : Fn

2 → F log d

2 . We will do so through an intermediate space Fl2

with l ≥ log d by picking two linear maps h1 : Fn2 → Fl2 and h2 : Fl2 → F

log d

2 . Since

both maps are uniformly chosen at random the result h = h2· h1 will be so too and

it will also be linear.

It is also important to note that we will now first prove everything for a list of size d log d as the original article does the same. It is not hard to see however that if for a random linear map and a list of size d log d the LNC is low enough with high probability, that then for a list of size d the LNC will be low enough with at least the same probability.

Now for a fixed list L we can define the event E1 as:

∃α ∈ Flog d2 : |h −1

(α) ∩ L| > t

3.2. FINDING A PROTOCOL

where t is the maximally allowed number of collisions.

We now define E2 as:

∃α ∈ Flog d2 : h −1

2 (α) ⊆ h1(L)

Lemma 3.20. If k= 2l

d log d >1, we have

P(E2) ≤ k− log k−log log k

Proof. We start by rewriting E2:

h2(Fl2\ h1(L)) 6= Flog d2

Now fix h1. We now use Lemma 3.19 on Fl2\ h1(L) and an uniformly chosen h2. For

its density we find |Fl2\h1(L)|

|Fl 2| = |Fl 2|−|h1(L)| |Fl 2| = 1 − |h1(L)| |Fl 2| = 1 − α and so α= |h1(L)| |Fl 2| ≤ |L| |Fl 2| = dlog d 2l = 1 k Applying the Lemma we find that

P(E2) ≤ αl−log d−log log d−log log

1

α ≤ k− log k−log log k

This is so for any fixed h1, so it is also true if h1 is random.

Lemma 3.21. If t > c1 2 2l d log 2l d with c12 as in Lemma 3.18 P(E2|E1) ≥ 1 2

Proof. Fix an h for which E1 holds and fix any full rank h2. We will show that even

with h2 fixed the probability is still at least 1₂. Now since E1 holds for h there is

a set S ⊂ L of size at least t that collides on an element α ∈ Flog d2 . Now define

D = h−1_{(α) and A = h}−1

2 (α). We will now consider the distribution under h1,

restricted to D. As shown in the original paper, this is the same as the distribution

under a random affine or linear map. For E2 to happen we will need A ⊂ h1(S).

h2 is onto so |A| = 2

l

d. Due to E1 holding for h we have |D ∩ L| = t > c12

2l

d log 2l

d.

But this is exactly the premise of Lemma 3.18 with k = log2l

d. So by applying the

Lemma we find that P (E2|E1) ≥ 1₂

We are now ready to prove that P (E1) is small.

Lemma 3.22. There is a constant C so that if we map a set of size d_{log d to F}log d₂

P(LN C > C log(d) log log(d)) ≤ 1

32

Proof. Let l = log d + log log d + 2. If we take

k = 2

l

dlog d =

2log d+log log d+2

dlog d =

dlog(d)22

CHAPTER 3. THE LIST PROBLEM

and note that

2l

d =

2log d+log log d+2

d = 4 log d we find that c1 2 2l d log 2l

d = c124 log(d) log(4 log d)

= c1

24 log(d)(2 + log(log d))

< c1

24 log(d)(3 log(log d))

= 12c1

2 log(d) log log(d)

So by setting t = 12c1

2 log(d) log log(d) we can use Lemma 3.21 to find that:

P(E2|E1) ≥ 1 2 and so that P(E1) = P(E1|E2)P (E2) P(E2|E1) ≤ P(E2) P(E2|E1) ≤ 2P (E2)

And use Lemma 3.20 to find the final probability: P(E1) ≤ 2P (E2) ≤ 2k− log k−log log k ≤ 2 · (

1 4)

log 4+log log 4 ₌ 1

32

By defining C := 12c1

2 we get t = C log(d) log log(d) and so E1 will be the event

from the theorem and the probability will be lower than 1

32.

Everything is now set for proving that a set of nd linear maps will suffice in the 4-round protocol on page 18.

Theorem 3.23. There exists a set M of nd linear maps to Flog d2 so that for every

list L containing d different n-bit integers, there is at least one map f ∈ M so that

|f−1_{(x) ∩ L| ≤ C log d log log d for each x, with C a constant.}

Proof. _{Using Lemma 3.22 we find that a random linear map f : F}n

2 → F log d

2 has a

probability of less than 1

32 for the LNC to be larger than C log d log log d when we

map d log d integers. It is trivial that the same will hold for the d integers in one of

our lists. If we now pick nd linear maps randomly, we will have a 1

32nd probability

that they all have a LNC larger then C log d log log d for some list. There are 2_dn

lists, so using the union bound:

P(All maps in M have a too large LNC for some list) =

2n d
32nd < 2nd 32nd < 1 16nd <1

We conclude that there exists a set M of nd linear maps f : Fn

2 → F log d

2 , such that

for every list the LNC of at least one map is lower than C log d log log d.

3.2. FINDING A PROTOCOL

The protocol Like before:

1. Bob finds a linear map f : {0, 1}n _{→ {0, 1}}log d _{in a fixed set of size nd that}

causes at most a LNC of C log(d) log log(d) for his list. He can do so by Theorem 3.23. He sends the index of this map to Alice using log nd bits. 2. Alice calculates the image of her input under this map and sends that back

using log d bits.

3. Bob can now bring his list down to C log(d) log log(d) possible elements that could be Alice her input.

4. They now use the 2-round protocol with this new list of size C log(d) log log(d). This will use log n + 3 log(C log d log log d) + O(1)) = log n + 3 log log d + 3 log log log d + O(1)) bits.

This protocol uses 2 log d + 2 log n + 3 log log d + 3 log log log d + O(1)) bits. This is a little bit worse than the protocol found by Naor et al. [8], but the dominant terms are the same. Just as before however, our version of the protocol uses only efficiently calculable functions. It is important to note that the 4-round protocols are as good as optimal, there is almost no difference with the lower bound found in Theorem 3.9.

To setup the first part of our protocol we would, just like for the 2-rounds, do

a lot of work once. In the worst case we would have to try all possible 2n log d_nd
sets

M of maps with all 2_dn
lists to find one that works for all. The theorem however

also showed that the probability of a set M not working for all maps was less then

1

16nd. So with very high probability the first set will work and we will only have to

check against all the lists. An other reassurance is that with probability more than

31

32 the first map we test for a list will already work, so we will not have to test all

the maps in the set for each list.

After the initial setup we will have nd linear maps to store, each using n log d

bits, resulting in a total of n2_{dlog d bits. In comparison, storing the random}

non-linear maps used by Naor et al. would take nd log(d)2n _{bits. In both cases we would}

of course also have the maps for the 2-round protocol in the second step to store, these however are relatively small.

Chapter 4

Overview of quantum

computations

In this chapter we will give a brief introduction to quantum computing and quantum communication. We will first discuss the basics of quantum computing and then move on to a few of the main examples of how quantum computing can make a difference. Most information in this chapter is based on lecture notes by Ronald de Wolf [4].

4.1

The qubit

In classical computing we work with bits, entities that are either 0 or 1. In quantum computing this changes, we look et qubits. If we measure a qubit it will still be either 0 or 1, however an unmeasured qubit can be both at the same time, we call this a superposition. We call the two states |0i and |1i. These are the basis states in C2_, |0i =1 0  and |1i =0 1 

A general state than is of the form

|Φi = α |0i + β |1i

If we measure this state we have a probability |α|2 _{of finding |0i and a probability}

|β|2 _{of finding |1i.}

This adds the extra restriction that |α|2_{+ |β|}2 _{= 1, since we have a probability}

distribution. This means that we can identify qubits with unit vectors in C2_.

4.2

Multiple bits

Computers would not be very powerfull if they could only manipulate one bit, the same is the case for qubits. Luckily we can combine multiple qubits. If we could only place them next to each other and describe them one by one, we would not have a big improvement on classical computers, the only thing we would gain is true randomness.

However, it turns out that we can combine qubits to form a combined state where

we have a superposition of all 2n _{possible bases states. We do this by looking at}

4.3. MANIPULATING STATES

the tensor product space of the multiple single qubits. For example, The two-qubit state has the following bassis states:

|0i ⊗ |0i |0i ⊗ |1i |1i ⊗ |0i |1i ⊗ |1i

Where the first part stands for the state of the first bit and the second part for the state of the second bit. We will abbreviate this to

|00i =02  |01i |10i |11i = 12 

A pair of qubits can be in a general superposition of these four states |Φi = α |00i + β |01i + γ |10i + δ |11i

We see that for n qubits we have 2n_{basis states, so an n qubit register is a vector}

in C2n

Now we can not always describe the qubits separately anymore. For example, the so called EPR-pair

|Φi = √1

2|00i +

1 √

2|11i

can not be written as the tensor product of two single qubit states. In this state measuring one qubit will also fix the other qubit, due to this we will call the state entangeled. In general, a state is entageld if it can not be writen as the tensor product of single qubit states.

4.3

Manipulating states

By now we have a quite interesting form of memory. However, we would of course like to manipulate this memory. Quantum mechanics allows us to apply linear transformations to states, which, in analog to the classical case, we will call gates.

In our vector setting these linear transformations can be represented by 2n _{× 2}n

complex matrices. Since the states need to stay normalized we get the restriction that the matrix corresponding to a gate is unitary.

4.3.1

bit flip

A simple example is the bit flip gate, the quantum version of the NOT-gate. Due to the linear nature of matrices we only need to define what it does to the basis states:

|0i → |1i and |1i → |0i this would give the matrix

0 1 1 0

CHAPTER 4. OVERVIEW OF QUANTUM COMPUTATIONS

4.3.2

phase flip

Next we define the phase flip

|0i → |0i and |1i → − |1i this gives the matrix

1 0

0 −1 

4.3.3

Hadamard

One of the most important transformation in quantum computing is the Hadamard gate. It brings a qubit from one of the base states to a state in which a measurement would hold a zero or one with equal probability.

|0i → √1

2(|0i + |1i) and |1i →

1 √ 2(|0i − |1i) or in matrix form H = √1 2 1 1 1 −1 

It allows us to go from a deterministic state to a superposition. We could also apply it to multiple bits to get an equal distribution over all n-bit states. Important to note is that it is its own inverse:

H2 = 1 2 1 1 1 −1  1 1 1 −1  = 1 2 2 0 0 2  = I

4.3.4

Controlled not

The above gates are all limited to one qubit. One of the main two qubit gates is the controlled not, or CNOT. It is the quantum version of the XOR gate. If the first bit is a one, we bitflip the second:

|ai |bi CN OT |ai |bi

|00i |00i

|01i |01i

|10i |11i

|11i |10i

Which gives the matrix

    1 0 0 0 0 1 0 0 0 0 0 1 0 0 1 0    

As can be expected the CNOT gate can entangle pair of qubits. If we start in the |00i state and do a Hadamard on the first qubit we get

1 √

2(|00i + |10i)

4.4. QUANTUM TELEPORTATION

still not an entangled state. If we now do a CNOT we get 1

√

2(|00i + |11i) Which is an EPR pair.

4.4

Quantum teleportation

One of the first problems that we can expect if we want to do quantum communica-tion is moving quantum states. It turns out that this can be done using a classical line and an EPR pair. The protocol used for this is called quantum teleportation.

Problem Alice has a qubit that she wants to send to Bob. They share an EPR

pair and a classical line.

Protocol Since we will be dealing with one state separated in space, we will color

Alice’s part of the state red and Bob’s part green. We start in the following state: (α0|0i + α1|1i)⊗

1 √

2(|00i + |11i)

The protocol is:

1. Alice does a CNOT on her two qubits.

2. Alice does a Hadamard transform on her first qubit.

3. Alice measures her two qubits and sends the result to Bob.

4. Bob does a phase flip and/or bit flip depending on Alices message.

We first rewrite to starting state 1

√

2(α0|000i + α0|011i + α1|100i + α1|111i) And than do the CNOT from the first to the seccond

1 √

2(α0|000i + α0|011i + α1|110i + α1|101i) followed by the Hadamard

1

2( α0 (|000i + |100i) +

α0 (|011i + |111i) +

α1 (|010i − |110i) +

CHAPTER 4. OVERVIEW OF QUANTUM COMPUTATIONS

To see what happens when Alice measures her bits we first group by the possible outcomes of this measurement

1

2( |00i (α0|0i + α1|1i)+ |01i (α0|1i + α1|0i)+ |10i (α0|0i − α1|1i)+ |11i (α0|1i − α1|0i))

So depending on the outcome of the measurement we know Bob’s state:

00 Bob has α0|0i + α1|1i, Alice her original state.

01 Bob has α0|1i + α1|0i, a bit flip will give Alice her original state.

10 Bob has α0|0i − α1|1i, a phase flip will give Alice her original state.

11 Bob has α0|1i − α1|0i, a bit flip and phase flip will give Alice her original state.

4.5

Deutsch-Jozsa

Until now we have seen how to manipulate quantum states but we are yet to see an improvement over classical computing. In this section we will discuss one of the first quantum algorithms to achieve a speedup over the classical case.

Problem We are given a function f : {0 · · · 2n_{−1} = {0, 1}}n_{→ {0, 1} that assigns}

a bit to each n-bit number with the promise that: • Either f is constant

• Or f is balanced, as in |f−1_{(0)| = |f}−1_(1)|

Our goal is to determine which of the above is true.

As the function f can be arbitrarily complex we are mostly interested in mini-mizing the amount of times we have to calculate it. Let it be clear that in the worst

classical case we will need 2n−1_{+ 1 evaluations of f , since we need to calculate more}

than half the values if we want to be certain.

Quantum parallelism We first have to assume that we can calculate f on our

quantum computer. If we do so there has to be a gate that does |xi |0i → |xi |f (x)i

Using such a gate is called a query. We can also start with a different state, in

particular the Hadamard transform of |0n_i:

1 √ 2n X x∈{0,1}n |xi |0i

4.5. DEUTSCH-JOZSA

And due to the linear behavior of gates, we can apply our gate f to this to get: 1 √ 2n X x∈{0,1}n |xi |f (x)i

In this we can already see that with one look up we got information about all values of f .

We still however have to define what our gate does if the last bit is 1, bringing us to the definition:

Of|xi |bi =

(

|xi |f (x)i if b = 0

|xi |1 − f (x)i if b = 1

Which allows us to look at Of|xi (H |1i). To keep the notation simple we will

define

|−i := H |1i = √1

2(|0i − |1i) Using this we look at

Of|xi |−i = |xi

1 √

2(|f (x)i − |1 − f (x)i) = (−1)

f (x)_{|xi |−i}

Since the last bit is untouched we can leave it out and define an other query operator: O_f−|xi = (−1)f (x)_|xi

It turns out that in a lot of cases this last operator is most convenient.

The algorithm The algorithm summarizes to:

H⊗nO−_fH⊗n|0n_i

After which we measure. Let’s see what happens:

1. We start by applying a Hadamard to each bit to get 1 √ 2n X i∈{0,1}n |ii

2. We can now calculate the query over the basis vectors: 1 √ 2n X i∈{0,1}n (−1)f (i)_|ii 3. Now, using H⊗n|ii = √1 2n X j∈{0,1}n (−1)i·j_|ji

we calculate an other Hadamard: 1 2n X i∈{0,1}n (−1)f (i) X j∈{0,1}n (−1)i·j_|ji

CHAPTER 4. OVERVIEW OF QUANTUM COMPUTATIONS

4. Now let’s look at the amplitude of |0n_{i. This is the j = 0 term, so i · j = 0}

and so the amplitude is

1 2n

X

i∈{0,1}n

(−1)f (i)

Remembering our cases from the original problem we calculate that the am-plitude is:

• 1 if f(x) is always zero • -1 if f(x) is always one • 0 if f(x) balanced

So a measurement will return 0n _{if our function is constant and an other value}

if it is balanced.

Complexity this algorithm takes one query, or function calculation, and Ω(n)

Hadamard gates, this is much faster then the classical 2n−1_{+1 function calculations.}

4.6

Distributed Deutsch-Jozsa

We are now ready to give an example of quantum communication complexity. The problem is as follows: Alice and Bob both receive an n-bit string, Alice gets x and

Bob gets y, with either x = y or x and y differ in n

2 places. They have to determine

which one is the case.

The algorithm is almost like the one described above:

1. Alice starts out with a log n-qubit zero state. Just as above Alice does a Hadamard transform to each of her qubits, followed by a query to her string, making her state

1 √ n n X i=0 (−1)xi_|ii

2. Alice sends these log n qubits to Bob. 3. Now Bob also does a query to his string:

1 √ n n X i=0 (−1)xi+yi_|ii

Followed by a Hadamard transform on each bit 1 n n X i=0 (−1)xi+yi n X j=0 (−1)i·j_|ii

4. Now we again look at the amplitude of the zero state 1 n n X i=0 (−1)xi+yi

And just as before we get either 1 if x = y or 0 in any other case. So Bob can now tell whether their strings are equal or unequal.

4.6. DISTRIBUTED DEUTSCH-JOZSA

This protocol uses only log n qubits of communication, while it can be shown that a classical protocol always uses Ω(n) bits. This proof however is far from trivial and uses deep combinatorical results [3].

Chapter 5

Quantum computations and lists

In this chapter we will present some results by the Quantum Computation research group of the CWI[2] on variations of the list problem. We will start with a short sidetrack on graphs.

5.1

Notes on graphs

Before we move on to lists we should first consider some results on a related problem:

Problem Given a fixed graph G = (V, E), Alice and Bob both receive a vertex

with either x = y or (x, y) ∈ E. The goal is for Bob to know whether x = y or not.

we will denote the classical complexity by CCk(eq, G) and the quantum complexity

by QCk(eq, G)

As seen in in Example 2.7 CC1(eq) = CC∞(eq), the same holds for the problem

with promise. We can also bound the communication complexity by the chromatic number of the graph.

Lemma 5.1. CC1(eq, G) = CC∞(eq, G) = log χ(G)

Proof. CC1(eq, G) = CC∞(eq, G) Say that we have a optimal k-round protocol with

cost CCk(eq, G). Alice now assumes that y = x and writes out the whole

transcript for the communication a1b2· · · bk−1ak. She sends this to Bob. He

checks whether the messages that he should have sent are correct, if this is not the case he knows that x 6= y. If the messages are consistent, the transcript is the same as it would be at the end of the k-round communication so Bob should be able to tell whether x = y or not. This protocol uses only one round but the same amount of bits as the original one.

CC1(eq, G) ≤ log χ(G): Fix an optimal coloring beforehand. Alice sends over the

color of x in log χ(G) bits. If x = y Bobs can see that the color of y matches the received color. If x 6= y than (x, y) ∈ E so the colors don’t match.

CC1(eq, G) ≥ log χ(G): Any protocol gives a coloring of G by using the transcripts,

since no two neighbours can produce the same transcript.

5.2. FIXED HAMMING DISTANCE

Definition 5.2. ξ(G) is the minimum dimension of a complex orthogonal

represen-tation, that is the minimum dimension k for which we can assign vectors in Ck _to

the vertexes of G, so that if (u, t) ∈ E, then their assigned vectors vu, vt have inner

product 0.

The parallel with coloring should be clear: with classical computing we used the smallest distinguishable units, integers, and assigned them to vertices so no two neighbours will have the same integer. We now do the same for quantum computing, the only thing that changed are the smallest perfectly distinguishable units, these are now ortonormal vectors. This leads us to the following theorem:

Lemma 5.3. QC1(eq, G) = log ξ(G)

Proof. _{We note that an n-bit quantum state is a vector in C}2n or the other way

around, a normalized vector in Cξ(G) _{can be represented by a log ξ(G) qubit state.}

The proof is now parallel to the classical one:

QC1(eq, G) ≤ log ξ(G): Fix an optimal orthogonal representation beforehand and

normalize all vectors. Alice sends over the vector of x in log χ(G) qubits. Since y has an orthogonal vector to all of its neighbors, Bob can determine

whether x = y or not from their vectors: Either vx ⊥ vy or vx = vy, so

measuring in the vy direction will give 0 resp. 1.

QC1(eq, G) ≥ log ξ(G): Any protocol gives an orthogonal representation of G by

using the quantum version of a transcript. If a protocol transmits k qubits then we can put them all next to each other to create a k qubit state. We can do this for all the (x, x) pairs in the graph. Since two neighbours should be distinguishable by the transcripts, the transcript should be distinguishable. This means that the k-qubit states of two neighbours should be ortogonal.

Definition 5.4.We also define the Hamming graph Hn

h to be the graph with V = Fn2

and (x, y) ∈ E if and only if dH(x, y) = h

5.2

fixed Hamming distance

We now again look at the list problem but with the as extra promise: all elements

of the list have pairwise hamming distance h = n

2. We denote the classical, resp.

quantum complexity by CCk(list,n₂), resp. QCk(list,n₂).

Lemma 5.5. CC1(list,n₂) ≥ Ω(n)

Proof. Since we look at a 1-round protocol, Alice does not know which strings are

in the list, all she knows is that they are all neighbors of x in Hn

n

2. So sending over

x would be the same as sending over the color of x in Hn

n 2. It follows that CC1(list − n 2) ≥ log χ(H n n 2) ≥ Ω(n)

CHAPTER 5. QUANTUM COMPUTATIONS AND LISTS

Where the last inequality can be found by using the fact that each vertex in the graph has n n 2  ≤ 2f racn2

neighbours and so the chromatic number is at least n

2.

Lemma 5.6. QC1(list,n₂) = QC∞(list,n₂) = log(n)

Proof. To each vertex in Hn

n

2 we assign the vector obtained after applying the

fol-lowing map to each bit of corresponding bit string.

f : {0, 1} → {−1, 1} :

(

0 7→ −1 1 7→ 1

Since two neighbors are different on half of the bits, the inner product between

their vectors will contain n

2 terms equal to −1, for the different bits, and just as

many terms equal to 1 for the equal bits, the result will be 0. We conclude that the

given vectors form an n-dimensional orthogonal representation and so ξ(Hn

n

2) ≤ n.

Now, just as in the classical case

QC1(list − n 2) ≤ log ξ(H n n 2) ≤ log(n)

Since all the elements in the list are neighbours of each other in Hn

n 2.

Just as in the classical case it can be shown, although we will not do so here, that that log n is a lower bound on the communication.

log n ≤ QC∞(list − n 2) ≤ QC1(list − n 2) ≤ log ξ(H n n 2) ≤ log(n)

Chapter 6

Discussion

6.1

Classical

In the first two chapters we presented a proof based one by Naor et al, [8]. their proof showed that multi-round communication for the list problem could take ex-ponentially less bits then single-round communication. Further more, they showed that with two rounds at most ∼ 3 log d bits would be needed, and that four rounds was enough to bring it down to the theoretical minimum of ∼ 2 log d.

However, their proof used a protocol that involved calculating the values of a random function. We showed that the same results could be acquired when using linear maps instead. This makes the protocol efficiently calculable, making it useful for real world applications.

There are also some open questions left. For example, we don’t know yet whether the ∼ 3 log d is optimal for two rounds of communication. We also do not know yet how efficient multi round classic communication is for variations on the list problem.

6.2

Quantum

After exploring classical communication we moved in the direction of quantum com-munication. For this we looked at a variation of the list problem where there was an

extra promise on the list, all strings in the list had pairwise hamming distance n

2. For

this case the quantum computing research group of the CWI [2] showed that quan-tum communication could be exponentially better for a single round protocol then for classical communication and that multiple rounds of quantum communication where just as good as one round of quantum communication.

It is however still unknown how well classical communication can preform when we allow multiple rounds for this variation on the list problem. What we do know is that the same protocol could be used as for the general list problem and so use

∼ 3 log d classical bits. Since we always assume that d = O(nk_{) for some k, and so}

that 3 log d = 3k log n + O(1), we do know that a multi-round quantum protocol could never be more than a factor better than the best multi-round classical protocol. For the general list problem we do not have any significant results yet when it comes to quantum communication. It is however not too complicated to show that the lower bound of log d still holds. This means that in the best case we could bring the communication down by a factor of two from the ∼ 2 log d bits for four classical rounds by using quantum communication.

CHAPTER 6. DISCUSSION

To do so we would like to modify the classical protocol we found to use less bits. One of the log d terms comes from the number of linear maps we fixed (nd), the other from the size of the set they mapped to (d). Since both should probability still depend on d when we use quantum communication, one option would be to use

a set of n√d maps that mapped to √d-qubit strings.

We could also try to use quantum communication to improve on the two round protocol. One way would be to mimic the 4 round protocol in 2 rounds. Bob knows

which d

log d possible lists can remain after the first two rounds. If he could send

an extra quantum state in the first round that Alice could measure in a way that depended on the result of the first two rounds, then maybe she could determine what to do in the 3th round from this. However, due to the large amount of possible lists after the first two rounds this seems unlikely.

More promising would be to look at maps that map to log d-qubits instead of

log d2 _{classical bits. This would require us to find a set of nd maps of that form so}

that for each list there is at least one that maps the list to perfectly distinguishable quantum states. It is however still unknown if this is possible.

Chapter 7

Popular summary

Imagine that you have to tell a friend by which of your two telephone numbers he can reach you. In general it would not be handy to rattle out the whole number. Instead a good practice would be to denote a simple difference between the two, you could for example tell him that it is the one with the number 7 as last digit. This may not be that much faster than just reading your phone number out loud, but imagine a world where phone numbers where 40 digits long. This may sound strange but it is not that far from the truth, computers use almost 40 digit addresses on the internet these days.

So lets say your friend Bob knows your telephone number is one of the following: • 0634876390112343294205768294238957934857

• 0638872348235395830024872938646203592749

and although you know he is trying to choose between two possibilities you don’t know what they are. If you are in a hurry and want to leave him a note you will have to write down your whole number since you don’t know what other number he is thinking of and any information that you don’t write down could be the crucial piece that helps him choose the right one.

Now, the next day, the same thing happens with you and your friend Charley. He needs to give you his correct number and you know it is one of those:

• 0678928261873452034233324582907746292011 • 0678921927873672033466329024457214592210

You remember how irritating it was to write down the whole number and to save your friend the trouble you ask him for the 7th digit. He tells you this is 8 and then you know the right number is the first one. Instead of communicating 40 digits you have found a way to tell somebody your number with just 3 digits maximum, 2 to denote what digit is different in both the numbers, since this is a number under 41, and then one to tell the correct digit.

Naturally you get fascinated by this technique and when you meet your not so good friend Dave later that month you already have the solution to the next challenge. As it turns out you never knew Dave that well and you are not so sure about his telephone number, you only know it is one of these: