Hidden subgroup problem

Last updated December 18, 2023

The hidden subgroup problem (HSP) is a topic of research in mathematics and theoretical computer science. The framework captures problems such as factoring, discrete logarithm, graph isomorphism, and the shortest vector problem. This makes it especially important in the theory of quantum computing because Shor's algorithm for factoring in quantum computing is an instance of the hidden subgroup problem for finite abelian groups, while the other problems correspond to finite groups that are not abelian.

Problem statement

Given a group $G$ , a subgroup $H\leq G$ , and a set $X$ , we say a function $f:G\to X$ hides the subgroup $H$ if for all $g_{1},g_{2}\in G,f(g_{1})=f(g_{2})$ if and only if $g_{1}H=g_{2}H$ . Equivalently, $f$ is constant on the cosets of H, while it is different between the different cosets of H.

Hidden subgroup problem: Let $G$ be a group, $X$ a finite set, and $f:G\to X$ a function that hides a subgroup $H\leq G$ . The function $f$ is given via an oracle, which uses $O(\log |G|+\log |X|)$ bits. Using information gained from evaluations of $f$ via its oracle, determine a generating set for $H$ .

A special case is when $X$ is a group and $f$ is a group homomorphism in which case $H$ corresponds to the kernel of $f$ .

Motivation

The hidden subgroup problem is especially important in the theory of quantum computing for the following reasons.

Shor's algorithm for factoring and for finding discrete logarithms (as well as several of its extensions) relies on the ability of quantum computers to solve the HSP for finite abelian groups.
The existence of efficient quantum algorithms for HSPs for certain non-abelian groups would imply efficient quantum algorithms for two major problems: the graph isomorphism problem and certain shortest vector problems (SVPs) in lattices. More precisely, an efficient quantum algorithm for the HSP for the symmetric group would give a quantum algorithm for the graph isomorphism.^[1] An efficient quantum algorithm for the HSP for the dihedral group would give a quantum algorithm for the $\operatorname {poly} (n)$ unique SVP.^[2]

Algorithms

There is an efficient quantum algorithm for solving HSP over finite abelian groups in time polynomial in $\log |G|$ . For arbitrary groups, it is known that the hidden subgroup problem is solvable using a polynomial number of evaluations of the oracle.^[3] However, the circuits that implement this may be exponential in $\log |G|$ , making the algorithm not efficient overall; efficient algorithms must be polynomial in the number of oracle evaluations and running time. The existence of such an algorithm for arbitrary groups is open. Quantum polynomial time algorithms exist for certain subclasses of groups, such as semi-direct products of some abelian groups.

Algorithm for abelian groups

The algorithm for abelian groups uses representations, i.e. homomorphisms from $G$ to $\mathrm {GL} _{k}(\mathbb {C} )$ , the general linear group over the complex numbers. A representation is irreducible if it cannot be expressed as the direct product of two or more representations of $G$ . For an abelian group, all the irreducible representations are the characters, which are the representations of dimension one; there are no irreducible representations of larger dimension for abelian groups.

Defining the quantum fourier transform

The quantum fourier transform can be defined in terms of $\mathrm {Z} _{N}$ , the additive cyclic group of order $N$ . Introducing the character

\chi _{j}(k)=\omega _{N}^{jk}=e^{2\pi i{\frac {jk}{N}}},

the quantum fourier transform has the definition of

F_{N}|j\rangle ={\frac {1}{\sqrt {N}}}\sum _{k=0}^{N}\chi _{j}(k)|k\rangle .

Furthermore we define $|\chi _{j}\rangle =F_{N}|j\rangle$ . Any abelian group can be written as the direct product of multiple cyclic groups $\mathrm {Z} _{N_{1}}\times \mathrm {Z} _{N_{2}}\times \ldots \times \mathrm {Z} _{N_{m}}$ . On a quantum computer, this is represented as the tensor product of multiple registers of dimensions $N_{1},N_{2},\ldots ,N_{m}$ respectively, and the overall quantum fourier transform is $F_{N_{1}}\otimes F_{N_{2}}\otimes \ldots \otimes F_{N_{m}}$ .

Procedure

The set of characters of $G$ forms a group ${\widehat {G}}$ called the dual group of $G$ . We also have a subgroup $H^{\perp }\leq {\widehat {G}}$ of size $|G|/|H|$ defined by

H^{\perp }=\{\chi _{g}:\chi _{g}(h)=1{\text{ for all }}h\in H\}

For each iteration of the algorithm, the quantum circuit outputs a element $g\in G$ corresponding to a character $\chi _{g}\in H^{\perp }$ , and since $\chi _{g}(h)={1}$ for all $h\in H$ , it helps to pin down what $H$ is.

The algorithm is as follows:

Start with the state $|0\rangle |0\rangle$ , where the left register's basis states are each element of $G$ , and the right register's basis states are each element of $X$ .
Create a superposition among the basis states of $G$ in the left register, leaving the state ${\textstyle {\frac {1}{\sqrt {|G|}}}\sum _{g\in G}|g\rangle |0\rangle }$ .
Query the function $f$ . The state afterwards is ${\textstyle {\frac {1}{\sqrt {|G|}}}\sum _{g\in G}|g\rangle |f(g)\rangle }$ .
Measure the output register. This gives some $f(s)$ for some $s\in G$ , and collapses the state to ${\textstyle {\frac {1}{\sqrt {|H|}}}\sum _{h\in H}|s+h\rangle |f(s)\rangle }$ because $f$ has the same value for each element of the coset $s+{H}$ . We discard the output register to get ${\textstyle {\frac {1}{\sqrt {|H|}}}\sum _{h\in H}|s+h\rangle }$ .
Perform the quantum fourier transform, getting the state ${\textstyle {\frac {1}{\sqrt {|H|}}}\sum _{h\in H}|\chi _{s+h}\rangle }$ .
This state is equal to ${\textstyle {\sqrt {\frac {|H|}{|G|}}}\sum _{\chi _{g}\in H^{\perp }}\chi _{g}(s)|g\rangle }$ , which can be measured to learn information about $H$ .
Repeat until $H$ (or a generating set for $H$ ) is determined.

The state in step 5 is equal to the state in step 6 because of the following:

{\begin{aligned}{\frac {1}{\sqrt {|H|}}}\sum _{h\in H}|\chi _{s+h}\rangle &={\frac {1}{\sqrt {|H||G|}}}\sum _{h\in H}\sum _{g\in G}\chi _{s+h}(g)|g\rangle \\&={\frac {1}{\sqrt {|H||G|}}}\sum _{g\in G}\chi _{s}(g)\sum _{h\in H}\chi _{h}(g)|g\rangle \\&={\frac {1}{\sqrt {|H||G|}}}\sum _{g\in G}\chi _{g}(s)\left(\sum _{h\in H}\chi _{g}(h)\right)|g\rangle \\&={\sqrt {\frac {|H|}{|G|}}}\sum _{\chi _{g}\in H^{\perp }}\chi _{g}(s)|g\rangle \end{aligned}}

For the last equality, we use the following identity:

Theorem —

\sum _{h\in H}\chi _{g}(h)={\begin{cases}|H|&\chi _{g}\in H^{\perp }\\0&\chi _{g}\notin H^{\perp }\end{cases}}

Proof This can be derived from the orthogonality of characters. The characters of

G

form an orthonormal basis:

{\frac {1}{\vert H\vert }}\sum _{h\in H}\chi _{g}(h)\chi _{g'}(h)={\begin{cases}1&g=g'\\0&g\neq g'\end{cases}}

We let

\chi _{g'}

be the trivial representation, which maps all inputs to

1

, to get

\sum _{h\in H}\chi _{g}(h)={\begin{cases}\vert H\vert &g{\text{ is trivial}}\\0&g{\text{ is not trivial}}\end{cases}}

Since the summation is done over

H

,

\chi _{g}

also being trivial only matters for if it is trivial over

H

; that is, if

\chi _{g}\in H^{\perp }

. Thus, we know that the summation will result in

\vert H\vert

if

\chi _{g}\in H^{\perp }

and will result in

0

if

\chi _{g}\notin H^{\perp }

.

Each measurement of the final state will result in some information gained about $H$ since we know that $\chi _{g}(h)=1$ for all $h\in H$ . $H$ , or a generating set for $H$ , will be found after a polynomial number of measurements. The size of a generating set will be logarithmically small compared to the size of $G$ . Let $T$ denote a generating set for $H$ , meaning $\langle T\rangle =H$ . The size of the subgroup generated by $T$ will be doubled when a new element $t\notin T$ is added to it, because $H$ and $t+H$ are disjoint and because $H,t+H\subseteq \langle \{t\}\cup T\rangle$ . Therefore, the size of a generating set $|T|$ satisfies

|T|\leq \log |H|\leq \log |G|

Thus a generating set for $H$ will be able to be obtained in polynomial time even if $G$ is exponential in size.

Instances

Many algorithms where quantum speedups occur in quantum computing are instances of the hidden subgroup problem. The following list outlines important instances of the HSP, and whether or not they are solvable.


Problem	Quantum Algorithm	Abelian?	Polynomial time solution?
Deutsch's problem	Deutsch's algorithm; Deutsch-Jozsa algorithm	Yes	Yes
Simon's problem	Simon's algorithm	Yes	Yes
Order finding	Shor's order finding algorithm	Yes	Yes
Discrete logarithm	Shor's algorithm § Discrete logarithms	Yes	Yes
Period finding	Shor's algorithm	Yes	Yes
Abelian stabilizer	Kitaev's algorithm^[4]	Yes	Yes
Graph Isomorphism	None	No	No
Shortest vector problem	None	No	No

Related Research Articles

The uncertainty principle, also known as Heisenberg's indeterminacy principle, is a fundamental concept in quantum mechanics. It states that there is a limit to the precision with which certain pairs of physical properties, such as position and momentum, can be simultaneously known. In other words, the more accurately one property is measured, the less accurately the other property can be known.

Shor's algorithm is a quantum algorithm for finding the prime factors of an integer. It was developed in 1994 by the American mathematician Peter Shor. It is one of the few known quantum algorithms with compelling potential applications and strong evidence of superpolynomial speedup compared to best known classical algorithms. On the other hand, factoring numbers of practical significance requires far more qubits than available in the near future. Another concern is that noise in quantum circuits may undermine results, requiring additional qubits for quantum error correction.

In quantum computing, Grover's algorithm, also known as the quantum search algorithm, is a quantum algorithm for unstructured search that finds with high probability the unique input to a black box function that produces a particular output value, using just $evaluations of the function, where is the size of the function's domain. It was devised by Lov Grover in 1996.$

The Riemann hypothesis is one of the most important conjectures in mathematics. It is a statement about the zeros of the Riemann zeta function. Various geometrical and arithmetical objects can be described by so-called global L-functions, which are formally similar to the Riemann zeta-function. One can then ask the same question about the zeros of these L-functions, yielding various generalizations of the Riemann hypothesis. Many mathematicians believe these generalizations of the Riemann hypothesis to be true. The only cases of these conjectures which have been proven occur in the algebraic function field case.

The Deutsch–Jozsa algorithm is a deterministic quantum algorithm proposed by David Deutsch and Richard Jozsa in 1992 with improvements by Richard Cleve, Artur Ekert, Chiara Macchiavello, and Michele Mosca in 1998. Although of little practical use, it is one of the first examples of a quantum algorithm that is exponentially faster than any possible deterministic classical algorithm.

In quantum mechanics, a Slater determinant is an expression that describes the wave function of a multi-fermionic system. It satisfies anti-symmetry requirements, and consequently the Pauli principle, by changing sign upon exchange of two electrons. Only a small subset of all possible fermionic wave functions can be written as a single Slater determinant, but those form an important and useful subset because of their simplicity.

In quantum computing, a quantum algorithm is an algorithm which runs on a realistic model of quantum computation, the most commonly used model being the quantum circuit model of computation. A classical algorithm is a finite sequence of instructions, or a step-by-step procedure for solving a problem, where each step or instruction can be performed on a classical computer. Similarly, a quantum algorithm is a step-by-step procedure, where each of the steps can be performed on a quantum computer. Although all classical algorithms can also be performed on a quantum computer, the term quantum algorithm is usually used for those algorithms which seem inherently quantum, or use some essential feature of quantum computation such as quantum superposition or quantum entanglement.

The Hadamard transform is an example of a generalized class of Fourier transforms. It performs an orthogonal, symmetric, involutive, linear operation on $2 m$ real numbers.

In group theory, a branch of abstract algebra, a character table is a two-dimensional table whose rows correspond to irreducible representations, and whose columns correspond to conjugacy classes of group elements. The entries consist of characters, the traces of the matrices representing group elements of the column's class in the given row's group representation. In chemistry, crystallography, and spectroscopy, character tables of point groups are used to classify e.g. molecular vibrations according to their symmetry, and to predict whether a transition between two states is forbidden for symmetry reasons. Many university level textbooks on physical chemistry, quantum chemistry, spectroscopy and inorganic chemistry devote a chapter to the use of symmetry group character tables.

<span class="mw-page-title-main">Burnside's theorem</span> Mathematic group theory

In mathematics, Burnside's theorem in group theory states that if G is a finite group of order $where p and q are prime numbers, and a and b are non-negative integers, then G is solvable. Hence each non-Abelian finite simple group has order divisible by at least three distinct primes.$

In computational complexity theory, PostBQP is a complexity class consisting of all of the computational problems solvable in polynomial time on a quantum Turing machine with postselection and bounded error.

The time-evolving block decimation (TEBD) algorithm is a numerical scheme used to simulate one-dimensional quantum many-body systems, characterized by at most nearest-neighbour interactions. It is dubbed Time-evolving Block Decimation because it dynamically identifies the relevant low-dimensional Hilbert subspaces of an exponentially larger original Hilbert space. The algorithm, based on the Matrix Product States formalism, is highly efficient when the amount of entanglement in the system is limited, a requirement fulfilled by a large class of quantum many-body systems in one dimension.

In computational complexity theory and quantum computing, Simon's problem is a computational problem that is proven to be solved exponentially faster on a quantum computer than on a classical computer. The quantum algorithm solving Simon's problem, usually called Simon's algorithm, served as the inspiration for Shor's algorithm. Both problems are special cases of the abelian hidden subgroup problem, which is now known to have efficient quantum algorithms.

Quantum walks are quantum analogues of classical random walks. In contrast to the classical random walk, where the walker occupies definite states and the randomness arises due to stochastic transitions between states, in quantum walks randomness arises through: (1) quantum superposition of states, (2) non-random, reversible unitary evolution and (3) collapse of the wave function due to state measurements.

Amplitude amplification is a technique in quantum computing which generalizes the idea behind Grover's search algorithm, and gives rise to a family of quantum algorithms. It was discovered by Gilles Brassard and Peter Høyer in 1997, and independently rediscovered by Lov Grover in 1998.

In cryptography, Learning with errors (LWE) is a mathematical problem that is widely used in cryptography to create secure encryption algorithms. It is based on the idea of representing secret information as a set of equations with errors. In other words, LWE is a way to hide the value of a secret by introducing noise to it. In more technical terms, it refers to the computational problem of inferring a linear $-ary function over a finite ring from given samples some of which may be erroneous. The LWE problem is conjectured to be hard to solve, and thus to be useful in cryptography.$

In quantum computing, the quantum Fourier transform (QFT) is a linear transformation on quantum bits, and is the quantum analogue of the discrete Fourier transform. The quantum Fourier transform is a part of many quantum algorithms, notably Shor's algorithm for factoring and computing the discrete logarithm, the quantum phase estimation algorithm for estimating the eigenvalues of a unitary operator, and algorithms for the hidden subgroup problem. The quantum Fourier transform was discovered by Don Coppersmith.

A Matrix product state (MPS) is a quantum state of many particles, written in the following form:

Quantum counting algorithm is a quantum algorithm for efficiently counting the number of solutions for a given search problem. The algorithm is based on the quantum phase estimation algorithm and on Grover's search algorithm.

The Bernstein–Vazirani algorithm, which solves the Bernstein–Vazirani problem, is a quantum algorithm invented by Ethan Bernstein and Umesh Vazirani in 1997. It is a restricted version of the Deutsch–Jozsa algorithm where instead of distinguishing between two different classes of functions, it tries to learn a string encoded in a function. The Bernstein–Vazirani algorithm was designed to prove an oracle separation between complexity classes BQP and BPP.

References

↑ Mark Ettinger; Peter Høyer (1999). "A quantum observable for the graph isomorphism problem". arXiv: quant-ph/9901029 .
↑ Oded Regev (2003). "Quantum computation and lattice problems". arXiv: cs/0304005 .
↑ Mark Ettinger; Peter Hoyer; Emanuel Knill (2004). "The quantum query complexity of the hidden subgroup problem is polynomial". Information Processing Letters. 91: 43–48. arXiv: quant-ph/0401083 . Bibcode:2004quant.ph..1083E. doi:10.1016/j.ipl.2004.01.024. S2CID 5520617.
↑ Kitaev, Alexei (November 20, 1995). "Quantum measurements and the Abelian Stabilizer Problem". arXiv: quant-ph/9511026 .

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Mark Ettinger; Peter Høyer (1999). "A quantum observable for the graph isomorphism problem". arXiv: quant-ph/9901029 .

[2] Oded Regev (2003). "Quantum computation and lattice problems". arXiv: cs/0304005 .

[3] Mark Ettinger; Peter Hoyer; Emanuel Knill (2004). "The quantum query complexity of the hidden subgroup problem is polynomial". Information Processing Letters. 91: 43–48. arXiv: quant-ph/0401083 . Bibcode:2004quant.ph..1083E. doi:10.1016/j.ipl.2004.01.024. S2CID 5520617.

[4] Kitaev, Alexei (November 20, 1995). "Quantum measurements and the Abelian Stabilizer Problem". arXiv: quant-ph/9511026 .

[1]

[2]

[3]

[4]