Grover's algorithm

In quantum computing, Grover's algorithm, also known as the quantum search algorithm, is a quantum algorithm for unstructured search that finds with high probability the unique input to a black box function that produces a particular output value, using just ${\displaystyle O({\sqrt {N}})}$ evaluations of the function, where ${\displaystyle N}$ is the size of the function's domain. It was devised by Lov Grover in 1996. ^[1]

The analogous problem in classical computation cannot be solved in fewer than ${\displaystyle O(N)}$ evaluations (because, on average, one has to check half of the domain to get a 50% chance of finding the right input). Charles H. Bennett, Ethan Bernstein, Gilles Brassard, and Umesh Vazirani proved that any quantum solution to the problem needs to evaluate the function ${\displaystyle \Omega ({\sqrt {N}})}$ times, so Grover's algorithm is asymptotically optimal. ^[2] Since classical algorithms for NP-complete problems require exponentially many steps, and Grover's algorithm provides at most a quadratic speedup over the classical solution for unstructured search, this suggests that Grover's algorithm by itself will not provide polynomial-time solutions for NP-complete problems (as the square root of an exponential function is an exponential, not polynomial, function). ^[3]

Unlike other quantum algorithms, which may provide exponential speedup over their classical counterparts, Grover's algorithm provides only a quadratic speedup. However, even quadratic speedup is considerable when ${\displaystyle N}$ is large, and Grover's algorithm can be applied to speed up broad classes of algorithms. ^[3] Grover's algorithm could brute-force a 128-bit symmetric cryptographic key in roughly 2⁶⁴ iterations, or a 256-bit key in roughly 2¹²⁸ iterations. It may not be the case that Grover's algorithm poses a significantly increased risk to encryption over existing classical algorithms, however. ^[4]

Applications and limitations

Grover's algorithm, along with variants like amplitude amplification, can be used to speed up a broad range of algorithms. ^{[5] [6] [7]} In particular, algorithms for NP-complete problems which contain exhaustive search as a subroutine can be sped up by Grover's algorithm. ^[6] The current best algorithm for 3SAT is one such example. Generic constraint satisfaction problems also see quadratic speedups with Grover. ^[8] These algorithms do not require that the input be given in the form of an oracle, since Grover's algorithm is being applied with an explicit function, e.g. the function checking that a set of bits satisfies a 3SAT instance.

Grover's algorithm can also give provable speedups for black-box problems in quantum query complexity, including element distinctness ^[9] and the collision problem ^[10] (solved with the Brassard–Høyer–Tapp algorithm). In these types of problems, one treats the oracle function f as a database, and the goal is to use the quantum query to this function as few times as possible.

Cryptography

Grover's algorithm essentially solves the task of function inversion. Roughly speaking, if we have a function ${\displaystyle y=f(x)}$ that can be evaluated on a quantum computer, Grover's algorithm allows us to calculate ${\displaystyle x}$ when given ${\displaystyle y}$. Consequently, Grover's algorithm gives broad asymptotic speed-ups to many kinds of brute-force attacks on symmetric-key cryptography, including collision attacks and pre-image attacks. ^[11] However, this may not necessarily be the most efficient algorithm since, for example, the parallel rho algorithm is able to find a collision in SHA2 more efficiently than Grover's algorithm. ^[12]

Limitations

Grover's original paper described the algorithm as a database search algorithm, and this description is still common. The database in this analogy is a table of all of the function's outputs, indexed by the corresponding input. However, this database is not represented explicitly. Instead, an oracle is invoked to evaluate an item by its index. Reading a full database item by item and converting it into such a representation may take a lot longer than Grover's search. To account for such effects, Grover's algorithm can be viewed as solving an equation or satisfying a constraint. In such applications, the oracle is a way to check the constraint and is not related to the search algorithm. This separation usually prevents algorithmic optimizations, whereas conventional search algorithms often rely on such optimizations and avoid exhaustive search. ^[13] Fortunately, fast Grover's oracle implementation is possible for many constraint satisfaction and optimization problems. ^[14]

The major barrier to instantiating a speedup from Grover's algorithm is that the quadratic speedup achieved is too modest to overcome the large overhead of near-term quantum computers. ^[15] However, later generations of fault-tolerant quantum computers with better hardware performance may be able to realize these speedups for practical instances of data.

Problem description

As input for Grover's algorithm, suppose we have a function ${\displaystyle f\colon \{0,1,\ldots ,N-1\}\to \{0,1\}}$. In the "unstructured database" analogy, the domain represent indices to a database, and f(x) = 1 if and only if the data that x points to satisfies the search criterion. We additionally assume that only one index satisfies f(x) = 1, and we call this index ω. Our goal is to identify ω.

We can access f with a subroutine (sometimes called an oracle) in the form of a unitary operator U_ω that acts as follows:

${\displaystyle {\begin{cases}U_{\omega }|x\rangle =-|x\rangle &{\text{for }}x=\omega {\text{, that is, }}f(x)=1,\\U_{\omega }|x\rangle =|x\rangle &{\text{for }}x\neq \omega {\text{, that is, }}f(x)=0.\end{cases}}}$

This uses the ${\displaystyle N}$-dimensional state space ${\displaystyle {\mathcal {H}}}$, which is supplied by a register with ${\displaystyle n=\lceil \log _{2}N\rceil }$ qubits. This is often written as

${\displaystyle U_{\omega }|x\rangle =(-1)^{f(x)}|x\rangle .}$

Grover's algorithm outputs ω with probability at least 1/2 using ${\displaystyle O({\sqrt {N}})}$ applications of U_ω. This probability can be made arbitrarily large by running Grover's algorithm multiple times. If one runs Grover's algorithm until ω is found, the expected number of applications is still ${\displaystyle O({\sqrt {N}})}$, since it will only be run twice on average.

Alternative oracle definition

This section compares the above oracle ${\displaystyle U_{\omega }}$ with an oracle ${\displaystyle U_{f}}$.

U_ω is different from the standard quantum oracle for a function f. This standard oracle, denoted here as U_f, uses an ancillary qubit system. The operation then represents an inversion (NOT gate) on the main system conditioned by the value of f(x) from the ancillary system:

${\displaystyle {\begin{cases}U_{f}|x\rangle |y\rangle =|x\rangle |\neg y\rangle &{\text{for }}x=\omega {\text{, that is, }}f(x)=1,\\U_{f}|x\rangle |y\rangle =|x\rangle |y\rangle &{\text{for }}x\neq \omega {\text{, that is, }}f(x)=0,\end{cases}}}$

or briefly,

${\displaystyle U_{f}|x\rangle |y\rangle =|x\rangle |y\oplus f(x)\rangle .}$

These oracles are typically realized using uncomputation.

If we are given U_f as our oracle, then we can also implement U_ω, since U_ω is U_f when the ancillary qubit is in the state ${\displaystyle |-\rangle ={\frac {1}{\sqrt {2}}}{\big (}|0\rangle -|1\rangle {\big )}=H|1\rangle }$:

${\displaystyle {\begin{aligned}U_{f}{\big (}|x\rangle \otimes |-\rangle {\big )}&={\frac {1}{\sqrt {2}}}\left(U_{f}|x\rangle |0\rangle -U_{f}|x\rangle |1\rangle \right)\\&={\frac {1}{\sqrt {2}}}\left(|x\rangle |f(x)\rangle -|x\rangle |1\oplus f(x)\rangle \right)\\&={\begin{cases}{\frac {1}{\sqrt {2}}}\left(-|x\rangle |0\rangle +|x\rangle |1\rangle \right)&{\text{if }}f(x)=1,\\{\frac {1}{\sqrt {2}}}\left(|x\rangle |0\rangle -|x\rangle |1\rangle \right)&{\text{if }}f(x)=0\end{cases}}\\&=(U_{\omega }|x\rangle )\otimes |-\rangle \end{aligned}}}$

So, Grover's algorithm can be run regardless of which oracle is given. ^[3] If U_f is given, then we must maintain an additional qubit in the state ${\displaystyle |-\rangle }$ and apply U_f in place of U_ω.

Algorithm

Quantum circuit representation of Grover's algorithm

The steps of Grover's algorithm are given as follows:

1. Initialize the system to the uniform superposition over all states
   ${\displaystyle |s\rangle ={\frac {1}{\sqrt {N}}}\sum _{x=0}^{N-1}|x\rangle .}$
2. Perform the following "Grover iteration" ${\displaystyle r(N)}$ times:
   1. Apply the operator ${\displaystyle U_{\omega }}$
   2. Apply the Grover diffusion operator ${\displaystyle U_{s}=2\left|s\right\rangle \left\langle s\right|-I}$
3. Measure the resulting quantum state in the computational basis.

For the correctly chosen value of ${\displaystyle r}$, the output will be ${\displaystyle |\omega \rangle }$ with probability approaching 1 for N ≫ 1. Analysis shows that this eventual value for ${\displaystyle r(N)}$ satisfies ${\displaystyle r(N)\leq {\Big \lceil }{\frac {\pi }{4}}{\sqrt {N}}{\Big \rceil }}$.

Implementing the steps for this algorithm can be done using a number of gates linear in the number of qubits. ^[3] Thus, the gate complexity of this algorithm is ${\displaystyle O(\log(N)r(N))}$, or ${\displaystyle O(\log(N))}$ per iteration.

Geometric proof of correctness

Picture showing the geometric interpretation of the first iteration of Grover's algorithm. The state vector ${\displaystyle |s\rangle }$ is rotated towards the target vector ${\displaystyle |\omega \rangle }$ as shown.

There is a geometric interpretation of Grover's algorithm, following from the observation that the quantum state of Grover's algorithm stays in a two-dimensional subspace after each step. Consider the plane spanned by ${\displaystyle |s\rangle }$ and ${\displaystyle |\omega \rangle }$; equivalently, the plane spanned by ${\displaystyle |\omega \rangle }$ and the perpendicular ket ${\displaystyle \textstyle |s'\rangle ={\frac {1}{\sqrt {N-1}}}\sum _{x\neq \omega }|x\rangle }$.

Grover's algorithm begins with the initial ket ${\displaystyle |s\rangle }$, which lies in the subspace. The operator ${\displaystyle U_{\omega }}$ is a reflection at the hyperplane orthogonal to ${\displaystyle |\omega \rangle }$ for vectors in the plane spanned by ${\displaystyle |s'\rangle }$ and ${\displaystyle |\omega \rangle }$, i.e. it acts as a reflection across ${\displaystyle |s'\rangle }$. This can be seen by writing ${\displaystyle U_{\omega }}$ in the form of a Householder reflection:

${\displaystyle U_{\omega }=I-2|\omega \rangle \langle \omega |.}$

The operator ${\displaystyle U_{s}=2|s\rangle \langle s|-I}$ is a reflection through ${\displaystyle |s\rangle }$. Both operators ${\displaystyle U_{s}}$ and ${\displaystyle U_{\omega }}$ take states in the plane spanned by ${\displaystyle |s'\rangle }$ and ${\displaystyle |\omega \rangle }$ to states in the plane. Therefore, Grover's algorithm stays in this plane for the entire algorithm.

It is straightforward to check that the operator ${\displaystyle U_{s}U_{\omega }}$ of each Grover iteration step rotates the state vector by an angle of ${\displaystyle \theta =2\arcsin {\tfrac {1}{\sqrt {N}}}}$. So, with enough iterations, one can rotate from the initial state ${\displaystyle |s\rangle }$ to the desired output state ${\displaystyle |\omega \rangle }$. The initial ket is close to the state orthogonal to ${\displaystyle |\omega \rangle }$:

${\displaystyle \langle s'|s\rangle ={\sqrt {\frac {N-1}{N}}}.}$

In geometric terms, the angle ${\displaystyle \theta /2}$ between ${\displaystyle |s\rangle }$ and ${\displaystyle |s'\rangle }$ is given by

${\displaystyle \sin {\frac {\theta }{2}}={\frac {1}{\sqrt {N}}}.}$

We need to stop when the state vector passes close to ${\displaystyle |\omega \rangle }$; after this, subsequent iterations rotate the state vector away from ${\displaystyle |\omega \rangle }$, reducing the probability of obtaining the correct answer. The exact probability of measuring the correct answer is

${\displaystyle \sin ^{2}\left({\Big (}r+{\frac {1}{2}}{\Big )}\theta \right),}$

where r is the (integer) number of Grover iterations. The earliest time that we get a near-optimal measurement is therefore ${\displaystyle r\approx \pi {\sqrt {N}}/4}$.

Algebraic proof of correctness

To complete the algebraic analysis, we need to find out what happens when we repeatedly apply ${\displaystyle U_{s}U_{\omega }}$. A natural way to do this is by eigenvalue analysis of a matrix. Notice that during the entire computation, the state of the algorithm is a linear combination of ${\displaystyle s}$ and ${\displaystyle \omega }$. We can write the action of ${\displaystyle U_{s}}$ and ${\displaystyle U_{\omega }}$ in the space spanned by ${\displaystyle \{|s\rangle ,|\omega \rangle \}}$ as:

${\displaystyle U_{s}:a|\omega \rangle +b|s\rangle \mapsto [|\omega \rangle \,|s\rangle ]{\begin{bmatrix}-1&0\\2/{\sqrt {N}}&1\end{bmatrix}}{\begin{bmatrix}a\\b\end{bmatrix}}.}$

${\displaystyle U_{\omega }:a|\omega \rangle +b|s\rangle \mapsto [|\omega \rangle \,|s\rangle ]{\begin{bmatrix}-1&-2/{\sqrt {N}}\\0&1\end{bmatrix}}{\begin{bmatrix}a\\b\end{bmatrix}}.}$

So in the basis ${\displaystyle \{|\omega \rangle ,|s\rangle \}}$ (which is neither orthogonal nor a basis of the whole space) the action ${\displaystyle U_{s}U_{\omega }}$ of applying ${\displaystyle U_{\omega }}$ followed by ${\displaystyle U_{s}}$ is given by the matrix

${\displaystyle U_{s}U_{\omega }={\begin{bmatrix}-1&0\\2/{\sqrt {N}}&1\end{bmatrix}}{\begin{bmatrix}-1&-2/{\sqrt {N}}\\0&1\end{bmatrix}}={\begin{bmatrix}1&2/{\sqrt {N}}\\-2/{\sqrt {N}}&1-4/N\end{bmatrix}}.}$

This matrix happens to have a very convenient Jordan form. If we define ${\displaystyle t=\arcsin(1/{\sqrt {N}})}$, it is

${\displaystyle U_{s}U_{\omega }=M{\begin{bmatrix}e^{2it}&0\\0&e^{-2it}\end{bmatrix}}M^{-1}}$ where ${\displaystyle M={\begin{bmatrix}-i&i\\e^{it}&e^{-it}\end{bmatrix}}.}$

It follows that r-th power of the matrix (corresponding to r iterations) is

${\displaystyle (U_{s}U_{\omega })^{r}=M{\begin{bmatrix}e^{2rit}&0\\0&e^{-2rit}\end{bmatrix}}M^{-1}.}$

Using this form, we can use trigonometric identities to compute the probability of observing ω after r iterations mentioned in the previous section,

${\displaystyle \left|{\begin{bmatrix}\langle \omega |\omega \rangle &\langle \omega |s\rangle \end{bmatrix}}(U_{s}U_{\omega })^{r}{\begin{bmatrix}0\\1\end{bmatrix}}\right|^{2}=\sin ^{2}\left((2r+1)t\right).}$

Alternatively, one might reasonably imagine that a near-optimal time to distinguish would be when the angles 2rt and −2rt are as far apart as possible, which corresponds to ${\displaystyle 2rt\approx \pi /2}$, or ${\displaystyle r=\pi /4t=\pi /4\arcsin(1/{\sqrt {N}})\approx \pi {\sqrt {N}}/4}$. Then the system is in state

${\displaystyle [|\omega \rangle \,|s\rangle ](U_{s}U_{\omega })^{r}{\begin{bmatrix}0\\1\end{bmatrix}}\approx [|\omega \rangle \,|s\rangle ]M{\begin{bmatrix}i&0\\0&-i\end{bmatrix}}M^{-1}{\begin{bmatrix}0\\1\end{bmatrix}}=|\omega \rangle {\frac {1}{\cos(t)}}-|s\rangle {\frac {\sin(t)}{\cos(t)}}.}$

A short calculation now shows that the observation yields the correct answer ω with error ${\displaystyle O\left({\frac {1}{N}}\right)}$.

Extensions and variants

Multiple matching entries

Further information: Amplitude amplification

If, instead of 1 matching entry, there are k matching entries, the same algorithm works, but the number of iterations must be ${\textstyle {\frac {\pi }{4}}{\left({\frac {N}{k}}\right)^{1/2}}}$instead of ${\textstyle {\frac {\pi }{4}}{N^{1/2}}.}$

There are several ways to handle the case if k is unknown. ^[16] A simple solution performs optimally up to a constant factor: run Grover's algorithm repeatedly for increasingly small values of k, e.g., taking k = N, N/2, N/4, ..., and so on, taking ${\displaystyle k=N/2^{t}}$ for iteration t until a matching entry is found.

With sufficiently high probability, a marked entry will be found by iteration ${\displaystyle t=\log _{2}(N/k)+c}$ for some constant c. Thus, the total number of iterations taken is at most

${\displaystyle {\frac {\pi }{4}}{\Big (}1+{\sqrt {2}}+{\sqrt {4}}+\cdots +{\sqrt {\frac {N}{k2^{c}}}}{\Big )}=O{\big (}{\sqrt {N/k}}{\big )}.}$

Another approach if k is unknown is to derive it via the quantum counting algorithm prior.

If ${\displaystyle k=N/2}$ (or the traditional one marked state Grover's Algorithm if run with ${\displaystyle N=2}$), the algorithm will provide no amplification. If ${\displaystyle k>N/2}$, increasing k will begin to increase the number of iterations necessary to obtain a solution. ^[17] On the other hand, if ${\displaystyle k\geq N/2}$, a classical running of the checking oracle on a single random choice of input will more likely than not give a correct solution.

A version of this algorithm is used in order to solve the collision problem. ^{[18] [19]}

Quantum partial search

A modification of Grover's algorithm called quantum partial search was described by Grover and Radhakrishnan in 2004. ^[20] In partial search, one is not interested in finding the exact address of the target item, only the first few digits of the address. Equivalently, we can think of "chunking" the search space into blocks, and then asking "in which block is the target item?". In many applications, such a search yields enough information if the target address contains the information wanted. For instance, to use the example given by L. K. Grover, if one has a list of students organized by class rank, we may only be interested in whether a student is in the lower 25%, 25–50%, 50–75% or 75–100% percentile.

To describe partial search, we consider a database separated into ${\displaystyle K}$ blocks, each of size ${\displaystyle b=N/K}$. The partial search problem is easier. Consider the approach we would take classically – we pick one block at random, and then perform a normal search through the rest of the blocks (in set theory language, the complement). If we don't find the target, then we know it's in the block we didn't search. The average number of iterations drops from ${\displaystyle N/2}$ to ${\displaystyle (N-b)/2}$.

Grover's algorithm requires ${\textstyle {\frac {\pi }{4}}{\sqrt {N}}}$ iterations. Partial search will be faster by a numerical factor that depends on the number of blocks ${\displaystyle K}$. Partial search uses ${\displaystyle n_{1}}$ global iterations and ${\displaystyle n_{2}}$ local iterations. The global Grover operator is designated ${\displaystyle G_{1}}$ and the local Grover operator is designated ${\displaystyle G_{2}}$.

The global Grover operator acts on the blocks. Essentially, it is given as follows:

1. Perform ${\displaystyle j_{1}}$ standard Grover iterations on the entire database.
2. Perform ${\displaystyle j_{2}}$ local Grover iterations. A local Grover iteration is a direct sum of Grover iterations over each block.
3. Perform one standard Grover iteration.

The optimal values of ${\displaystyle j_{1}}$ and ${\displaystyle j_{2}}$ are discussed in the paper by Grover and Radhakrishnan. One might also wonder what happens if one applies successive partial searches at different levels of "resolution". This idea was studied in detail by Vladimir Korepin and Xu, who called it binary quantum search. They proved that it is not in fact any faster than performing a single partial search.

Optimality

Grover's algorithm is optimal up to sub-constant factors. That is, any algorithm that accesses the database only by using the operator U_ω must apply U_ω at least a ${\displaystyle 1-o(1)}$ fraction as many times as Grover's algorithm. ^[21] The extension of Grover's algorithm to k matching entries, π(N/k)^1/2/4, is also optimal. ^[18] This result is important in understanding the limits of quantum computation.

If the Grover's search problem was solvable with log^cN applications of U_ω, that would imply that NP is contained in BQP, by transforming problems in NP into Grover-type search problems. The optimality of Grover's algorithm suggests that quantum computers cannot solve NP-Complete problems in polynomial time, and thus NP is not contained in BQP.

It has been shown that a class of non-local hidden variable quantum computers could implement a search of an ${\displaystyle N}$-item database in at most ${\displaystyle O({\sqrt[{3}]{N}})}$ steps. This is faster than the ${\displaystyle O({\sqrt {N}})}$ steps taken by Grover's algorithm. ^[22]

See also

• Amplitude amplification
• Brassard–Høyer–Tapp algorithm (for solving the collision problem)
• Shor's algorithm (for factorization)
• Quantum walk search

Notes

1. Grover, Lov K. (1996-07-01). "A fast quantum mechanical algorithm for database search". Proceedings of the twenty-eighth annual ACM symposium on Theory of computing - STOC '96. Philadelphia, Pennsylvania, USA: Association for Computing Machinery. pp. 212–219. arXiv: quant-ph/9605043 . Bibcode:1996quant.ph..5043G. doi:10.1145/237814.237866. ISBN   978-0-89791-785-8. S2CID   207198067.
2. Bennett C.H.; Bernstein E.; Brassard G.; Vazirani U. (1997). "The strengths and weaknesses of quantum computation". SIAM Journal on Computing . 26 (5): 1510–1523. arXiv: quant-ph/9701001 . doi:10.1137/s0097539796300933. S2CID   13403194.
3. Nielsen, Michael A. (2010). Quantum computation and quantum information. Isaac L. Chuang. Cambridge: Cambridge University Press. pp. 276–305. ISBN   978-1-107-00217-3. OCLC   665137861.
4. Bernstein, Daniel J. (2010). "Grover vs. McEliece" (PDF). In Sendrier, Nicolas (ed.). Post-Quantum Cryptography, Third International Workshop, PQCrypto 2010, Darmstadt, Germany, May 25-28, 2010. Proceedings. Lecture Notes in Computer Science. Vol. 6061. Springer. pp. 73–80. doi:10.1007/978-3-642-12929-2_6.
5. Grover, Lov K. (1998). "A framework for fast quantum mechanical algorithms". In Vitter, Jeffrey Scott (ed.). Proceedings of the Thirtieth Annual ACM Symposium on the Theory of Computing, Dallas, Texas, USA, May 23–26, 1998. Association for Computing Machinery. pp. 53–62. arXiv: quant-ph/9711043 . doi:10.1145/276698.276712.
6. Ambainis, A. (2004-06-01). "Quantum search algorithms". ACM SIGACT News. 35 (2): 22–35. arXiv: quant-ph/0504012 . doi:10.1145/992287.992296. ISSN   0163-5700. S2CID   11326499.
7. Jordan, Stephen. "Quantum Algorithm Zoo". quantumalgorithmzoo.org. Retrieved 2021-04-21.
8. Cerf, Nicolas J.; Grover, Lov K.; Williams, Colin P. (2000-05-01). "Nested Quantum Search and NP-Hard Problems". Applicable Algebra in Engineering, Communication and Computing. 10 (4): 311–338. doi:10.1007/s002000050134. ISSN   1432-0622. S2CID   311132.
9. Ambainis, Andris (2007-01-01). "Quantum Walk Algorithm for Element Distinctness". SIAM Journal on Computing. 37 (1): 210–239. arXiv: quant-ph/0311001 . doi:10.1137/S0097539705447311. ISSN   0097-5397. S2CID   6581885.
10. Brassard, Gilles; Høyer, Peter; Tapp, Alain (1998). "Quantum Cryptanalysis of Hash and Claw-Free Functions". In Lucchesi, Claudio L.; Moura, Arnaldo V. (eds.). LATIN '98: Theoretical Informatics, Third Latin American Symposium, Campinas, Brazil, April, 20-24, 1998, Proceedings. Lecture Notes in Computer Science. Vol. 1380. Springer. pp. 163–169. arXiv: quant-ph/9705002 . doi:10.1007/BFb0054319.
11. Post-quantum cryptography. Daniel J. Bernstein, Johannes Buchmann, Erik, Dipl.-Math Dahmén. Berlin: Springer. 2009. ISBN   978-3-540-88702-7. OCLC   318545517.
12. Bernstein, Daniel J. (2021-04-21). "Cost analysis of hash collisions: Will quantum computers make SHARCS obsolete?" (PDF). Conference Proceedings for Special-purpose Hardware for Attacking Cryptographic Systems (SHARCS '09). 09: 105–117.
13. Viamontes G.F.; Markov I.L.; Hayes J.P. (2005), "Is Quantum Search Practical?" (PDF), Computing in Science and Engineering, 7 (3): 62–70, arXiv: quant-ph/0405001 , Bibcode:2005CSE.....7c..62V, doi:10.1109/mcse.2005.53, S2CID   8929938
14. Sinitsyn N. A.; Yan B. (2023). "Topologically protected Grover's oracle for the partition problem". Physical Review A. 108 (2): 022412. arXiv: 2304.10488 . doi:10.1103/PhysRevA.108.022412. S2CID   258236417.
15. Babbush, Ryan; McClean, Jarrod R.; Newman, Michael; Gidney, Craig; Boixo, Sergio; Neven, Hartmut (2021-03-29). "Focus beyond Quadratic Speedups for Error-Corrected Quantum Advantage". PRX Quantum. 2 (1): 010103. arXiv: 2011.04149 . doi: 10.1103/PRXQuantum.2.010103 .
16. Aaronson, Scott (April 19, 2021). "Introduction to Quantum Information Science Lecture Notes" (PDF).
17. Nielsen-Chuang
18. Michel Boyer; Gilles Brassard; Peter Høyer; Alain Tapp (1998), "Tight Bounds on Quantum Searching", Fortschr. Phys., 46 (4–5): 493–506, arXiv: quant-ph/9605034 , Bibcode:1998ForPh..46..493B, doi:10.1002/3527603093.ch10, ISBN   9783527603091
19. Andris Ambainis (2004), "Quantum search algorithms", SIGACT News, 35 (2): 22–35, arXiv: quant-ph/0504012 , Bibcode:2005quant.ph..4012A, doi:10.1145/992287.992296, S2CID   11326499
20. L.K. Grover; J. Radhakrishnan (2005-02-07). "Is partial quantum search of a database any easier?". arXiv: quant-ph/0407122v4 .
21. Zalka, Christof (1999-10-01). "Grover's quantum searching algorithm is optimal". Physical Review A. 60 (4): 2746–2751. arXiv: quant-ph/9711070 . Bibcode:1999PhRvA..60.2746Z. doi:10.1103/PhysRevA.60.2746. S2CID   1542077.
22. Aaronson, Scott. "Quantum Computing and Hidden Variables" (PDF).

References

• Grover L.K.: A fast quantum mechanical algorithm for database search , Proceedings, 28th Annual ACM Symposium on the Theory of Computing, (May 1996) p. 212
• Grover L.K.: From Schrödinger's equation to quantum search algorithm , American Journal of Physics, 69(7): 769–777, 2001. Pedagogical review of the algorithm and its history.
• Grover L.K.: QUANTUM COMPUTING: How the weird logic of the subatomic world could make it possible for machines to calculate millions of times faster than they do today The Sciences, July/August 1999, pp. 24–30.
• Nielsen, M.A. and Chuang, I.L. Quantum computation and quantum information. Cambridge University Press, 2000. Chapter 6.
• What's a Quantum Phone Book?, Lov Grover, Lucent Technologies

External links

• Davy Wybiral. "Quantum Circuit Simulator". Archived from the original on 2017-01-16. Retrieved 2017-01-13.
• Craig Gidney (2013-03-05). "Grover's Quantum Search Algorithm".
• François Schwarzentruber (2013-05-18). "Grover's algorithm".
• Alexander Prokopenya. "Quantum Circuit Implementing Grover's Search Algorithm". Wolfram Alpha.
• "Quantum computation, theory of", Encyclopedia of Mathematics , EMS Press, 2001 [1994]
• Roberto Maestre (2018-05-11). "Grover's Algorithm implemented in R and C". GitHub .
• Bernhard Ömer. "QCL - A Programming Language for Quantum Computers" . Retrieved 2022-04-30. Implemented in /qcl-0.6.4/lib/grover.qcl