Frédéric Wang    About    Mathematics    Computer Science    Miscellaneous    Archive

Thoughts on the Dihedral Hidden Subgroup Problem

This morning, I've been thinking again about a way to solve the Hidden Subgroup Problem for the dihedral group D N = N φ 2 (where φ ( 1 ) is the inversion of N ). It is well-known that there exists a reduction to the case where the hidden subgroup is H = ( d , 1 ) for some d N . In that case, if we fix b { 0 , 1 } , the elements ( i , b ) for i N form a complete set of coset representatives, so f is one-to-one over N × { b } . Thus, x f ( x , b ) is a permutation of N , a property that will be used below to construct a unitary transform.

First let's recall the classical inductive method to determine d . If M is a divisor of N , let N ' = N M and write the euclidean division d = M d ' + r . If we are able to determine r in polynomial time, then we can define the oracle f ' ( x , y ) = f ( M x + r , y ) for x N ' and y 2 and obtain a dihedral HSP with hidden subgroup ( d ' , 1 ) . Since the prime factorization has only O ( log N ) factors, we can repeat this inductive step to get an efficient algorithm. Of course, this is likely to be useful only when the factors are small for otherwise it may be as much difficult to determine r as to determine the whole d . One interesting case is N = 2 n and M = 2 : at each step, N remains a power of 2 and we determine the parity of d .

For 0 l < M , we consider the N ' -dimensional subspace spanned by the vectors l N ' + m for 0 m < N ' . Since these M subspaces are orthogonal, we can construct a unitary transform by applying a Quantum Fourier Transform F N ' on each subspace separately. Finally, we apply the permutation mentionned at the beginning for b = 0 . We get a unitary transform W below where x = M i + k is the euclidean division of x by M :

x Z N , W x = 1 N j = 0 N 1 2 π i j N f ( M j + k , 0 )

Now, let's consider the superposition (again, we see that it is well-defined by considering the permutation mentionned at the beginning for b = 1 ):

1 N i = 0 N 1 f ( M i , 1 )

The state can be rewritten, using the fact that f is constant on H = ( d , 1 ) :

1 N i = 0 N 1 f ( M i , 1 ) = 1 N i = 0 N 1 f ( M i d , 0 ) ( d , 1 ) = 1 N i = 0 N 1 f ( M i d , 0 ) = 1 N i = 0 N 1 f ( M i ( M d + r ) , 0 ) = 1 N i = 0 N 1 f ( M ( i d + ( N 1 ) ) + ( M r ) , 0 ) = 1 N i = 0 N 1 f ( M i + ( M r ) , 0 )

Applying W 1 to this state gives M r   mod   ( M ) and so the value of r by a measurement in the standard basis.

Two questions remain: can we implement W and create the state Ψ efficiently? If N = 2 n and M = 2 , there are many simplifications because we are working with qubits. In that case, it is easy to see that the answer to the previous questions is affirmative if we have gates V f , b x = f ( x , b ) implementing the permutation mentioned at the beginning. However, it is not clear how to build V f , b from the gate U f generally given in the classical presentation of the problem...

update: OK, there is also the trivial solution N = M , N ' = 1 where the algorithm above is just computing V f , 0 1 V f , 1 0 = N d   mod   ( N ) . However, I'm still wondering if there is a way to modify the previous method to work with U f .