Desurvire E. Classical and Quantum Information Theory: An Introduction for the Telecom Scientist

Подождите немного. Документ загружается.

Modular arithmetic and Euler’s theorem 657

otherwise). The following are basic examples:











(3 + 4) mod 6 = 7mod6= 1

(8 + 7) mod 15 = 15 mod 15 = 0

(7 − 4) mod 4 = 3mod4= 3

(2 × 3) mod 4 = 6mod4= 2

(7 × 9) mod 11 = 63 mod 11 = 8.

(T5)

In modular arithmetic, addition and multiplication are commutative, associative, and

distributive operations, meaning the following properties:

(a ± b)modm = (a mod m) ± (b mod m)modm, (T6)

(a × b)modm = (a mod m) × (b mod m)modm, (T7)

[a × (b + c)] mod m = (a × b)modm + (a × c)modm)modm. (T8)

Here are two other obvious or less trivial properties (k = integer):

(−a)modm = (m − a)modm = [(m − 1) ×a]modm, (T9)

(k × m)modm = 0, (T10)

(k × a)mod(k × m) = k × (a mod m). (T11)

While addition and multiplication are straightforward in modular arithmetic, division is

not. For instance, what is the residue r as deﬁned through r = (11/5) mod 3? In modular

arithmetic, r should be the number that satisﬁes 5 ×r = 11 mod

= 2. The only solution

to this equation is r = 1, since 5 ×1mod3= 5mod3= 2. We, thus, see that |11/5|

1, which is not at all intuitive. One can also deﬁne the number (11/5) mod 3 as the

product (11 ×1/5) mod 3 or, equivalently, (11 mod 3) ×(1/5 mod 3) = 2 × (1/5mod

3) mod 3. According to the same procedure, we ﬁnd that |1/5|

= 2, since 5 ×2 =

10 mod

= 1. We, thus, obtain 2 ×(1/5 mod 3) mod 3 = 2 ×2mod3= 4mod3=

1 = (11/5) mod 3, which is consistent with the previous deﬁnition of division. Since

inverses can be deﬁned in modular arithmetic, there is no need to use the division

operation. However, a restriction applies to the relation between the number to be

inverted and the modulus: they should be co-prime, meaning that they should have one

as their greatest common divider (see further).

The conversion between x and its residue r (modulo m) is called modular reduction.

Such a reduction operation corresponds to a one-way function. This term refers to the fact

that the correspondence that is established is not reversible, since there is an inﬁnity of

numbers with the same residue. Powers and exponentials of the type y = x

and y = a

(a, p = integers) are also one-way functions, since the result y is associated with an

inﬁnity of possible values x. Here is an important property concerning the commutation

of exponents, which is the same as in ordinary arithmetic, and which we will have the

opportunity to exploit:

mod m)

mod m = (a

mod m)

mod m = a

mod m. (T12)

658 Appendix T

Having introduced modular arithmetic basics, I can describe two fundamental theorems

that have been derived by Fermat and Euler.

Two numbers are said to be relatively prime,orco-prime to each other, if they do not

divide each other, or if their greatest common divider (GCD) is unity. For instance, (3,4),

(2,9), and (5,12) are co-prime. Clearly, two prime numbers are co-prime. Primes and

co-primes play a central role in modular arithmetic, as the Fermat and Euler theorems

and applications illustrate.

Fermat’s theorem states that if m is prime and (a, m) are co-prime, then

m−1

mod m = 1, (T13)

which can be put into the equivalent form: a

mod m = a.Thus,wehavea mod 2 = 1

or a

mod 3 = 1 for any a that is prime with number two or number three, and so on

with any prime modulus, for instance 11

23−1

mod 23 = 1. We see that as a ﬁrst beneﬁt,

Fermat’s theorem makes it possible to considerably simplify calculations in modular

arithmetic.

Euler’s theorem (named after the Swiss mathematician) states that if p and q are two

primes and N = pq is their product, then we have for any integer a which is prime

with n:

(p−1)(q−1)

mod N = 1. (T14)

The factor ( p − 1)(q − 1) with pq = N is also called φ(N ). A consequence of Euler’s

theorem is that the inverse 1/a is readily deﬁned as

= a

−1

= a

φ(n)−1

mod N . (T15)

For instance, what is the inverse of 5 modulo 21? We have 21 = 3 ×7, so φ(21) = (3 −

1) × (7 −1) = 12 and 1/5 = 5

12−1

mod 21 =48 828 125 mod 21 =17. Thus, |1/5|

17, which is readily veriﬁed as (17 ×5) mod 21 = 85 mod 21 = 1. We see that the

calculation of an inverse through Euler’s theorem is quite straightforward, compared

with the method previously described. But the requirement is that the modulus N is

deﬁned by the product of two primes, which represents a special or fortuitous case.

It is important to note that if (a, N )arenot co-prime to each other, the inverse a

−1

does not exist. If the two are co-primes but Euler’s theorem cannot apply, the inverse a

−1

can be found using the extended Euclidian algorithm. Here, I shall explain this algorithm

through two representative examples: for instance, ﬁnd the inverse of 7 in modulus 39,

and the inverse of 5 in modulus 16 272, i.e., the values of 7

−1

mod 39 and 5

−1

mod

16 272. Taking the ﬁrst example, the algorithm proceeds as shown in Table T1, with the

steps as numbered in the ﬁrst column.

In steps 1 and 2, we ﬁll out the table as shown. We ﬁrst divide 39 by 7, to ﬁnd that

the integer part of the result is [39/7] = 5. In step 3, we multiply line 2 by 5, and in

step 4 we subtract the result of line 3 from that of line 1. This completes the ﬁrst round.

Consider next the ratio 7/4, whose integer part is [7/4] = 1. In step 5, we multiply the

results of line 4 by 1, and in step 6, we subtract the result of line 5 from that of line 2.

This completes the second round. Consider next the ratio 4/3, whose integer part is

Modular arithmetic and Euler’s theorem 659

Table T1 Extended Euclidian algorithm to ﬁnd 7

−1

mod 39.

139 39

27 1

35× 7 = 35 5 × 1 = 5

439− 35 = 439− 5 = 34

51× 4 = 41× 34 = 34

67–4= 3 1–34=−33

71× 3 = 31× (−33) =−33

84–3= 134− (−33) = 67 = 28

Table T2 Extended Euclidian algorithm to ﬁnd 5

−1

mod 16 272.

1 16 272 16 272

25 1

3 3 254 × 5 = 16 270 3 254 × 1 = 3 254

4 16 272 – 16 270 = 2 16 272 − 3254 = 13 018

52× 2 = 42× 13 018 = 26 036

65− 4 = 11− 26 036 =−26 035

[4/3] = 1. In step 7, we multiply the results of line 6 by 1, and in step 8, we subtract

the result of line 7 from that of line 4. If we have obtained 1 in the ﬁrst column (line

8), we have ﬁnished. When positive, the number to the right is the inverse we have been

looking for. Here, we ﬁnd that the inverse of 7 is 28. Proof: 7 × 28 = 196 = 1 (modulo

39).

Consider next the example in Table T2, which concerns the search of 5

−1

mod

16 272.

In steps 1 and 2, we ﬁll out the table as shown. We ﬁrst divide 8064 by 7, to ﬁnd

that the integer part of the result is [16 272/5] = 3254. In step 3, we multiply line 2 by

1612, and in step 4 we subtract the result of line 3 from that of line 1. This completes

the ﬁrst round. Consider next the ratio 5/2, whose integer part is [5/2] = 2. In step 5,

we multiply the results of line 4 by 2, and in step 6, we subtract the result of line 5 from

that of line 2. This completes the search, since we have obtained 1 in the ﬁrst column

(line 6). However, the number in the right column, b =−26 035 is negative. In this case,

the inverse is the complement km + b, namely 5

−1

= 2 × 16 272 – 26 035 = 6509.

The proof is that 5 × 6509 = 32 545 = (2 × 16 272) + 1 = 1 (modulo 16 272). This

numerical value will be used in the main text concerning my numerical illustration of

the PKC algorithm.

Appendix U (Chapter 21) Klein’s

inequality

This appendix provides a basic demonstration of Klein’s inequality, according to which

the relative entropy S(ρσ ) between two quantum systems characterized by the density

operators ρ and σ is nonnegative.

Assume the following eigenstate-basis decompositions for the density operators:











ρ =



|ii |

σ =



|kk|.

(U1)

Substituting the ﬁrst of the above deﬁnitions into the relative entropy, we obtain

S(ρσ ) = tr(ρ log ρ) −tr(ρ log σ )



i|ρ log ρ|i −



i|ρ log σ |i



log p

−



i|ρ log σ |i.

(U2)

The last term in the right-hand side can then be developed using the eigenstate property

i|ρ =i |p

, which gives i|ρ log σ |i=p

i|log σ |i. Furthermore, since σ is diagonal

we have, from the second deﬁnition in Eq. (U1), log σ =



log q

|kk|and, therefore,

i|log σ |i=i|



log q

|kk|

|i



i|kk|ilog q



|i|k|

log q

(U3)

Substituting these results into Eq. (U2), we obtain

S(ρσ ) =



log p

−



|i|k|

log q



log p

−



|i|k|

log q

(U4)

Klein’s inequality 661

Then we use the property according to which log y≤logy for any function y or,

in the discrete case,



log y

≤ log



, where {x

} is a probability distribution.

Such a property stems from the concavity of the logarithm function (see Exercise 5.10).

Letting x

(i) =|i|k|

, we note that x

(i) ≥ 0 and



(i) = 1, which makes x

(i)a

probability distribution. Thus, we have



|i|k|

log q

≤ log



|i|k|

≡ log r

(U5)

Combining, then, Eqs. (U4) and (U5) we ﬁnally obtain

S(ρσ ) ≥



(log p

− log r

)



log

≥ 0.

(U6)

In the term



log( p

), we recognize the classical deﬁnition of relative entropy

or the Kullback–Leibler distance D( pr) between two discrete probability distributions

}, {r

}. As we have seen in Chapter 5, D(pr) is nonnegative, which justiﬁes the last

inequality introduced in the right-hand side in Eq. (U6). The above, thus, proves Klein’s

inequality or the nonnegativity of S(ρσ ).

Appendix V (Chapter 21) Schmidt

decomposition of joint pure states

This appendix describes the so-called Schmidt decomposition. Such a decomposition

applies to the case of a composite system made of two subsystems A, B, which is in a

pure joint state |ψ, namely, |ψ=|ψ

⊗|ψ

≡|ψ

|ψ

≡|ψ

. According to

Schmidt decomposition, the joint state can be expressed in the form

|ψ=



|i

, (V1)

where x

(i = 1 ...n) are nonnegative numbers, called Schmidt coefﬁcients, satisfying

the property



= 1, and where {|i

}, {|i

} are some orthonormal basis for the

subsystems A, B.

The proof that the decomposition in Eq. (V1) exists and is unique proceeds as follows.

Let {|j} and {|k} be two orthonormal bases for the subsystems A and B, respectively.

The joint state can most generally be deﬁned through the expansion

|ψ=



|j|k, (V2)

where ω

are the complex coefﬁcients of some matrix . According to the principle of

singular value decomposition,

it is possible to express  in the form  = UDV, where

U, V are unitary matrices, and D is a diagonal matrix having nonnegative elements.

The diagonal elements x

= d

of D are called the singular values of . The matrix

elements of , thus, decompose as follows



, (V3)

which we substitute into Eq. (V2) to obtain:

|ψ=



ijk

|j|k









|j



|k





(V4)

See, for instance: http://mathworld.wolfram.com/SingularValueDecomposition.html; http://en.wikipedia.

org/wiki/Singular_value_decomposition.

Schmidt decomposition of joint pure states 663

We then introduce the deﬁnitions











=



|j

=



|k.

(V5)

The states |i

, |i

form orthonormal sets, because of the unitarity of the matrices U, V .

Considering |i

, for instance, we have

l

=



∗

k|







|j







∗

k|j 



∗



∗

= (U

U )

= I

= δ

(V6)

which proves the orthonormality of the set {|i

}, and likewise for {|i

}. Substituting

Eq. (V5) into Eq. (V4) yields Eq. (V1), i.e., the Schmidt decomposition of |ψ. Because

|ψ is a pure state, we also have ψ|ψ=



= 1, which completes the proof.

Here are two examples of Schmidt decomposition according to Eq. (V1):

|ψ=

√

(|10+|01)

≡ 0 ×|0

|0

+

√

|1

+

√

|0

+0 ×|1

|1



(V7)

and

|ψ=

√

(|00−|11)

≡

√

|

+0 ×|0

|

+0 ×|1

|

+

√

|

,

(V8)

with the other choice of orthonormal basis {|

, |

} = {|0

, −|1

} for the subsys-

tem B.

Appendix W (Chapter 21) State

puriﬁcation

This appendix describes the operation of state puriﬁcation. The operation consists of

associating a pure joint state |ψ

 with a system A that is in a mixed state |ψ

.The

beneﬁt of the operation is the possibility of deriving the density operator ρ

directly from

the partial trace of the pure-state density operator ρ

=|ψ

ψ

|.Thetermstate

puriﬁcation, thus, means expanding the system A in mixed state |ψ

 into a composite

system AR, whose joint state |ψ

 is a pure state. The state |ψ

 is referred to as the

puriﬁcation of |ψ

, or the puriﬁcation of ρ

The principle of state puriﬁcation is relatively simple to explain. First, assume for the

mixed state |ψ

 the following decomposition over the orthonormal basis {|i

}:

|ψ

=



√

. (W1)

Second, assume a reference system R of same dimension of A and same basis {|i

},

meaning i

=δ

. Then deﬁne the joint state |ψ

:

|ψ

=



√

|i

. (W2)

The above-deﬁned joint state |ψ

 is a pure state, because it cannot be deﬁned by any

other possible state |φ

 of AR. We can show this by using the most general deﬁnition

for |φ

:

|φ

=



j=i

|j

. (W3)

Then we have

ψ

|φ

=



√

k

|k







j=i

|j









j=i

k

k





j=i



j=i

≡ 0,

(W4)

which establishes that |ψ

, |φ

 are, indeed, orthogonal.

State puriﬁcation 665

Since |ψ

 is a pure state, the density operator of the composite system AR is

=|ψ

ψ

≡



√

j

|⊗|i

j

(W5)

As the next step, we execute the partial tracing over R according to the generic deﬁnition

in Eq. (21.25), which here reads (B = R):

U = tr

(|i

j

|⊗|k

l

≡|i

j

|×tr(|k

l

|),

(W6)

hence,

(ρ

) = tr







√

j

|⊗|i

j







√

tr(|i

j

|⊗|i

j



√

j

|×tr(|i

j



√

j

|×δ



i

≡ ρ

(W7)

This result shows that the partial trace over R of the composite system AR yields the

density operator ρ

, which corresponds to the deﬁnition of state puriﬁcation.

Appendix X (Chapter 21) Holevo bound

In this appendix, I formally establish that the mutual information H(X ; Y ) in a quantum

communication channel is bounded by a maximum, χ, referred to as Holevo bound, and

deﬁned by

H(X ; Y ) ≤ S(ρ) −



S(ρ

)

= χ

(X1)

where ρ =



=ρ. In the above deﬁnition, ρ

represents the density matrix of

any quantum state used for the transmission, as selected from an “alphabet” X according

to some probability distribution {p

}. The retrieval of information is made by POVM

measurements, which deﬁne a source of random outcomes Y of size n.

The formal proof of the Holevo bound requires one to assume three quantum systems,

P, Q, R. The ﬁrst system, P, corresponds to the quantum source used by the originator

to “prepare” the states ρ

, namely with density operator:



|xx|, (X2)

with {|x}being the orthonormal basis where ρ is diagonal. The composite system PQ,

as described by the tensor product



|xx|⊗ρ

, (X3)

represents the joint state of the system after the preparation of the states ρ

, based on

the deﬁnition of partial tracing, i.e.,

(ρ

) = tr



|xx|⊗ρ



|xx|⊗ρ

)



tr( p

|xx|) ×ρ



≡ ρ,

(X4)