Access the full text.
Sign up today, get DeepDyve free for 14 days.
Loading next page...
/lp/multidisciplinary-digital-publishing-institute/continued-fractions-and-probability-estimations-in-shor-rsquo-s-0m2Y3qnpsn
References
References for this paper are not available at this time. We will be adding them shortly, thank you for your patience.
- Publisher
- Multidisciplinary Digital Publishing Institute
- Copyright
- © 1996-2022 MDPI (Basel, Switzerland) unless otherwise stated Disclaimer The statements, opinions and data contained in the journals are solely those of the individual authors and contributors and not of the publisher and the editor(s). MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. Terms and Conditions Privacy Policy
- ISSN
- 2673-9909
- DOI
- 10.3390/appliedmath2030023
- Publisher site
- See Article on Publisher Site
Abstract
Article Continued Fractions and Probability Estimations in Shor’s Algorithm: A Detailed and Self‐Contained Treatise Johanna Barzen and Frank Leymann * Institute of Architecture of Application Systems, University of Stuttgart, Universitätsstr. 38, 70569 Stuttgart, Germany; johanna.barzen@iaas.uni‐stuttgart.de * Correspondence: frank.leymann@iaas.uni‐stuttgart.de Abstract: Shor’s algorithm for prime factorization is a hybrid algorithm consisting of a quantum part and a classical part. The main focus of the classical part is a continued fraction analysis. The presentation of this is often short, pointing to text books on number theory. In this contribution, we present the relevant results and proofs from the theory of continued fractions in detail (even in more detail than in text books), filling the gap to allow a complete comprehension of Shor’s algorithm. Similarly, we provide a detailed computation of the estimation of the probability that convergents will provide the period required for determining a prime factor. Keywords: quantum algorithms; quantum computing; continued fractions; hybrid quantum algorithms 1. Introduction Shor’s algorithm [1] for prime factorization is generally considered as a major mile‐ Citation: Barzen, J.; Leymann, F. stone and a breakthrough in quantum computing: it solves a practically very relevant Continued Fractions and Probability problem (which is, e.g., an underpinning of cryptography) with an exponential speedup Estimations in Shor’s compared to classical methods. Algorithm: A Detailed and The algorithm is based on the fact that determining a divisor and finally a prime Self‐Contained Treatise. AppliedMath factor of a natural number 𝑛∈ℕ can be reduced to finding the period p of the modular 2022, 2,393–432. https://doi.org/ exponentiation function 𝑓𝑥 𝑎 for an a with 0𝑎𝑛 (see Section 3.2.1). 10.3390/appliedmath2030023 The overall algorithm is hybrid, consisting of classical computations and a quantum Academic Editor: Darin J. Ulness computation. The classical computations are computing greatest common divisors with the Euclidian algorithm, and perform a continuous fraction analysis. A detailed discus‐ Received: 21 May 2022 sion of the latter is one of the two foci of this contribution (see Section 2). Accepted: 12 July 2022 The quantum part mainly consists of: (i) creating an entangled state based on an or‐ Published: 18 July 2022 acle computing the modular exponentiation function f above, (ii) performing a quantum Publisher’s Note: MDPI stays neu‐ Fourier transform (QFT) on this state, and (iii) measuring it. The oracle produces the fol‐ tral with regard to jurisdictional lowing state: claims in published maps and institu‐ tional affiliations. Copyright: © 2022 by the authors. Li‐ censee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and con‐ ditions of the Creative Commons At‐ tribution (CC BY) license (https://cre‐ ativecommons.org/licenses/by/4.0/). AppliedMath 2022, 2, 393–432. https://doi.org/10.3390/appliedmath2030023 www.mdpi.com/journal/ 𝑑𝑛𝑚𝑜 AppliedMath 2022, 2, 23 394 |𝑎⟩ |𝑏⟩ ∑ |𝑥⟩ |𝑓 𝑥⟩ (1) √𝑁 After applying the quantum Fourier transform and a measurement, the first part (i.e., the |a⟩‐part) of the quantum register is in state ∑ 𝜔 |𝑦⟩ (2) In this state, the searched period p already appears in its amplitude. The measured value y can then be used with high probability (see Section 3.4, Theorem 16) to compute the period p of the modular exponentiation function f by analyzing the convergents of a continued fraction (see Section 3.4.1) and finally, based on the period, a prime factor (see Section 3.2.1). A detailed discussion on how this is achieved is the second focus of this contribution (see Section 3). Structure of the Article The article is structured as follows: in Section 2 we cover all details about continued fractions that are required to comprehend the corresponding aspect of Shor’s algorithm. Section 2.1 defines the notion of a continued fraction, gives examples of how to com‐ pute the continued fraction representation of a rational number, and demonstrates how to compute the number that a continued fraction (and thus convergents) represents. Convergents as the fundamental tool in the theory of continued fractions are detailed in Section 2.2: after defining the term, basic theorems about convergents such as the re‐ cursion theorem, two sign theorems, monotony properties, convergent comparison, nest‐ ing of a number by its convergents, and several distance estimations are proven. Next, the brief Section 2.3 presents infinite regular continued fractions to represent non‐rational numbers. A corresponding algorithm is provided to compute such continued fractions. Section 2.4 gives several upper bounds and lower bounds for the difference between a number and its convergents. Exploiting one of these bounds, the convergence of the convergents of an infinite regular continued fraction of a number to this number is proven. Semiconvergents are defined and corresponding monotony properties are given. Best approximations of a real number are introduced in Section 2.5. It is proven that best approximations of the second kind are convergents and vice versa (Lagrange’s theo‐ rem). Best approximations of the first kind are proven to be convergents or semiconver‐ gents (another theorem by Lagrange). Finally, Legendre’s theorem is presented, which is the main result about continued fractions required by Shor’s algorithm: it allows the im‐ plication that a given fraction is a convergent of another number. Section 3 is devoted to estimating the probability that convergents can be used to compute periods, i.e., that Legendre’s theorem can be applied. At the beginning of Section 3, Section 3.1 proves a lower bound and an upper bound for the secant lengths of the unit circle. This estimation is central for estimating the afore‐ mentioned probability. Section 3.2 contains many different estimations of parameters that appear in the measurement result of Shor’s algorithm. In Section 3.2.1, we recall the very basics of mod‐ ular arithmetic, relate this to group theory, and use Lagrange’s theorem from group the‐ ory to prove that the period of the modular exponentiation function in Shor’s algorithm is less than the number to be factorized (Lemma 8). Intervals of consecutive multiples of the period are studied in Section 3.2.2: it is shown that multiples of N are sparsely scat‐ tered across these intervals (Note 12). This implies that measurement results are somehow centered around multiples of 𝑁𝑝 ⁄ (Corollary 9). The cardinality of arguments in the su‐ perposition that build the pre‐image of a certain 𝑓𝑥 is estimated in Section 3.2.3. Section 3.2.4 proves bounds of phases of amplitudes relevant for computing the probability of measurement results as a geometric sum. 𝑁𝐴 AppliedMath 2022, 2, 23 395 Finally, Section 3.3 computes this probability: it is proven that a measurement result is close to a multiple of 𝑁𝑝 ⁄ with probability of approximately 4⁄𝜋 (Lemma 10). Section 3.4 shows that this measurement result fulfills the assumption of Legendre’s theorem (Theorem 15). Thus, by computing convergents, the period can be determined (Theorem 16 and Section 3.4.1). Section 3.5 sketches how the main results contribute to the proof of Shor’s algorithm. Its purpose is to avoid getting lost in the huge amount of low‐level details. A brief conclusion and discussion of related work ends this contribution with Section 4. 2. Continued Fractions 2.1. Definition of Continued Fractions and Their Computation We define the notion of continued fractions and give an example of how to compute them. Definition 1. An expression of the form 𝑎 (3) with 𝑎 ,𝑏 ∈ℂ is called an infinite continued fraction. 𝑖 𝑖 If, in this expression, it is 𝑏 1 for all i, 𝑎 ∈ℤ, and 𝑎 ∈ℕ for i≥1, the expression 𝑖 0 𝑖 is called a regular continued fraction. A finite regular continued fraction (simply called a continued fraction) satisfies, in ad‐ dition, the condition ∃𝑁∈ℕ∀𝑘∈ℕ :𝑎 0 (convention: “1/0 = 0”). A continued fraction is, thus, the following expression: 𝑎 ;𝑎 ,⋯ ,𝑎 𝑎 (4) A continued fraction of a rational number a/b is computed as follows: the integer part ⌊𝑎 ⁄𝑏 ⌋ becomes 𝑎 ∈ℤ, leaving the non‐negative rational remainder 𝑥 /𝑦 ∈ℚ. The lat‐ ter is now written as 1/𝑦 /𝑥 , resulting in 𝑎 Next, the integer part ⌊𝑦 ⁄𝑥 ⌋ becomes 𝑎 , leaving a rational remainder that is treated as before. This processing stops until the rational remainder is zero. Figure 1 gives an example of the processing. Figure 1. Example of a straightforward computation of a continued fraction. AppliedMath 2022, 2, 23 396 Beside this straightforward proceeding to compute continued fractions, the well‐ known Euclidian algorithm can be used for this purpose too. Figure 2 gives a correspond‐ ing example; it should be self‐descriptive. Figure 2. Using the Euclidian algorithm to compute a continued fraction. Formally, a continued fraction can always be reduced such that its last element is greater than or equal to 2. Note 1. Let 𝑎 ;𝑎 ,. ..,𝑎 be a continued fraction. Then: 𝑎 ;𝑎 ,...,𝑎 𝑎 ;𝑎 ,.. .,𝑎 (5) Especially, it can always be achieved that a continued fraction 𝑎 ;𝑎 , ...,𝑎 satis‐ fies 𝑎 2. Proof. The following simple computation proves the first claim: 𝑎 ;𝑎 ,.. .,𝑎 𝑎 ⬚𝑎 ⬚ 𝑎 ;𝑎 ,... ,𝑎 Furthermore, if 𝑎 1 in 𝑎 ;𝑎 ,...,𝑎 then 𝑎 1/𝑎 ≥ 2. This is because, by definition, 𝑎 1 for 1 ≤ k ≤ N. □ Equation (5) implies a straightforward way to compute the value represented by a continued fraction 𝑎 ;𝑎 , ... ,𝑎 : see Figure 3. Figure 3. Computing the value of a continued fraction based on Equation (5). 2.2. Convergents Next, we define the “workhorses” of the theory of continued fractions. AppliedMath 2022, 2, 23 397 Definition 2. 𝑎 ;𝑎 ,… ,𝑎 is called m‐th convergent of the continued fraction 𝑎 ;𝑎 ,… ,𝑎 for 0 ≤ m ≤ N, or m‐th convergent of the infinite regular continued fraction 𝑎 ;𝑎 ,… . Convergents can be computed recursively based on the following theorem: Theorem 1. (Recursion Theorem) Define: 𝑝 𝑎 ; 𝑝 𝑎 𝑎 1; 𝑝 𝑎 𝑝 𝑝 for n ≥ 2; and define: 𝑞 1; 𝑞 𝑎 ; 𝑞 𝑎 𝑞 𝑞 for n ≥ 2. 𝑎 ;𝑎 ,… ,𝑎 , it is: Then, for every convergent 𝑎 ;𝑎 ,… ,𝑎 (6) Proof (by induction). Let n= 0, 1: Then, a a and a ;a a . Induction hypothesis: 𝑎 ;𝑎 ,… ,𝑎 . Induction step n → n+1: According to Note 1, it is 𝑎 ;𝑎 ,… ,𝑎 ,𝑎 𝑎 ;𝑎 ,… ,𝑎 and the last continued fraction has n elements, i.e., the induction hypothesis applies: 1 𝑎 𝑎 1 𝑎 𝑝 𝑝 𝑝 𝑝 𝑎 𝑎 𝑎 ;𝑎 ,…,𝑎 1 𝑎 𝑎 1 𝑎 𝑞 𝑞 𝑞 𝑞 𝑎 𝑎 𝑎 𝑎 1 𝑝 𝑎 𝑝 𝑎 𝑎 1 𝑞 𝑎 𝑞 𝑎 𝑎 𝑝 𝑝 𝑝 𝑎 𝑝 𝑝 𝑎 𝑎 𝑞 𝑞 𝑞 𝑎 𝑞 𝑞 Here, (A) is valid because of the induction hypothesis, and (B) is the definition of 𝑝 and 𝑞 . □ The recursion theorem implies the often used Corollary 1. Numerators and denominators of convergents of a continued fraction 𝑎 ;𝑎 ,… ,𝑎 with 𝑎 0 are strictly monotonically increasing: 𝑝 𝑝 and 𝑞 𝑞 for all 𝑛∈ℕ . 𝑛 𝑛 1 Proof (by induction). Let n=1: By definition, 𝑝 𝑎 , 𝑝 𝑎 𝑎 1. Because 𝑎 1 for i ≥ 1, and 𝑎 0, it is 𝑝 𝑝 0. Similarly, 𝑞 𝑞 0 AppliedMath 2022, 2, 23 398 Now, 𝑝 𝑎 𝑝 𝑝 and 𝑞 𝑎 𝑞 𝑞 for n ≥ 2. With 𝑎 1 by defini‐ tion, and 𝑝 𝑝 (≥1) as well as 𝑞 𝑞 (≥1) by induction hypothesis, the claim follows. □ The next theorem is about the sign of a combination of the numerators and denomi‐ nators of consecutive convergents of a continued fraction. Theorem 2. (Sign Theorem) For 𝑎 ;𝑎 ,… ,𝑎 , the following holds: 𝑝 𝑞 𝑝 𝑞 1 (7) Proof (by induction). For n = 1, it is 𝑝 𝑞 𝑝 𝑞 𝑎 𝑎 1⋅ 1𝑎 ⋅𝑎 1 1 Induction step n → n+1: 𝑝 𝑞 𝑝 𝑞 𝑎 𝑝 𝑝 𝑞 𝑝 𝑎 𝑞 𝑞 𝑎 𝑝 𝑞 𝑝 𝑞 𝑝 𝑎 𝑞 𝑝 𝑞 𝑝 𝑞 𝑝 𝑞 𝑝 𝑞 𝑝 𝑞 1 1 (A) uses the induction hypothesis. □ In case the numerators and denominators stem from the n‐th convergent and the (n−2)‐nd convergent, the last n‐th element of the convergent becomes part of the equation. Theorem 3. (Second Sign Theorem) ;𝑎 ,… ,𝑎 , the following holds: For 𝑎 𝑝 𝑞 𝑝 𝑞 1 𝑎 (8) Proof. It is p a p p and q a q q . Multiplying the first equation by 𝑞 and the second equation by 𝑝 results in 𝑛 2 𝑞 𝑝 𝑞 𝑎 𝑝 𝑞 𝑝 and 𝑝 𝑞 𝑝 𝑎 𝑞 𝑝 𝑞 . Next, both equa‐ tions are subtracted: 𝑝 𝑞 𝑝 𝑞 𝑞 𝑎 𝑝 𝑞 𝑝 𝑝 𝑎 𝑞 𝑝 𝑞 𝑞 𝑎 𝑝 𝑝 𝑎 𝑞 𝑎 𝑝 𝑞 𝑝 𝑞 1 𝑎 where (A) is implied by the sign theorem (Theorem 2) and considering 1 1 . □ The sign theorem immediately yields the important Corollary 2. Numerator and denominator of a convergent are co‐prime. Proof. Let t be a divisor of p and q , i.e., 𝑡 |𝑝 and 𝑡 |𝑞 . Then, 𝑡 | 𝑞 𝑝 𝑞 , but n n 𝑝 𝑞 𝑝 𝑞 1 according to the sign theorem. Thus, t = ±1. □ AppliedMath 2022, 2, 23 399 Convergents can be represented as a sum of fractions with alternating sign and whose denominators consist of products of two consecutive denominators from the recur‐ sion theorem. Theorem 4. (Representation as a Sum) Each convergent can be represented as a sum: 1 1 1 𝑎 ;𝑎 ,…,𝑎 𝑎 ⋯ 1 (9) 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 Proof. Let a ;a ,… ,a . Since 0, we can write 𝑝 𝑝 𝑝 𝑝 𝑝 𝑝 𝑝 𝑝 𝑎 ;𝑎 ,…,𝑎 ⋯ 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 Computing the differences results in 𝑝 𝑞 𝑞 𝑝 𝑝 𝑞 𝑞 𝑝 𝑝 𝑞 𝑞 𝑝 𝑝 ;𝑎 ,… ,𝑎 ⋯ 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 1 1 1 ⬚ ⋯ 𝑎 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 where the sign theorem is applied in (A) and the last term 𝑎 𝑝 /𝑞 is the recursion theorem. □ The next theorem is key for many estimations in the domain of continued fractions. Theorem 5. (Monotony Theorem) Let 𝑥 𝑎 ;𝑎 ,… ,𝑎 denote the n‐th convergent. Then: 𝑥 𝑥 and 𝑥 𝑥 I.e., even convergents are strictly monotonically increasing, and odd convergents are strictly monotonically decreasing. Proof. We compute the following difference, where (A) again uses 0: 𝑝 𝑝 𝑝 𝑝 𝑝 𝑝 𝑥 𝑥 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝑝 𝑞 𝑞 𝑝 𝑝 𝑞 𝑞 𝑝 𝑞 𝑞 𝑞 𝑞 1 1 1 𝑞 1 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 1 𝑞 1 𝑞 1 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 1 𝑞 1 𝑎 𝑞 1 𝑎 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 (B) is because of the sign theorem, and (C) follows from 𝑞 𝑎 𝑞 𝑞 , i.e., the recursion theorem. Now, because of 𝑎 ,𝑞 ,𝑞 0, it is 0. Thus, 0 for n even and 0 for n odd. This implies 𝑥 𝑥 𝑥 for n even as well as 𝑥 𝑥 𝑥 for n odd. □ 𝑎 AppliedMath 2022, 2, 23 400 While even convergents are increasing and odd convergence are decreasing, all even convergents are smaller than all odd convergents. This is the content of the next very im‐ portant theorem. Theorem 6. (Convergents Comparison Theorem) For 0 2𝑛 ,2𝑚 1𝑁 , it is 𝑥 𝑥 Proof: As before, using the sign theorem in (A), we obtain 𝑝 𝑝 𝑝 𝑞 𝑞 𝑝 1 1 𝑥 𝑥 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝛽 with 𝛽 :𝑞 𝑞 . Because 𝑞 ,𝑞 0, it is βn > 0, i.e., the sign of is in fact 1 . Thus, 𝑥 𝑥 0, and we get 𝑥 𝑥 𝑥 . This shows that an even convergent 𝑥 is strictly smaller than its immediate succeeding odd con‐ vergent 𝑥 . But what about an arbitrary odd convergent 𝑥 ? For n < m, the monotony theo‐ rem (Theorem 6) yields 𝑥 𝑥 and we showed before that 𝑥 𝑥 ; thus, 𝑥 𝑥 . For n > m, the monotony theorem yields 𝑥 𝑥 and with 𝑥 𝑥 we see 𝑥 𝑥 . □ The following often‐used corollary computes the difference of two immediately suc‐ ceeding convergents by mean of the denominators of the convergents, while the difference of the n‐th convergent and the (n − 2)‐nd convergent adds the n‐th element of the n‐th convergent as a factor. Corollary 3. 𝑝 𝑝 1 (10) 𝑞 𝑞 𝑞 𝑞 and 𝑝 𝑝 1 𝑎 (11) 𝑞 𝑞 𝑞 𝑞 Proof. Equation (10) is the first equation from the proof of Theorem 6. The second equation follows because of 𝑝 𝑝 𝑝 𝑞 𝑝 𝑞 1 𝑎 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 where (A) is because of the second sign theorem (Theorem 3). □ We already saw that the even convergents are strictly monotonically increasing, that the odd convergents are strictly monotonically decreasing, and that each even convergent is less than all odd convergents. According to the next theorem, the value of a continued fraction lies between the even convergents and the odd convergents, i.e., this value is larger than all even convergents and smaller than all odd convergents. The situation is depicted in Figure 4. AppliedMath 2022, 2, 23 401 Figure 4. Nesting of the value of a continued fraction by its convergents. Note that the notion of the value of a continued fraction is defined for finite continued fractions. In Section 4, this notion will also be defined for regular infinite continued frac‐ tions. Theorem 7. (Nesting Theorem) Let x be the value of the continued fraction 𝑎 ;𝑎 ,. ..,𝑎 and let 𝑥 be its convergents. Then: (12) ∀𝑚 ,𝑛𝑁 :𝑥 𝑥𝑥 Proof: The value of x is the convergent with the highest index N, i.e., 𝑥𝑥 𝑎 ;𝑎 , . ..,𝑎 . Let N = 2k be even. Since even convergents are strictly monotonically increasing, we know that ∀2𝑚𝑁 :𝑥 𝑥 𝑥 𝑥 , and according to the convergent comparison theorem (Theorem 6), we know ∀2𝑛 1:𝑥𝑥 𝑥 𝑥 . Let N = 2k + 1 be odd. Since odd convergents are strictly monotonically decreasing, we know that ∀2𝑛 1𝑁 :𝑥 𝑥 𝑥 𝑥 , and according to the convergent comparison theorem (Theorem 6), we know ∀2𝑚 :𝑥𝑥 𝑥 𝑥 . □ Because the value of a continued fraction is nested within its even convergents and odd convergents, the distance of this value from any of its convergents can be estimated by the distance of two consecutive convergents: Theorem 8. (Distance Theorem) Let 𝑥 𝑎 ;𝑎 ,. ..,𝑎 and let 𝑥 be its convergents. Then: ∀𝑛 : |𝑥𝑥 | |𝑥 𝑥 | (13) and ∀𝑛 : |𝑥𝑥 | |𝑥 𝑥 | (14) Proof. Let n be even. Then, 𝑥 𝑥𝑥 , i.e., 𝑥𝑥 𝑥 𝑥 . Additionally, it is 𝑥 𝑥 0 and 𝑥 𝑥 0. Thus, |𝑥𝑥 | |𝑥 𝑥 | for n even. Now, let n be odd. It is 𝑥 𝑥𝑥 , which implies 𝑥𝑥 𝑥 𝑥 ⇔𝑥 𝑥 𝑥 𝑥 ⇔𝑥 𝑥 𝑥 𝑥 . Because of 𝑥 𝑥 0 and 𝑥 𝑥 0, it 𝑛 𝑛 1 is |𝑥 𝑥 | |𝑥 𝑥 | ⇔ |𝑥𝑥 | |𝑥 𝑥 | for n odd. Together, this proves Equation (13). Equation (14) is proven similarly. □ Figure 5 shows the corresponding geometric situation for an even n. Figure 5. The distance between two succeeding convergents is greater than the distance of a conver‐ gent and the value of its continued fraction. AppliedMath 2022, 2, 23 402 Similarly, the difference between any two arbitrary convergents can be estimated by the difference of the convergent with the smaller index and its immediate predecessor: Theorem 9. (Difference Theorem) Let 𝑥 𝑎 ;𝑎 ,. ..,𝑎 and let 𝑥 be its convergents. Then: (15) ∀𝑚 𝑛 : |𝑥 𝑥 | |𝑥 𝑥 | Proof: Let n be even, e.g., n = 2k. Let m=2t be even. By Theorem 6, even convergents are smaller than all odd conver‐ gents, i.e., 𝑥 𝑥 for any 𝑡∈ℕ . Thus, 𝑥 𝑥 𝑥 𝑥 𝑥 𝑥 2𝑘 1 2𝑘 𝑥 𝑥 . 𝑛 1 𝑛 Let m=2t−1 be odd. By the monotony theorem (Theorem 5), odd convergents are strictly monotonically decreasing, i.e., 𝑥 𝑥 for each t > k. Thus, 𝑥 𝑥 𝑥 𝑥 𝑥 𝑥 𝑥 𝑥 . For n odd, the proof is analogous. □ The geometry of the last theorem is depicted in Figure 6. Figure 6. The distance between any two convergents is smaller than the distance between the con‐ vergent with the smaller index and its immediate predecessor. In several calculations, the size of the denominator of a convergent must be esti‐ mated: Lemma 1. (Size of Denominators) For the denominator 𝑞 of a convergent 𝑎 ;𝑎 ,… ,𝑎 , the following holds: ∀𝑛 :𝑞 𝑛 (16) and ∀𝑛 3:𝑞 𝑛 (17) Proof. By definition, 𝑞 1 0, and 𝑞 𝑎 1 because 𝑎 ∈ℕ, and finally, 1 𝑖 𝑞 𝑎 𝑞 𝑞 𝑎 𝑞 1 𝑞 1 2 (A) holds because of the recursion theorem (Theorem 1), (B) is by definition of 𝑞 , (C) is because 𝑎 ∈ℕ, and (D) has been seen just before (i.e., 𝑞 1). This proves the lemma for 𝑛 2. The proof for n ≥ 3 is by induction. It is 𝑞 𝑎 𝑞 𝑞 𝑞 𝑞 𝑞 𝑛 2 𝑞 1 𝑛 where (A) is the recursion theorem, (B) is because of 𝑎 ∈ℕ, (C) is by induction hypothe‐ sis applied to 𝑞 , (D) is because n ≥ 3, and (E) is by induction hypothesis applied to 𝑞 . This proves Equation (16). 𝑛 1 Equation (17) is proven by induction again. Let n > 3. The argumentation is exactly as before, with the exception of (D): AppliedMath 2022, 2, 23 403 𝑞 𝑎 𝑞 𝑞 𝑞 𝑞 𝑞 𝑛 2 𝑞 1 𝑛 (D) holds because n > 3, i.e., 𝑛 2 1. □ In fact, denominators of a convergent grow much faster than the inequation 𝑞 𝑛 may indicate: Lemma 2. (Geometric Growth of Denominators) Let 𝑞 (𝑛 2) be the denominator of the convergent 𝑎 ;𝑎 ,…,𝑎 . Then: (18) 2 Proof. It is q a q q q q 2q , with (A) because, according to corollary 1, denominators are strictly monotonically increasing, i.e., 𝑞 𝑞 . By induction, it is 𝑞 2 𝑞 , and then 2 𝑞 2 2 with (A) because 𝑞 1, and (B) follows from 2 2 2 2 2 Similarly, by induction, it is 𝑞 2 𝑞 and then 2 𝑞 2 2 with (A) because of 𝑞 ∈ℕ. With 𝑛 2𝑘 and 𝑛 2𝑘 1, respectively, equation (18) is implied. □ 2.3. Convergence of Infinite Regular Continuous Fractions In Section 2.1, we presented an algorithm to compute the continued fraction repre‐ sentation of a rational number. Next, we show how to compute such a representation for a non‐rational number (Algorithm 1). Algorithm 1 Continued Fraction Representation of Non‐Rational Number 1. Let 𝛼∈ℝ∖ℚ . Define: • 𝛼 :𝛼 and 𝑏 :⌊𝛼 ⌋; 0 0 • 𝛼 : and 𝑏 :⌊𝛼 ⌋ for i ≥ 1. 𝑖 𝑖 2. Then, 𝑏 ;𝑏 ,𝑏 ,… is the continued fraction representation of α. Each 𝛼 is called the i‐th complete quotient of α. The above algorithm does not terminate, i.e., the continued fraction representation of a non‐rational number is infinite. This is the content of the following note: Note 2 In Algorithm 1, it is 𝛼 ∉ℤ. Proof (by induction). n = 0: Then, by definition, 𝛼 𝛼∉ℤ . Induction hypothesis: 𝛼 ∉ℤ. n → n+1: Assume 𝛼 𝑏 ∈ℤ ⇒ 𝛼 𝑏 𝑘∈ℤ ⇒ 𝛼 𝑘𝑏 ∈ℤ, which is a 𝑛 𝑛 contradiction to the hypothesis! Thus, 𝛼 𝑏 ∉ℤ ⇒ 𝛼 : ∉ℤ. □ 𝑛 𝑛 Figure 7 gives the computation of the continued fraction representation of 2: AppliedMath 2022, 2, 23 404 Figure 7. Computing the continued fraction of 2. 2.4. Bounds Expressed by Denominators of Convergents In the following, we give upper bounds and lower bounds of the approximations of a number by the convergents of its continued fraction representation by means of the de‐ nominators of the convergents. First, we start with estimations of upper bounds: Lemma 3. (Upper Bounds) Let 𝑝 ⁄𝑞 be a convergent of the continued fraction representation of x. Then: 1 1 1 𝑥 (19) 𝑞 𝑞 𝑞 𝑞 𝑛 Proof. With 𝑥 𝑝 /𝑞 , it is |𝑥𝑥 | |𝑥 𝑥 | (see Theorem 8, Equation (14)). Ac‐ cording to Corollary 3 (Equation (10)), it is 𝑝 𝑝 1 𝑥 𝑥 𝑞 𝑞 𝑞 𝑞 Thus, 1 1 1 1 |𝑥𝑥 | |𝑥 𝑥 | 𝑞 𝑞 𝑞 𝑞 𝑞 𝑛 where (A) holds because of 𝑞 𝑞 (Corollary 1), and (B) is true because of 𝑞 𝑛 (Lemma 1). □ An immediate consequence of this theorem is the convergence of the sequence of the convergents of a continued fraction to the value of the continued fraction. This, by the way, is the origin of the name “convergents”. Corollary 4. The series 𝑝 /𝑞 of the convergents of the continued fraction representation of 𝑥∈ℝ∖ℚ converges to x: 𝑙𝑖𝑚 𝑥 Proof. The claim follows immediately from 𝑥 . □ Often, two fractions are compared by means of their mediant (“mediant” means “somewhere in between”). AppliedMath 2022, 2, 23 405 Definition 3. For a/b, c/d∈ℚ and b, d > 0, the term is called the mediant of the two fractions. The following simple inequation is often used. Note 3. (Mediant Property) Let 𝑎 /𝑏 ,𝑐 /𝑑∈ℚ and b, d > 0 and . Then: 𝑎 𝑎𝑐 𝑐 (20) 𝑏 𝑏𝑑 𝑑 Proof. It is ⇒𝑎𝑑𝑐𝑏⇒𝑏𝑐𝑎𝑑 0 and 𝑏 ,𝑑 0⇒𝑏𝑏𝑑 0. This implies 0 and thus . The inequation follows similarly. □ Mediants of convergents that are weighted in a certain way are another important concept for computing bounds: Definition 4. The term 𝑥 with 1𝑡𝑎 is called the (n,t)‐th semicon‐ vergent. Semiconvergents of an even n are strictly monotonically increasing, and semiconver‐ gents of an odd n are strictly monotonically decreasing. This is the content of the following lemma. Lemma 4. (Monotony of Semiconvergents) Let n be even. Then, 𝑥 𝑥 . , , Let n be odd. Then, 𝑥 𝑥 . , , Proof. A simple calculation and the use of the sign theorem (Theorem 2) results in 𝑡 1 𝑝 𝑝 𝑡𝑝 𝑝 𝑥 𝑥 , , 𝑡 1 𝑞 𝑞 𝑡𝑞 𝑞 𝑡 1 𝑞 𝑞 𝑡𝑞 𝑞 The denominator of the last fraction is always positive. Thus, the last term is positive iff n is even (i.e., 𝑥 𝑥 0), and it is negative iff n is odd (i.e., 𝑥 𝑥 0). , , , , □ In order to simplify proofs in what follows, the following conventions are used: (21) 𝑝 1 and 𝑞 0 With this, 𝑥 𝑎 1 becomes a semiconvergent. Now, 𝑥 𝑎 𝑎 1𝑥 where (A) is the recursion theorem and (B) fol‐ lows because 𝑎 1; thus, 𝑥 𝑥 . 1 , Furthermore, it is 𝑥 𝑎 for 1𝑡𝑎 . Putting things together, it is 1 1 𝑥 𝑎 1𝑎 ⋯𝑎 𝑥 (22) 2 𝑎 AppliedMath 2022, 2, 23 406 Based on this, we can refine Figure 4, which depicts the nesting and ordering of con‐ vergents by including semiconvergents: Between two succeeding convergents (e.g., 𝑥 and 𝑥 in Figure 8, the corresponding semiconvergents ordered according to Lemma 4 are nested (in increasing order as shown for an even n in Figure 8). Furthermore, beyond 𝑥 𝑎 , the semiconvergents 𝑥 are added. 1,𝑡 Figure 8. Nesting of convergents and semiconvergents (n even). Now, we are prepared to prove a lower bound of the approximation of a number by the convergents of its continued fraction representation by means of the denominators of the convergents. Lemma 5. (Lower Bounds) Let 𝑝 ⁄𝑞 be a convergent of the continued fraction representation of x. Then: 𝑝 1 𝑥 (23) 𝑞 𝑞 𝑞 𝑞 Proof. The proof is based on the following claims: Claim 1. n even ⇒ 𝑥 . Proof. is the mediant of and . Thus, the mediant property (Note 3) shows that . Then: 𝑝 𝑝 𝑝 2𝑝 𝑝 𝑎 𝑝 𝑝 𝑝 ⋯ 𝑞 𝑞 𝑞 2𝑞 𝑞 𝑎 𝑞 𝑞 𝑞 where (A) follows by the monotony of even semiconvergents (Lemma 4), and (B) is the recursion theorem. Because of Theorem 7 (note that n + 2 is even and n + 1 is odd), it is 𝑥 . This proves Claim 1. □ Claim 2. n odd ⇒ 𝑥 . Proof. As before, is the mediant of and . Because n is odd, it is (Theorem 7). Thus, because of the mediant property (Note 3). Then: 𝑝 𝑝 𝑝 2𝑝 𝑝 𝑎 𝑝 𝑝 𝑝 ⋯ 𝑞 𝑞 𝑞 2𝑞 𝑞 𝑎 𝑞 𝑞 𝑞 where (A) follows by the monotony of odd semiconvergents (Lemma 4), and (B) is the recursion theorem. Because of Theorem 7 (note that n − 1 is even and n + 2 is odd), it is 𝑥 , and because n is odd, it is . This proves Claim 2. □ With Claim 1, for even n, it is 𝑥 ⇒ 𝑥 . AppliedMath 2022, 2, 23 407 With Claim 2, for n odd, it is 𝑥 ⇒ 𝑥 ⇔ 𝑥 . 𝑝 𝑝 𝑝 𝑘 𝑘 1 𝑘 𝑘 Thus, for any k ∈ ℕ : 𝑥 . Next, we compute 𝑞 𝑞 𝑞 𝑘 𝑘 1 𝑘 𝑘 𝑝 𝑝 𝑝 𝑝 𝑝 𝑞 𝑞 𝑞 𝑝 𝑝 𝑞 𝑝 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 where (A) is the sign theorem (Theorem 2). This implies 𝑥 . □ Because of 𝑞 𝑞 (Corollary 1), it is 1 1 1 1 𝑞 𝑞 2𝑞 ⇔ ⇔ 2𝑞 𝑞 𝑞 2𝑞 𝑞 𝑞 𝑞 𝑞 Using the last inequality in Lemma 5 (Lower Bounds) and using Lemma 3 (Upper Bounds), we obtain the concluding theorem of this section: In summary, we have proved the following: Theorem 10. (Bounds of Approximations by Convergents) Let 𝑝 𝑞 be a convergent of the continued fraction representation of x. Then: 1 1 𝑝 1 1 𝑥 (24) 2𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 □ 2.5. Best Approximations Our goal is to approximate a real number by a rational number as good as possible while keeping the denominator of the rational number “small”. Keeping the denominator small is important because in practice, every real number can only be given up to a certain degree of precision, and this is achieved by means of a huge denominator and correspond‐ ing numerator. I.e., approximating a real number by a rational number with a huge de‐ nominator is canonical, but finding a small denominator is a problem. This is captured by the following: Definition 5. A fraction 𝑝 /𝑞∈ℚ is called a best approximation (of the first kind) of 𝛼∈ℝ :⇔ ∀𝑐 /𝑑∈ℚ :𝑑𝑞⇒ 𝛼 𝛼 (assuming c/d ≠ p/q). Often, the addition “of the first kind” is omitted. By definition, a best approximation of a real number can only be improved if the denominator of the given approximation is increased. | | If p/q is a best approximation of α, then 𝛼 𝑝 is small and, thus, | 𝑝 | is small. Measuring the goodness of an approximation this way results in the following: Definition 6. A fraction 𝑝 /𝑞∈ℚ is called a best approximation of the second kind of 𝛼∈ℝ :⇔ ∀𝑐 /𝑑∈ℚ :𝑑𝑞⇒ |𝑐 | |𝑞𝛼𝑝 | (assuming c/d ≠ p/q). 𝑑𝛼 𝑞𝛼 𝑞𝛼 AppliedMath 2022, 2, 23 408 The question is whether every best approximation is also a best approximation of the second kind. Now, 1/3 is a best approximation of 1/5 because the only possible fractions for c/d, with d ≤ 3 = q, are 0, 1/2, 2/3, and 1, and these numbers satisfy . Next, we observe that 1⋅ 0 3⋅ 1 with 1 < 3. Thus, with 𝑑 1 and 𝑞 3 (i.e., 𝑑𝑞 ) and 𝛼 1/5, we found a fraction 𝑐 /𝑑 0/1 with | 𝑐 | |𝑝 |! As a consequence, although 1/3 is a best approximation of the first kind of 1/5, it is not a best approximation of the second kind. Thus, not all best approximations of the first kind are best approximations of the sec‐ ond kind. But the reverse holds true: Lemma 6. (Every 2nd Kind Best Approximation is a 1st Kind Best Approximation) If 𝑝 /𝑞∈ℚ is a best approximation of the second kind of 𝛼∈ℝ , then 𝑝𝑞 is also a best approximation of the first kind of α. Proof (by contradiction). Assume p/q is not a best approximation of the first kind. Then, 𝛼 𝛼 for a fraction c/d with d < q. Multiplying both inequations results in 𝑑 𝛼 𝑞 𝛼 ⇔ |𝑐 | |𝑞𝛼 𝑝 |, which is a contradiction because p/q is a best approximation of the second kind. □ The next simple estimation about the distance of two fractions by means of the prod‐ uct of their denominators is often used. Note 4. (Distance of Fractions) Let , ∈ℚ with . Then: 𝑝 𝑎 1 (25) 𝑞 𝑏 Proof. With 𝑎 ,𝑝∈ℤ and 𝑏 ,𝑞∈ℕ , it is 𝑝𝑏𝑎𝑞 ∈ ℤ . Also, 𝑞𝑎 0 because other‐ wise 𝑝𝑏 𝑎𝑞 ⇔ which contradicts the premise. Thus, |𝑝𝑏𝑞𝑎 |∈ℕ, i.e., |𝑝𝑏 | 1. This implies 𝑝 𝑎 𝑝𝑏𝑎𝑞 |𝑝𝑏𝑞𝑎 | 1 𝑞 𝑏 𝑞𝑏 | | 𝑞𝑏 where |𝑞𝑏 |𝑞𝑏 because 𝑏 ,𝑞∈ℕ . □ Next, we prove that every best approximation of the second kind is a convergent. Theorem 11. (2nd Kind Best Approximations are Convergents) Let 𝑎𝑏 be a best approximation of the second kind of 𝑥∈ℝ , and let 𝑥 𝑎 ;𝑎 ,⋯ be the continued fraction representation of x. Then 𝑎𝑏 is a convergent of x. Proof. Being a best approximation of the second kind of x, 𝑎𝑏⁄ satisfies, by definition, | 𝑐 | |𝑏𝑥 𝑎 | for d ≤ b. Claim 1. 𝑎 𝑥 . Proof (by contradiction). Assume 𝑎 ⇒𝑎 ⇒𝑥𝑎 𝑥 ; thus, |𝑥𝑎 | 𝑥 𝑏 𝑥 | 𝑎 |, where (A) holds because 𝑏∈ℕ , i.e., 1 ≤ b. This implies | | | | | | | | 1⋅𝑥𝑎 𝑎 , which contradicts 𝑐 𝑎 for d ≤ b (with 𝑑 1𝑏 𝑏𝑥 𝑑𝑥 𝑏𝑥 𝑏𝑥 𝑑𝑥 𝑞𝑏 𝑎𝑞 𝑝𝑏 𝑞𝑏 𝑑𝛼 𝑞𝛼 𝑑𝛼 AppliedMath 2022, 2, 23 409 and 𝑐𝑎 ). This means that 𝑎 𝑥 , (B) is because of the recursion theo‐ rem. □ Thus, the geometric situation is as depicted in Figure 9, i.e., 𝑎𝑏⁄ is in the grey shaded area being greater than or equal to the convergent 𝑥 . This will be refined in what follows. Figure 9. Any best approximation of the second kind is in the grey shaded area, i.e., greater than or equal to the convergent 𝑥 . Next, we proceed with a proof by contradiction assuming that 𝑎𝑏⁄ is not a conver‐ gent of x. Assumption. 𝑥 for 𝑘∈ℕ . According to Claim 1, 𝑎 𝑥 . Thus, one of the following must hold: (i) ∈ , for k ≥ 1 or (ii) 𝑥 This situation is shown in Figure 10. Figure 10. If a best approximation of the second kind is not a convergent, it is within the indicated grey shaded areas. Case (1). If (i) is true, then 𝑎 𝑝 𝑝 𝑝 𝑝 1 𝑥 𝑏 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 where (Th8) is Theorem 8, Equation (14), and (C) is from Corollary 3, Equation (10). Fur‐ thermore, , with (D) because of Note 4 (Distance of Fractions). Together, ⇒ ⇒ 𝑏𝑞 (iii). Also, if (i) is true, then 𝑥 , where (E) is again using Note 4. This implies 𝑏 𝑥 ⇒ | 𝑎 | (iv). Lemma 3 (Upper Bounds) tells us that 𝑥 which is equivalent to 𝑞 𝑥 ⇔ |𝑞 𝑥𝑝 | ⇒ |𝑞 𝑥𝑝 | |𝑏𝑥 𝑎 | (see (iv) just before). Since 𝑞 𝑏 (see (iii) above), this is a contradiction to 𝑎𝑏 being a best approximation of the second kind of x. Thus, Case (1) does not occur. 𝑏𝑥 AppliedMath 2022, 2, 23 410 Case (2). This case is shown in Figure 11. Then, 𝑥 , where (F) again uses Note 4. This implies | 𝑎 | (v) with (G) using the recursion theorem. Figure 11. Pictorial representation of Case (2). Now, 𝑥𝑎 , where the last inequality holds because of 0; thus, |𝑥𝑎 | |𝑏𝑥 𝑎 | , (H) based on (v) before. This means that |1⋅𝑥𝑎 | |𝑏𝑥 𝑎 | with 1𝑏 , i.e., 𝑎𝑏⁄ is not a best approximation of the second kind of x, which is a contradiction. Thus, case (2) does not occur either. Consequently, the assumption is wrong and there is a 𝑘∈ℕ with 𝑥 , i.e., 𝑎𝑏⁄ is a convergent. □ So, every best approximation of the second kind is a convergent. The next theorem proves the reverse, i.e., that every convergent is a best approximation of the second kind. Theorem 12. (Lagrange, 1798—Convergents are 2nd Kind Best Approximations) Let 𝑝 ⁄𝑞 be a convergent of 𝑥 𝑎 ;𝑎 ,⋯ ,𝑎 , 𝑥𝑎 , and 𝑛 0. Then, for 𝑑 𝑞 and it is | 𝑐 | |𝑞 𝑥𝑝 |, i.e., the convergent is a best approximation of the second kind of x. The cases 𝑥𝑎 and 𝑛 0 are excluded because the convergent is not a best approximation of the second kind of 𝑥𝑎 : it is |1⋅𝑥 𝑎 1 | 𝑎 𝑎 1 and |1⋅𝑥𝑎 | 𝑎 𝑎 , which implies |1⋅𝑥 𝑎 | | |. Setting 𝑑 : 1𝑞 , 𝑐 :𝑎 1 results in | | = | 1 1⋅𝑥𝑎 𝑑⋅𝑥𝑐 1⋅𝑥 𝑎 1 | |1⋅𝑥𝑎 | = |𝑞 ⋅𝑥𝑝 |. If would be a best approximation of the second kind of x, then |1⋅𝑥 𝑎 1 | > |1⋅𝑥𝑎 | would hold. The proof of Lagrange’s theorem is very technical. First, the expression |𝑦 𝑥𝑧 | is analyzed to find the smallest integral numbers 𝑦 and 𝑧 such that the expression is min‐ imized under the constraint 𝑦 ∈ 𝑞 ,… ,𝑞 , i.e., 𝑦 is a denominator of a convergent. It is shown both that 𝑧 ⁄𝑦 is a best approximation of the second kind of x, and that 𝑧 𝑝 and 𝑦 𝑞 . Proof. Let 𝑘∈ℤ and let 𝑝 ⁄𝑞 be a convergent. First, we are looking for the smallest numbers 𝑦 ,𝑧 ∈ℤ with 𝑦 ∈ 𝑞 ,… ,𝑞 such that |𝑦 𝑥𝑧 | is minimal. Step 1. Pick an arbitrary 𝑧∈ℤ , and based on this we determine 𝑦 ∈ 𝑞 ,… ,𝑞 . | | It is 𝑦𝑥𝑧 0⇔𝑦 , but in general 𝑦∉ℤ . Looking for a solution𝑦 ∈ 𝑞 ,… ,𝑞 ⊆ℤ that minimizes |𝑦 𝑥𝑧 | results in the following potential positions of 𝑧𝑥⁄ with respect to the denominators 𝑞 ,… ,𝑞 (see Figure 12): Case 1: 𝑧 /𝑥𝑞 . Then, 𝑦 𝑞 is the solution; Case 2: 𝑧 /𝑥𝑞 . Then, 𝑦 𝑞 is the solution; Let 𝑞 𝑧 /𝑥𝑞 for 1 ≤ i ≤ k. 𝑚𝑖𝑛 𝑑𝑥 𝑏𝑥 AppliedMath 2022, 2, 23 411 | | | | ⁄ Case 3: For 𝑞 𝑥𝑧 𝑞 𝑥𝑧 (i.e., 𝑧𝑥 is closer to 𝑞 than to 𝑞 ), 𝑦 𝑞 is the solution, and for |𝑞 𝑥𝑧 | |𝑞 𝑥𝑧 | (i.e., 𝑧𝑥⁄ is closer to 𝑞 than to 𝑞 ), 𝑦 𝑞 is the solution; | | | | ⁄ Case 4: For 𝑞 𝑥𝑧 𝑞 𝑥𝑧 (i.e., 𝑧𝑥 is exactly in the middle between 𝑞 and 𝑞 ), 𝑦 𝑞 is the solution because 𝑞 𝑞 , and we are looking for the smallest 𝑦 , especially 𝑦 𝑞 1. □ Figure 12. The potential positions of 𝑧𝑥⁄ with respect to the denominators 𝑞 ,… ,𝑞 . Step 2. Based on the 𝑦 found, we determine 𝑧 next. It is |𝑦 𝑥𝑧 | 0 ⇔𝑧𝑦 𝑥 , but in general, 𝑧∉ℤ . In solving the minimization problem within ℤ (i.e., 𝑧 : 𝑔𝑚𝑖𝑛𝑎𝑟 |𝑦 𝑥𝑧 |), the following cases can be distinguished (see Figure 13): ∈ℤ Case 0: It may happen that 𝑦 𝑥∈ℤ . Then, choose 𝑧 𝑦 𝑥 ; Case 1: 𝑦 𝑥 is between two integral numbers s and t, i.e., 𝑠𝑦 𝑥𝑡 . For |𝑦 𝑥𝑠 | |𝑦 𝑥𝑡 | (i.e., 𝑦 𝑥 is closer to t than to s), 𝑧 𝑡 is the solution; and for |𝑦 𝑥𝑠 | | | 𝑦 𝑥𝑡 (i.e., 𝑦 𝑥 is closer to s than to t), 𝑧 𝑠 is the solution; Case 2: For |𝑦 𝑥𝑠 | |𝑦 𝑥𝑡 | (i.e., 𝑦 𝑥 is exactly in the middle between t and s), 𝑧 𝑠 is the solution because 𝑠𝑡 , and we are looking for the smallest 𝑧 . □ Figure 13. The potential positions of 𝑦 𝑥 . Claim 1. 𝑧 is uniquely determined. 𝑚𝑖𝑛 AppliedMath 2022, 2, 23 412 Proof (by contradiction). Assume there exists a 𝑧 ∈ℤ with 𝑧 𝑧 and 𝑥 𝑥 . This can only happen iff one term is positive and the other is negative, i.e., for 0 0 0 example, if 𝑥 0 and 𝑥 0, and then 𝑥 𝑥 , i.e., 𝑥 . As an intermediate step we prove Claim 2. 𝑧 𝑧 ̃ and 2𝑦 are co‐prime, i.e., 𝑑𝑔𝑐 𝑧 𝑧 ,2𝑦 1 Proof (by contradiction). Let 𝑧 𝑧 𝐿𝑝 and 2𝑦 𝐿𝑞 with 𝐿 1. Then, 𝑥 ⇒𝑥 and thus (i) |𝑝 | 𝑞 𝑝 0 Assume 𝐿 2. Then, with 2𝑦 𝐿𝑞 and 𝐿 /2 1, it follows: (ii) 𝑦 𝑞𝑞 | | Now, 𝑦 has been determined in Step 1 to satisfy 𝑦 𝑎𝑛𝑚𝑔𝑖𝑟 𝑦𝑥𝑧 for a given z, especially for 𝑧𝑝 , i.e., 𝑦 𝑎𝑖𝑛𝑟𝑚𝑔 |𝑝 |. Because 0𝑚𝑖𝑛 |𝑝 | and | 𝑝 | 0, it must be 𝑞𝑦 . This is a contradiction because 𝑞𝑦 according to (ii) before. Thus, 1𝐿 2, i.e., L = 2. With 𝐿 2 and 2𝑦 𝐿𝑞 , we get 𝑦 𝑞 , which implies. By definition of 𝑧 , | 𝑝 | |𝑦 𝑥𝑝 | |𝑦 𝑥𝑧 | . However, | 𝑝 | 0 (see (i) above); thus, 0 |𝑦 𝑥𝑧 |, which is a contraction. □ 0 0 We continue the proof of Claim 1: It is 𝑥 and also 𝑥 , i.e., . Be‐ cause 𝑑𝑔𝑐 𝑧 𝑧 ,2𝑦 1 according to Claim 2, it follows that 𝑝 𝑧 𝑧 ̃ and 𝑞 2𝑦 . Now, let 𝑁 2. Then, it is 2𝑦 𝑞 𝑎 𝑞 𝑞 ((A) uses the recursion theo‐ rem (Theorem 1)), and with Note 1, it is 𝑎 2. Thus, 2𝑦 2𝑞 𝑞 ⇒𝑦 𝑞 ⇒𝑞 𝑦 𝑦 ((B) is because 𝑞 0). Now: 𝑝 1 1 1 1 |𝑞 𝑥𝑝 | 𝑞 𝑝 |𝑞 𝑝 𝑝 𝑞 | 𝑞 𝑞 𝑞 2𝑦 2 where (C) holds because of the sign theorem and (D) because 𝑦 1 (see the end of the proof of Step 1). Furthermore, 𝑧 𝑧 ̃ 𝑧 𝑧 ̃ 1 0 0 |𝑦 𝑥𝑧 | 𝑦 𝑧 𝑧 |𝑧 𝑧 ̃ 2𝑧 | 2𝑦 2 2 1 1 |𝑧 ̃ 𝑧 | 𝑖𝑖𝑖 2 2 where (E) is true because 𝑧 𝑧 and, thus, |𝑧 𝑧 | 1 for integral numbers 𝑧 and | | | | 𝑧 . Together, we obtained 𝑦 𝑥𝑧 𝑞 𝑥𝑝 , which is a contradiction to the choice of 𝑦 and 𝑧 ! This proves Claim 1 for 𝑁 2. Now, let 𝑁 1 and choose 𝑎 2 (based on Note 1, the highest element of a con‐ tinued fraction is always greater than or equal 2, thus 𝑎 2). Then 𝑝 𝑎 𝑎 1 2𝑎 1 1 𝑥 𝑎 ;𝑎 𝑎 𝑞 𝑎 2 2 ((F) is the recursion theorem) which has been excluded from the theorem. 𝑞𝑥 𝑞𝑥 𝑞𝑥 𝑦𝑥 𝑦𝑥 𝑞𝑥 AppliedMath 2022, 2, 23 413 Thus, let 𝑁 1 and 𝑎 2. Then 𝑝 1 1 1 1 |1⋅𝑥𝑎 | |𝑞 𝑥𝑝 | 𝑞 𝑝 |𝑞 𝑝 𝑞 𝑝 | 𝑞 𝑞 𝑞 𝑎 2 where (G) applies the recursion theorem and (H) the sign theorem. Because of (iii), it is |𝑦 𝑥𝑧 | , i.e., together, |𝑞 𝑥𝑝 | |𝑦 𝑥𝑧 | which contradicts the definition of 𝑦 and 𝑧 ! This proves Claim 1 for 𝑁 1. □ Next, we observe Claim 3. is a best approximation of the second kind of x. Otherwise: | 𝑎 | |𝑦 𝑥𝑧 | for an with 𝑏𝑦 , which contradicts the definition of 𝑦 and 𝑧 ! □ According to Theorem 11, is a convergent of x, i.e., for an 𝑠𝑘 . If 𝑠𝑘 , the proof is done. Thus, we assume 𝑠𝑘 . Claim 4. For 𝑠𝑘 , it is . Proof. 𝑠𝑘 ⇒ 𝑠𝑘 1 ⇒ 𝑞 𝑞 (Corollary 1: denominators are monotonically 𝑠 𝑘 1 increasing). Similarly, 𝑠𝑘 ⇒ 𝑠 1𝑘 ⇒ 𝑞 𝑞 . Together, this implies 𝑞 𝑞 𝑞 𝑞 . □ Next, we get 𝑝 1 1 1 |𝑞 𝑥𝑝 |𝑞 𝑥 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 where (I) is Lemma 5 (Lower Bounds) and (J) is Claim 4. Furthermore, |𝑞 𝑥𝑝 |𝑞 𝑥 𝑞 , where (K) holds because of Lemma 3 (Upper Bounds). With and the definition of 𝑦 𝑞 and 𝑧 𝑝 (i.e., the minimizing prop‐ erty), it is |𝑞 𝑥𝑝 | |𝑦 𝑥𝑧 | |𝑞 𝑥𝑝 | ⇒ , which implies 𝑞 𝑞 𝑞 . This is a contradiction; because of the recursion theorem, it is 𝑞 𝑎 𝑞 𝑞 𝑞 𝑞 , where (L) holds with 𝑎 1. Thus, 𝑠𝑘 which proves the overall theorem. □ Putting the last two theorems together yields: Corollary 5. 𝑎𝑏⁄ is a best approximation of the second kind of x ⇔ x is a convergent of x. □ According to Theorem 12, every convergent is a best approximation of the second kind, and each best approximation of the second kind is also a best approximation of the first kind (Lemma 6). We keep this observation as Note 5. Every convergent is a best approximation of the first kind. □ But are best approximations of the first kind also always convergents? Not quite: the next theorem proves that a best approximation of the first kind is a convergent or a semi‐ convergent. 𝑏𝑥 AppliedMath 2022, 2, 23 414 Theorem 13. (Lagrange, 1798—1st Kind Best Approximations are Convergents or Semiconver‐ gents) Let 𝑎𝑏⁄ be a best approximation of the first kind of 𝑥 𝑎 ;𝑎 ,⋯ ,𝑎 . Then 𝑎𝑏⁄ is a convergent or a semiconvergent of x. Proof. By definition, it is 𝑥 𝑥 for and 𝑑𝑏 . Claim 1. 𝑎 /𝑏𝑎 . Otherwise: 𝑎 ; thus, 𝑥𝑎 𝑥 . Now, 𝑥𝑎 0 ; thus, 0 𝑥𝑎 𝑥 ⇒ 𝑥 𝑥 . Because 1𝑏 , we obtained a contradiction since 𝑎𝑏⁄ is a best approximation of the first kind. □ Claim 2. 𝑎 /𝑏𝑎 1. Otherwise: 𝑎 1 and based on the geometric situation depicted in Figure 8, it follows that 𝑥 𝑥 with 1𝑏 , which contradicts 𝑎𝑏 being a best ap‐ proximation of the first kind. □ Consequently, 𝑎𝑏 lies between 𝑥 𝑎 and 𝑥 𝑎 1 (see Equation (22)), i.e., 𝑥 𝑎 𝑎 1𝑥 (26) and is, thus, covered by the set of intervals defined by the convergents and semiconver‐ gents of x (see Figure 8). Assumption. 𝑎𝑏⁄ is neither a convergent nor a semiconvergent. This results in the following cases: Case 1: 𝑎𝑏 lies between two semiconvergents 𝑥 and 𝑥 ; 𝑘 1,𝑟 , Case 2: 𝑎𝑏⁄ lies between two convergents 𝑥 and 𝑥 ; Case 3: 𝑎𝑏⁄ lies between a convergent and a semiconvergent. We will show that all three cases lead to a contradiction, i.e., the assumption must be false; thus, the theorem is proven. Case 1. 𝑎𝑏⁄ lies between 𝑥 and 𝑥 . , , Then, 𝑎 𝑟𝑝 𝑝 𝑟 1 𝑝 𝑏 𝑟𝑞 𝑞 𝑟 1 𝑞 𝑟𝑝 𝑝 1 𝑟𝑞 𝑞 1𝑞 𝑞 𝑟𝑞 𝑞 where (A) results from the same computation performed in the proof of Lemma 4. Furthermore, it is | | (i) where (B) is seen to be valid as follows: 𝑎 𝑟𝑞 𝑞 𝑏 𝑟𝑝 𝑝 ∈ℤ and, thus, |𝑎 𝑟𝑞 𝑞 𝑏 𝑟𝑝 𝑝 |∈ℕ ; if it would be zero, the first modulus in (i) would be zero, i.e., 𝑎 /𝑏𝑥 which contradicts the assumption of the claim, which in turn im‐ | 𝑞 𝑝 | . plies 𝑎 𝑟𝑞 𝑏 𝑟𝑝 1 Together, ⇒ , AppliedMath 2022, 2, 23 415 thus, (ii) 𝑏𝑟 1 𝑞 Because of the monotony of the sequence of semiconvergents 𝑥 (Lemma 4), it is for an odd 𝑘 (i.e., 𝑘 1 even) 𝑥 𝑥 (see the geometric situation in Figure , , 14); Figure 14. Distances within an interval of semiconvergents (k odd). thus, 𝑎 𝑟 1𝑝 𝑝 𝑥 𝑥 𝑏 𝑟 1𝑞 𝑞 But with (ii), it is 1 𝑞 𝑏 ; thus, 𝑎𝑏⁄ is not a best approximation of the first kind to x, which is a contradiction. 𝑘 even leads to a contradiction too, i.e., Case (1) is not possible □ Case 2. 𝑎𝑏⁄ lies between 𝑥 and 𝑥 . Then, where (C) is Equation (11) from Corol‐ lary 3, and with Note 4, it is . Together, ⇒ ⇒ 𝑏𝑞 . Because of the geometric situation shown in Figure 15, it is 𝑥 𝑥 , which is a contradiction to 𝑎𝑏⁄ being a best approximation of the first kind to x and 𝑏𝑞 . □ Figure 15. Distances within an interval of convergents (k even). Case 3. 𝑎𝑏⁄ lies between a convergent and a semiconvergent. This implies that 𝑎𝑏⁄ lies between 𝑥 and 𝑥 (see Figure 8), otherwise 𝑎𝑏⁄ 𝑘 , would lie between two semiconvergents, which has already been covered in Case 1. Thus, 𝑥 𝑥 , but 𝑝 𝑝 𝑝 𝑝 𝑞 𝑞 𝑝 |𝑥 𝑥 | 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝑞 𝑝 1 𝑞 𝑞 𝑞 𝑞 where (D) is the sign theorem. I.e., it is . As before, with Note 4, it is ⇒ ⇒ 𝑏𝑞 𝑞 . 𝑞 𝑞 𝑝 𝑞 𝑞 𝑟 𝑞 AppliedMath 2022, 2, 23 416 The geometric situation from Figure 16 reveals 𝑥 𝑥 , which is a contradiction to 𝑎𝑏⁄ being a best approximation of the first kind to x and 𝑏𝑞 𝑞 . □ □ Figure 16. Situation in which 𝑎𝑏 is between a convergent and its first semiconvergent (k even). Finally, we give a simple criterion that allows us to prove that a given fraction is a convergent of another real number. This theorem is a cornerstone of computing a prime factor with Shor’s algorithm. Theorem 14. (Legendre, 1798—Convergent Criterion) Let 𝑥 ⇒ 𝑎𝑏⁄ is a convergent of x. Proof. We show that 𝑎𝑏⁄ is a best approximation of the second kind of x. Theorem 11 then proves the claim. Let |𝑑𝑥 𝑐 | |𝑏𝑥𝑎 | for and 𝑑 0. We need to prove 𝑑𝑏 . Now, |𝑏𝑥𝑎 |𝑏 𝑥 𝑏 . This implies |𝑑𝑥𝑐 | ⇔ 𝑑 𝑥 ⇔ 𝑥 . Thus, 𝑥𝑥 𝑥 𝑥 With Note 4 (Distance of Fractions), it is also . Together, it is ⇔ 1 ⇔ 2𝑏𝑏𝑑 ⇔ 𝑑𝑏 . □ 3. Probability of the Occurrence of Convergents 3.1. Estimating Secant Lengths In this part, we use the main arguments of [2]. In order to estimate the probability of the occurrence of a certain state after having performed the quantum Fourier transform, we need the following estimation of a lower an upper bound of the length of a secant of the unit circle: bound and Lemma 7. (Secant Length Estimation) | | If 𝜑∈𝜋 ,𝜋 then 1𝑒 |𝜑 |. Proof. The upper bound follows from elementary geometry, namely that the length of a secant is less than or equal to the length of the corresponding arc of a circle (see Figure 17). AppliedMath 2022, 2, 23 417 Figure 17. The length of a secant is smaller than the arc of the corresponding unit circle. The length of the arc determined by the angle 𝜑 on a circle of radius r is 𝑟𝜑 , i.e., if the circle is a unit circle, the length of the arc (green in the Figure) is 𝜑 . A secant of the unit circle (red in the Figure 17) can be defined by the two complex numbers on the unit circle (black in the Figure 17) that are the endpoints of the secant. Thus, the length of this secant is the difference of these complex numbers. One of these points can always be 1 because a corresponding rotation is length‐preserving; the other 𝑖𝜑 point is then 𝑒 , where 𝜑 is the angle of the arc cut by the secant. The length of this secant is then 1𝑒 . This proves the inequality 1𝑒 |𝜑 |. □ Next, we compute |1𝑒 | |1𝑜𝑠𝜑𝑐𝑖𝑠𝑖𝑛𝜑 | 1𝑐𝑜𝜑𝑠 𝑠𝑖𝑛 𝜑 1 2𝑐𝑜𝑠𝜑𝑐𝑠𝑜 𝜑𝑛𝑠𝑖 𝜑 2 2𝑐𝑜𝑠𝜑 𝜑 2 1𝑐𝑜𝑠𝜑 2 2𝑠𝑖𝑛 √ √ where (A) uses Euler’s formula, (B) is the definition of the modulus of a complex number with 𝑅𝑒 1𝑐𝑠𝑜 𝜑 and 𝜑 , (C) is the double‐angle formula, and (D) as‐ sumes that 0. To estimate a lower bound for 𝑛𝑠𝑖 , we analyze the function 𝑓𝑥 𝑖𝑛𝑠 𝑥 . From elementary calculus, it is known that a function 𝜓 is concave on 𝐷⊆ℝ if and only ′′ if its second derivative is not positive on D, i.e., 𝜓 0 on D. (Reminder: 𝜓 is concave on D :⇔ ∀𝑥 ,𝑦∈𝐷∀𝑡∈ 0,1 :𝜓 𝑡𝑥 1𝑡 𝑦 𝑡𝜓𝑥 1𝑡 , i.e., for any two points on the graph of 𝜓 , the secant between these points is below the graph, Figure 18.) Figure 18. The graphs of sin x and 2x/𝜋 . With 𝑑 𝑥 /𝑑𝑥 𝑠𝑖𝑛 𝑥 0 especially for 𝑥∈ 0,𝜋 /2 , i.e., 𝑛𝑠𝑖 𝑥 is concave on 𝑥∈ 0,𝜋 /2 . Thus, the secant between 0 0 and 1 is below the graph of 𝑠𝑖𝑛 𝑠𝑖𝑛 𝑠𝑖𝑛 𝑦𝜓 𝑠𝑖𝑛 𝑠𝑖𝑛 𝐼𝑚 𝑠𝑖𝑛 AppliedMath 2022, 2, 23 418 𝑥 (orange in Figure 18). However, this secant is given by 𝑔𝑥 𝑥 (green in Figure 18). Thus, it is 𝑥𝑥𝑛𝑖𝑠 for 𝑥∈ 0,𝜋 /2 , i.e., with 𝜑 : 2𝑥 we get 𝑠𝑛𝑖 for 𝜑∈ 0,𝜋 , and this implies 2 2 for 𝜑∈ 0,𝜋 . Now, 1𝑒 2 (see the computation before) implies 1𝑒 2 for 𝜑∈ 0,𝜋 . Furthermore, 𝑥 is convex on 𝑥∈ 𝜋 /2,0 ; thus, an argument analogous to the | | above shows that 1𝑒 2 for 𝜑∈ 𝜋 ,𝜋 . □ □ 3.2. Estimating Amplitude Parameters As stated in the introduction, the quantum part of Shor’s algorithm produces in its final step the following quantum state via a measurement: ∑ 𝜔 |𝑦⟩ (27) Thus, according to the Born rule, the probability 𝑃𝑦 of this particular state |y⟩ is the square of the modulus of the amplitude of |y⟩, i.e., 1 1 𝑃𝑦 ∑ 𝜔 𝜔 (28) The argument of the modulus is a geometric sum ∑𝑞 with 𝑞𝜔 𝑒 ; thus, in case 𝑞 1, 1 1 1𝑞 (29) 𝑃𝑦 𝑞 1𝑞 With 𝑞 𝑒 . In this section, in order to compute a lower bound for 𝑃𝑦 , we inves‐ tigate some relations between the following parameters appearing in equation (28): n: the number to be factorized; N: a power of 2 (e.g., 𝑁 2 ) with 𝑛 𝑁 2𝑛 ; the choice of N effectively determines the domain of numbers that can be repre‐ sented in the |𝑎⟩ ‐part of the quantum register (see Equation (1)). p: the period of the modular exponentiation function 𝑓𝑥 𝑎 𝑑 𝑛 ; A: the number of arguments mapped to a given value of 𝑓 . We also estimate bounds of the argument 2𝜋 of 𝑞 𝑒 . 3.2.1. Basics from Number Theory For convenience, we state the definition of the modulo function. Definition 7. The modulo function is the following map: 𝑚𝑜𝑑 :ℕ ℕ →ℕ (30) ,𝑛 ↦ 𝑧⌊ ⌋𝑛 𝑧 𝑚𝑜𝑑 𝑛 𝑧 𝑑𝑚𝑜 𝑛 is, thus, the residue left when dividing z by n. I.e., if 𝑟𝑧 𝑚𝑜𝑑 𝑛 , then there is a number 𝑘∈ℕ such that 𝑧𝑘𝑛𝑟 with 0𝑟𝑛 . 𝑚𝑜 𝑁𝐴 𝑁𝐴 𝑁𝐴 𝑁𝐴 𝑁𝐴 𝑠𝑖𝑛 𝑠𝑖𝑛 𝑠𝑖𝑛 𝑠𝑖𝑛 AppliedMath 2022, 2, 23 419 If 𝑧 𝑑 𝑛𝑧 ̃ 𝑚𝑜𝑑 𝑛𝑟 , we find numbers 𝑘 and 𝑘 such that 𝑧𝑘 𝑛𝑟 and 1 2 𝑧 ̃ 𝑘 𝑛𝑟 with 0𝑟𝑛 . This implies that 𝑧𝑧 ̃ 𝑘 𝑘 :𝑘𝑛 , i.e., n is a divisor of 𝑧𝑧 ̃ (in symbols: 𝑛 |𝑧 𝑧 ). We also obtain that 𝑧 𝑚𝑜𝑑 𝑛𝑧 ̃ 𝑑 𝑛 implies that 𝑧 ̃ 𝑧𝑘𝑛 . The equation 𝑧 𝑑 𝑛𝑧 ̃ 𝑚𝑜𝑑 𝑛 is abbreviated as 𝑧≡𝑧 ̃ 𝑑𝑚𝑜 𝑛 ; in words, 𝑧 is congruent 𝑧 ̃ modulo n. As shown just before, 𝑧≡𝑧 ̃ 𝑛 is equivalent to 𝑛 |𝑧 𝑧 and to 𝑧 ̃𝑧𝑘𝑛 . We keep this as Note 6. 𝑧≡𝑧 ̃ 𝑛 ⇔ 𝑛 |𝑧 𝑧 ⇔ 𝑧 ̃𝑧𝑛𝑘 . □ Furthermore, we state the definition of modular exponentiation which turns out to play a key role in finding factors. Definition 8. For 0𝑎𝑛 , the modular exponentiation function is the following map: 𝑓 :ℕ →ℕ (31) 𝑥↦𝑎 𝑚𝑜𝑑 𝑛 The smallest number p that satisfies 𝑓𝑥 𝑓𝑥𝑝 for all x is called the period of f. Especially, with 𝑥 0, we get 𝑓 0𝑓𝑝 which means that 𝑎 𝑚𝑜𝑑 𝑛𝑎 1 𝑚𝑜𝑑 𝑛 , i.e., 𝑎 ≡ 1 𝑚𝑜𝑑 𝑛 which in turn is equivalent to 𝑛 | 1 . Thus, we have proven: Note 7. 𝑓𝑥 𝑎 𝑑𝑛𝑚𝑜 has period p ⇔ 𝑎 ≡ 1𝑚𝑜𝑑𝑛 ⇔ 𝑛 | 1 . □ Finding a factor of n can be achieved by finding the period p of the function 𝑓𝑥 𝑎 𝑚𝑜𝑑𝑛 . This is seen as follows: Let p be the period of 𝑓 , then 𝑛 | 1 , i.e., 1 𝑘𝑛 . Assume p is even (if p is odd, Shor’s algorithm is repeated with a different a, until an ⁄ ⁄ even p is found). With such an even p, it is 𝑎 1 𝑎 1 𝑎 1 𝑘𝑛 which ⁄ ⁄ 𝑎 1 and 𝑎 1 have a common divisor, which in turn means implies that ⁄ ⁄ that 𝑑𝑔𝑐 𝑎 1,𝑛 or 𝑑𝑔𝑐 𝑎 1,𝑛 is a divisor of n. Thus, if an even period has been determined, classically efficient calculations can be used to compute a factor of n. If this factor is a prime number, we can finish. Otherwise, we continue determining a factor of the former factor, and so on, until we end up with a prime factor of n. Next, we determine an upper bound of the period p of the modular exponentiation by using group theory. A simple calculation shows that “≡” is an equivalence relation on ℤ. The equivalence class of 𝑧∈ℤ is denoted as 𝑧 and is referred to as the residue class of z modulo n. It is 𝑧∈ℤ | ≡𝑧 𝑧 𝑑𝑚𝑜 𝑛 𝑧𝑘𝑛 | 𝑘∈ℤ (see Note 6), where the latter set is sometimes written as 𝑧𝑛ℤ . The set of all residue classes modulo n is denoted as ℤ , i.e., ℤ 0 , 1 ,… , 𝑛 1 . 𝑛 𝑛 We can multiply two residue classes modulo n as follows: 𝑥⋅𝑦 𝑥 ⋅𝑦 . With ∗ ∗ this multiplication, ℤ 𝑧 ∈ ℤ | 𝑑𝑧𝑔𝑐 , 1 becomes a group. Because ℤ ⊆ℤ , it 𝑛 𝑛 𝑛 𝑛 is 𝜑𝑛 :𝑐𝑑𝑟𝑎 ℤ 𝑐𝑟𝑑𝑎 ℤ 𝑛 . Since every integer is a divisor of itself, it is 𝑑𝑔𝑐𝑛 ,𝑛 𝑛 1 (for 𝑛 2), i.e., the cardinality of numbers co‐prime to n is less than n: 𝑛 2⇒𝜑𝑛𝑛 . The well‐known Lagrange’s theorem from group theory states that for a group G with 𝑑 𝐺𝑚∞ and for each 𝑥∈𝐺 , it is 𝑥 𝑒 (e is the unit element of G)—see Lemma 3.2.5 in [3], for example. Thus, for 𝑥∈ℤ , it is 𝑥 1, i.e., 𝑥 ≡ 1 𝑛 . Since the period p is the smallest number with 𝑥 ≡ 1 𝑛 , it follows that 𝑝𝜑𝑛 and, thus, 𝑝𝑛 . 𝑚𝑜𝑑 𝑚𝑜𝑑 𝑐𝑎𝑟 𝑎 𝑎 𝑚𝑜𝑑𝑛 𝑚𝑜𝑑 𝑚𝑜𝑑 𝑚𝑜 𝑚𝑜 𝑚𝑜 AppliedMath 2022, 2, 23 420 Now, the assumption of Shor’s algorithm is that 0𝑎𝑛 and that 𝑑𝑔𝑐𝑎 ,𝑛 1, which ensures that ∈ ℤ ; thus, ≡ 1 𝑚𝑜𝑑 𝑛 and 𝑝𝑛 . Lemma 8. Let p be the period of 𝑓𝑥 𝑎 𝑚𝑜𝑑 𝑛 . Then, 𝑝𝑛 . □ 3.2.2. Intervals of Consecutive Multiples of the Period The relation between N and p is depicted in Figure 19; multiples of N are always contained in closed intervals defined by consecutive multiples of p, i.e., it may happen that a multiple of N coincides with a multiple of p. Figure 19. Multiples of N are enclosed by immediately succeeding multiples of p. Note 8. ∀𝑘 ∈ ℕ∃𝑡 ∈ ℕ : 𝑡 1 𝑝𝑘𝑁𝑡𝑝 . Proof. Pick an arbitrary 𝑘∈ℕ , i.e., 𝑘𝑁 ∈ ℕ is also given. Then, we find a 𝑡 ∈ℕ such that ˜ ˜ ˜ ˜ 𝑡 𝑝𝑁𝑘 (trivial because 𝑝 0). Let 𝑡 be the smallest of such 𝑡 , i.e., 𝑡 𝑚𝑖𝑛 𝑡 |𝑡 𝑝 𝑘𝑁 . Thus, 𝑡 1𝑝 𝑁𝑘 because otherwise 𝑡 1 𝑁𝑘 , which is a contradiction be‐ cause t was chosen minimal. Together, 𝑡 1 𝑝𝑘𝑁𝑡𝑝 . The claim follows because k an arbitrary number. □ The situation we just discussed is shown in Figure 20. Figure 20. Determining the interval of succeeding multiples of p enclosing a multiple of N. Furthermore, two different multiples of N are in different intervals defined by suc‐ ceeding multiples of p. Otherwise, the situation of Figure 21 would imply that 𝑁𝑝 , which is a contradiction as shown by the proof of Note 9 below. Figure 21. No two multiples of N can be enclosed by succeeding multiples of p. We denote a 𝑡 with 𝑡 1 𝑝𝑘𝑁𝑡𝑝 by 𝑡 . This is justified by the next Note 9 which proves that such a 𝑡 is uniquely determined by 𝑘 . Especially, a multiple is contained in “its” interval: ∀𝑘 ∈ ℕ∃𝑡 ∈ℕ:𝑘𝑁 ∈ 𝑡 1 𝑝 ,𝑡 𝑝 (32) Note 9. 𝑘𝑁 𝑎 𝑎 AppliedMath 2022, 2, 23 421 Let 𝑘∈ℕ and 𝑡 ∈ℕ with 𝑡 1 𝑝𝑘𝑁𝑡 𝑝 . Then, 𝑟𝑠∈ 0,.. .,𝑝 1 implies 𝑡 𝑡 . Proof (by contradiction). Assume 𝑟𝑠 but 𝑡 𝑡 𝑡 with 𝑡 1 𝑝𝑁𝑟𝑡𝑝 and 𝑡 1 𝑝𝑠𝑁𝑡𝑝 (see Figure 20). W.l.o.g. 𝑟𝑠 ⇒ 𝑟 1𝑠 ⇒ 𝑁𝑟 1 𝑟𝑁 𝑁 . Further, 𝑁𝑠𝑟𝑁𝑡𝑝𝑡 1 𝑝 . Together, it is 𝑁𝑠𝑁𝑟𝑁𝑝 , i.e., 𝑁 𝑝 . According to Lemma 8, we know 𝑝𝑛 ⇒ 𝑁𝑝𝑛𝑛 . However, by selection of N (see the bullet list at the beginning of Section 8), it is 𝑛 𝑁 , which is a contradiction. □ The proof of Note 9 has shown especially: Corollary 6. 𝑟𝑠∈ 0, … ,𝑝 1 ⇒ ∉ 𝑡 1 𝑝 ,𝑡 𝑝 By Note 9, for 𝑟𝑠∈ 0, ...,𝑝 1 , the numbers 𝑡 ,𝑡 are different, i.e., for each 𝑟 𝑠 𝑘∈ 0, ...,𝑝 1 , such a unique 𝑡 exists, i.e., the 𝑝 numbers 𝑡 ,𝑡 ,… ,𝑡 are different. Thus: Corollary 7. There exist p different numbers 𝑡 , 0𝑘𝑝 1, such that 𝑡 1 𝑝𝑘𝑁𝑡 𝑝 . □ These different numbers are strictly monotonically increasing. Note 10. Let 𝑘∈ℕ and 𝑡 ∈ℕ with 𝑡 1 𝑝𝑘𝑁𝑡 𝑝 . Then, 𝑡 𝑡 . 𝑘 𝑘 𝑘 1 Thus, 𝑡 𝑡 ⋯𝑡 . Proof (by contradiction). Assume 𝑡 𝑡 ; thus, 𝑡 1𝑡 1 , which implies 𝑘 1 𝑘 𝑡 𝑝𝑡 𝑝 and 1 𝑡 1 . Now, 𝑘𝑁 𝑘 1 , 𝑡 1 𝑝𝑘𝑁𝑡 𝑝 , and 𝑡 1 𝑝𝑘 1 𝑡 𝑝 . This implies 1 𝑡 𝑝𝑡 𝑝 and 𝑡 1 𝑝𝑘𝑁𝑘 1 , which finally re‐ sults in 𝑡 1 𝑝𝑘 1𝑁 𝑡 𝑝 —which is a contradiction to corollary 6 because this would imply that 1𝑁 ∈ 𝑡 1 𝑝 ,𝑡 𝑝 . □ Each multiple 𝑘𝑁 of N is “close” to a multiple in the sense that 𝑘𝑁 is at most 𝑝 ⁄2 apart from 𝑡 1 𝑝 or 𝑡 𝑝 (see Figure 22). Figure 22. A multiple of N is always “close” to a multiple of p. More precisely: Note 11. 𝑡𝑝 𝑁 𝑁 𝑘 𝑁 𝑁 𝑝 𝑝 𝑡 𝑟𝑁 𝑁 𝑟 𝑠𝑁 AppliedMath 2022, 2, 23 422 ∀𝑘∈ℕ∃𝑡∈ℕ : | 𝑡 1 𝑝𝑁𝑘 | ∨ |𝑡𝑝𝑁𝑘 | . Proof. It is 𝑡 1 𝑝𝑁𝑘𝑡𝑝 , i.e., by definition 𝑘𝑁 ∈ 𝑡 1𝑝 ,𝑡𝑝 . This implies 𝑘𝑁 𝑡 1 ∨ 𝑡𝑝𝑁𝑘 (see Figure 22), otherwise: 𝑝 𝑝 𝑝 𝑝 𝑡 1 ∧𝑡𝑝𝑘𝑁 ⇔𝑡 1 𝑘𝑁∧𝑡𝑝 𝑘𝑁 2 2 2 2 ⇒ 𝑡𝑝𝑡 1 𝑘𝑁 𝑘𝑁𝑝 , but 𝑡𝑝𝑡 1 𝑝 , i.e., 𝑝𝑝 , which is a con‐ | | | | tradiction! This proves the claim 𝑡 1 𝑝𝑘𝑁 ∨ 𝑡𝑝𝑘𝑁 . □ As before, from Note 9, it follows that for 𝑘∈ 0, … ,𝑝 1 , these numbers t are all different. Precisely: Corollary 8. Let 0𝑘𝑝 1 and 𝑡 ∈ℕ such that | 𝑡 1 𝑝𝑘𝑁 | ∨ |𝑡 𝑝𝑘𝑁 | . If 𝑟𝑠 , then 𝑡 𝑡 . □ The multiples of N are sparsely scattered across the intervals of consecutive multiples of p. More precisely, intervals of consecutive multiples of p, which contain a multiple of N, are not consecutive. This is the content of Note 12. Let 𝑛 2, 𝑘∈ 0, ... ,𝑝 1 , and 𝑡 ∈ℕ with 𝑡 1 𝑝𝑁𝑘𝑡 𝑝 . Then 𝑡 𝑡 1 as well as 𝑡 𝑡 1. 𝑘 1 𝑘 𝑘 1 𝑘 Proof. Because of Note 10, it is 𝑡 𝑡 ; thus, 𝑡 𝑡 1. 𝑘 1 𝑘 Assumption. 𝑡 𝑡 1. 𝑘 1 𝑘 By definition, 1𝑁 ∈ 1 ,𝑡 𝑝 , and by assumption, 𝑡 𝑡 1 ; thus, it is 1 ∈ 𝑡 𝑝 , 1𝑝 . Furthermore, by definition, 𝑘𝑁 ∈ 𝑡 1 𝑝 ,𝑡 𝑝 (see Figure 23). Figure 23. Situation in case 𝑘𝑁 and 1 lying within two consecutive intervals of consecutive multiples of p. Now, 𝑡 1 𝑝 ,𝑡 𝑝 , 𝑡 𝑝 , 𝑡 1 𝑝 ⊆ 𝑡 1 𝑝 , 1𝑝 which implies 𝑘𝑁 ,𝑘 1 ∈ 𝑡 1 𝑝 , 1 . Thus, 𝑁𝑘 1𝑘𝑁 1𝑝𝑡 1𝑝 2𝑝 , i.e., 𝑁 2𝑝 (see Figure 23). By Lemma 8, it is 𝑝𝑛 ⇒ 2𝑝 2𝑛 . With 𝑛 2 ⇒ 𝑛 2𝑛 and by definition of N, it is 𝑛 𝑁 ; thus, 𝑁𝑛 2𝑛 2𝑝 : a contradiction! Thus, the assumption is false, which implies 𝑡 𝑡 1. The claim 𝑡 𝑡 1 𝑘 1 𝑘 𝑘 1 𝑘 is proven similarly. □ The resulting geometric situation is depicted in Figure 24. 𝑡 𝑁 𝑝 𝑡 𝑁 𝑁 𝑘 𝑡 𝑁 𝑘 𝑝 𝑡 𝑘 𝑝 𝑝 𝑝 𝑝 𝑘𝑁 𝑝 AppliedMath 2022, 2, 23 423 Figure 24. If 𝑘𝑁 is in an interval defined by two consecutive multiples of p, the preceding and succeeding intervals do not contain a multiple of N. If 𝑘𝑁 ∈ 𝑡 1 𝑝 ,𝑡 𝑝 , it is 𝑡 𝑝𝑘𝑁𝑝 /2 or 𝑡 1 𝑝 /2 (see Figure 22 or Figure 24). In case 𝑘𝑁𝑡 1 𝑝 /2, we define 𝑡 :𝑡 1 and 𝑡 𝑝𝑝 /2 ̂ ̂ results, and in case of 𝑡 𝑝𝑁𝑘𝑝 /2, we define 𝑡 :𝑡 implying 𝑡 𝑝𝑘𝑁𝑝 /2. Ac‐ cording to Note 9, this 𝑡 is uniquely defined. This proves Note 13. ̂ | ̂ | ̂ ∀𝑘 ∈ ℕ ∃!𝑡 ∈ℕ: 𝑡 𝑝𝑘𝑁 , i.e., 𝑡 is uniquely determined by 𝑘 . □ This is next rewritten into a format more useful for what follows. Note 14. Let 𝑘∈ 0, ... ,𝑝 1 and 𝑡 ∈ℕ with 𝑡 ∈ 𝑘 ,𝑘 . If 𝑟𝑠∈ 0, . ..,𝑝 1 , then 𝑡 𝑡 . 𝑁 1 𝑁 1 Proof. It is 𝑡 ∈ 𝑘 ,𝑘 ⇔ 𝑘 𝑡 𝑘 𝑝 2 𝑝 2 ⇔ 𝑘𝑁 𝑝𝑡 𝑘𝑁 ⇔ 𝑝𝑡 𝑘𝑁 ⇔ |𝑝𝑡 𝑘𝑁 | . Note 13 shows that 𝑡 is uniquely determined by 𝑘 . □ Finally, we can prove the following: Corollary 9. There exist p different numbers 𝑡 , 0𝑘𝑝 1, such that 𝑁 1 𝑁 1 𝑡 ∈ 𝑘 ,𝑘 𝑝 2 𝑝 2 Proof. There exist p different numbers 𝑡 , 0𝑘𝑝 1, such that 1 𝑝𝑘𝑁 | | 𝑡 𝑝 (Corollary 7). The proof of Note 11 shows that this implies 𝑡 1 𝑝𝑘𝑁 ∨ 𝑁 1 𝑁 1 | | 𝑡 𝑝𝑘𝑁 . The proof of Note 14 shows that this implies 𝑡 ∈ 𝑘 ,𝑘 . □ 𝑝 2 𝑝 2 3.2.3. Cardinality of Pre‐Images First, we show that the parameter A is greater than 1, i.e., at least two numbers avail‐ able in the |𝑎⟩ ‐part of the quantum register are mapped by f to the same value. Note 15. 𝐴 1. Proof. As reminded in the introduction, the quantum Fourier transform of Shor’s algo‐ rithm produces the following state: |𝑎⟩ |𝑏⟩ ∑ |𝑥⟩ |𝑓 𝑥⟩ After measurement of the |𝑏⟩ ‐part of the register, the |𝑎⟩ ‐part is in the state 𝑘𝑁 𝑝 𝑝 𝑘𝑁 AppliedMath 2022, 2, 23 424 |𝑎⟩ |𝑥⟩ |𝑥𝑝⟩ |𝑥 2𝑝⟩⋯ |𝑥 𝐴 1 𝑝⟩ (33) √𝐴 i.e., 𝑓 |𝑥⟩ |𝑥⟩ ,|𝑥𝑝⟩ ,|𝑥 2𝑝⟩ ,⋯ ,|𝑥 𝐴 1 𝑝⟩ . Choose 𝑥𝑝 —such an x exists because otherwise it would be 𝑝 0, but a period p satisfies 𝑝 0. With 𝑝𝑛 (Lemma 8) and 𝑛𝑛 𝑁 (by choice of N), it is 𝑥𝑝 2𝑝𝑁 (see the proof of Note 12). Thus, 𝑥𝑝 is in the domain of f (in the sense that it is a value in the |𝑎⟩ ‐part of the quantum register available as an argument for f), i.e., 𝑓𝑥 𝑝 is available in the |𝑏⟩ ‐part of the register. 𝐴 1 would imply that 𝑓 |𝑥⟩ |𝑥⟩ and, thus, |𝑥𝑝⟩∉𝑓 |𝑥⟩ , i.e., 𝑓 |𝑥⟩ 𝑓 |𝑥𝑝⟩ for 𝑝 0. Since 𝑝 0, the function 𝑓 would not be periodic. □ Next, we prove tighter bounds for the parameter A. Note 16. 𝐴 1𝑝𝑁𝐴 1 . Proof. As in the proof of Note 15, we choose 𝑥𝑝 . With |𝑎 ⟩ |𝑥 ⟩ |𝑥𝑝 ⟩ |𝑥 2𝑝 ⟩⋯ |𝑥 𝐴 1 𝑝 ⟩ , i.e., |𝑥⟩ ,|𝑥𝑝⟩ ,|𝑥 2𝑝⟩ ,⋯ ,|𝑥 𝐴 1 𝑝⟩ are all values in the |𝑎⟩ ‐part of the register being mapped to 𝑓𝑥 , i.e., 𝐴 is the largest number satisfying 𝑥𝐴 1 𝑁 . With 𝑥 0, this implies 1 𝑁 —which is the first part of the claim. Thus, 1 𝑁 . Otherwise, 1 𝑁 and with 𝑥𝑝 , it would be 𝑥 𝐴𝑝 𝑝𝐴𝑝 𝐴 1 𝑁 , i.e., |𝑥𝐴𝑝⟩ would also be in the |𝑎⟩ ‐part of the register being mapped to 𝑓𝑥 , which is a contradiction to the definition of A. This proves the second part of the claim. □ The next estimation gives an approximation of 𝑁 in terms of the product of 𝐴 and 𝑝 . Note 17. 𝑁𝐴𝑝 . Proof. Because of 1 𝑁 𝐴 1 , the geometric situation is as depicted in Fig‐ ure 25, i.e., 𝑁∈𝐴 1 , or 𝑁∈𝑝𝐴 , 1 . Thus, |𝑁𝑝𝐴 |𝑝 . Now, 𝑝𝑛 (Lemma 8) and 𝑛𝑛 𝑁 by choice of N. In practice, n is a large num‐ ber, i.e., 𝑛 is huge compared to n : 𝑛≪𝑛 𝑁 . Together: 𝑝≪𝑁 (34) In this sense, 𝑝 is a small number, i.e., |𝑁𝑝𝐴 | is small too: 𝑁𝐴𝑝 . □ Figure 25. 𝑁 is embraced by 𝐴 1𝑝 and 𝐴 1𝑝 . 3.2.4. Estimating Arguments of Amplitudes of Potential Measurement Results The next Lemma is the main result of this section for what follows. Lemma 9. 𝑝 𝐴 𝐴𝑝 𝑝 𝑝 𝑝 𝐴 𝑝 𝐴 𝑝 𝐴 𝑝 𝐴 AppliedMath 2022, 2, 23 425 Let 𝑦∈ 𝑘 ,𝑘 and 𝑘∈ 0,.. .,𝑝 1 . Then: 𝑦𝐴 1 𝑝𝑦 2𝜋 ,2𝜋 ∈𝜋 ,𝜋 𝑁 𝑁 Proof. It is 𝑦∈ 𝑘 ,𝑘 ⇔ 𝑘 𝑦𝑘 ⇔ (multiply with p) 𝑁𝑘 ⇔ 𝑝𝑦𝑁𝑘 ⇔ (i) 𝑁𝑘 ∧𝑘𝑁𝑝𝑦 By Note 16, it is (ii) 1 𝑁 ⇒ 1 Furthermore: (iii) 1 1 where (A) is because of Note 17 (𝑁𝐴𝑝 ), and (B) is because of Equation (34) (𝑝≪𝑁 ). Next, we compute the lower bound for the first fraction of the claim: 𝑦𝐴 1𝑝 1 2𝜋 2𝜋 𝑁 𝑁 1 𝑝 2𝜋 𝑁 2 2𝜋𝐴 1𝜋 𝜋 𝜋 where (C) follows from the second inequation of (i) above, (D) is because of 2𝜋𝐴 1 0, and (E) is implied by (iii) above. The upper bound for the first fraction of the claim is computed next: 𝑦𝐴 1 1 1 𝑝 2𝜋 2𝜋 2𝜋 𝑁 𝑁 𝑁 2 2𝜋𝐴 1 𝜋 2𝜋𝐴 1𝜋 2𝜋𝐴 1𝜋 2𝜋 ≡ 𝜋 where (F) is implied by the first inequation of (i) above, (G) is (ii) above, (H) follows from the prerequisite 𝑘∈𝐼 0,...,𝑝 1 , i.e., 𝑘𝑝 , and (I) is the first inequation of (ii) above. 𝑖𝜑 𝑖 2 Finally, we will estimate 𝑒 , and because of 𝑒 1, (J) is justified. Together, 𝜋 2𝜋 𝜋 , which proves the first claim. □ Next, 𝑝𝑦 2𝜋 2𝜋 𝑝 2𝜋 𝑝𝑦 𝑘𝑁 𝑁 𝑁 𝑁 2 2𝜋 2𝜋 ≡ 𝜋 with (K) from the first inequation of (i) before, (L) because 𝑝𝑁 , and (M) because we will estimate 𝑒 . I.e., the upper bound of the second fraction is as claimed. The correctness of the lower bound is seen as follows: 𝑝𝑦 2𝜋 2𝜋 𝑝 2𝜋 𝑝𝑦 𝑘𝑁 𝑁 𝑁 𝑁 2 𝑝 𝑝 2𝜋𝑘𝜋 𝜋 𝜋 𝑁 𝑁 𝑖𝜑 𝜋𝑘 𝜋𝑘 𝜋𝑁 𝜋𝑁 𝑝 𝑘 𝑘 𝑝 𝐴 𝑘𝑁 𝑦𝑝 𝐴 𝐴 𝑝 𝑝 𝐴 𝑝 𝐴 𝑘𝑁 𝑦𝑝 𝑝 𝐴 𝑦𝑝 𝑝𝑦 𝑘𝑁 𝑝 AppliedMath 2022, 2, 23 426 with the second inequation of (i) before giving (N), (O) is because of 2𝜋𝑘 0, and (Q) is true because 0𝑝𝑁 ; thus, 0𝑝 /𝑁 1. □ □ 3.3. Estimating Probabilities We are now ready to compute the probability 𝑃𝑦 that the state |y⟩, which is pre‐ pared by the quantum part of Shor’s algorithm, is “close” (i.e., within a distance of 12 ⁄ ) to a multiple of 𝑝𝑁⁄ . Lemma 10. Assume 𝑞𝑒 1 and let P be the probability that 𝑦∈ 𝑘 ,𝑘 for a 𝑘∈ 0,... ,𝑝 1 . Then, 𝑃 . Proof. According to Equation (29), the probability 𝑃𝑦 to measure a particular 𝑦∈ 𝑘 ,𝑘 is 1 1𝑞 (35) 𝑃𝑦 1𝑞 In case 𝑞 1 (which is the assumption) where 𝑞𝑒 (the case 𝑞 1 will be treated separately in Note 18). Thus, with 𝑞 𝑒 , it is 1𝑒 1𝑞 |1𝑞 | (36) | | 1𝑞 1𝑞 1𝑒 The structure of the numerator and denominator recommends the estimation of both by means of the Lemma 7 (Secant Length Estimation). However, applying Lemma 7 re‐ quires that 2𝜋 ,2𝜋 ∈𝜋 ,𝜋 . By Lemma 9, we know that under the prerequisite 𝑦𝐴 1𝑝 𝑦∈ 𝑘 ,𝑘 , it is 2𝜋 ∈𝜋 ,𝜋 as well as 2𝜋 ∈𝜋 ,𝜋 , but Lemma 9 does not imply 2𝜋 ∈𝜋 ,𝜋 . Now, consider the following calculation: 1𝑞 1𝑞 1𝑞 1𝑞 𝑞 |𝑞 | 1 (37) 1𝑞 1𝑞 1𝑞 1𝑞 | | where (A) holds because of |𝑎𝑏 | |𝑎 | |𝑏 | , and 𝑒 1 implies (B): 𝑞 𝑒 𝑒 1. Equation (37) allows us to apply the secant length estimation (Lemma 7) because in 1𝑒 1𝑞 |1𝑞 | (38) 1𝑞 |1𝑞 | 1𝑒 it is now 2𝜋 ,2𝜋 ∈𝜋 ,𝜋 according to Lemma 9. | | First, we use the second inequation of 1𝑒 |𝜑 | from Lemma 7 with 𝜑 2𝜋 ∈𝜋 ,𝜋 and obtain 𝑦𝑝 1𝑒 2𝜋 (39) | | Then, we use the first inequation of 1𝑒 |𝜑 | from Lemma 7 with 𝜑 2𝜋 ∈𝜋 ,𝜋 and obtain 𝑁𝐴 AppliedMath 2022, 2, 23 427 2 𝑦𝐴 1 (40) 1𝑒 ⋅ 2𝜋 𝜋 𝑁 Using Equations (39) and (40) in Equation (38) results in 1𝑒 1𝑞 2 𝐴 1𝑝 𝑁 2𝐴 1 (41) ⋅ 2𝜋𝑦 ⋅ 1𝑞 𝜋 𝑁 2𝜋𝑦𝑝 𝜋 1𝑒 This result is now used in Equation (37) (step (C) below) and we obtain 1𝑞 1𝑞 2 1 1 1 1𝑞 1𝑞 𝜋 (42) 2𝐴 2 2𝐴 2 1 1 𝜋 𝜋 𝜋 𝜋 Using Equation (42) in Equation (35) (step (D) below) results in 1 1𝑞 1 2𝐴 2 𝑃𝑦 1 1𝑞 𝜋 𝜋 1 4𝐴 4𝐴 2 2 1 1 𝜋 𝜋 𝜋 𝜋 1 4𝐴 8𝐴 4𝐴 4 4 𝜋 𝜋 𝜋 𝜋 𝜋 4𝐴 8 4 4 4 1 𝜋 𝑁 𝜋 𝑁 𝜋 4𝐴 8 4 4𝐴 4 2 𝜋 𝑁 𝜋 𝑁 𝜋 𝑁 𝜋 Thus, 4𝐴 4 2 (43) 𝑃𝑦 1 𝜋 𝑁 𝜋 According to Note 17, we know 𝑁𝐴𝑝 ⇒ , i.e., 4𝐴 4 (44) 𝜋 𝑁 𝜋 𝑝 Furthermore, since N is a “huge” number, we know that the following is “small”: 4 2 (45) 1 𝜀 Using Equations (44) and (45) in Equation (43) results in 4 1 𝑃𝑦 𝜀 (46) 𝜋 𝑝 for each 𝑦∈ 𝑘 ,𝑘 . According to Corollary 9, there exist p different numbers 𝑁 1 𝑁 1 𝑦 with 𝑦 ∈ 𝑘 ,𝑘 and for each of them 𝑃𝑦 𝜀 . Since we are not in‐ 𝑘 𝑘 𝑝 2 𝑝 2 terested in a particular 𝑦 , but in any of them, we need to sum up all probabilities 𝑃𝑦 to obtain the overall probability 𝑃 : 4 4 𝑃 ∑ 𝑃 𝑦 𝑝𝜀 𝜋 𝜋 This proves the claim. □ We still need to estimate the probability for the case 𝑞 1. Note 18. 𝜋𝑁 𝜋𝑁 𝜋𝑁 𝜋𝑁 𝑁𝐴 𝜋𝑁𝐴 𝑁𝐴 𝜋𝑁 𝑁𝐴 𝑁𝐴 𝑁𝐴 𝑁𝐴 𝑝 AppliedMath 2022, 2, 23 428 Let 𝑞 1. Then 𝑃𝑦 . Proof. In case 𝑞 1,the probability is 𝑃𝑦 𝑞 ∑ 1 𝐴 □ 3.4. Computing the Period Let y be the result of the measurement produced by Shor’s algorithm. Under the as‐ sumption that 𝑞 1, the following holds: Theorem 15. With probability 𝑃 , there exists a 𝑘∈ 0,...,𝑝 1 , such that 𝑦 𝑘 1 𝑁 𝑝 2𝑝 Proof. According to Lemma 10, the probability that 𝑦∈ 𝑘 ,𝑘 for a 𝑘∈ 0, . ..,𝑝 1 is 4/𝜋 . However, 𝑦∈ 𝑘 ,𝑘 ⇔ 𝑦 . Dividing the latter inequa‐ tions by 𝑁 yields: 𝑦∈ 𝑘 ,𝑘 ⇔ . Thus, . By choice of 𝑁 , it is 𝑛 𝑁 . Furthermore, 𝑝𝑛 ⇒ 𝑝 𝑛 ⇒ 𝑝 𝑁 ⇒ . This results in . □ Legendre’s Theorem (Theorem 14) proves immediately: Theorem 16. With probability 4/𝜋 , 𝑘𝑝⁄ is a convergent of 𝑦𝑁⁄ . □ 3.4.1. Determining the Period by Convergents: q 1 The Algorithm 2 determines with probability of approximately 4 𝜋 the period p we are looking for; is is applicable in the case 𝑞 1: Algorithm 2 Determining with probability of approximately 4⁄𝜋 the period p we are looking for 1. Compute ∈ℚ ; a. The result of the measurement is 𝑦∈ℕ and 𝑁∈ℕ has been chosen ⇒ ∈ℚ can be computed. 2. Compute the continued fraction representation 𝑎 ;𝑎 ,… ,𝑎 of ∈ℚ; 3. Compute the convergents 𝑎 ;𝑎 ,… ,𝑎 , 1𝑢𝑚 ; 4. Determine ℎ with ℎ ℎ for 1𝑢𝑚 and ℎ 𝑛 ⇒ is a very good approximation of because ; 5. Thus, ℎ 𝑝 is a candidate for the period p; 6. Check whether p is in fact the period. AppliedMath 2022, 2, 23 429 3.4.2. Determining the Period by Convergents: q 1 2𝜋𝑖 𝑝𝑦 In case 𝑞 1, the above algorithm is not applicable. However, 𝑞 1 ⇔ 𝑒 1 ⇔ ∈ℤ ⇔ 𝑝𝑘 with 𝑘∈ℤ . Thus, the Algorithm 3 can be used: 2𝜋𝑖 𝑝𝑦 Algorithm 3 𝑞 1 ⇔ 𝑒 1 ⇔ ∈ℤ ⇔ 𝑝𝑘 with 𝑘∈ℤ 1. Compute ∈ℚ .The result of the measurement is 𝑦∈ℕ and 𝑁∈ℕ has been chosen ⇒ ∈ℚ can be computed; 2. Select 𝑘∈ℕ ; Compute 𝑘 ; 4. If 𝑘 ∉ℕ, go back to step (2); 5. If 𝑘 𝑛 , go back to step (2); 6. 𝑝𝑘 is a candidate for the period p; 7. Check whether p is in fact the period; 8. If p is not the period: a. If some predefined termination criterion is met: stop; b. Go back to step (2). This may yield the period p but does not guarantee it. 3.5. How the Presented Results Relate The contribution contains several low‐level details. In order to avoid getting lost in these details, this section sketches how the main details contribute to the proof of Shor’s algorithm. The Figure 26 at the end of this section is a cartoon of these relations. 3.5.1. Applying the Results about Continued Factions Determining a divisor and finally a prime factor of a natural number 𝑛∈ℕ can be reduced to finding the period p of the modular exponentiation function 𝑓𝑥 𝑎 for an a with 0𝑎𝑛 —see Section 3.2.1 and Note 7. The quantum part of Shor’s algorithm produces the state ∑ 𝜔 |𝑦⟩ from Equa‐ tion (2). Measuring this state results in a natural number 𝑦∈ℕ . The natural number N in Equation (2) must be chosen in advance based on the num‐ ber n to be factorized: it is chosen as 𝑁 2 with 𝑛 𝑁 2𝑛 —see the introduction of Section 8. This ensures that the relevant arguments to compute the 𝑓𝑥 by the quantum part of Shor’s algorithm can be captured as quantum states. Theorem 15 guarantees with probability 𝑃 4/𝜋 the existence of a 𝑘∈ 0, … ,𝑝 1 such that . Thus, according to the convergent criterion of Legendre’s Theorem (Theorem 14), 𝑘𝑝⁄ is a convergent of 𝑦𝑁⁄ . The proof of Legendre’s convergent criterion (Theorem 14), in turn, is based on the fact that convergents are exactly the best approximations of the second kind (Theorem 11 and Lagrange’s theorem (Theorem 12)). The proof of Lagrange’s theorem (Theorem 12—each convergent is a best approxi‐ mation of the second kind) makes use of the recursion theorem (Theorem 1), the sign the‐ orem (Theorem 2), the monotony property of denominators of convergents (Corollary 1), as well as the estimations of the upper bounds of convergents (Lemma 3) and their lower bounds (Lemma 5). 𝑚𝑜𝑑𝑛 AppliedMath 2022, 2, 23 430 The proof of Theorem 11 (each best approximation of the second kind is a conver‐ gent) makes use of the recursion theorem (Theorem 1), the distance theorem (Theorem 8), the computation of the difference of convergents (Corollary 3), the distance of fractions (Note 4), and the estimation of the upper bounds of convergents (Lemma 3). The estimations of the lower and upper bounds of convergents depend on the dis‐ tance theorem (Theorem 8), the computation of the difference of convergents (Corollary 3), the monotony property of denominators of convergents (Corollary 1), and on estima‐ tions of the size of denominators of convergents (Lemma 1). The estimation of the lower bounds (Lemma 5) makes use of semiconvergents (Definition 4) and their monotony prop‐ erty (Lemma 4) as well as the nesting theorem (Theorem 7). Remark: Theorem 13, which proves that best approximations of the first kind are convergents or semiconvergents, is not immediately relevant to Shor’s algorithm and may be ignored when focusing on Shor’s algorithm. 3.5.2. Applying Probability Estimations According to Equation (29) (which is implied by the Born rule), the probability 𝑃𝑦 to measure a particular y is 𝑃𝑦 for 𝑞𝑒 1. Equation (37) and Equation (38) show that this probability can be estimated as 1 1. The latter fraction, in turn, can be estimated by means of Lemma 7 (Secant Length Estimation) in case 2𝜋 ,2𝜋 ∈𝜋 ,𝜋 . Lemma 9 shows that the latter inclusion is satisfied in case of 𝑦∈ 𝑘 ,𝑘 and 𝑘∈ 0, ... ,𝑝 1 . Lemma 10 proves that with probability 𝑃𝑦 4/𝜋 it is, in fact, 𝑦∈ 𝑘 ,𝑘 for 𝑘∈ 0,...,𝑝 1 . The proof of this lemma is based on a proper estimation of N (Note 17) which in turn relies on Note 16. Further, it makes use of Corollary 9, which is the summary of the various results of Section 3.2.2. A simple calculation in the proof of Theorem 15 finally shows that 𝑦∈ 𝑘 ,𝑘 implies . Thus, with probability 𝑃𝑦 4/𝜋 , the convergent criterion of Legendre’s Theorem (Theorem 14) is satisfied. AppliedMath 2022, 2, 23 431 Figure 26. How the main results of the paper relate. 4. Conclusions and Related Work The literature analyzing, discussing, and refining Shor’s algorithm [1] is vast. Of course, most text books on quantaum computing explain the algorithm too (e.g., [4,5]). In doing so, all this literature puts a sharp focus on the quantum part of the algorithm and sketches its classical parts at various depths. However, the mathematical treatment of the classical aspects is sketchy, omitting most of the details and leaving them as an exercise for the reader with references to corresponding text books from mathematics such as [6] or [7]. The lecture notes by Preskill [2] go a bit deeper, especially on the estimation of probabilities, but still omit the low‐level details; however, the authors of the contribution at hand benefited a lot by the treatment in [2]. It is noted that the genesis for the authors’ treatment of probability estimations was inspired by unpublished, non‐public work to which the authors had access to several years ago. In doing so, the contribution at hand is very detailed on the probability estimation of being able to use Legendre’s Theorem in Shor’s algorithm. The authors are not aware of any other publication providing these low‐level details. AppliedMath 2022, 2, 23 432 Furthermore, the contribution at hand is a self‐contained treatment on continued fractions up to Legendre’s Theorem. All background that is needed to understand this theorem is presented, including all proofs with low‐level details step by step. The authors hope to foster the comprehension of the classical aspects of Shor’s algo‐ rithm even at the level of beginners in quantum computing. Author Contributions: Writing—original draft, F.L.; Writing—review & editing, J.B. All authors have read and agreed to the published version of the manuscript. Funding: This work was partially funded by the BMWK project PlanQK (01MK20005N). Institutional Review Board Statement: Not applicable. Informed Consent Statement: Not applicable. Data Availability Statement: Not applicable. Conflicts of Interest: The authors declare no conflict of interest. References 1. Shor, P.W. Polynomial‐Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer. SIAM J. Sci. Statist. Comput. 1997, 26, 1484–1509. 2. Preskill, J. Lecture on Quantum Information—Chapter 6. Quantum Algorithms; California Institute of Technology: Pasadena, CA, USA, 2020. Available online: http://theory.caltech.edu/~preskill/ph219/chap6_20_6A.pdf (accessed on 14 July 2022). 3. Shult, E.; Surowski, D. Algebra; Springer: Berlin/Heidelberg, Germany, 2015. 4. Nielsen, M.A.; Chuang, I.L. Quantum Computation and Quantum Information; Cambridge University Press: Cambridge, UK, 2016. 5. Rieffel, E.; Polak, W. Quantum Computing: A Gentle Introduction; The MIT Press: Cambridge, MA, USA, 2011. 6. Hardy, G.H.; Wright, E.M. An Introduction to the Theory of Numbers, 4th ed.; Oxford University Press: New York, NY, USA, 1975. 7. Khinchin, A.Y. Continued Fractions, 3rd ed.; The University of Chicago Press: Chicago, IL, USA, 1964.
Journal
AppliedMath – Multidisciplinary Digital Publishing Institute
Published: Jul 18, 2022
Keywords: quantum algorithms; quantum computing; continued fractions; hybrid quantum algorithms