Elliptic curve cryptography algorithm (top-down) (#923)

* Elliptic curve cryptography algorithm

* Underscore in bloq doc

* remove import *

* remove print

* little note for mod inv listing

* shim note

* un-private

Author: mpharrigan

dev_tools/autogenerate-bloqs-notebooks-v2.py

@@ -72,6 +72,7 @@
 import qualtran.bloqs.chemistry.trotter.ising.unitaries
 import qualtran.bloqs.chemistry.trotter.trotterized_unitary
 import qualtran.bloqs.data_loading.qrom
+import qualtran.bloqs.factoring.ecc
 import qualtran.bloqs.factoring.mod_exp
 import qualtran.bloqs.hamiltonian_simulation.hamiltonian_simulation_by_gqsp
 import qualtran.bloqs.mcmt.and_bloq
@@ -339,6 +340,21 @@
         bloq_specs=[qualtran.bloqs.factoring.mod_mul._MODMUL_DOC],
         directory=f'{SOURCE_DIR}/bloqs/factoring',
     ),
+    NotebookSpecV2(
+        title='Elliptic Curve Cryptography',
+        module=qualtran.bloqs.factoring.ecc,
+        bloq_specs=[
+            qualtran.bloqs.factoring.ecc.find_ecc_private_key._ECC_BLOQ_DOC,
+            qualtran.bloqs.factoring.ecc.ec_phase_estimate_r._EC_PE_BLOQ_DOC,
+            qualtran.bloqs.factoring.ecc.ec_add_r._ECC_ADD_R_BLOQ_DOC,
+            qualtran.bloqs.factoring.ecc.ec_add_r._EC_WINDOW_ADD_BLOQ_DOC,
+        ],
+    ),
+    NotebookSpecV2(
+        title='Elliptic Curve Addition',
+        module=qualtran.bloqs.factoring.ecc.ec_add,
+        bloq_specs=[qualtran.bloqs.factoring.ecc.ec_add._EC_ADD_DOC],
+    ),
 ]
 
 

docs/bloqs/index.rst

@@ -61,6 +61,8 @@ Bloqs Library
     arithmetic/conversions.ipynb
     factoring/mod_exp.ipynb
     factoring/mod_mul.ipynb
+    factoring/ecc/ecc.ipynb
+    factoring/ecc/ec_add.ipynb
 
 .. toctree::
     :maxdepth: 2

qualtran/_infra/data_types.py

@@ -226,6 +226,9 @@ def assert_valid_classical_val_array(
         if np.any(val_array >= 2 ** (self.bitsize - 1)):
             raise ValueError(f"Too-large classical {self}s encountered in {debug_str}")
 
+    def __str__(self):
+        return f'QInt({self.bitsize})'
+
 
 @attrs.frozen
 class QIntOnesComp(QDType):
@@ -317,6 +320,9 @@ def assert_valid_classical_val_array(
         if np.any(val_array >= 2**self.bitsize):
             raise ValueError(f"Too-large classical values encountered in {debug_str}")
 
+    def __str__(self):
+        return f'QUInt({self.bitsize})'
+
 
 @attrs.frozen
 class BoundedQUInt(QDType):
@@ -516,7 +522,7 @@ class QMontgomeryUInt(QDType):
     fast modular multiplication.
 
     In order to convert an unsigned integer from a finite field x % p into Montgomery form you
-    first must choose a value r > p where gcd(r, p) = 1. Typically this value is a power of 2.
+    first must choose a value r > p where gcd(r, p) = 1. Typically, this value is a power of 2.
 
     Conversion to Montgomery form:
         [x] = (x * r) % p

qualtran/bloqs/arithmetic/__init__.py

@@ -39,3 +39,5 @@
     SumOfSquares,
 )
 from qualtran.bloqs.arithmetic.sorting import BitonicSort, Comparator
+
+from ._shims import AddK, CHalf, Lt, MultiCToffoli, Negate, Sub

qualtran/bloqs/arithmetic/_shims.py

@@ -0,0 +1,93 @@
+#  Copyright 2023 Google LLC
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+"""This module has a selection of minimally-implemented modular arithmetic primitives.
+
+These bloqs serve as the callees in the call graphs of the algorithms found
+in `qualtran.bloqs.factoring` and `qualtran.bloqs.mod_arithmetic`. They are place-holders,
+so we don't have undefined symbols and can still merge the high-level algorithms. These shims
+will be fleshed out and moved to their final organizational location soon (written: 2024-05-06).
+"""
+from functools import cached_property
+from typing import Set
+
+from attrs import frozen
+
+from qualtran import Bloq, QBit, QUInt, Register, Signature
+from qualtran.bloqs.basic_gates import Toffoli
+from qualtran.resource_counting import BloqCountT, SympySymbolAllocator
+
+
+@frozen
+class MultiCToffoli(Bloq):
+    n: int
+
+    @cached_property
+    def signature(self) -> 'Signature':
+        return Signature([Register('ctrl', QBit(), shape=(self.n,)), Register('target', QBit())])
+
+    def build_call_graph(self, ssa: 'SympySymbolAllocator') -> Set['BloqCountT']:
+        return {(Toffoli(), self.n - 2)}
+
+
+@frozen
+class AddK(Bloq):
+    n: int
+    k: int
+
+    @cached_property
+    def signature(self) -> 'Signature':
+        return Signature([Register('x', QUInt(self.n))])
+
+
+@frozen
+class Sub(Bloq):
+    n: int
+
+    @cached_property
+    def signature(self) -> 'Signature':
+        return Signature([Register('x', QUInt(self.n)), Register('y', QUInt(self.n))])
+
+
+@frozen
+class Lt(Bloq):
+    n: int
+    signed: bool = False
+
+    @cached_property
+    def signature(self) -> 'Signature':
+        return Signature(
+            [Register('x', QUInt(self.n)), Register('y', QUInt(self.n)), Register('out', QBit())]
+        )
+
+    def build_call_graph(self, ssa: 'SympySymbolAllocator') -> Set['BloqCountT']:
+        # litinski
+        return {(Toffoli(), self.n)}
+
+
+@frozen
+class CHalf(Bloq):
+    n: int
+
+    @cached_property
+    def signature(self) -> 'Signature':
+        return Signature([Register('ctrl', QBit()), Register('x', QUInt(self.n))])
+
+
+@frozen
+class Negate(Bloq):
+    n: int
+
+    @cached_property
+    def signature(self) -> 'Signature':
+        return Signature([Register('x', QUInt(self.n))])

qualtran/bloqs/factoring/ecc/__init__.py

@@ -0,0 +1,40 @@
+#  Copyright 2023 Google LLC
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+# isort:skip_file
+
+r"""Bloqs for breaking elliptic curve cryptography systems via the discrete log.
+
+Elliptic curve cryptography is a form of public key cryptography based on the finite
+field of elliptic curves. For our purposes, we will denote the group operation as addition
+(whose definition we will explore later) $A + B$. We will denote repeated addition
+ as $[k] A = A + \dots + A$ ($k$ times).
+
+Within this algebra, the cryptographic scheme relates the public and private keys via
+$$
+Q = [k] P
+$$
+for private key $k$, public key $Q$, and a choice of base point $P$. The cryptographic
+security comes from the difficulty of inverting the multiplication. I.e. it is difficult
+to do a discrete logarithm in this field.
+
+Using Shor's algorithm for the discrete logarithm, we can find $k$ in polynomial time
+with a quantum algorithm.
+"""
+
+from .ec_point import ECPoint
+from .ec_add import ECAdd
+from .ec_add_r import ECAddR, ECWindowAddR
+from .ec_phase_estimate_r import ECPhaseEstimateR
+from .find_ecc_private_key import FindECCPrivateKey

qualtran/bloqs/factoring/ecc/_ecc_shims.py

@@ -0,0 +1,42 @@
+#  Copyright 2023 Google LLC
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+from functools import cached_property
+
+from attrs import frozen
+
+from qualtran import Bloq, DecomposeTypeError, QBit, Register, Side, Signature, Soquet
+from qualtran.drawing import RarrowTextBox, WireSymbol
+
+
+@frozen
+class MeasureQFT(Bloq):
+    n: int
+
+    @cached_property
+    def signature(self) -> 'Signature':
+        return Signature([Register('x', QBit(), shape=(self.n,), side=Side.LEFT)])
+
+    def decompose_bloq(self) -> 'CompositeBloq':
+        raise DecomposeTypeError('MeasureQFT is a placeholder, atomic bloq.')
+
+    def wire_symbol(self, soq: 'Soquet') -> 'WireSymbol':
+        if soq.reg.name == 'x':
+            return RarrowTextBox('MeasQFT')
+
+    def __str__(self):
+        return 'MeasureQFT'
+
+    def cost_attrs(self):
+        return [('n', self.n)]