1. Introduction
Quantum programs and quantum protocols are two pillars of quantum computing. The exponential speedup provided by Shor’s factoring algorithm and the quadratic speedup provided by Grover’s search algorithm over their classical counterparts has brought quantum computing into the limelight. The unconditional security offered by quantum protocols such as quantum key distribution has grabbed strong interests from both the academic and the industrial community. Designing quantum programs and protocols is an error-prone task due to the counter-intuitive nature of quantum systems. Therefore, verification techniques for quantum programs and quantum protocols will be indispensable in the coming era of quantum computation. For example, a number of quantum process calculi [
1,
2,
3,
4] have been proposed for the formal verification of quantum protocols. Some quantum logics have been developed to verify both quantum programs and quantum protocols.
Quantum logic began with Birkhoff and von Neumann [
5]. Traditional quantum logic [
5,
6,
7,
8,
9,
10] focuses on the order-theoretic structure of testable properties in the quantum world and is based on the lattice of closed subspaces of a (usually infinite dimensional) Hilbert space. The success of quantum computation and quantum information has inspired new quantum logics [
11,
12] which are based on
finite dimensional Hilbert spaces, such as qubits. Brunet and Jorrand [
13] proposed to extend the Birkhoff–von Neumann quantum logic to reasoning about quantum programs. Chadha et al. [
14] presented a first attempt to develop a Hoare-like logic for quantum programs. Some useful proof rules for reasoning about quantum programs were introduced by Fenget et al. [
15]. A full-fledged Hoare-like logic for both partial and total correctness of quantum programs was established in Ying [
16].
The logic for quantum programs (LQP) [
17,
18,
19,
20,
21] is an extension of traditional quantum logic and quantum Hoare logic. It has been used to verify quantum search algorithms [
20], quantum leader election [
20], quantum key distribution [
21] and quantum voting [
22]. The expressive power of LQP is largely determined by the constant symbols it incorporates. There is no systematic study of constant symbols in the literature of LQP. In Baltag and Smets [
18], the authors chose the following unitary operators as constant symbols: X, Z, H and CNOT. In Rad et al. [
22], Bell states are used as constant symbols. Those operators are not universal. Therefore, there are still many quantum states and operators that cannot be expressed in LQP. Another limitation of the presentation of constant symbols in LQP is the missing satisfying axiomatization. Different axioms for different constant symbols are introduced, depending on which programs/protocols are to be verified. These two limitations make LQP not a convenient tool in the formal verification of quantum programs and protocols: To verify a quantum program or protocol in LQP, we have to first find an appropriate set of constant symbols to express the program/protocol, then we still need to introduce a set of axioms for these constant symbols such that some desired properties of the targeting program/protocol can be proved axiomatically. This procedure usually consumes a lot of time and intelligence. We believe that LQP cannot be successful in formal verification if these two limitations are not overcome.
In this paper, we will overcome these limitations by extending LQP to the categorical logic of quantum programs (CLQP). CLQP is a combination of LQP and categorical quantum mechanics (CQM) [
23,
24,
25,
26]. The main feature of the construction of CLQP is the representation of constant symbols of LQP by morphisms in the ZX-calculus, a graphical calculus of CQM. Inherited from the universality of the ZX-calculus [
24], CLQP has stronger expressive power than LQP. CLQP also inherits the graphical axiomatization of the ZX-calculus such that many properties of a quantum program and protocols can be proved concisely and graphically, when the program/protocol is specified in CLQP. On the other hand, CLQP preserves the various logical operations (for example, boolean connectives, programs constructors, epistemic modality and probabilistic modality) of LQP. These operations allow us to express various properties that are not expressible in CQM. In a nutshell, CLQP keeps the advantages of both LQP and CQM, while overcoming their limitations. These features make CLQP a powerful tool for the formal specification and verification of quantum programs and protocols.
The structure of this paper is as follows. In
Section 2 we will introduce the syntax, semantics and axiomatization of CLQP. Then in
Section 3 we apply CLQP to the verification of quantum programs and protocols. We conclude this paper with future work in
Section 4.
2. Categorical Logic for Quantum Programs
2.1. Syntax
For each natural number , we build the n-qubit categorical logic of quantum programs CLQP. To build the language of CLQP, we are given the following: A finite set of natural numbers , a countable set of propositional variables , a countable set of operational variables , constants symbols of propositions and unitary operations built from the ZX-calculus.
2.1.1. Constants from Categorical Quantum Mechanics
Categorical quantum mechanics is the study of quantum computation and quantum foundations using category theory. The ZX-calculus, a graphical language of quantum computation developed in the framework of CQM, is introduced by Coecke and Duncan [
24,
27]. It is founded on a dagger symmetric monoidal category (†-SMC)
. (A concise introduction to †-SMC is provided in the
Appendix A.)
The objects of are natural numbers: ; the tensor of objects is just the addition of numbers: . 0 is the unit object of . In the matrix interpretation of the ZX-calculus, an object n is interpreted as the dimensional Hilbert space . An identity morphism of is interpreted as the identity map on the corresponding Hilbert space. A swap morphism is interpreted as the map to which we have for all and . Apart from the identity morphisms and swap morphisms, the following are also the basic morphisms of :
Z-spiders
, for every real number
, of which the matrix interpretation and graphical representation are respectively
We call
the phase of
. The graph is read from bottom to top. We consider the wires at the bottom as input and those on the top as output. We usually omit the phase in the graphical representation when it is 0.
X-spiders
, for every real number
, of which the matrix interpretation and graphical representation are respectively
Similarly, we call
the phase of
.
The identity morphism
. The matrix interpretation of
is the identity map on the Hilbert space
. The graphical representation of
is a straight line
The H-box
, of which the matrix interpretation and graphical representation are respectively
is interpreted as the number 1. The graphical representation of
e is the empty graph
SWAP morphism
, of which the matrix interpretation and graphical representation are respectively
Bell state
, of which the matrix interpretation and graphical representation are respectively
Bell effect
, of which the matrix interpretation and graphical representation are respectively
The morphisms of are generated by applying sequential and parallel composition of the basic morphisms, or by applying the dagger operation † to a morphism. The matrix interpretation of sequential and parallel composition of morphisms is the matrix production and tensor product, respectively. The graphical representation of sequential composition of morphisms is to put one graph on top of another, while the parallel composition of morphisms is represented by putting graphs side-by-side. The matrix interpretation of † is the adjoint operation. The graphical representation of † is to turn the graph upside-down, meanwhile changing the sign of phases that appear in the graph.
The ZX-calculus is a universal language for quantum computing in the sense that it can represent all linear maps between qubit systems. Another impressive feature of the ZX-calculus is that it admits a sound and complete axiomatization [
28,
29,
30] to derive equations between morphisms. The axiomatization of the ZX-calculus will play an important role in the axiomatization of CLQP. There are two kinds of axioms to determine whether two morphisms of
are equivalent: The structure axioms for
as a †-SMC, as well as the rewriting axioms listed in
Figure 1. Note that we identify the basic morphism
with the identity morphism
and the basic morphism SWAP as the swap morphism
. Also note that those axioms listed in
Figure 1 are only a fragment of all axioms of the ZX-calculus. We omit other axioms for the sake of simplicity. The interested readers can found all axioms of the ZX-calculus in [
29,
30].
2.1.2. Syntax of Clqp
We use to denote the language of CLQP. is defined by the following BNF:
Definition 1 (Language of CLQP). For and ,
Here and are respectively an operational constant and a propositional constant expressed by the ZX-calculus. More precisely, is a morphism from n to n, while is a morphism from 0 to n. For example, is an operational constant of and is a propositional constant of . For all and , is an epistemic modality. For all , is a probabilistic modality.
The intended meaning of those formulas is the following:
is a program.
U is an operational variable that refers to a unitary operation on .
is the adjoint of U.
is an operational constant that refers to a specific operation on .
is the program that refers to the test of proposition .
is the sequential composition of and (applying first and then ).
is the non-deterministic choice between of and (applying either or ).
is the iteration of , meaning that to repeat a finite, but non-deterministically determined, number of times.
is a formula.
⊤ is a propositional constant representing logical truth.
p is a propositional variable.
is a propositional constant that refers to a specific state on .
¬ is the classical negation.
∧ is the classical conjunction.
means that “ will be the case after every execution of ”.
means that “subsystem I carries the information that is the case”.
means that “testing property (on the current state) will succeed with probability ”.
We define logical absurdity as , classical disjunction as and quantum negation as . Classical implication and equivalence are respectively defined as and . Quantum join is defined as . A range of probabilistic formulas are defined as: , , , .
Comparing to LQP, the syntax of CLQP is an extension of LQP with the following additional components: operational constants, propositional constants and the iteration ∗. The iteration ∗ is not included in LQP. We put it back into our logic such that it can be used to verify quantum programs with the while-loop, for example the quantum walk algorithm [
31] and the famous HHL (Harrow–Hassidim–Lloyd) quantum algorithms for solving systems of linear equations, which is a cornerstone of quantum machine learning.
2.2. Semantics
The semantics of CLQP is based on the following structure.
Definition 2 (Quantum Dynamic Frame [
18])
. Let be the dimensional Hilbert space. The n-qubit quantum dynamic frame build on is the following structure:- 1.
Σ is the set of all one-dimensional subspace of , called the set of states. We denote a state of using any of the non-zero vector that generates it.
- 2.
Call two states s and t orthogonal and write if and only if and , . For a set of states , we put and we denote the biorthogonal closure of S.
- 3.
A set of states is called a testable property iff it is biorthogonally closed, i.e., . We denote the set of all testable properties.
- 4.
Every testable property S uniquely corresponds to a subspaces of by taking .
- 5.
For every testable property S, there is a partial map on Σ, called a quantum test, induced by the projector onto the subspace :
, if .
undefined, otherwise.
We denote by the binary relation corresponding to the partial map , i.e., given by iff .
- 6.
is the set of all unitary maps on . For every unitary map U on , the corresponding binary relation is given by iff for some vector .
An n-qubit quantum dynamic model is a pair , in which is an n-qubit quantum dynamic frame. V is valuation function which maps every to a set of states and every to a singleton set which contains the special state indicated by . R is an interpretation function that maps quantum programs to relations over . An operational variable U is interpreted by a relation induced by a unitary map. An operational constant is interpreted by the relation induced by the unitary map indicates. More precisely, iff there are and such that , where is the matrix interpretation of . A test is interpreted by the relation induced by the quantum projector . The adjoint of a program is interpreted by the relation , which is defined by iff there are and such that . The relational interpretation is extend to arbitrary quantum programs as follows:
.
.
, i.e., the reflexive transitive closure of .
Definition 3 (Semantics of CLQP). Let be an n-qubit quantum dynamic model. Let .
iff .
iff .
iff not .
iff and .
iff for all t, if then .
iff for all t, if then . Here the relation is defined as follows. For all unit vector and , let and be the density operator of x and y respectively. Let be the partial trace over the environment . Then holds iff .
iff for all unit vector , .
The semantics of CLQP largely coincides with the semantics of LQP: For all formulas that appear in both LQP and CLQP, their semantics in CLQP are the same as their semantics in LQP. As usual, by we mean for all n-qubit quantum dynamic model M and all state s in M, if for all , then . We say that is valid in CLQP if .
2.3. Axiomatization
Now we introduce a sound proof system for CLQP. This proof system is an extension of the proof system of LQP with axioms of the ZX-calculus. It consists of the following axioms and rules:
Axioms of dynamic logic:
- -
All propositional tautologies.
- -
Kripke Axiom: .
- -
PDL1: .
- -
PDL2: .
- -
PDL3: .
- -
PDL4: .
Axioms of quantum system, in which we use the abbreviations , , .
- -
Testability Axiom: .
- -
Partial Functionality: .
- -
Adequacy: .
- -
Repeatability: .
- -
Unitary bijectivity 1: .
- -
Unitary bijectivity 2: .
- -
Proper Superpositions: .
- -
Adjointness: .
Axioms of the epistemic modality:
- -
K: .
- -
T: .
- -
S4: .
- -
S5: .
Axioms of probability:
- -
.
- -
.
- -
.
- -
.
- -
.
- -
.
- -
.
Rules:
- -
Modus Ponens (MP): .
- -
Necessitation (Nec): .
- -
Uniform Substitution (US): .
- -
ZX equivalence: if in the ZX-calculus, then .
Theorem 1. All axioms and rules above are sound with respect to the semantics of CLQP, for all .
Proof.
(sketch) Axioms of dynamic logic are valid because they are valid in every dynamic logic and CLQP is a special dynamic logic. The validity of axioms of quantum systems is shown in [
17,
18]. Axioms of epistemic logic are valid because
is an equivalence relation. The validity of axioms of probability can be found in [
21]. The rules MP and US are valid in all logical systems. The rule Nec is valid because
is a necessity modality. The rule ZX equivalence is valid because if
in the ZX-calculus, then by the soundness of the ZX calculus we know they represent the same linear map. □
Remark 1. In CLQP, axioms of the ZX-calculus are simplified. Those axioms of single-qubit ZX-calculus can be found in Backens [32]. 3. CLQP for Verification
In this section we are going to demonstrate the usage of CLQP by applying it to the formal verification of quantum programs and protocols. For the sake of simplicity, we choose to verify the correctness of Deutsch’s algorithm and the concealing property of quantum bit commitment protocols.
3.1. Deutsch’S Algorithm
Deutsch’s algorithm is a simple algorithm that solves a slightly contrived problem [
33]. It determines whether a function
f from
to
is constant or balanced, where
f being constant means that
and balanced otherwise. We can formalize Deutsch’s algorithm in CLQP
. First, as it is shown in Chapter 12 of [
26], we build an oracle
as the following:
Formally, we have
. It holds that for all
, we have
. The unitary operation of Deutsch’s Algorithm is graphically represented as the following:
After this operation, a measurement on the
basis is applied to the first qubit. The function
f is constant if and only if the result of the measurement is
.
There are four functions from
to
. Let them be
, where
,
,
,
. Note that up to a non-zero scalar, we have
,
,
,
.
The correctness of Deutsch’s Algorithm can be expressed by the following deduction:
for all constant function f.
for all balanced function
Equivalently, it can be characterized by the validity of the following formula of CLQP
:
.
The graphical representation of the ZX-calculus can significantly simplify the proof of the validity of the above formula.
Suppose the function is
, then we have
From the rightmost graph we know that
is satisfied the first qubit is in the
state.
Suppose the function is
, then we have
Apparently,
is satisfied in the rightmost graph.
Suppose the function is
, then we have
Note that
is 0. We know that
is satisfied in the rightmost graph.
Suppose the function is
, then we have
Since the absorbing scalar 0 is in the rightmost graph, we know that
is satisfied.
3.2. Quantum Bit Commitment
A bit commitment protocol consists of two phases: commit and opening. In the commit phase, Alice the sender chooses a bit a ( or 1) which she wishes to commit to the receiver Bob. Then Alice presents Bob some evidence about the bit. The committed bit cannot be known by Bob prior to the opening phase. Later, in the opening phase, Alice announces some information for reconstructing a. Bob then reconstructs a bit using Alice’s evidence and announcement. A correct bit commitment protocol will ensure that . A bit commitment protocol is concealing if Bob cannot know the bit Alice committed before the opening phase and it is binding if Alice cannot change the bit she committed after the commit phase.
Quantum bit commitment (QBC) was first proposed by Bennett and Brassard in 1984 [
34]. In a QBC protocol, quantum operation and communication are used to ensure the concealing and binding property. In the literature [
35,
36,
37], it is acknowledged that a general model of QBC protocols should at least includes the following ingredients:
The Hilbert space required to describe the protocol is the tensor product of the Hilbert spaces that play a role in the protocol.
The total system is initially in a pure state.
Every action taken by a party corresponds to that party performing a unitary operation on the systems in his/her possession.
Every communication corresponds to a party sending a subset of the systems in his/her possession to the other party.
Bearing this common knowledge in mind, a rigorous and simple formalization of quantum bit commitment is given as follows.
Definition 4. A quantum bit commitment protocol consists of the following:
- 1.
Two finite dimensional Hilbert spaces A and B.
- 2.
Two pure states .
- 3.
A completely positive map on such that is orthogonal to .
This formalization provides a high level description of quantum bit commitment. Initially, Alice (possibly with the help of Bob) prepares a state or of quantum system depending on the value of Alice’s bit. (Note that and are not the initial state of the QBC protocol, but the final state of the commit phase. Starting from a pure state, a commit phase may involve many rounds of actions and communications). Alice sends or to Bob to perform the commitment. At the opening stage, Alice sends the rest sub-state of or to Bob to allow him to verify her commitment. Bob applies the completely positive map to determine Alice’s commitment. The QBC protocol is concealing if . It is binding if there is no unitary map U on A such that .
In CLQP, the concealing property of the QBC protocol can be characterized by the validity of the following formula:
Here
and
are respectively the propositional constant that characterized the state
and
. The universality of the ZX calculus ensures that
and
can be characterized in CLQP. The validity of this formula implies that
, which further entails that
. It seems the binding property cannot be characterized by formulas of CLQP. However, we can still use the ZX-calculus to prove non-binding since the ZX-calculus is universal and sound.
4. Conclusions and Future Work
In this paper we introduce the basic ideas of the categorical logic of quantum programs. We present the syntax, semantics and proof system of this logic and demonstrate its usage in the formal verification of quantum programs and protocols. In a nutshell, CLQP is an extension of LQP with a universal set of constant symbols and iteration ∗.
Our long-term goal is to develop CLQP as a powerful tool for the verification of quantum programs and protocols. In the recent future, we will study the decidability and complexity of CLQP. We will also apply CLQP to the formal verification of more complicated quantum programs and protocols, for example the HHL algorithm in quantum machine learning. The semantics of CLQP presented in this paper is based on pure quantum states. The development of mixed-state semantics is in our agenda.