Open this lesson in your favourite AI. It'll walk you through the why, explain the demo, and quiz you on the try-it list.
Every conversation about post-quantum cryptography eventually bottoms out at the question 'what can a quantum computer actually compute, and on what?' The answer starts with the qubit. A qubit is not a probabilistic bit — it is a unit vector in a two-dimensional complex Hilbert space, and that single change in the state space is what makes Shor's algorithm possible and RSA fragile. If you treat as 'a coin that's 70% heads' you will arrive at every wrong intuition about quantum speedups. Get the linear-algebraic picture concrete now and the rest of this course — superposition, entanglement, Shor, lattice schemes that survive — will land cleanly. Choosing which cryptographic primitives survive quantum computing is fundamentally a question of which mathematical problems remain hard for this model of computation, and you cannot judge hardness against a model you do not understand.
A qubit is a unit vector in . The two computational basis states are and . Any pure qubit state is a complex linear combination with the normalisation constraint . The numbers are called probability amplitudes, not probabilities — they can be negative, complex, and interfere.
Use these three in order. Each builds on the one before.
In one paragraph, explain what a qubit is to someone who knows what a classical bit is. Be precise about what's in $\mathbb{C}^2$, what 'normalised' means, and why $\alpha, \beta$ are called amplitudes rather than probabilities.
Walk me step by step through how a single-qubit state $|\psi\rangle = \alpha|0\rangle + \beta|1\rangle$ encodes information. What does the column vector look like? What does the constraint $|\alpha|^2 + |\beta|^2 = 1$ geometrically mean? Why are amplitudes complex, not real?
Given two single-qubit states $|\psi_1\rangle = \alpha|0\rangle + \beta|1\rangle$ and $|\psi_2\rangle = \alpha|0\rangle - \beta|1\rangle$, they are *not* the same state but produce identical statistics if I measure in the $\{|0\rangle, |1\rangle\}$ basis. Explain how a quantum algorithm like Shor's exploits this distinction — i.e. why classical probabilistic computers cannot simulate this efficiently.
// main.go
// go run main.go
package main
import (
"fmt"
"math"
"math/cmplx"
)
func main() {
ket0 := [2]complex128{1, 0}
ket1 := [2]complex128{0, 1}
// A normalised superposition: |psi> = (|0> + i|1>) / sqrt(2)
alpha := complex(1/math.Sqrt(2), 0)
beta := complex(0, 1/math.Sqrt(2))
psi := [2]complex128{
alpha*ket0[0] + beta*ket1[0],
alpha*ket0[1] + beta*ket1[1],
}
fmt.Printf("|psi> = [%v %v]\n", psi[0], psi[1])
fmt.Printf("|alpha|^2 + |beta|^2 = %g\n", cmplx.Abs(alpha)*cmplx.Abs(alpha)+cmplx.Abs(beta)*cmplx.Abs(beta))
inner := psi[0]*cmplx.Conj(psi[0]) + psi[1]*cmplx.Conj(psi[1])
fmt.Printf("inner product <psi|psi> = %g\n", real(inner))
}go run main.go