Analysis of a Quantum Error Correcting Code using Quantum Process Calculus
We describe the use of quantum process calculus to describe and analyze quantum communication protocols, following the successful field of formal methods from classical computer science. The key idea is to define two systems, one modelling a protocol and one expressing a specification, and prove that they are behaviourally equivalent. We summarize the necessary theory in the process calculus CQP, including the crucial result that equivalence is a congruence, meaning that it is preserved by embedding in any context. We illustrate the approach by analyzing two versions of a quantum error correction system.
Quantum process calculus is a generic term for a class of formal languages with which to describe and analyze the behaviour of systems that combine quantum and classical computation and communication. Quantum process calculi have been developed as part of a programme to transfer ideas from the field of formal methods, well established within classical computer science, to quantum systems. The field of formal methods provides theories, methodologies and tools for verifying the correctness of computing systems, usually systems that involve concurrent, communicating components. The motivation for developing quantum formal methods is partly to provide a conceptual understanding of concurrent, communicating quantum systems, and partly to support the future development of tools for verifying the correctness of practical quantum technologies such as cryptosystems.
Our own approach is based on a particular quantum process calculus called Communicating Quantum Processes (CQP), developed by Gay and Nagarajan . Recent work on CQP has addressed the question of defining behavioural equivalence between processes, which formalizes the idea of observational indistinguishability. The aim is to support the following methodology for proving correctness of a system. First, define , a process that models the system of interest. Second, define , a simpler process that directly expresses the desired behaviour of . Third, prove that these two processes are equivalent, meaning indistinguishable by any observer: . This approach works best when the notion of equivalence is a congruence, meaning that it is preserved by inclusion in any environment. While there have been several attempts to define a congruence for a quantum process calculus, the problem has only recently been solved: for CQP, reported in Davidson’s PhD thesis , and independently for qCCS by Feng et al. .
The present paper begins in Section 2 by reviewing the language of CQP and illustrating it with a model of a quantum error correcting code. Section 3 then summarizes the theory of behavioural equivalence for CQP, which has not previously been published other than in Davidson’s thesis, and applies it to the error correcting code. Section 4 analyzes the system in the presence of errors that cannot be corrected. Finally, Section 5 concludes with an indication of directions for future work. The contributions of the paper are the first publication of the definition of a congruence for CQP, and the application of CQP congruence to examples beyond the teleportation and superdense coding systems that have been considered previously.
Lalire  defined a probabilistic branching bisimilarity for the process calculus QPAlg, based on the branching bisimilarity of van Glabbeek and Weijland , but it was not preserved by parallel composition. Feng et al.  developed qCCS and defined strong and weak probabilistic bisimilarity. Their equivalences are preserved by parallel composition with processes that do not change the quantum context. A later version of qCCS  excluded classical information and introduced the notion of approximate bisimilarity as a way of quantifying differences in purely quantum process behaviour. Their strong reduction-bisimilarity is a congruence is not sufficient for the analysis of most interesting quantum protocols, as the language does not include a full treatment of measurement. In recent work, Feng et al.  define a new version of qCCS and prove that weak bisimilarity is a congruence. They apply their result to quantum teleportation and superdense coding. The details of their equivalence relation are different from our full probabilistic branching bisimilarity, and a thorough comparison awaits further work.
The work presented in this paper contrasts with previous work on model-checking quantum systems. The QMC (Quantum Model-Checker) system [8, 9] is able to verify that a quantum protocol satisfies a specification expressed in a quantum logic, by exhaustively simulating every branch of its behaviour. The use of logical formulae is known as property-oriented specification, in distinction to the process-oriented specifications considered in the present paper. Because of the need for efficient simulation, QMC uses the stabilizer formalism  and is limited to Clifford group operations. Nevertheless, this is sufficient for the analysis of a simple error correcting code, and such an analysis appears in . There are two main advantages of the process calculus approach. First, because we are using pen-and-paper reasoning rather than computational simulation, there is no restriction to stabilizer states. Second, the fact that equivalence is a congruence means that we can use equational reasoning to deduce further equivalences, whereas in the model-checking approach we only obtain the particular fact that is checked. The disadvantage of the process calculus approach is that, unlike the situation for classical process calculus, equivalence-checking has not yet been automated.
2 Communicating Quantum Processes (CQP)
CQP  is a process calculus for formally defining the structure and behaviour of systems that combine quantum and classical communication and computation. It is based on pi-calculus [13, 14], with the addition of primitive operations for quantum information processing. The general picture is that a system consists of a number of independent components, or processes, which can communicate by sending data along channels. In particular, qubits can be transmitted on channels. One of the distinctive features of CQP is its type system, which ensures that operations can only be applied to data of the appropriate type. The type system is also used to enforce the view of qubits as physical resources, each of which has a unique owning process at any given time. If a qubit is send from to , then ownership is transferred and can no longer access it. Although typing is important, we will not discuss it in detail in the present paper; however, our CQP definitions will include type information because it usually forms useful documentation. Also, in the present paper, we will not give a full formal definition of the CQP language. Instead, in the next section, we will explain it informally in relation to our first model of a quantum error correction system.
2.1 Error Correction: A First Model
Our model of a quantum error correction system consists of three processes: , and . wants to send a qubit to over a noisy channel, represented by . She uses a simple error correcting code based on threefold repetition [15, Chapter 10]. This code is able to correct a single bit-flip error in each block of three transmitted qubits, so for the purpose of this example, in each block of three qubits, either applies to one of them or does nothing. uses the appropriate decoding procedure to recover ’s original qubit. The CQP definition of is as follows.
is parameterized by two channels, and . In order to give a general definition independent of the qubit to be sent to , she will receive the qubit on channel . The type of is , which is the type of a channel on which each message is a qubit. Channel is where sends the encoded qubits. Each message on consists of three qubits, as indicated by the type .
The right hand side of the definition specifies ’s behaviour. The first term, , allocates two fresh qubits, each in state , and gives them the local names and . Then follows a sequence of terms separated by dots. This indicates temporal sequencing, from left to right. specifies that a qubit is received from channel and given the local name . The term specifies that the operation is applied to qubits and ; the next term is similar. These operations implement the threefold repetition code: if the intial state of is (respectively, ) then the state of becomes (respectively, ). In general, of course, the initial state of may be a superposition, and then so will be the final state of . Finally, the term means that the qubits are sent as a message on channel . The term simply indicates termination.
We model a noisy quantum channel by the process , which receives three qubits from channel (connected to ) and sends three (possibly corrupted) qubits on channel (connected to ). has four possible actions: do nothing, or apply to one of the three qubits. These actions are chosen with equal probability. We produce probabilistic behaviour by introducing fresh qubits in state , applying to put them into state , and then measuring in the standard basis. The definition of is split into two sub-processes, of which the first, , produces two random classical bits and sends them to the second, , on channel . This programming style, using internal messages instead of assignment to variables, is typical of pi-calculus.
The process receives three qubits from channel , and two classical bits from channel . It interprets the classical bits, locally named and , as instructions for corrupting the qubits. This uses appropriate Boolean combinations of and to construct conditional quantum operations such as .
The complete process consists of and in parallel, indicated by the vertical bar. Channel is designated as a private local channel; this is specified by . This construct comes from pi-calculus, where it can be used to dynamically create fresh channels, but here we are using it in the style of older process calculi such as CCS, to indicate a channel with restricted scope. Putting and in parallel means that the output on in synchronizes with the input on in , so that data is transferred.
consists of and , where receives the qubits and measures the error syndrome, and applies the appropriate correction. An internal channel is used to transmit the result of the measurement, as well as the original qubits, again in pi-calculus style. After correcting the error in the group of three qubits, reconstructs a quantum state in which qubit has the original state received by and is separable from the auxiliary qubits. Finally, outputs on channel .
The overall effect of the error correcting system is to input a qubit from channel and output a qubit, in the same state, on channel , in the presence of noise. The complete system is defined as follows.
When we consider correctness of the error correction system, we will prove that is equivalent to the following identity process, which by definition transmits a single qubit faithfully.
2.2 Semantics of CQP
The intended behaviour of the processes in the error correction system was described informally in the previous section, but in fact the behaviour is precisely specified by the formal semantics of CQP. In this section we will explain the formal semantics, although without giving all of the definitions. Full details can be found in Davidson’s PhD thesis .
In classical process calculus, the semantics is defined by labelled transitions between syntactic process terms. For example, a process of the form , where is some continuation process, has the transition
The label indicates the potential interaction of the process with the environment. In order for this potential interaction to become an actual step in the behaviour of a system, there would have to be another process, ready to receive on channel . A suitable process is , where is some continuation process. The labelled transition representing the potential input is
Here stands for any possible input value, and means with the value substituted for the variable . If these two processes are put in parallel then each has a partner for its potential interaction, and the input and output can synchronize, resulting in a transition which represents a single step of behaviour:
The complete definition of the semantics takes the form of a collection of labelled transition rules. Transition (1) becomes a general rule for output if the value is replaced by a general value . Transition (2) is a general rule for input. The interaction between input and output is defined by the rule
which specifies that if the transitions above the line (hypotheses) are possible then so is the transition below the line (conclusion). Full details of this style of semantics, in relation to pi-calculus, can be found in [13, 16].
To define the semantics of a quantum process calculus such as CQP, we need to include a representation of the quantum state. Because of entanglement, the quantum state is a global property. It also turns out to be necessary to specify which qubits in the global quantum state are owned by (i.e. accessible to) the process term under consideration. We work with configurations such as
This configuration means that the global quantum state consists of two qubits, and , in the specified state; that the process term under consideration has access to qubit but not to qubit ; and that the process itself is . Now consider a configuration with the same quantum state but a different process term:
The parallel composition of these configurations is the following:
where the quantum state is still the same.
The semantics of CQP consists of labelled transitions between configurations, which are defined in a similar way to classical process calculus. For example, configuration (3) has the transition
The quantum state is not changed by this transition, but because qubit is output, the continuation process no longer has access to it; the final configuration has an empty list of owned qubits.
Previous papers on CQP [6, 7] defined the semantics in a different style. Instead of labelled transitions there were reductions, corresponding to transitions, and these were defined directly. However, although reduction semantics allows the behaviour of a complete system to be defined, labelled transitions and their interpretation as potential interactions are necessary in order to define equivalence between processes, which is the focus of the present paper.
As well as the different style of definition used in previous work, there is a very significant difference in the way that the semantics treats quantum measurement. In the original reduction semantics of CQP, a measurement leads to a probability distribution over configurations, which at the next step reduces probabilistically to one particular configuration. But in order for equivalence of processes to have the crucial property of congruence, the semantics must incorporate a more sophisticated analysis of measurement, in which mixed configurations play an essential role.
If the result of a quantum measurement is not made available to an observer then the system is considered to be in a mixed state, but it is not sufficient to simply write a mixed quantum state in a configuration. In general the mixture includes the process term, because the measurement result occurs within the term.
This transition represents the effect of a measurement, within a process which is going to output the result of the measurement; the output, however, is not part of the transition, which is why it is a transition and the process term on the right still contains . The configuration on the left is a pure configuration, as described before. On the right we have a mixed configuration in which the ranges over the possible outcomes of the measurement and the are the weights of the components in the mixture. The quantum state corresponds to the measurement outcome. The expression is not a -calculus function, but represents the fact that the components of the mixed configuration have the same process structure and differ only in the values corresponding to measurement outcomes. The final term in the configuration, , shows how the abstracted variable should be instantiated in each component. Thus the represents a term into which expressions may be substituted, which is the reason for the notation. So the mixed configuration is essentially an abbreviation of
If a measurement outcome is output then it becomes apparent to an observer which of the possible states the system is in. This is represented by probabilistic branching, after which we consider that system to be in one branch or the other — it is no longer a mixture of the two. Example 2 shows the effect of the output from the final configuration of Example 1. The output transition produces the intermediate configuration, which is a probability distribution over pure configurations (in contrast to a mixed configuration; note the change from to ). Because it comes from a mixed configuration, the output transition contains a set of possible values. From the intermediate configuration there are two possible probabilistic transitions, of which one is shown ().
Measurement outcomes may be communicated between processes without creating a probability distribution. In these cases an observer must still consider the system to be in a mixed configuration. In Example 3 there is a mixed configuration on the left, with arbitrary weights , which we imagine to have been produced by a measurement. However, there is now a receiver for the output. Although there is no difference in process between the two components of the mixed configuration, we include it in the because the communication will propagate the different possible values for to .
The full definition of the labelled transition semantics covers more complex possibilities. For example, if incomplete information about a measurement is revealed, the resulting configuration is in general a probability distribution over mixed configurations. The aspects of the semantics that are relevant to the present paper will be illustrated further in relation to the error correction example. Now we define some notation.
There are two types of transition: probabilistic transitions which take the form where , and non-deterministic transitions which have the general form where and is an action. The notation denotes a probability distribution over configurations in which . If there is only a single configuration (with probability 1) we omit the probability, for example .
The separation of probabilistic and non-deterministic transitions avoids the need to consider non-deterministic and probabilistic transitions from the same configuration. The relations and induce a partition of the set of configurations into non-deterministic configurations and probabilistic configurations : let ; and let . By this definition a configuration with no transitions belongs to . This notation will be used in Section 3.
2.3 Execution of QECC
We show the interesting steps in one possible execution of QECC, omitting the declarations from the process terms to reduce clutter. The semantics of CQP is non-deterministic, so transitions can proceed in a different order; the order shown here is chosen for presentational convenience. The initial configuration is . In the first few steps, the processes execute terms, constructing a global quantum state:
receives qubit , in state , from the environment, via transition , which expands the quantum state. We now abbreviate the list of qubits to . After some transitions corresponding to ’s operations, we have:
( has already done its ). The output on interacts with the input on in . Meanwhile, the measurements in produce a mixed configuration because the results are communicated internally, to :
After transitions from the controlled operations, we can write the mixed configuration explicitly:
The remaining transitions operate within the mixed configuration. In each component of the mixture, the measurement of by has a deterministic outcome, so no further mixedness is introduced. Eventually we have a mixed configuration in which the process term is the same, , in every component, so we can just consider the mixed state, which is
The mixture over is the residue of the random choice made by , and the dependence of and on is because ’s measurement recovers the values of and (which is what allows the error to be corrected). In this final mixed state, the reduced density matrix of , which is what we are interested in when is output, is the same as the original density matrix of .
3 Behavioural Equivalence of CQP Processes
The process calculus approach to verification is to define a process which models the system of interest, another process which expresses the specification that should satisfy, and then prove that and are equivalent. Usually is defined in a sufficiently simple way that it can be taken as self-evident that it accurately represents the desired specification.
What do we mean by equivalent? The idea is that two processes are equivalent if their behaviour is indistinguishable by an observer. That is, if they do the same thing in the same circumstances. Equivalence relations in this style are generically called behavioural equivalences. Suppose that is an equivalence relation on processes. The ideal situation is for to have a further property called congruence, which means that it is preserved by all of the constructs of the process calculus. A convenient way to express this property involves the notion of a process context . This is a process term containing a hole, represented by , into which a process term may be placed. For example, is a context, and putting the process into the hole results in the process .
An equivalence relation on processes is a congruence if
This definition of congruence corresponds to the idea that observers are themselves expressed as processes. Congruence, in addition to the property of being an equivalence relation, is what is required in order to allow equational reasoning about equivalence of processes. It means that if a system satisfies its specification, then it continues to satisfy its specification no matter what environment it is placed in.
From the beginning of the study of quantum process calculus, the aim was to define a behavioural equivalence with the congruence property. This was not straightforward and took several years to achieve; Lalire  describes an unsuccessful attempt. Recently the congruence problem has been solved by the first three authors of the present paper  for CQP and, independently, by Feng et al.  for qCCS.
We will now present the concept of bisimilarity, which is the main approach to behavioural equivalence, and then define a particular form of bisimilarity, called probabilistic branching bisimilarity, which is a congruence for CQP.
3.1 Strong Bisimilarity
The basic idea of bisimilarity is that if two processes are equivalent then any labelled transition by one can be matched by the other, and the resulting processes are again equivalent. It is worth presenting the definition of the prototypical example, strong bisimilarity , as a model for later definitions. The most general setting for the definition is to consider a labelled transition system, which consists of a set of states and a three-place relation on , written . A labelled transition system can be regarded as a labelled directed graph whose vertices are the states. We will consider relations on the set of states. The definition of strong bisimilarity proceeds in two stages. First we define the property of strong bisimulation, which a particular relation might or might not have.
Definition 2 (Strong Bisimulation)
A relation is a strong bisimulation if whenever then for all labels , both
if then and , and
if then and .
For a given labelled transition system there are many relations that have the property of strong bisimulation, including (trivially) the empty relation. The key idea is to define strong bisimilarity to be the union of all strong bisimulations, or equivalently the largest strong bisimulation. In other words, and are strong bisimilar (denoted ) if and only if there exists a bisimulation such that .
3.2 Probabilistic Branching Bisimilarity
One of the characteristics of strong bisimilarity is that it is a stronger relation than trace equivalence; it is possible for two processes to generate the same sequences of labels, but not be strong bisimilar. Strong bisimilarity depends on the branching structure of the processes as well as on their sequences of labels. Another characteristic is that every transition must be matched exactly, including transitions. However, because they arise from internal communications, it is often undesirable to insist that equivalent processes must match each other’s transitions. Hence weaker variations of bisimilarity have been defined, including weak bisimilarity , which ignores transitions, and branching bisimilarity , which reduces the significance of transitions but retains information about their branching structure.
When considering equivalences for quantum process calculus, it is necessary to take probability into account; even with the treatment of mixed configurations described in Section 2, there is probabilistic behaviour when measurement results are revealed to the observer. There are several varieties of probabilistic bisimilarity for classical probabilistic process calculi, including probabilistic branching bisimilarity . The equivalence for CQP defined by Davidson , which turns out to be a congruence, is a form of probabilistic branching bisimilarity, adapted to the situation in which probabilistic behaviour comes from quantum measurement. A key point is that when considering matching of input or output transitions involving qubits, it is the reduced density matrices of the transmitted qubits that are required to be equal.
Although we did not present the full definition of the labelled transition semantics for CQP, we will now define probabilistic branching bisimilarity in full. In Section 3.4, the definition will be applied to the error correction example. The definitions in the remainder of this section are from Davidson’s thesis .
Notation: Let denote zero or one transitions; let denote zero or more transitions; and let be equivalent to . We write for a list of qubit names, and similarly for other lists.
Definition 3 (Density Matrix of Configurations)
Let and and and . Then
We also introduce the notation to denote the reduced density matrix of the environment qubits. Formally, if then where . The definition of is extended to mixed configurations in the same manner as .
Again let be the set of configurations. The probabilistic function is defined in the style of . It allows non-deterministic transitions to be treated as transitions with probability , which is necessary when calculating the total probability of reaching a terminal state. if ; if and ; otherwise.
Definition 4 (Probabilistic Branching Bisimulation)
An equivalence relation on configurations is a probabilistic branching bisimulation on configurations if whenever the following conditions are satisfied.
If and then such that with and .
If where and then such that with
for each , .
for each , .
If then such that with and .
If then for all classes .
This relation follows the standard definition of branching bisimulation  with additional conditions for probabilistic configurations and matching quantum information. In condition II we require that the distinct set of values must match and although the qubit names ( and ) need not be identical, their respective reduced density matrices ( and ) must.
Condition IV provides the matching on probabilistic configurations following the approach of . In this relation, a probabilistic configuration which necessarily evolves from an output will satisfy IV if the prior configuration satisfies II d). It is necessary to include the latter condition to ensure that the probabilities are paired with their respective configurations.
Naturally this leads to the following definition of bisimilarity on configurations.
Definition 5 (Probabilistic Branching Bisimilarity)
Configurations and are probabilistic branching bisimilar, denoted , if there exists a probabilistic branching bisimulation such that .
What we really want is equivalence of processes, independently of configurations (i.e. independently of particular quantum states).
Definition 6 (Probabilistic Branching Bisimilarity of Processes)
Processes and are probabilistic branching bisimilar, denoted , if and only if for all , .
For convenience, in the remainder of this paper bisimilarity will refer to probabilistic branching bisimilarity and it will be clear from the context whether this is the relation on processes or configurations. The same symbol, , is used for both relations.
It turns out that probabilistic branching bisimilarity is not a congruence because it is not preserved by substitution of values for variables, which is significant because of the use of substitution to define the semantics of input. We therefore define a stronger relation, full probabilistic branching bisimilarity, which is the closure of probabilistic branching bisimilarity under substitutions.
Definition 7 (Full probabilistic branching bisimilarity)
Processes and are full probabilistic branching bisimilar, denoted , if for all substitutions and all quantum states , .
We are now able to state the main result of .
Theorem 1 (Full probabilistic branching bisimilarity is a congruence)
If then for any context , if and are typable then .
The condition that and are typable is used to ensure that the context does not manipulate qubits that are owned by or .
3.3 Mixed Configurations and Congruence
A simple example will illustrate why the congruence result depends crucially on the use of mixed configurations. Consider the processes
and are probabilistic branching bisimilar, because in any quantum state they can match each other’s transitions. For input transitions this is because they can both input a single qubit, and for output transitions it is trivial because neither process produces any output. The actions within each process produce transitions, which are absorbed into the input transitions according to the definition of probabilistic branching bisimulation.
Now consider and in parallel with in the quantum state . That is, consider the configurations
The interesting situation is when the measurement in or occurs before the output in . Imagine, first, that the semantics of CQP handles the measurement by producing a probability distribution; recall that this is not the actual semantics of measurement. In the quantum state before the measurement is and the state after the measurement is either or with equal probability. The qubit output by has reduced density matrix or . In the quantum state before the measurement is and the state after the measurement is either or with equal probability. The qubit output by has reduced density matrix or . It is therefore impossible for and to match each other’s outputs.
Actually, of course, the semantics of CQP does not produce a probability distribution in this case, because the result of the measurement is not output. Instead, from we get the mixed configuration
and from we get the mixed configuration
The calculation of the reduced density matrix of the qubit output by , taking into account the contributions of each component of the mixed configuration, gives in both cases. This enables and to match each other’s outputs, and in fact (although we do not show it here), it is straightforward to construct a probabilistic branching bisimulation relation containing .
3.4 Correctness of QECC
We now sketch the proof that , which by Theorem 1 implies that the error correction system works in any context. An interesting consequence is that the qubit being transmitted may be part of any quantum state, meaning that it is correctly transmitted with error correction even if it is entangled with other qubits; the entanglement is also preserved by the error correction system. This property of error correction, although easily verified by hand, is not usually stated explicitly in the literature.
Proof: First we prove that , by defining an equivalence relation that contains the pair for all and is closed under their transitions. is defined by taking its equivalence classes to be the defined below, for all states . The idea is to group configurations according to the sequences of observable transitions leading to them. is also parameterized by the input qubit, as this affects the output qubit and hence the equivalence class.