QuantumLab Beginner — Learn Quantum Computing Visually

Math Prerequisites

The minimum math you need to read the rest of the lab. No proofs — just the notation and the rules of the game. If you've seen complex numbers and matrix multiplication, you already know almost everything here.

1 · Vectors — column form & Dirac notation

A quantum state is just a list of complex numbers (a vector). For a single qubit the list has length 2.

|ψ⟩ =

αβ

= α|0⟩ + β|1⟩

The "ket" |ψ⟩ is a column vector. Its conjugate-transpose is the "bra" ⟨ψ| = (α*, β*). The inner product ⟨φ|ψ⟩ is a single complex number. A state is normalised when ⟨ψ|ψ⟩ = |α|² + |β|² = 1.

⟨ψ|ψ⟩ = α*·α + β*·β = |α|² + |β|² = 1

2 · Complex numbers

A complex number is z = a + bi where i² = −1. We use them because quantum amplitudes carry a phase as well as a magnitude.

Conjugate

z* = a − bi

Modulus²

|z|² = z·z* = a² + b²

Polar form

z = r·e^iθ = r(cos θ + i sin θ)

Multiplication

e^iα·e^iβ = e^i(α+β)

Born-rule probabilities use |amplitude|², so an overall phase e^iθ on a state is unobservable — only relative phases matter.

3 · Operators & matrices

An operator is a linear map that takes a vector and returns another vector. On a single qubit it is a 2×2 matrix.

A|ψ⟩ =

abcd

·

αβ

=

aα + bβcα + dβ

Composition is just matrix multiplication. A·B means "apply B first, then A". Order matters: in general AB ≠ BA.

4 · Hermitian operators & eigenvalues

The adjoint A^† ("A-dagger") is the conjugate-transpose. A matrix is Hermitian when A^† = A. Hermitian operators represent every observable in QM (energy, spin, position, …).

Eigenvalue equation

A|v⟩ = λ|v⟩

Hermitian property

A^† = A ⇒ eigenvalues λ are real

Example. The Pauli-Z operator is Hermitian. Its eigenvalues are ±1; its eigenvectors are |0⟩ (eigenvalue +1) and |1⟩ (eigenvalue −1). Measuring "Z" returns one of those two real numbers — never anything else.

5 · Unitary operators

A matrix U is unitary when U^†U = I. Geometrically, U preserves lengths: ⟨Uψ|Uψ⟩ = ⟨ψ|ψ⟩. So unitary evolution always keeps a normalised state normalised — total probability stays 1.

Defining property

U^†U = U·U^† = I

Reversible

U⁻¹ = U^†

Every quantum gate (X, Y, Z, H, CNOT, …) is unitary. That's why quantum computation is reversible — the only step that isn't is measurement.

The Five Postulates of Quantum Mechanics

The whole edifice of QM rests on five short rules. Everything that follows in this lab — superposition, entanglement, measurement, gates, algorithms — is just these postulates being applied carefully.

① State vector lives in a Hilbert space

The complete state of an isolated quantum system is described by a unit vector |ψ⟩ in a complex Hilbert space ℋ (a complex inner-product space that's closed under limits).

|ψ⟩ ∈ ℋ with ⟨ψ|ψ⟩ = 1

For one qubit, ℋ = ℂ² (two complex amplitudes). For n qubits, ℋ = ℂ²ⁿ — the Hilbert space grows exponentially in qubit count. That exponential room is the resource quantum computers exploit.

② Time evolution is unitary

An isolated (no-measurement) quantum system evolves through a unitary operator U. Discretely:

|ψ(t₁)⟩ = U·|ψ(t₀)⟩, with U^†U = I

Continuously, the Schrödinger equation:

i ℏ d|ψ⟩/dt = H |ψ⟩

Here H is the system's Hamiltonian (a Hermitian operator — the observable for energy). Quantum gates are nothing more than carefully chosen unitary U's applied for finite time.

③ Observables are Hermitian operators

Every physically measurable quantity (energy, position, spin, …) is represented by a Hermitian operator A on ℋ. The only possible outcomes of a measurement are the eigenvalues a_i of A.

A |a_i⟩ = a_i |a_i⟩, a_i ∈ ℝ

Example: measuring "spin along Z" uses the Pauli-Z operator with eigenvalues ±1 and eigenvectors |0⟩, |1⟩ — these are the only readings the apparatus can ever produce.

④ Born rule

The probability of measuring outcome a_i on state |ψ⟩ is the squared modulus of the projection of |ψ⟩ onto the corresponding eigenvector:

P(a_i) = |⟨a_i|ψ⟩|²

Probabilities of all possible outcomes sum to 1 because |ψ⟩ is normalised. This is the only non-deterministic ingredient in QM — everything else (states, gates, evolution) is fully deterministic.

⑤ Collapse — projective measurement

Immediately after a measurement that returned outcome a_i, the system's state collapses to the corresponding (normalised) eigenvector:

|ψ⟩ ⟶ |a_i⟩

A second measurement of the same observable will return a_i with certainty (probability 1) — the random part is "spent". Collapse is what makes quantum mechanics non-reversible at the moment of measurement, and it's exactly the rule that lets entanglement look like spooky action at a distance.

Putting it together

Every demo in this lab is some combination of these five rules: ① pick a state, ② apply unitary gates, ③ ④ measure an observable to get an eigenvalue with Born-rule probability, ⑤ the state collapses to that eigenvector. Everything else — entanglement, interference, teleportation, error correction — emerges from how those five steps interact.

Density Matrix

The state-vector |ψ⟩ formalism is elegant but limited: it only describes pure states with perfect knowledge. Real quantum systems are often mixed — entangled with an unknown environment, prepared from a probabilistic ensemble, or partial views of larger systems. The density operator ρ generalises |ψ⟩ to handle pure and mixed states uniformly, and lets us reformulate all five QM postulates in a more powerful language.

Definition

For an ensemble where the system is in pure state |ψᵢ⟩ with probability pᵢ:

ρ = Σᵢ pᵢ |ψᵢ⟩⟨ψᵢ|

Properties

Hermitian

ρ^† = ρ

Trace 1

Tr(ρ) = 1

Positive semi-definite

⟨φ|ρ|φ⟩ ≥ 0 ∀ |φ⟩

Pure vs mixed test

Tr(ρ²) = 1 (pure) ⇔ Tr(ρ²) < 1 (mixed)

Pure state special case

A pure state |ψ⟩ has density matrix:

ρ = |ψ⟩⟨ψ| (a rank-1 projector)

Bloch-sphere representation (single qubit)

Any single-qubit density matrix can be written as:

ρ = ½ ( I + r⃗ · σ⃗ ), r⃗ = (r_x, r_y, r_z), |r⃗| ≤ 1

where σ⃗ = (X, Y, Z) are the Pauli matrices. |r⃗| = 1 → pure state on the Bloch-sphere surface; |r⃗| < 1 → mixed state inside the ball; r⃗ = 0 → maximally mixed ρ = I/2 (no information).

① State postulate (reformulated)

The state of an isolated quantum system is described by a density operator ρ on Hilbert space ℋ, satisfying:

ρ = ρ^†, ρ ≥ 0, Tr(ρ) = 1

Generalises the pure-state postulate (|ψ⟩ ∈ ℋ with ⟨ψ|ψ⟩ = 1) by allowing classical mixtures and entanglement-induced mixedness. Pure states are the special case where ρ has rank 1.

② Evolution postulate (reformulated)

The density operator of an isolated system evolves by unitary conjugation:

ρ(t₁) = U·ρ(t₀)·U^†

Continuously, the von Neumann equation — the density-matrix analog of Schrödinger's equation:

i ℏ dρ/dt = [ Ĥ, ρ ]

For a pure state ρ = |ψ⟩⟨ψ|, this reduces to the standard Schrödinger evolution. The von Neumann equation also extends naturally to open systems (the Lindblad master equation), where dynamics aren't unitary because the system exchanges information with its environment.

③ Observable postulate (reformulated)

Every measurable quantity is represented by a Hermitian operator A with spectral decomposition:

A = Σᵢ aᵢ Pᵢ, Pᵢ = |aᵢ⟩⟨aᵢ| (eigen-projectors)

Each eigenvalue aᵢ ∈ ℝ is a possible measurement outcome; Pᵢ projects onto the corresponding eigenspace.

Identical to the pure-state version — observables don't depend on how the state is described.

④ Born rule (reformulated)

The probability of measuring outcome aᵢ when the system is in state ρ is given by a trace:

P(aᵢ) = Tr( Pᵢ ρ )

The expectation value of any observable A is:

⟨ A ⟩ = Tr( A ρ )

For a pure state, this reproduces the original rule: P(aᵢ) = ⟨ψ|Pᵢ|ψ⟩ = |⟨aᵢ|ψ⟩|² (just unfold ρ = |ψ⟩⟨ψ| and use cyclicity of trace). The trace formula extends linearly to mixed states for free.

⑤ Collapse postulate (reformulated)

If a projective measurement of A returns outcome aᵢ, the post-measurement state is:

ρ' = Pᵢ ρ Pᵢ / Tr( Pᵢ ρ )

The denominator normalises so that Tr(ρ′) = 1.

For a pure state ρ = |ψ⟩⟨ψ| this reduces to ρ′ = |aᵢ⟩⟨aᵢ| — the familiar collapse to the eigenvector. For a mixed state, only the part of the ensemble consistent with the observed outcome survives. A second measurement of the same observable returns aᵢ with certainty.

Why bother with density matrices?

Mixed states. Thermal states, ensembles, partially-known preparations — none have a single |ψ⟩ representation, but they all have a clean ρ.
Subsystems via partial trace. If a composite system AB is in a pure entangled state, neither A nor B individually is pure. The reduced state ρ_A = Tr_B(ρ_AB) is a mixed density matrix that correctly predicts every local measurement on A.
Open quantum systems. Decoherence is most naturally described by non-unitary evolution of ρ (Kraus operators, Lindblad master equation).
Generalised measurements (POVMs). Beyond projective measurements: outcomes characterised by positive operators {E_i} with Σ E_i = I.
Information theory. Von Neumann entropy S(ρ) = −Tr(ρ log ρ), channel capacities, quantum error correction — all naturally formulated with ρ.

In modern quantum-computing literature, ρ is the default. The pure-state formalism is a friendly entry point, but every advanced topic — from QEC to quantum information theory to noisy-channel analysis — lives in the density-matrix world.

History of Quantum Mechanics

From a "desperate fix" to the blackbody-radiation puzzle in 1900, to a complete relativistic theory in 1928 — the foundations of quantum mechanics were laid in just three decades. Every name on the timeline below earned a Nobel Prize for this work.

Timeline · 1900 → 1928

1900

Planck — quantization of blackbody radiation

Max Planck · Berlin

To explain the spectrum of light emitted by a hot body, Planck assumed the energy of an oscillator can only take discrete values E = nhν. He called it an "act of desperation" — but it introduced the constant h that would define the quantum world. Nobel Prize 1918.

E = h · ν, h ≈ 6.626 × 10⁻³⁴ J·s

1905

Einstein — light quanta & the photoelectric effect

Albert Einstein · Bern

In one of his "annus mirabilis" papers, Einstein argued that light itself comes in discrete packets — photons — to explain why the photoelectric effect depends on a light's frequency, not its intensity. The result earned him the Nobel Prize in 1921 (relativity was still controversial).

E_photon = h · ν

1906

Einstein — specific heat from quantized oscillators

Albert Einstein · Bern

Classical physics (Dulong–Petit law) predicts a constant specific heat for solids, but real materials drop sharply toward zero at low temperature. Einstein modelled each atom in a crystal as an independent quantized harmonic oscillator with E = nhν. At low T, the oscillators get stuck in the ground state and stop absorbing heat — quantitatively explaining the diamond data. The first time quantum theory crossed from radiation into matter.

⟨E⟩ = h ν / ( e^{hν / k_BT} − 1 )

1911

Rutherford — the nuclear atom

Ernest Rutherford · Manchester (gold-foil experiment by Geiger & Marsden, 1909)

Alpha particles fired at thin gold foil mostly passed through, but a few bounced sharply backward. Rutherford concluded the atom is mostly empty space with a tiny dense nucleus. Classically, accelerating electrons in orbit should radiate energy and spiral in — but they don't. The atom was unstable on paper and clearly stable in reality.

1913

Bohr — quantized atomic orbits

Niels Bohr · Copenhagen

Bohr postulated that electrons orbit only at specific, quantized energies and emit/absorb a photon when jumping between levels. The model predicted hydrogen's spectral lines exactly. The first explicit "quantum jump". Nobel Prize 1922.

L = nℏ, E_n = − 13.6 eV / n² (hydrogen)

1922

Stern–Gerlach — discovery of spin

Otto Stern & Walther Gerlach · Frankfurt

A beam of silver atoms passed through an inhomogeneous magnetic field split into exactly two beams — direct evidence that angular momentum is quantized in two values. Later understood as electron spin ±ℏ/2 — there is no classical analogue. Stern: Nobel 1943.

1924

de Broglie — matter waves

Louis de Broglie · Paris (PhD thesis, "Recherches sur la théorie des quanta")

If light has both wave & particle aspects, why not matter? de Broglie proposed every particle has an associated wavelength λ = h/p. Wave-particle duality applies to electrons too. Confirmed in 1927 by the Davisson–Germer electron-diffraction experiment. Nobel Prize 1929.

λ = h / p

1925
June

Heisenberg — the Helgoland "one-man" paper

Werner Heisenberg · Helgoland (recovering from hay fever, alone on the island)

Heisenberg gave up trying to picture electron orbits and worked only with observable quantities — transition amplitudes between energy levels. The mathematics he invented turned out to be matrix multiplication, though he didn't know that yet. Title: "Quantum-theoretical re-interpretation of kinematic and mechanical relations".

1925
Sept

Born & Jordan — the "two-man" paper

Max Born & Pascual Jordan · Göttingen

Born recognised Heisenberg's arrays of numbers as matrices and, with his student Jordan, formalised the theory. They wrote down the canonical commutation relation [x̂, p̂] = iℏ — the algebraic signature of quantum non-commutativity, the heart of the uncertainty principle.

[ x̂, p̂ ] = iℏ

1925
Oct

Uhlenbeck & Goudsmit — electron spin explains Stern–Gerlach

George Uhlenbeck & Samuel Goudsmit · Leiden (graduate students of Ehrenfest)

For three years no one knew what really caused the silver-atom beam to split in two. Uhlenbeck and Goudsmit boldly proposed that the electron itself carries an intrinsic angular momentum of ℏ/2 — what we now call spin — with only two possible projections (±ℏ/2). This retroactively explained Stern–Gerlach AND the anomalous Zeeman effect. Pauli initially mocked the idea (a spinning point particle would need a surface speed faster than light), but the prediction matched experiment too well to ignore.

S_z = ± ℏ / 2, g_s ≈ 2

1925
Nov

Born–Heisenberg–Jordan — the "three-man" paper

Born, Heisenberg, Jordan · Göttingen

The complete matrix-mechanics framework: Zur Quantenmechanik II. The first internally consistent quantum theory. Heisenberg got the Nobel in 1932; Born had to wait until 1954.

1926

Schrödinger — wave mechanics

Erwin Schrödinger · Zurich

Inspired by de Broglie, Schrödinger wrote down a wave equation for the electron. Solving it for hydrogen reproduced Bohr's spectrum naturally, with no quantization assumption. Within months he also proved that his wave mechanics and Heisenberg's matrix mechanics are mathematically equivalent. Nobel Prize 1933 (shared with Dirac).

iℏ · ∂ψ / ∂t = Ĥ ψ

1926

Born — probability interpretation

Max Born · Göttingen

Born proposed that |ψ(x)|² is the probability density for finding a particle at position x. Probabilistic outcomes become a fundamental feature of nature, not a symptom of incomplete knowledge — an idea Einstein never fully accepted ("God does not play dice"). Nobel Prize 1954.

P(x) = | ψ(x) |²

1927

Heisenberg — uncertainty principle

Werner Heisenberg · Copenhagen

A direct consequence of [x̂, p̂] = iℏ: position and momentum can never both be measured to arbitrary precision. The closer you pin one down, the more uncertain the other becomes.

Δx · Δp ≥ ℏ / 2

1927

Dirac — transformation theory unifies wave & matrix mechanics

Paul Dirac · Cambridge

Schrödinger had already shown the two formulations were mathematically equivalent. Dirac went deeper: his transformation theory exhibited both as different "representations" of a single underlying algebraic theory. The modern bra-ket notation (⟨φ|, |ψ⟩) traces back to this work.

1928

Dirac equation — relativistic QM & antimatter

Paul Dirac · Cambridge

By combining quantum mechanics with special relativity, Dirac arrived at a first-order wave equation for the electron. It produced electron spin-½ automatically and predicted negative-energy solutions — interpreted as antimatter. The positron was discovered by Anderson in 1932, confirming the prediction. Nobel Prize 1933 (shared with Schrödinger).

( iℏ γ^μ ∂_μ − mc ) ψ = 0

And after the founding era…

1932 — Anderson detects the positron, vindicating Dirac. John von Neumann publishes Mathematical Foundations of Quantum Mechanics, putting QM on rigorous mathematical footing as operators on a Hilbert space with projective measurement — the language used ever since.
1935 — EPR paradox (Einstein, Podolsky, Rosen) and Schrödinger's cat. The interpretation debates begin in earnest.
1948 — Feynman's path-integral formulation.
1964 — Bell's theorem: local hidden variables are testable, and quantum mechanics violates them. (See Bell's Inequality.)
1969 — CHSH inequality (Clauser, Horne, Shimony & Holt) re-derives Bell's theorem in a form real experiments can actually run: just four correlation measurements on entangled pairs, with the bound |S| ≤ 2 for any local hidden-variable theory.
1972 — Freedman & Clauser perform the first experimental CHSH test using polarization-correlated photons from calcium-atom cascades. The result violates the classical bound — quantum mechanics wins, but several "loopholes" remain.
1981–82 — Alain Aspect's experiments at Orsay close the locality and detection-setting loopholes with switched polarisers, dramatically confirming Bell/CHSH violation.
2015 — First loophole-free Bell tests (Hensen et al., Delft; Giustina et al.; Shalm et al.) — definitively rule out local realism.
1980s+ — Feynman, Deutsch & others propose quantum computers.
1994 — Shor's algorithm. 1996 — Grover's algorithm.
2019 — Google claims "quantum supremacy" with the 53-qubit Sycamore.
2022 — Aspect, Clauser & Zeilinger share the Nobel Prize for their Bell-test experiments.

Qubits — the building block

A classical bit is either 0 or 1. A qubit can be 0, 1, or a blend of both at once — a superposition. Tap the toggle to feel it.

Try it · Bloch sphere toggle

|0⟩

|1⟩

Click a state above.

Mini quiz

Bloch Sphere

The Bloch sphere is the standard 3D picture of a single qubit. Every pure state maps to a unique point on the unit sphere:

|ψ⟩ = cos(θ/2)·|0⟩ + e^iφ·sin(θ/2)·|1⟩

θ (polar) is the angle from the |0⟩ pole; φ (azimuth) is the angle around the equator. Drag the sliders or apply gates to watch the state vector rotate.

⚡ Spinor twist. Slide θ past 360° and into the 360°–720° range to see one of the strangest features of spin-½ systems: the Bloch vector returns to where it started after a 2π rotation, but the state vector picks up a global −1 phase. Only a 4π (720°) rotation brings the state truly back to itself. That's the spinor property — observable in interferometry experiments with neutrons.

Try it · Rotate the qubit

|0⟩ |1⟩ |+⟩ |−⟩ |+i⟩ |−i⟩

θ (polar): 0° (0–720° spans two spinor cycles) φ (azimuth): 0°

Apply gate:

Preset:

View rotation: drag the sphere

Superposition

Until measured, a qubit can be a mix of |0⟩ and |1⟩. Each outcome has a probability that adds up to 100%. Move the slider to change the balance.

Try it · Probability slider

P(0) = 50%

P(1) = 50%

Mini quiz

Entanglement

Two qubits can be linked so that measuring one instantly tells you about the other — even if they are far apart. This is the magical Bell-state correlation.

Try it · Bell pair

Qubit A

?

Qubit B

?

Press “Measure A” — both will collapse to the same value.

State vector

|Φ⁺⟩ = 1√2·|00⟩ + 1√2·|11⟩

An equal superposition of |00⟩ and |11⟩. The cross-terms |01⟩ and |10⟩ have amplitude 0 — that's the entanglement.

Mini quiz

Bell's Inequality

If the world were ruled by local hidden variables (every qubit secretly carrying its own pre-decided answer), the CHSH quantity |S| could never exceed 2. Real entangled qubits reach up to 2√2 ≈ 2.828. Run the experiment below and watch quantum mechanics break the classical ceiling.

Try it · CHSH experiment

A Bell pair |Φ⁺⟩ is shared between Alice and Bob. Each trial they independently pick a measurement angle at random — Alice from {a₀ = 0°, a₁ = 90°}, Bob from {b₀ = 45°, b₁ = 135°}. We tally same-vs-different outcomes per setting pair and compute the correlation E(aᵢ,bⱼ) = (#same − #diff) / N.

S = E(a₀,b₀) − E(a₀,b₁) + E(a₁,b₀) + E(a₁,b₁) = 0.000 · |S| = 0.000

0 2 classical bound 2√2 quantum bound 4

Press a button to start.

Quantum prediction: |S| → 2√2 ≈ 2.828. Classical max: |S| ≤ 2.

Measurement

Measuring a qubit forces it to choose: 0 or 1. The probabilities decide how often each appears. Run many measurements and watch the pattern emerge.

Try it · Repeated measurement

P(1) = 50%

Counts — zeros: 0 ones: 0

Mini quiz

Quantum Gates Reference

Gates are the building blocks of quantum circuits — small unitary (reversible) operations that rotate qubit states. Each single-qubit gate is a 2×2 matrix; two-qubit gates are 4×4. Hover or scroll the cards below to see each gate's symbol, matrix, effect, and intuition.

Gate library

Quantum Circuits

A circuit is a sequence of gates applied to qubits, executed left to right.

Tips: drag a gate from the palette onto a wire, or click the gate then click a wire. CNOT & CZ are 2-qubit gates — drop them twice, on two different wires (control + target). Right-click a placed Rx/Ry/Rz gate to change its angle. Left-click any placed gate to remove it.

Try it · Circuit builder

Pick a gate, then click a wire to place it.

Probabilities State: |00⟩

Show numeric values

|00⟩  100.00%

Mini quiz

Phase Kickback

One of the most beautiful tricks in quantum computing: a gate that's "controlled by" the control qubit can end up changing the control itself instead of the target. This effect powers Deutsch–Jozsa, phase estimation, and Shor's algorithm.

Rule of thumb: if the target is in an eigenstate |u⟩ of the controlled operation U, with U|u⟩ = e^iφ|u⟩, then the phase e^iφ "kicks back" onto the control's |1⟩ branch. The target stays put — the control picks up the phase.

Try it · CNOT phase kickback

Setup: control starts in |+⟩ (after H on |0⟩). Pick a target state, then run CNOT. Watch what happens to each qubit.

Before CNOT

|+⟩ ⊗ |−⟩

CNOT ⟶

After CNOT

|−⟩ ⊗ |−⟩

Quantum Information

The marriage of quantum mechanics with Shannon's information theory. Where classical information counts bits, quantum information counts qubits, cbits (classical bits transmitted), and ebits (Bell pairs as a resource) — and asks how they convert into each other.

1 · Bit vs Qubit

A classical bit is one of two definite values. A qubit is a complex unit vector in a 2-dimensional Hilbert space — a continuum of possibilities. But here's the catch: you can only extract one classical bit per qubit measurement.

	Classical bit	Qubit
State space	{0, 1} — two values	S² (Bloch sphere) — continuum
Holds	1 bit of info	2 real parameters (θ, φ) — but only ~1 cbit accessible
Copyable?	Yes (trivially)	No — no-cloning theorem
Measurement	Returns its value	Probabilistic; collapses the state
Composition (n)	2ⁿ states, n bits	2ⁿ-dim Hilbert space, exponentially many amplitudes

⚠ Holevo bound (1973). A single qubit transmits at most 1 cbit of classical info. The exponentially-large state space is real, but most of it is inaccessible to a measurement.

2 · Density matrix — the universal state representation

Kets |ψ⟩ describe pure states only — perfectly known wavefunctions. Real systems are often mixed: probabilistic ensembles of pure states (from noise, tracing out an environment, or a partial measurement). The density matrix ρ handles both uniformly.

ρ = Σᵢ pᵢ |ψᵢ⟩⟨ψᵢ|, Tr(ρ) = 1, ρ ≥ 0

Pure state: ρ = |ψ⟩⟨ψ|, Tr(ρ²) = 1
Mixed state: ρ = Σ pᵢ |ψᵢ⟩⟨ψᵢ|, Tr(ρ²) < 1
Maximally mixed: ρ = I/d, "no information" — measurements look uniform

For a composite system AB in a joint state ρ_AB, Alice's local view is obtained by the partial trace ρ_A = Tr_B(ρ_AB). For an entangled pure state ρ_AB = |ψ⟩⟨ψ|, the partial trace ρ_A is generally mixed — the entanglement appears as local randomness.

3 · Von Neumann entropy

The quantum analog of Shannon entropy:

S(ρ) = −Tr(ρ log₂ ρ) = −Σᵢ λᵢ log₂ λᵢ

where λᵢ are the eigenvalues of ρ. Properties:

Pure state: S(|ψ⟩⟨ψ|) = 0 — perfect knowledge.
Maximally mixed: S(I/d) = log₂ d — total ignorance.
Bell pair |Φ⁺⟩: S(ρ_AB) = 0 (joint pure) but S(ρ_A) = 1 ebit. That gap is the entanglement.
Subadditivity: S(ρ_AB) ≤ S(ρ_A) + S(ρ_B) — quantum correlations reduce joint entropy below the sum of parts (the opposite is impossible classically).

4 · No-cloning theorem (Wootters & Zurek, 1982; Dieks, 1982)

There is no unitary operator U on a 2-qubit system that maps |ψ⟩|0⟩ → |ψ⟩|ψ⟩ for every input state |ψ⟩.

∄ U such that U|ψ⟩|0⟩ = |ψ⟩|ψ⟩ ∀ |ψ⟩

Proof sketch. Suppose U exists. For two states |ψ⟩, |φ⟩, take the inner product of both sides of U|ψ⟩|0⟩ = |ψ⟩|ψ⟩ and U|φ⟩|0⟩ = |φ⟩|φ⟩. Unitarity preserves inner products, so ⟨ψ|φ⟩ = ⟨ψ|φ⟩². The only solutions are 0 and 1 — meaning |ψ⟩ and |φ⟩ must be orthogonal or identical. Cloning works for those, but not for arbitrary states. Quantum information is fundamentally uncopyable.

Consequences: QKD security (Eve cannot copy intercepted qubits), no perfect quantum amplifiers, no faster-than-light signalling via entanglement, quantum money (Wiesner 1969 → BB84 1984).

5 · The quantum-information conversion table

Three resources interconvert: qubits sent over a quantum channel, cbits sent over a classical channel, and ebits shared as entangled Bell pairs.

Protocol	You give up	You get
Quantum teleportation (see Algorithms)	1 ebit + 2 cbits	1 qubit (state transferred)
Superdense coding (Bennett & Wiesner, 1992)	1 ebit + 1 qubit	2 cbits transmitted
Entanglement swapping	2 ebits + 2 cbits	1 ebit between distant parties
Entanglement distillation	n noisy ebits + LOCC	k < n high-fidelity ebits

Together, teleportation + superdense coding say that 1 qubit ≡ 2 cbits + 1 ebit and 2 cbits ≡ 1 qubit + 1 ebit — consistent only because entanglement alone cannot send classical information (no-signalling theorem).

6 · Quantum channels

A quantum channel ℰ is a completely-positive trace-preserving (CPTP) map from density matrices to density matrices. It generalises classical noisy channels. Common examples on a single qubit:

Channel	Effect	Models
Depolarising	ρ → (1−p)ρ + p·I/2	Random Pauli noise
Bit-flip	ρ → (1−p)ρ + p·XρX	Classical-style flips (see Noise)
Phase-flip	ρ → (1−p)ρ + p·ZρZ	Decoherence in the Z basis
Amplitude damping	ρ → ρ' (energy loss to environment)	Spontaneous emission, T₁ relaxation
Phase damping	ρ → ρ' (off-diagonals shrink)	Pure dephasing, T₂ relaxation

Channels have multiple capacities: the classical capacity (cbits per use), the quantum capacity (qubits per use), the entanglement-assisted capacity, the private capacity. Unlike classical channels, these are different numbers, and computing them exactly remains a major open problem.

Why this matters

Quantum information theory is the rulebook for everything else in this lab. Holevo says encryption keys carried by qubits are not magically larger. No-cloning is why QKD is secure. Density matrices are how you describe a noisy qubit going through a noisy channel. Channel capacities are the ultimate yardstick for error correction. And the resource conversions at the heart of teleportation and superdense coding are why entanglement is treated as a tradable currency in modern quantum networking.

Noise on a Quantum Channel

A qubit travelling across a wire, fiber, or memory cell passes through many tiny environment "steps", each of which has a small chance of flipping it. Errors don't just appear at the end — they accumulate along the way.

For a bit-flip channel with per-step probability p and length N steps, the chance of an odd number of flips (i.e. a wrong final answer) is P(error) = ½(1 − (1−2p)^N). Even tiny p adds up over a long channel.

Try it · Send a qubit through a noisy channel

Per-step flip probability: 5%

Channel length (steps): 10

|0⟩

?

Click "Send 1 qubit" to watch one travel through.

Output |0⟩ (correct): 0 0%

Output |1⟩ (error): 0 0%

Theoretical P(error) after the channel: 0%

Mini quiz

Quantum Error Correction

Real qubits flip and decohere. Quantum error correction (QEC) protects information by spreading one logical qubit across many physical qubits, so a single error can be detected and reversed without ever measuring the encoded state.

The simplest example is the 3-qubit bit-flip code: encode |0⟩ → |000⟩ and |1⟩ → |111⟩. If at most one of the three physical qubits flips on the way, a majority vote recovers the original. Two or three flips overwhelm it — this is the trade-off in every QEC code.

Try it · 3-qubit bit-flip code

Logical bit:

Per-qubit flip probability: 15%

① Encode → ② Channel (noise) → ③ Majority vote

Decoded logical bit: |1⟩

Bare qubit error rate

—

3-qubit code error rate

—

Theoretical coded rate = 3p²(1−p) + p³ = —. QEC helps only when p < 50% — above that the redundant qubits hurt more than they help.

Mini quiz

Quantum Algorithms

Quantum algorithms use superposition and interference to find answers in clever ways.

Try it · Pick a demo

Apply H to |0⟩ → measure. A perfectly fair coin.

The problem Generate a single random bit. Classical random-number generators are pseudo-random — deterministic algorithms with a hidden state; if you know the seed, you predict every output.

The quantum trick Apply H to |0⟩ to get an equal superposition. By the Born rule, measurement returns 0 or 1 with exactly 50% each and no hidden state — fundamentally random, not pseudo-random.

Apps Cryptographic key generation, Monte Carlo simulations, gambling. Commercial QRNGs already ship from ID Quantique, Quantinuum, and inside some smartphone chipsets.

Year: n/a (textbook)Speedup: quality, not speedQubits: 1

?

Shor's algorithm factors a number N by finding the period of f(x) = aˣ mod N. The quantum part (period finding) is exponentially faster than classical. Demo factors N = 15.

The problem Factor a large integer N. Best classical algorithm (general number field sieve) runs in sub-exponential time ~exp(1.9·n^(1/3)) where n = log N. RSA, Diffie-Hellman, and ECC all rely on this being slow.

Shor's Polynomial in n — runs in roughly O(n³) quantum gates. Strategy: pick a random a coprime to N; use QFT-based period-finding to find the smallest r with aʳ ≡ 1 mod N; if r is even and a^(r/2) ≢ −1 mod N, then gcd(a^(r/2) ± 1, N) gives a non-trivial factor. Quantum part = period finding; the rest is classical.

Implications A large enough quantum computer would break RSA-2048 in hours. Today's largest hardware demonstrations: 15 = 3 × 5 (2001 IBM), 21 = 3 × 7 (2012). Larger numbers are blocked by gate-count and error rates — driving today's fault-tolerant QC race and post-quantum cryptography standardisation (NIST PQC, 2024).

Year: 1994Speedup: super-polynomialQubits: ~2n + ancillas

Press the button to factor.

Mini quiz

Quantum Paradoxes

Quantum mechanics is famously weird. These thought experiments push the rules to their breaking points — and they're still the subject of real philosophical debate about what reality is.

Pick a paradox

Schrödinger's Cat (1935)

A cat is sealed in a box with a radioactive atom and a poison vial. If the atom decays, the poison kills the cat. While the box is closed, the atom is in a superposition of "decayed" and "not decayed" — and so, by extension, the cat is simultaneously alive AND dead.

😺

💀

|alive⟩ + |dead⟩

Time elapsed: 10% chance of decay

The box is closed — the cat is in superposition.

The puzzle: standard QM says superposition continues until measurement. But cats, geiger counters, and poison are macroscopic. Where exactly does the line between quantum-blurry and classically-definite reality live?

Quantum Cryptography

Cryptography that gets its security from the laws of physics — not from the difficulty of a math problem. The flagship application is QKD (Quantum Key Distribution): two parties share a secret key over an open channel, with provable detection of any eavesdropping.

Quantum Key Distribution

Alice and Bob need a shared secret key (e.g. for a one-time pad or AES) but their channel is wide open — Eve can listen, copy, even resend. Classical key-exchange (RSA, Diffie–Hellman, ECC) leans on hard math problems. A future quantum computer running Shor's algorithm would break those problems in polynomial time. QKD doesn't share that fate — its security rests on physics, not complexity.

Why it works

No-cloning theorem. An unknown quantum state cannot be perfectly copied. Eve cannot tap-and-forward like a classical wiretap.
Measurement disturbance. Reading a qubit in the wrong basis randomises it. Eve's guesses leave a statistical fingerprint.
Consequence. Any eavesdropping raises the error rate in the sifted key — Alice & Bob detect it and abort.

Anatomy of every QKD protocol

Quantum channel — Alice sends single photons (qubits) carrying random key info.
Authenticated classical channel — public, but tamper-evident (Eve can read it, can't forge it).
Sifting — over the classical channel, compare measurement settings (not the bits) and keep only matching shots.
Error estimation — reveal a small random subset of the sifted bits to bound the eavesdropping rate. Abort above threshold (~11% for BB84).
Privacy amplification — compress the surviving key with a 2-universal hash to wash out any partial info Eve may have leaked.
Final key — short, but information-theoretically secret.

Family of QKD protocols

Protocol	Year	Core idea	Notes
BB84	1984	Two conjugate bases (Z, X)	The workhorse — see next tab
B92	1992	Just two non-orthogonal states	Simpler, lower key rate
E91	1991	Entangled Bell pairs + CHSH test	Eavesdropping shows up as Bell-inequality violation drop
SARG04	2004	BB84 variant	Robust against photon-number-splitting attacks
MDI-QKD	2012	Measurement-device-independent	Closes detector-side-channel attacks
CV-QKD	2002+	Continuous variables (quadratures)	Uses standard telecom homodyne detection
Twin-field QKD	2018	Single-photon interference	Beats the repeaterless rate-distance bound

Real-world deployments

Commercial systems: ID Quantique, Toshiba, QuintessenceLabs.
Beijing–Shanghai QKD backbone — ~2000 km of fibre, 32 trusted nodes.
Micius satellite (China, 2017) — first space-to-ground QKD over >1000 km.
Inter-bank pilots in Geneva, Vienna, Tokyo, Seoul.

Caveat. QKD only solves key distribution. You still need authenticated classical channels (which require some pre-shared key or post-quantum signatures), and you still encrypt your data with a classical symmetric cipher. QKD & post-quantum cryptography are complements, not rivals.

BB84 — Bennett & Brassard, 1984

The original QKD protocol. Encodes each bit randomly in one of two conjugate bases: a measurement in one basis randomises the result if the qubit was prepared in the other.

Encoding rule

Basis	Bit 0	Bit 1
Z (rectilinear ⊕)	\|0⟩ (↕)	\|1⟩ (↔)
X (diagonal ⊗)	\|+⟩ (↗)	\|−⟩ (↖)

Steps

Alice prepares N qubits, each with a random bit and random basis. Sends over the quantum channel.
Bob measures each one in his own randomly-chosen basis (Z or X).
Public discussion: Alice & Bob announce bases (not bits) over the classical channel.
Sift: keep only the ~50% of bits where their bases matched.
Error check: sample a small random subset and compare bits. If error rate > ~11%, an eavesdropper is present — abort.
Privacy amplification: hash the survivors to a shorter, fully-secret key.

Eve's dilemma. She doesn't know Alice's basis. If she measures in the wrong basis (half the time) she gets a random bit AND disturbs the qubit. Bob then sees that disturbance: even when Alice's and Bob's bases match, ~25% of those bits will disagree, far above the natural channel-noise floor.

Try it · simulate the protocol

Bits to send: 16

Eve is eavesdropping

Post-Quantum Security

Post-Quantum Cryptography (PQC) is the parallel response to the same threat QKD addresses — but going the classical route. Instead of using physics, PQC uses math problems believed to be hard for both classical AND quantum computers.

PQC and QKD are complements, not rivals. PQC is what you can deploy today on existing internet infrastructure (TLS, signatures, VPN, software updates). QKD needs dedicated quantum hardware. Most real systems will use both.

The threat — "harvest now, decrypt later"

A sufficiently large quantum computer running Shor's algorithm would break virtually all the public-key cryptography deployed on the internet today: RSA, Diffie-Hellman, elliptic-curve (ECC). Even though such a computer doesn't exist yet, adversaries are recording encrypted traffic right now to decrypt later when the hardware arrives. Long-lived secrets (medical records, state secrets, source code, banking) are already at risk — measured in 25-year confidentiality windows.

Today's classical crypto	What breaks it	Replacement
RSA-2048	Shor's algorithm	ML-KEM (lattice)
Diffie-Hellman	Shor's algorithm	ML-KEM (lattice)
ECC (P-256, X25519)	Shor's algorithm	ML-KEM, ML-DSA
AES-256 (symmetric)	Grover (effective 128-bit)	Bigger keys (AES-256 still OK)
SHA-256 (hash)	Grover (effective 128-bit)	SHA-384/512

Families of post-quantum algorithms

PQC schemes derive their security from problems no quantum algorithm can efficiently solve. The five main families:

Family	Hard problem	Examples	Trade-offs
Lattice-based	Learning With Errors (LWE), Shortest Vector Problem (SVP)	Kyber, Dilithium, NTRU, FrodoKEM	Best all-rounders. Small keys + signatures, fast.
Hash-based	Pre-image / collision resistance of a hash function	SPHINCS+, XMSS, LMS	Most conservative — security follows from hashes alone. Larger signatures.
Code-based	Decoding random linear codes	Classic McEliece, BIKE, HQC	Oldest (1978). Huge public keys (~1 MB), but very fast operations.
Isogeny-based	Walks between elliptic curves via isogenies	SIKE (broken 2022), CSIDH	Smallest keys — but the field took a major hit when SIKE fell to a classical attack.
Multivariate	Solving systems of multivariate quadratic equations	Rainbow (broken 2022), GeMSS	Several proposals broken; surviving variants tend to have huge keys.

NIST PQC standardisation

Started in 2016, NIST evaluated >80 submissions over four rounds. The first standards were published in August 2024:

FIPS	Standard name	Built on	Use
FIPS 203	ML-KEM (Module-Lattice KEM)	Kyber	Key encapsulation — replaces RSA-OAEP / ECDH
FIPS 204	ML-DSA (Module-Lattice DSA)	Dilithium	Digital signatures — replaces RSA-PSS / ECDSA
FIPS 205	SLH-DSA (Stateless Hash-Based DSA)	SPHINCS+	Hash-based signatures — conservative backup
(2025)	FN-DSA (Falcon)	Falcon (lattice)	Compact lattice signatures
(round 4)	HQC, BIKE, Classic McEliece	code-based	Diversification away from lattices

⚠ SIKE (isogeny-based) was a NIST round-4 candidate — broken by Castryck & Decru in 2022 using ordinary classical math (a Magma laptop, in under an hour). A reminder that "post-quantum" doesn't mean "post-cryptanalysis".

Real-world deployments

Cloudflare & Google have deployed hybrid (X25519 + ML-KEM) key exchange on TLS 1.3 since 2023 — over 30% of Chrome's TLS connections in 2025.
Apple iMessage PQ3 (2024) — full hybrid post-quantum end-to-end encryption.
Signal Messenger rolled out PQXDH (X25519 + Kyber) in 2023.
OpenSSH 9.0+ defaults to hybrid sntrup761x25519 key exchange.
AWS KMS, Cloudflare 1.1.1.1, Microsoft Azure all support PQ-hybrid TLS.

PQC vs QKD — complementary, not competing

	PQC	QKD
Security	Math problems believed quantum-hard	Laws of physics (information-theoretic)
Hardware	Same as today (CPUs, smartphones)	Photon sources, single-photon detectors, dedicated fibre
Distance	Anywhere the internet reaches	~100 km fibre or satellite line-of-sight
Authentication	Replaces classical PKI directly	Still needs PQC or pre-shared keys to authenticate
Use case	TLS, signatures, code-signing, VPN, software updates	Bank-to-bank, gov-to-gov, point-to-point ultra-high secrecy
Failure mode	Discovery of an efficient attack	Hardware side-channels (detector blinding, etc.)

Most realistic deployments will combine both, plus hybrid classical+PQC in the transition period (2025-2030+).

Glossary

Beginner FAQ

🏆 Final Quantum Challenge

Complete at least 6 modules to unlock the challenge.