371 likes | 669 Views
The Limits of Quantum Computers (or: What We Can’t Do With Computers We Don’t Have). NP-complete. Scott Aaronson University of Waterloo. SZK. BQP. So then why can’t we just ignore quantum computing, and get back to real work?.
E N D
The Limits of Quantum Computers(or: What We Can’t Do With Computers We Don’t Have) NP-complete Scott AaronsonUniversity of Waterloo SZK BQP
So then why can’t we just ignore quantum computing, and get back to real work?
My picture of reality, as an eleven-year-old messing around with QBASIC: + details (Also Stephen Wolfram’s current picture of reality) Because the universe isn’t classical Fancier version: Extended Church-Turing Thesis
That’s why YOU should care about quantum computing Shor’s factoring algorithm presents us with a choice Either • the Extended Church-Turing Thesis is false, • textbook quantum mechanics is false, or • there’s an efficient classical factoring algorithm. All three seem like crackpot speculations. At least one of them is true!
My Spiel In One Slide 1. Ignoring quantum mechanics won’t make it go away 2. Quantum computing is not a panacea—and that makes it more interesting rather than less! 3. On our current understanding, quantum computers could “merely” break RSA, simulate quantum physics, etc.—not solve generic search problems exponentially faster 4. So then why do I worry about quantum computing? Because I’m interested in fundamental limits on what can efficiently be computed in the physical world. That makes me professionally obligated to care!
Where Do I Come In? My work, over the last seven years, has deepened our understanding of the limitations of quantum computers. • Solved some of the field’s notorious open problems: • Lower bound for finding collisions in hash functions • “Direct product theorem” for quantum search • Made unexpected connections: • Classical lower bounds proved by quantum arguments • Quantum-state learning algorithm from a lower bound
Plan of Talk The Gospel According to Shor Three Limitations of Quantum Computers - Finding collisions in hash functions - Solving NP-complete problems with advice - Finding local optima Turning Lemons into Lemonade - Approximately learning quantum states Summary of Contributions
If we observe, we see |0 with probability ||2 |1 with probability ||2 Also, the object collapses to whichever outcome we see What Quantum Mechanics Says If an object can be in two distinguishable states |0 or |1, then it can also be in a superposition|0 + |1 Here and are complex amplitudes satisfying ||2+||2=1
To modify a state we can multiply vector of amplitudes by a unitary matrix—one that preserves
We’re seeing interference of amplitudes—the source of all “quantum weirdness”
Quantum Computing A quantum state of n “qubits” takes 2n complex numbers to describe: The goal of quantum computing is to exploit this exponentiality in our description of the world Idea: Get paths leading to incorrect answers to interfere destructively and cancel each other out
Plan of Talk The Gospel According to Shor Three Limitations of Quantum Computers - Finding collisions in hash functions - Solving NP-complete problems with advice - Finding local optima Turning Lemons into Lemonade - Approximately learning quantum states Summary of Contributions
f f(x) x The Quantum Black-Box Model You gotta start somewhere In this talk, I’ll only care about the number of queries to a black box, not any other computational steps Example: Given a function f:{0,1}n{0,1}, suppose we want to decide if there’s an x such that f(x)=1 Classically, ~2n queries to f are needed Grover gave a quantum algorithm that uses only ~2n/2 queries [BBBV 1997]: Grover’s algorithm is optimal Yields “black-box evidence” that quantum computers can’t solve NP-complete problems efficiently But why do black-box results tell us anything about the real world? Remember IP=PSPACE? Almost all known quantum algorithms are black-box(no quantum IP=PSPACE yet) The proof of the pudding is in the proving
Algorithm’s state: x: location to queryw: “workspace” qubits After a query transformation: Between two queries, we can apply an arbitrary unitary matrix that doesn’t depend on f Complexity = minimum number of queries needed to achieve for all oracles f
Plan of Talk The Gospel According to Shor Three Limitations of Quantum Computers - Finding collisions in hash functions - Solving NP-complete problems with advice - Finding local optima Turning Lemons into Lemonade - Approximately learning quantum states Summary of Contributions
Problem: Find 2 numbers that are the same(each number appears twice) 28 12 18 76 96 82 94 99 21 78 88 93 39 44 64 32 99 70 18 94 66 92 64 95 46 53 16 35 42 72 31 66 75 33 93 32 47 17 70 37 78 79 36 63 40 69 92 71 28 85 41 80 10 73 63 95 57 43 84 67 57 31 62 39 65 74 24 90 26 83 60 91 27 96 35 20 26 52 88 89 38 97 54 30 62 79 71 84 50 38 49 20 47 24 54 48 98 23 41 16 40 75 82 13 58 56 81 34 14 61 52 21 44 22 34 14 51 74 76 83 37 90 58 13 10 25 29 11 56 68 12 61 51 23 77 68 72 43 69 46 87 97 45 59 73 30 19 81 86 49 60 85 80 50 11 59 65 67 89 29 86 48 22 15 17 55 36 27 42 55 77 19 45 15 53 98 91 87 25 33 By “birthday paradox”, a randomized algorithm must examine N of the N numbers [Brassard-Høyer-Tapp 1997] Quantum algorithm based on Grover that uses only N1/3 queries Is that optimal? Proving a lower bound better than constant was open for 5 years
Graph Isomorphism:find a collision in Cryptographic Hash Functions ? Statistical Zero Knowledge (SZK) protocols Motivation for the Collision Problem
Measure 2nd register What makes the problem so hard? Basically, that a quantum computer can almost find a collision after one query! “If only we could now measure twice!” Or: if only we could see the whole trajectory of a “hidden variable” coursing through the quantum system![A., Phys. Rev. A 2005] Previous techniques weren’t sensitive to the fact that quantum mechanics doesn’t allow these things
Cartoon Version of Proof Suppose it exists by way of contradiction… T-query quantum algorithm that finds collisions in 2-to-1 functions T-query quantum algorithm that distinguishes 1-to-1 from 2-to-1 functions [Beals et al. 1998] p(f) is a multilinear polynomial, of degree at most 2T, in Boolean indicator variables (f(x),y) Let p(f) = probability algorithm says f is 2-to-1 Trivial yet crucial facts:q(k) [0,1] for all k=1,2,3,…q(1) 1/3q(2) 2/3 Let q(k) = average of p(f) over all k-to-1 functions f
The magic step: q(k) itself is a univariate polynomial in k, of degree at most 2T Why? That’s why
Large derivative Bounded in [0,1] at integer points 1 q(k) 0 . . . . . . . . . . 1 2 3 N2/5 k [A. A. Markov, 1889]: Hence the original quantum algorithm must have made (N1/5) queries
Plan of Talk The Gospel According to Shor Three Limitations of Quantum Computers - Finding collisions in hash functions - Solving NP-complete problems with advice - Finding local optima Turning Lemons into Lemonade - Approximately learning quantum states Summary of Contributions
The Hunt for the Golden State Could there be a quantum state | left over from the Big Bang, such that given any 3SAT instance of size 1,000,000, we could quickly solve it by just measuring | in an appropriate basis? [A., CCC 2004] In the black-box model, no: there cannot exist any “golden state” for solving NP-complete problems in polynomial time
Suppose it exists by way of contradiction… Efficient quantum algorithm to solve SAT using an m-qubit golden state Efficient quantum algorithm to solve (say) m3 SAT instances, reusing the same golden state Guess the golden state! Replace it by the maximally mixed state, i.e. a random m-bit string Algorithm to solve m3 SAT instances with probability 2-m To get a contradiction, I now need to prove a direct-product theorem for quantum search: “If a quantum algorithm doesn’t even have time to solve one search problem w.h.p., then the probability of its solving k search problems decreases exponentially with k”
1 0 . . . . . . . . 0 1 2 m3 2n How do I prove the direct-product theorem? Again using the polynomial method But this time I need a generalization of A. A. Markov’s inequality due to [V. A. Markov 1892], which takes into account not just the first derivative but all higher derivatives [Klauck-Špalek-deWolf, FOCS’04] tightened my direct product theorem, and also used it to prove the first quantum time-space tradeoffs
Plan of Talk The Gospel According to Shor Three Limitations of Quantum Computers - Finding collisions in hash functions - Solving NP-complete problems with advice - Finding local optima Turning Lemons into Lemonade - Approximately learning quantum states Summary of Contributions
Problem: We’re given black-box access to a function f:{0,1}nZ We want to find a local minimum of f, evaluating f as few times as possible 4 4 2 3 5 [Aldous 1983] Randomized algorithm making 2n/2n queries[A., STOC’04] Quantum algorithm making 2n/3n1/6 queries [Aldous 1983] Any randomized alg needs 2n/2-o(n) queries[A., STOC’04] Any quantum alg needs 2n/4/n queries My lower-bound proof uses Ambainis’s quantum adversary method, which upper-bounds how much the entanglement between algorithm and oracle can increase via a single query
Surprising part: “Quantum-inspired” argument also yields a better classical lower bound: 2n/2/n2 Also yields the first randomized or quantum lower bounds for local search on constant-dimensional grid graphs Quantum Generosity … Giving back because we careTM Subsequent improvements: [Santha-Szegedy, STOC’04] [Zhang, STOC’06] [Verhoeven, 2006] [Sun-Yao, FOCS’06]
Plan of Talk The Gospel According to Shor Three Limitations of Quantum Computers - Finding collisions in hash functions - Solving NP-complete problems with advice - Finding local optima Turning Lemons into Lemonade - Approximately learning quantum states Summary of Contributions
The Lemon Quantum random access coding Any one bit xi of our choice, with high probability n-bit string, x1…xn | [ANTV 1999]: | must have (n) qubits—no asymptotic savings over classical (Surprisingly, an n-qubit quantum state has no more “independently accessible degrees of freedom” than an n-bit classical string)
The Lemonade “Quantum Occam’s Razor Theorem”[A. 2006] | Upper bound on the sample complexity of “PAC” (Probably Approximately Correctly) learning a quantum state Informally: Can predict approximate expectation values of most measurements on an n-qubit state, after a number of sample measurements that increases only linearly with n By contrast, traditional quantum state tomography requires ~4n measurementsRecord so far: n=8Prohibitive for much larger n
Plan of Talk The Gospel According to Shor Three Limitations of Quantum Computers - Finding collisions in hash functions - Solving NP-complete problems with advice - Finding local optima Turning Lemons into Lemonade - Approximately learning quantum states Summary of Contributions
Summary of Contributions Solved several notorious open problems about the limitations of quantum computers Gave evidence that collision-resistant hash functions can still exist in a quantum world Proved the first direct product theorem for quantum search Gave evidence against “golden states” for NP-complete problems Solved open problems about classical local optimization using quantum techniques Used a quantum coding lower bound to propose a new learning algorithm, with possible experimental implications
Ten Research Directions I Didn’t Tell You About Today Addressing skepticism of quantum computing [A., STOC 2004] Practical simulation of stabilizer quantum circuits[A.-Gottesman, Phys Rev A 2004] Quantum computers with anthropic postselection[A., Proc. Roy. Soc. 2005] Grover search with finite speed of light[A.-Ambainis, FOCS 2003] Quantum software copy-protection[A., in preparation] Quantum computers with closed timelike curves[A.-Watrous, in preparation] Provably-nonrelativizing circuit lower bounds[A., CCC 2006] Quantum versus classical proofs[A.-Kuperberg, CCC 2007] Need to “uncompute garbage” in quantum algorithms[A., QIC 2003] Complexity of Bayesian agreement protocols[A., STOC 2005]