The Limits of Quantum Computers (or: What We Cant Do With Computers We Dont Have) Scott Aaronson University of Waterloo BQP NP- complete SZK

The Limits of Quantum Computers(or: What We Can’t Do With Computers We Don’t Have)

Scott AaronsonUniversity of Waterloo

BQP

NP-complete

SZK

So then why can’t we just ignore quantum computing, and get back to real work?

Because the universe isn’t classical

My picture of reality, as an eleven-year-old messing around with QBASIC:

+ detailsFancier version: Extended Church-Turing Thesis

(Also Stephen Wolfram’s current picture of reality)

Shor’s factoring algorithm presents us with a choice

1. the Extended Church-Turing Thesis is false,

2. textbook quantum mechanics is false, or

3. there’s an efficient classical factoring algorithm.

All three seem like crackpot speculations.

At least one of them is true!

That’s why YOU

should care about quantum

computing

Either

My Spiel In One Slide1. Ignoring quantum mechanics won’t make it go away

2. Quantum computing is not a panacea—and that makes it more interesting rather than less!

3. On our current understanding, quantum computers could “merely” break RSA, simulate quantum physics, etc.—not solve generic search problems exponentially faster

4. So then why do I worry about quantum computing? Because I’m interested in fundamental limits on what can efficiently be computed in the physical world. That makes me professionally obligated to care!

Where Do I Come In?My work, over the last seven years, has deepened our understanding of the limitations of quantum computers.

Solved some of the field’s notorious open problems:

- Lower bound for finding collisions in hash functions

- “Direct product theorem” for quantum search

Made unexpected connections:

- Classical lower bounds proved by quantum arguments

- Quantum-state learning algorithm from a lower bound

Plan of TalkThe Gospel According to Shor

Three Limitations of Quantum Computers

- Finding collisions in hash functions

- Solving NP-complete problems with advice

- Finding local optima

Turning Lemons into Lemonade

- Approximately learning quantum states

Summary of Contributions

What Quantum Mechanics Says

If we observe, we see |0 with probability ||2

|1 with probability ||2

Also, the object collapses to whichever outcome we see

If an object can be in two distinguishable states |0 or |1, then it can also be in a superposition

|0 + |1

0

10 1

2

Here and are complex amplitudes satisfying ||2+||2=1

To modify a state

1

n

ii

i

2

1

1n

ii

we can multiply vector of amplitudes by a unitary matrix—one that preserves

1 1 112 2 2

1 1 0 1

2 2 2

0

10 1

2

0 1

2

1 1 102 2 2

1 1 1 1

2 2 2

We’re seeing interference of amplitudes—the source of all “quantum weirdness”

A quantum state of n “qubits” takes 2n complex numbers to describe:

0,1n

x

x

x

Quantum Computing

The goal of quantum computing is to exploit this exponentiality in our description of the world

Idea: Get paths leading to incorrect answers to interfere destructively and cancel each other out









fx f(x)

In this talk, I’ll only care about the number of queries to a black box, not any other computational steps

Example: Given a function f:{0,1}n{0,1}, suppose we want to decide if there’s an x such that f(x)=1

Classically, ~2n queries to f are needed

Grover gave a quantum algorithm that uses only ~2n/2 queries

[BBBV 1997]: Grover’s algorithm is optimal

Yields “black-box evidence” that quantum computers can’t solve NP-complete problems efficiently

The Quantum Black-Box Model

But why do black-box results tell us

anything about the real world? Remember

IP=PSPACE?

You gotta start somewhere

Almost all known quantum

algorithms are black-box(no quantum

IP=PSPACE yet)

The proof of the pudding is in the

proving

Algorithm’s state:

,,

,x wx w

x w x: location to queryw: “workspace” qubits

After a query transformation:

,,

,x wx w

x w f x Between two queries, we can apply an arbitrary unitary matrix that doesn’t depend on f

Complexity = minimum number of queries needed to achieve 2

,,

corresponding toright answer

2

3x wx w

for all oracles f









Problem: Find 2 numbers that are the same (each number appears twice)

28 12 18 76 96 82 94 99 21 78 88 93 39 44 64 32 99 70 18 94 66 92 64 95 46 53 16 35 42 72 31 66 75 33 93 32 47 17 70 37 78 79 36 63 40 69 92 71 28 85 41 80 10 73 63 95 57 43 84 67 57 31 62 39 65 74 24 90 26 83 60 91 27 96 35 20 26 52 88 89 38 97 54 30 62 79 71 84 50 38 49 20 47 24 54 48 98 23 41 16 40 75 82 13 58 56 81 34 14 61 52 21 44 22 34 14 51 74 76 83 37 90 58 13 10 25 29 11 56 68 12 61 51 23 77 68 72 43 69 46 87 97 45 59 73 30 19 81 86 49 60 85 80 50 11 59 65 67 89 29 86 48 22 15 17 55 36 27 42 55 77 19 45 15 53 98 91 87 25 33

By “birthday paradox”, a randomized algorithm must

examine N of the N numbers

[Brassard-Høyer-Tapp 1997] Quantum

algorithm based on Grover that uses only

N1/3 queries

Is that optimal? Proving a lower

bound better than constant was open

for 5 years

Motivation for the Collision Problem

Graph Isomorphism:find a collision in

1 ! 1 !, , , , ,n nG G H H

Statistical Zero Knowledge (SZK) protocols

?

Cryptographic Hash Functions

What makes the problem so hard?

2

yx

N

x

xfxN 1

1

Basically, that a quantum computer can almost find a collision after one query!

Measure 2nd register

Or: if only we could see the whole trajectory of a “hidden variable” coursing through the quantum system![A., Phys. Rev. A 2005]

xf

“If only we could now measure twice!”

Previous techniques weren’t sensitive to the fact that quantum mechanics doesn’t allow these things

[A., STOC’02] N1/5 lower bound on quantum query complexity of the collision problem

[Shi, FOCS’02][A.-Shi, J. ACM 2004]

Improved to N1/3; also N2/3 lower bound for element distinctness

[Kutin 2003][Ambainis 2003][Midrijanis 2003]

Simplifications and generalizations

Cartoon Version of ProofT-query quantum algorithm that

finds collisions in 2-to-1 functions

T-query quantum algorithm that distinguishes 1-to-1 from 2-to-1 functions

Let p(f) = probability algorithm says f is 2-to-1

Let q(k) = average of p(f) over all k-to-1 functions f

[Beals et al. 1998] p(f) is a multilinear polynomial, of degree at most 2T, in Boolean indicator variables (f(x),y)

Suppose it exists by way of contradiction…

Trivial yet crucial facts:q(k) [0,1] for all k=1,2,3,…q(1) 1/3q(2) 2/3

That’s why

The magic step: q(k) itself is a univariate polynomial in k, of degree at most 2T

Why?

q(k)0

1

1 2 3 . . . . .

k. . . . . N2/5

Large derivative

Bounded in [0,1] at integer points

[A. A. Markov, 1889]:

xq

dxxdqNq

Nx

Nx

5/2

5/2

0

0

5/2

max2

/maxdeg

Hence the original quantum algorithm must have made (N1/5) queries

5/1N









Could there be a quantum state | left over from the Big Bang, such that given any 3SAT instance of size 1,000,000, we could quickly solve it by just measuring | in an appropriate basis?

[A., CCC 2004] In the black-box model, no: there cannot exist any “golden state” for solving

NP-complete problems in polynomial time

The Hunt for the Golden State

Efficient quantum algorithm to solve SAT using an m-qubit golden state

Efficient quantum algorithm to solve (say) m3 SAT instances, reusing the same golden state

Algorithm to solve m3 SAT instances with probability 2-m

Guess the golden state! Replace it by the maximally mixed state, i.e. a random m-bit string

Suppose it exists by way of contradiction…

To get a contradiction, I now need to prove a direct-product theorem for quantum search:

“If a quantum algorithm doesn’t even have time to solve one search problem w.h.p., then the probability of its solving k search problems decreases exponentially with k”

How do I prove the direct-product theorem?

Again using the polynomial method

But this time I need a generalization of A. A. Markov’s inequality due to [V. A. Markov 1892], which takes into account not just the first derivative but all higher derivatives

[Klauck-Špalek-deWolf, FOCS’04] tightened my direct product theorem, and also used it to prove the first quantum time-space tradeoffs

0

1

0 1 2 . . . . . . . . 2nm3









Problem: We’re given black-box access to a function f:{0,1}nZ

We want to find a local minimum of f, evaluating f as few times as possible

5

4

4

3

2

[Aldous 1983] Randomized algorithm making 2n/2n queries[A., STOC’04] Quantum algorithm making 2n/3n1/6 queries

[Aldous 1983] Any randomized alg needs 2n/2-o(n) queries[A., STOC’04] Any quantum alg needs 2n/4/n queries

My lower-bound proof uses Ambainis’s quantum adversary method, which upper-bounds how much the entanglement between algorithm and oracle can increase via a single query

Quantum Generosity … Giving back because we careTM

Surprising part: “Quantum-inspired” argument also yields a better classical lower bound: 2n/2/n2

Also yields the first randomized or quantum lower bounds for local search on constant-dimensional grid graphs

Subsequent improvements: [Santha-Szegedy, STOC’04]

[Zhang, STOC’06] [Verhoeven, 2006] [Sun-Yao, FOCS’06]









[ANTV 1999]: | must have (n) qubits—no asymptotic savings over classical

(Surprisingly, an n-qubit quantum state has no more “independently accessible degrees of freedom” than an n-bit classical string)

The Lemon

|n-bit string,

x1…xn

Any one bit xi of our choice, with high probability

Quantum random access coding

Upper bound on the sample complexity of “PAC” (Probably Approximately Correctly) learning a quantum state

Informally: Can predict approximate expectation values of most measurements on an n-qubit state, after a number of sample measurements that increases only linearly with n

The Lemonade

| “Quantum Occam’s Razor Theorem”[A. 2006]

By contrast, traditional quantum state tomography requires ~4n measurementsRecord so far: n=8Prohibitive for much larger n









Solved several notorious open problems about the limitations of quantum computers

Gave evidence that collision-resistant hash functions can still exist in a quantum world

Proved the first direct product theorem for quantum search

Gave evidence against “golden states” for NP-complete problems

Solved open problems about classical local optimization using quantum techniques

Used a quantum coding lower bound to propose a new learning algorithm, with possible experimental implications


Ten Research Directions I Didn’t Tell You About Today

Addressing skepticism of quantum computing

[A., STOC 2004]

Grover search with finite speed of light

[A.-Ambainis, FOCS 2003]

Quantum versus classical proofs

[A.-Kuperberg, CCC 2007] Need to “uncompute garbage” in quantum algorithms

[A., QIC 2003]

Practical simulation of stabilizer quantum circuits[A.-Gottesman, Phys Rev A 2004]

Quantum software copy-protection

[A., in preparation]

Quantum computers with anthropic postselection

[A., Proc. Roy. Soc. 2005]

Quantum computers with closed timelike curves[A.-Watrous, in preparation]

Provably-nonrelativizing circuit lower bounds

[A., CCC 2006]

Complexity of Bayesian agreement protocols

[A., STOC 2005]

www.scottaaronson.com/papers

Documents

The Limits of Quantum Computers (or: What We Cant Do With Computers We Dont Have) Scott Aaronson University of Waterloo BQP NP- complete SZK