The Limits of Quantum Computers (or: What We Can’t Do With Computers We Don’t Have) Scott Aaronson (MIT) BQP NP- complete SZK
Mar 26, 2015
The Limits of Quantum Computers(or: What We Can’t Do With Computers We Don’t Have)
Scott Aaronson (MIT)
BQP
NP-complete
SZK
So then why can’t we just ignore quantum computing, and get back to real work?
Because the universe isn’t classical
My picture of reality, as an eleven-year-old messing around with BASIC:
+ detailsFancier version: Extended Church-Turing Thesis
(Also Stephen Wolfram’s current picture of reality)
Shor’s factoring algorithm presents us with a choice
1. the Extended Church-Turing Thesis is false,
2. textbook quantum mechanics is false, or
3. there’s an efficient classical factoring algorithm.
All three seem like crackpot speculations.
At least one of them is true!
That’s why YOU
should care about quantum
computing
Either
One-Slide Summary1. Quantum computing is not a panacea—and that
makes it more interesting rather than less!
2. On our current understanding, quantum computers could “merely” break RSA, simulate quantum physics, etc.—not solve generic search problems exponentially faster
3. In this talk, I’ll tell you about some of the known limits of quantum computers
4. I’ll also discuss a more general question: can NP-complete problems be solved efficiently by any physical means?
What Quantum Mechanics Says
If we observe, we see |0 with probability ||2
|1 with probability ||2
Also, the object collapses to whichever outcome we see
If an object can be in two distinguishable states |0 or |1, then it can also be in a superposition
|0 + |1
0
10 1
2
Here and are complex amplitudes satisfying ||2+||2=1
To modify a state
1
n
ii
i
2
1
1n
ii
we can multiply vector of amplitudes by a unitary matrix—one that preserves
1 1 112 2 2
1 1 0 1
2 2 2
0
10 1
2
0 1
2
1 1 102 2 2
1 1 1 1
2 2 2
We’re seeing interference of amplitudes—the source of all “quantum weirdness”
A quantum state of n “qubits” takes 2n complex numbers to describe:
0,1n
x
x
x
Quantum Computing
The goal of quantum computing is to exploit this exponentiality in our description of the world
Idea: Get paths leading to wrong answers to “interfere destructively” and cancel each other out
Shor’s ResultQuantum computers can factor integers in polynomial time
(thereby break RSA, thereby swipe your credit card number…)
To prove this, Shor had to exploit a special property of the factoring problem
(namely its reducibility to period-finding)
Ideas extend to computing discrete logarithms, solving Pell’s equation, breaking elliptic curve cryptography…
But these problems aren’t believed to be NP-complete
So the question remains: can quantum computers solve NP-complete problems in polynomial time?
Bennett et al. 1997: “Quantum magic” won’t be enough
Suppose we throw away the problem structure, and just consider an abstract space of 2n possible solutions
Then even a quantum computer will need ~2n/2 steps to find a correct solution
The quantum adiabatic algorithm (Farhi et al. 2000) does exploit problem structure. But it suffers from provable limitations of its own…
Note: This square-root speedup is achievable, via “Grover’s algorithm”
Another example of a “quantum black-box problem”: given a two-to-one function f:
[N][N], find any x,y pair such that f(x)=f(y)28 12 18 76 96 82 94 99 21 78 88 93 39 44 64 32 99 70 18 94 66 92 64 95 46 53 16 35 42 72 31 66 75 33 93 32 47 17 70 37 78 79 36 63 40 69 92 71 28 85 41 80 10 73 63 95 57 43 84 67 57 31 62 39 65 74 24 90 26 83 60 91 27 96 35 20 26 52 88 89 38 97 54 30 62 79 71 84 50 38 49 20 47 24 54 48 98 23 41 16 40 75 82 13 58 56 81 34 14 61 52 21 44 22 34 14 51 74 76 83 37 90 58 13 10 25 29 11 56 68 12 61 51 23 77 68 72 43 69 46 87 97 45 59 73 30 19 81 86 49 60 85 80 50 11 59 65 67 89 29 86 48 22 15 17 55 36 27 42 55 77 19 45 15 53 98 91 87 25 33
By the “birthday paradox”, a randomized algorithm has to examine N of the N numbers
[Brassard-Høyer-Tapp 1997] Quantum algorithm based on Grover that uses only N1/3 queries
Is that optimal? Proving a lower bound better than constant was open for 5 years
Motivation for the Collision Problem
Graph Isomorphism:find a collision in
1 ! 1 !, , , , ,n nG G H H
Statistical Zero Knowledge (SZK) protocols
?
Cryptographic Hash Functions
What makes the problem so hard?
2
yx
N
x
xfxN 1
1
Basically, that a quantum computer can almost find a collision after one query to f!
Measure 2nd register
Or: if only we could see the whole trajectory of a “hidden variable” coursing through the quantum system![A., Phys. Rev. A 2005]
xf
“If only we could now measure twice!”
Previous techniques weren’t sensitive to the fact that quantum mechanics doesn’t allow these things
[A., STOC’02] N1/5 lower bound on number of queries needed by a quantum computer to find collisions
[Shi, FOCS’02][A.-Shi, J. ACM 2004]
Improved to N1/3; also N2/3 lower bound for element distinctness
[Kutin 2003][Ambainis 2003][Midrijanis 2003]
Simplifications and generalizations
Cartoon Version of ProofT-query quantum algorithm that
finds collisions in 2-to-1 functions
T-query quantum algorithm that distinguishes 1-to-1 from 2-to-1 functions
Let p(f) = probability algorithm says f is 2-to-1
Let q(k) = average of p(f) over all k-to-1 functions f
[Beals et al. 1998] p(f) is a multilinear polynomial, of degree at most 2T, in Boolean indicator variables (f(x),y)
Suppose it exists by way of contradiction…
Crucial facts:q(k) [0,1] for all k=1,2,3,…q(1) 1/3q(2) 2/3
That’s why
The magic step: q(k) itself is a univariate polynomial in k, of degree at most 2T
Why?
q(k)0
1
1 2 3 . . . . .
k. . . . . N2/5
Large derivative
Bounded in [0,1] at integer points
Hence the original quantum algorithm must have made (N1/5) queries
[A. A. Markov, 1889]:
xq
dxxdqNq
Nx
Nx
5/2
5/2
0
0
5/2
max2
/maxdeg
5/1N
“OK, so I accept that quantum computers have these limitations. Is there
any physical means to solve (say) NP-complete problems
in polynomial time?”
Famous proposal for how to solve NP-complete problems: Dip two glass plates with pegs between them into soapy water. Let the soap bubbles form a “minimum Steiner tree” connecting the pegs
Other proposals with obvious scaling problems: protein folding, DNA computing, optical computing…
For the latest, please see Slashdot
“Relativity Computing”
DONE
Variant: Black hole computing
Problem: Energy needed to accelerate to relativistic speed
Abrams & Lloyd 1998: If the Schrödinger equation governing quantum mechanics were nonlinear, one could exploit that fact to solve NP-complete problems in polynomial time
No solutions1 solution to NP-complete problem
One way to interpret this result: as additional evidence that the
Schrödinger equation is linear…
Do the first step of a computation in 1 second, the next in ½ second, the next in ¼ second, etc.
Problem: “Quantum foaminess”
“Zeno Computing”
Below the Planck scale (10-33 cm or 10-43 sec), our usual picture of space and time breaks down in not-yet-understood ways…
Quantum AdviceCould there be a fixed quantum state that’s been sitting around since the Big Bang—and that if found, would be a “magic key” to performing quantum computations that were otherwise infeasible?
[A. 2004]: Even under such a strange assumption, we still couldn’t solve NP-complete problems in polynomial time without exploiting the problem structure
www.scottaaronson.com/papers