The Limits of Quantum Computers (or: What We Cant Do With Computers We Dont Have) Scott Aaronson (MIT) BQP NP- complete SZK.

The Limits of Quantum Computers(or: What We Can’t Do With Computers We Don’t Have)

Scott Aaronson (MIT)

BQP

NP-complete

SZK

So then why can’t we just ignore quantum computing, and get back to real work?

Because the universe isn’t classical

My picture of reality, as an eleven-year-old messing around with BASIC:

+ detailsFancier version: Extended Church-Turing Thesis

(Also Stephen Wolfram’s current picture of reality)

Shor’s factoring algorithm presents us with a choice

1. the Extended Church-Turing Thesis is false,

2. textbook quantum mechanics is false, or

3. there’s an efficient classical factoring algorithm.

All three seem like crackpot speculations.

At least one of them is true!

That’s why YOU

should care about quantum

computing

Either

One-Slide Summary1. Quantum computing is not a panacea—and that

makes it more interesting rather than less!

2. On our current understanding, quantum computers could “merely” break RSA, simulate quantum physics, etc.—not solve generic search problems exponentially faster

3. In this talk, I’ll tell you about some of the known limits of quantum computers

4. I’ll also discuss a more general question: can NP-complete problems be solved efficiently by any physical means?

What Quantum Mechanics Says

If we observe, we see |0 with probability ||2

|1 with probability ||2

Also, the object collapses to whichever outcome we see

If an object can be in two distinguishable states |0 or |1, then it can also be in a superposition

|0 + |1

0

10 1

2

Here and are complex amplitudes satisfying ||2+||2=1

To modify a state

1

n

ii

i

2

1

1n

ii

we can multiply vector of amplitudes by a unitary matrix—one that preserves

1 1 112 2 2

1 1 0 1

2 2 2

0

10 1

2

0 1

2

1 1 102 2 2

1 1 1 1

2 2 2

We’re seeing interference of amplitudes—the source of all “quantum weirdness”

A quantum state of n “qubits” takes 2n complex numbers to describe:

0,1n

x

x

x

Quantum Computing

The goal of quantum computing is to exploit this exponentiality in our description of the world

Idea: Get paths leading to wrong answers to “interfere destructively” and cancel each other out

Shor’s ResultQuantum computers can factor integers in polynomial time

(thereby break RSA, thereby swipe your credit card number…)

To prove this, Shor had to exploit a special property of the factoring problem

(namely its reducibility to period-finding)

Ideas extend to computing discrete logarithms, solving Pell’s equation, breaking elliptic curve cryptography…

But these problems aren’t believed to be NP-complete

So the question remains: can quantum computers solve NP-complete problems in polynomial time?

Bennett et al. 1997: “Quantum magic” won’t be enough

Suppose we throw away the problem structure, and just consider an abstract space of 2n possible solutions

Then even a quantum computer will need ~2n/2 steps to find a correct solution

The quantum adiabatic algorithm (Farhi et al. 2000) does exploit problem structure. But it suffers from provable limitations of its own…

Note: This square-root speedup is achievable, via “Grover’s algorithm”

Another example of a “quantum black-box problem”: given a two-to-one function f:

[N][N], find any x,y pair such that f(x)=f(y)28 12 18 76 96 82 94 99 21 78 88 93 39 44 64 32 99 70 18 94 66 92 64 95 46 53 16 35 42 72 31 66 75 33 93 32 47 17 70 37 78 79 36 63 40 69 92 71 28 85 41 80 10 73 63 95 57 43 84 67 57 31 62 39 65 74 24 90 26 83 60 91 27 96 35 20 26 52 88 89 38 97 54 30 62 79 71 84 50 38 49 20 47 24 54 48 98 23 41 16 40 75 82 13 58 56 81 34 14 61 52 21 44 22 34 14 51 74 76 83 37 90 58 13 10 25 29 11 56 68 12 61 51 23 77 68 72 43 69 46 87 97 45 59 73 30 19 81 86 49 60 85 80 50 11 59 65 67 89 29 86 48 22 15 17 55 36 27 42 55 77 19 45 15 53 98 91 87 25 33

By the “birthday paradox”, a randomized algorithm has to examine N of the N numbers

[Brassard-Høyer-Tapp 1997] Quantum algorithm based on Grover that uses only N1/3 queries

Is that optimal? Proving a lower bound better than constant was open for 5 years

Motivation for the Collision Problem

Graph Isomorphism:find a collision in

1 ! 1 !, , , , ,n nG G H H

Statistical Zero Knowledge (SZK) protocols

?

Cryptographic Hash Functions

What makes the problem so hard?

2

yx

N

x

xfxN 1

1

Basically, that a quantum computer can almost find a collision after one query to f!

Measure 2nd register

Or: if only we could see the whole trajectory of a “hidden variable” coursing through the quantum system![A., Phys. Rev. A 2005]

xf

“If only we could now measure twice!”

Previous techniques weren’t sensitive to the fact that quantum mechanics doesn’t allow these things

[A., STOC’02] N1/5 lower bound on number of queries needed by a quantum computer to find collisions

[Shi, FOCS’02][A.-Shi, J. ACM 2004]

Improved to N1/3; also N2/3 lower bound for element distinctness

[Kutin 2003][Ambainis 2003][Midrijanis 2003]

Simplifications and generalizations

Cartoon Version of ProofT-query quantum algorithm that

finds collisions in 2-to-1 functions

T-query quantum algorithm that distinguishes 1-to-1 from 2-to-1 functions

Let p(f) = probability algorithm says f is 2-to-1

Let q(k) = average of p(f) over all k-to-1 functions f

[Beals et al. 1998] p(f) is a multilinear polynomial, of degree at most 2T, in Boolean indicator variables (f(x),y)

Suppose it exists by way of contradiction…

Crucial facts:q(k) [0,1] for all k=1,2,3,…q(1) 1/3q(2) 2/3

That’s why

The magic step: q(k) itself is a univariate polynomial in k, of degree at most 2T

Why?

q(k)0

1

1 2 3 . . . . .

k. . . . . N2/5

Large derivative

Bounded in [0,1] at integer points

Hence the original quantum algorithm must have made (N1/5) queries

[A. A. Markov, 1889]:

xq

dxxdqNq

Nx

Nx

5/2

5/2

0

0

5/2

max2

/maxdeg

5/1N

“OK, so I accept that quantum computers have these limitations. Is there

any physical means to solve (say) NP-complete problems

in polynomial time?”

Famous proposal for how to solve NP-complete problems: Dip two glass plates with pegs between them into soapy water. Let the soap bubbles form a “minimum Steiner tree” connecting the pegs

Other proposals with obvious scaling problems: protein folding, DNA computing, optical computing…

For the latest, please see Slashdot

“Relativity Computing”

DONE

Variant: Black hole computing

Problem: Energy needed to accelerate to relativistic speed

Abrams & Lloyd 1998: If the Schrödinger equation governing quantum mechanics were nonlinear, one could exploit that fact to solve NP-complete problems in polynomial time

No solutions1 solution to NP-complete problem

One way to interpret this result: as additional evidence that the

Schrödinger equation is linear…

Do the first step of a computation in 1 second, the next in ½ second, the next in ¼ second, etc.

Problem: “Quantum foaminess”

“Zeno Computing”

Below the Planck scale (10-33 cm or 10-43 sec), our usual picture of space and time breaks down in not-yet-understood ways…

Quantum AdviceCould there be a fixed quantum state that’s been sitting around since the Big Bang—and that if found, would be a “magic key” to performing quantum computations that were otherwise infeasible?

[A. 2004]: Even under such a strange assumption, we still couldn’t solve NP-complete problems in polynomial time without exploiting the problem structure

www.scottaaronson.com/papers