Post on 19-Dec-2015
transcript
Exploring the Limits of the Efficiently Computable
Scott Aaronson (MIT)Papers & slides at www.scottaaronson.com
Things we never see…
Warp drive Perpetuum mobile
GOLDBACH CONJECTURE: TRUE
NEXT QUESTION
Übercomputer
The (seeming) impossibility of the first two machines reflects fundamental principles of physics—Special Relativity and the Second Law respectively
So what about the third one? What are the ultimate physical limits on what can be feasibly computed? And do those limits have any implications for physics?
P=NP?This sounds like (literally) a $1,000,000 question:
Conjecture/”Law”: PNPAlas, proving this will be hard!
Why? Relativization, Natural Proofs, Algebrization [A.-Wigderson 2008]
NP: Nondeterministic Polynomial-Time
P: Polynomial-Time
The Extended Church-Turing Thesis (ECT)
“Any physically-realistic computing device can be simulated by a
deterministic or probabilistic Turing machine, with at most polynomial
overhead in time and memory”
But how sure are we of this thesis?What would a challenge to it look like?
An important presupposition underlying P vs. NP is the
Old proposal: Dip two glass plates with pegs between them into soapy water.
Let the soap bubbles form a minimum Steiner tree connecting the pegs—thereby solving a known NP-hard problem “instantaneously”
“Like probability, but with minus signs”
What About Quantum Mechanics?
n
1
nnn
n
uu
uu
1
111
n
1
1,1
2
n
iii C
Quantum Mechanics:
Linear transformations that conserve 2-norm of
amplitude vectors:Unitary matrices
np
p
1
nnn
n
ss
ss
1
111
nq
q
1
1,01
n
iii pp
Probability Theory:
Linear transformations that conserve 1-norm of
probability vectors:Stochastic matrices
A general entangled state of n qubits requires ~2n amplitudes to specify:
Quantum Computing
nxx x
1,0
Presents an obvious practical problem when using conventional computers to simulate quantum mechanics
Feynman 1981: So then why not turn things around, and build computers that themselves exploit superposition?
Could such a machine get any advantage over a classical computer with a random number generator? If so, it would have to come from interference between amplitudes
BQP (Bounded-Error Quantum Polynomial-Time): The class of problems solvable efficiently by a quantum computer, defined by Bernstein and Vazirani in 1993
Shor 1994: Factoring integers is in BQP
NP
NP-complete
P
FactoringBQP
Interesting
But factoring is not believed to be NP-complete!
So, evidence for P≠BQP?
Limits of BQP?
Suppose we just want a quantum system for which there’s good evidence that it’s hard to simulate classically—we don’t care what it’s useful for
BosonSampling
Our proposal: Identical single photons sent through network of interferometers, then measured at output modes
A.-Arkhipov 2011, Bremner-Jozsa-Shepherd 2011: In that case, we can plausibly improve both the hardware requirements and the evidence for classical hardness, compared to Shor’s factoring algorithm
We showed: if a fast, classical exact simulation of
BosonSampling is possible, then the polynomial hierarchy
collapses to the third level.
Experimental demonstrations with 3-4
photons achieved (by groups in Oxford,
Brisbane, Rome, Vienna)
Can a quantum computer solve problems for which a classical computer can’t even efficiently verify the answers? Or better yet: that are still classically hard even if P=NP?
BQP vs. the Polynomial Hierarchy
BosonSampling: A candidate for such a problem. If it’s solvable anywhere in BPPPH, then PH collapses.
A. 2009: Unconditionally, there’s a black-box sampling problem (Fourier Sampling) solvable in BQP but not in BPPPH
Boils down to: are there problems in BQP but not in PH?
Given a Boolean function 1,11,0: nfoutput z{0,1}n with probability 2ˆ zf
nx
zx
nxfzf
1,0
12
1:ˆ
The Quantum Black-Box ModelThe setting for much of what we know about the power of
quantum algorithms
i xi
An algorithm can make query transformations, which map
as well as arbitrary unitary transformations that don’t depend on X (we won’t worry about their computational cost).
wxaiwai iwaiwai ,,,, ,,,, (i=“query register,” a=“answer register,” w=“workspace”)
Its goal is to learn some property f(X) (for example: is X 1-to-1?)
X“Query complexity” of f: The minimum
number of queries used by any algorithm that outputs f(X), with high
probability, for every X of interest to us
X=x1…xN
Example 3: The Collision Problem. Given a 2-to-1 sequence X(1),…,X(N), find a collision (i.e., two indices i,j such that X(i)=X(j))
Models the breaking of collision-resistant hash functions—a central problem in cryptanalysis
10 4 1 8 7 9 11 5 6 4 2 10 3 2 7 9 11 5 1 6 3 8
Example 1: Grover search problem. Given X(1),…,X(N){0,1}, find an i such that X(i)=1. A quantum computer can solve with O(N) queries, but no faster!
Example 2: Period-finding (heart of Shor’s algorithm). Given a sequence X(1),…,X(N) that repeats with period rN, find the period. A quantum computer can do this with only O(1) queries—huge speedup over classical!
“More structured than Grover search, but less structured than Shor’s period-finding problem”
Birthday Paradox: Classically, ~N queries are necessary and sufficient to find a collision with high probability
Brassard-Høyer-Tapp 1997: Quantumly, ~N1/3 queries suffice
Grover search on N2/3 X(i)’s
N1/3 X(i) values queried classically
A. 2002: First quantum lower bound for the collision problem (~N1/5 queries are needed; no exponential speedup possible)
Shi 2002: Improved lower bound of ~N1/3. Brassard-Høyer-Tapp’s algorithm is the best possible
Symmetric ProblemsA.-Ambainis 2011: Massive generalization of collision lower bound. If f is any problem whatsoever that’s symmetric under permuting the inputs and outputs, and has sufficiently many outputs (like the collision problem), then
f’s classical query complexity (f’s quantum query complexity)7
Upshot: Need a “structured” promise if you want an exponential quantum speedup
Compare to Beals et al. 1998: If f:{0,1}N{0,1} is a total Boolean function (like OR, AND, MAJORITY, etc.),
f’s classical query complexity (f’s quantum query complexity)6
What’s the largest possible quantum speedup?
“Forrelation”: Given two Boolean functions f,g:{0,1}n{-1,1}, estimate how correlated g is with the Fourier transform of f:
?6.0
?01.01
2
1
1,0,2/3
nyx
yx
nygxf
A.-Ambainis 2014: This problem is solvable using only 1 quantum query, but requires at least ~2n/2/n queries classically
Furthermore, this separation is essentially the largest possible! Any N-bit problem that’s solvable with k quantum queries, is also solvable with ~N1-1/2k classical queries
Conjecture (A. 2009): Forrelation Polynomial Hierarchy
A complexity-theoretic argument against hidden variables?
A. 2004: Suppose that in addition to the quantum state, there were also “hidden variables” recording the “true” locations of particles (as in Bohmian mechanics). Then if you could sample the hidden variables’ entire histories, you could solve the collision problem in O(1) queries—beyond what a “garden-variety” quantum computer can do!
2
yx
N
x
xfxN 1
1Measure 2nd
register
xf
Computational Complexity and the Black-Hole Information Loss Problem
Maybe the single most striking application so far of complexity to fundamental physics
Hawking 1970s: Black holes radiate!
The radiation seems thermal (uncorrelated with whatever fell in)—but if quantum mechanics is true, then it can’t be
Susskind et al. 1990s: “Black-hole complementarity.” In string theory / quantum gravity, the Hawking radiation should just be a scrambled re-encoding of the same quantum states that are also inside the black hole
The Firewall Paradox [Almheiri et al. 2012]If the black hole interior is “built” out of the same qubits coming out as Hawking radiation, then why can’t we do something to those Hawking qubits (after waiting ~1070 years for enough to come out), then dive into the black hole, and see that we’ve completely destroyed the spacetime geometry in the interior?
Entanglement among Hawking photons detected!
Harlow-Hayden 2013: Sure, there’s some unitary transformation that Alice could apply to the Hawking radiation, that would generate a “firewall” inside the event horizon. But how long would it take her to apply it?
Plausible answer: Exponential in the number of qubits inside the black hole! Or for an astrophysical black hole,
70102~ yearsShe wouldn’t have made a dent before the black hole had already evaporated anyway! So … problem solved?
HH’s argument: If Alice could achieve (a plausible formalization of) her decoding task, then she could also efficiently solve the collision problemRecently, I strengthened the HH argument, to show that Alice could even invert arbitrary injective one-way functions
Quantum MoneyIdea: Quantum states that can be created by a bank, traded as currency, and verified as legitimate, but can’t be cloned by counterfeiters, because of quantum mechanics’ No-Cloning Theorem
A.-Christiano 2012: First quantum money scheme where anyone can verify a bill, and whose security is based on a “conventional” crypto assumption
Wiesner ca. 1970: First quantum money scheme, but only the bank could verify the bills. If anyone can verify a bill, then computational assumptions clearly needed, in addition to QM
Some Future Directions
Quantum copy-protected software
Complexity theory of quantum states and unitary transformations
Classification of quantum gate sets
Noisy BosonSampling
The power of quantum proofs