Transcript Slide 1

The Limits of Quantum Computers
(or: What We Can’t Do With Computers We Don’t Have)
Scott Aaronson (MIT)
NPcomplete
SZK
BQP
So then why can’t we
just ignore quantum
computing, and get
back to real work?
Because the universe isn’t classical
My picture of reality, as an eleven-year-old
messing around with BASIC:
+ details
(Also Stephen Wolfram’s current picture of reality)
Fancier version: Extended Church-Turing Thesis
Shor’s factoring algorithm
presents us with a choice
Either
1. the Extended Church-Turing Thesis is false,
2. textbook
quantum
mechanics is false, or
That’s
why YOU
should
care
3. there’s an efficient classical factoring algorithm.
about quantum
computing
All three seem
like crackpot speculations.
At least one of them is true!
One-Slide Summary
1. Quantum computing is not a panacea—and that
makes it more interesting rather than less!
2. On our current understanding, quantum computers
could “merely” break RSA, simulate quantum physics,
etc.—not solve generic search problems exponentially
faster
3. In this talk, I’ll tell you about some of the known limits
of quantum computers
4. I’ll also discuss a more general question: can NPcomplete problems be solved efficiently by any
physical means?
What Quantum Mechanics Says
If an object can be in two distinguishable states
|0 or |1, then it can also be in a superposition
|0 + |1
Here  and  are complex
amplitudes satisfying
||2+||2=1
If we observe, we see
|0 with probability ||2
|1 with probability ||2
Also, the object collapses to
whichever outcome we see
1
0 1
2
0
To modify a state
n

i 1
i
i
we can multiply vector of amplitudes by a
unitary matrix—one that preserves
n

i 1
2
i
1
0 1





1
2
1
2
1  1  1 

2  12   20
      
1  01   11
2   2   2 
1
0 1
2
We’re seeing interference of amplitudes—the
source of all “quantum weirdness”
2
0
Quantum Computing
A quantum state of n “qubits” takes 2n complex
numbers to describe:

x0,1
x x
n
The goal of quantum computing is to exploit this
exponentiality in our description of the world
Idea: Get paths leading to wrong answers to
“interfere destructively” and cancel each other out
Shor’s Result
Quantum computers can factor
integers in polynomial time
(thereby break RSA, thereby swipe
your credit card number…)
To prove this, Shor had to exploit a special
property of the factoring problem
(namely its reducibility to period-finding)
Ideas extend to computing discrete logarithms,
solving Pell’s equation, breaking elliptic curve
cryptography…
But these problems aren’t believed to be NP-complete
So the question remains: can quantum computers solve
NP-complete problems in polynomial time?
Bennett et al. 1997: “Quantum magic” won’t be enough
Suppose we throw away the problem structure, and just
consider an abstract space of 2n possible solutions
Then even a quantum computer will need ~2n/2 steps to
find a correct solution Note: This square-root speedup is
achievable, via “Grover’s algorithm”
The quantum adiabatic algorithm (Farhi et al. 2000)
does exploit problem structure. But it suffers from
provable limitations of its own…
Another example of a “quantum black-box
problem”: given a two-to-one function
f:[N][N], find any x,y pair such that f(x)=f(y)
28 12 18 76 96 82 94 99 21 78 88 93 39 44 64
32 99
94 66 92
64 95 46a 53
16 35 42 72
By70
the18
“birthday
paradox”,
randomized
31 algorithm
66 75 33has
93 to32examine
47 17 70
78 N
79numbers
36 63 40
N 37
of the
69 92 71 28 85 41 80 10 73 63 95 57 43 84 67
57[Brassard-Høyer-Tapp
31 62 39 65 74 24 1997]
90 26 Quantum
83 60 91algorithm
27 96 35
20 26
52 88
89 38 97
30 only
62 79
84 50 38
based
on Grover
that54
uses
N1/371queries
49 20 47 24 54 48 98 23 41 16 40 75 82 13 58
56 81 34 14 61 52 21 44 22 34 14 51 74 76 83
bound
better
37 Is
90that
58 optimal?
13 10 25Proving
29 11 a
56lower
68 12
61 51
23 77
than
for30
5 years
68 72 43
69 constant
46 87 97was
45 open
59 73
19 81 86 49
60 85 80 50 11 59 65 67 89 29 86 48 22 15 17
55 36 27 42 55 77 19 45 15 53 98 91 87 25 33
Motivation for the Collision Problem

Cryptographic
Hash Functions
Graph Isomorphism:
find a collision in
 1  G  , ,  n !  G  ,  1  H  , ,  n!  H 
Statistical Zero Knowledge (SZK) protocols
What makes the problem so hard?
Basically, that a quantum computer can almost find a
collision after one query to f!
1
N
x  y
N
 x f x 
x 1
2nd
Measure
register
f x 
2
“If only we could now measure twice!”
Or: if only we could see the whole trajectory of a
“hidden variable” coursing through the quantum system!
[A., Phys. Rev. A 2005]
Previous techniques weren’t sensitive to the fact that
quantum mechanics doesn’t allow these things
[A., STOC’02] N1/5 lower bound on
number of queries
needed by a quantum
computer to find
collisions
[Shi, FOCS’02] Improved to N1/3; also
[A.-Shi, J. ACM 2004] N2/3 lower bound for
element distinctness
[Kutin 2003] Simplifications and
[Ambainis 2003] generalizations
[Midrijanis 2003]
Cartoon Version of Proof
T-query quantum algorithm that
finds collisions in 2-to-1 functions
Suppose it exists by
way of contradiction…
T-query quantum algorithm that
distinguishes 1-to-1 from 2-to-1 functions
Let p(f) = probability
algorithm says f is 2-to-1
Let q(k) = average of p(f)
over all k-to-1 functions f
[Beals et al. 1998] p(f) is a
multilinear polynomial, of
degree at most 2T, in Boolean
indicator variables (f(x),y)
Crucial facts:
q(k)  [0,1] for all k=1,2,3,…
q(1)  1/3
q(2)  2/3
The magic step: q(k) itself is a univariate
polynomial in k, of degree at most 2T
Why?
That’s why
Bounded in [0,1] at integer points
1
q(k)
Large derivative
0
1
2
3
. . . . .
. . . . .
k
[A. A. Markov, 1889]:
degq  
N 2 / 5 max2 / 5 dqx  / dx
0 x  N
2 max2 / 5 qx 

 N
1/ 5

0 x  N
Hence the original quantum algorithm must have
made (N1/5) queries
N2/5
“OK, so I accept that
quantum computers have
these limitations. Is there
any physical means to solve
(say) NP-complete problems
in polynomial time?”
Famous proposal for how to solve NP-complete
problems: Dip two glass plates with pegs between
them into soapy water. Let the soap bubbles form a
“minimum Steiner tree” connecting the pegs
Other proposals with obvious scaling problems:
protein folding, DNA computing, optical computing…
For the latest, please see Slashdot
“Relativity Computing”
DONE
Problem: Energy
needed to accelerate
to relativistic speed
Variant: Black hole
computing
Abrams & Lloyd 1998: If the Schrödinger
equation governing quantum mechanics were
nonlinear, one could exploit that fact to solve
NP-complete problems in polynomial time
One way to interpret this result: as
additional evidence that the
Schrödinger equation is linear…
1 solution to NP-complete problem
No solutions
“Zeno Computing”
Do the first step of a computation in 1 second, the
next in ½ second, the next in ¼ second, etc.
Problem: “Quantum foaminess”
Below the Planck scale (10-33 cm or 10-43 sec), our
usual picture of space and time breaks down in
not-yet-understood ways…
Quantum Advice
Could there be a fixed quantum state
that’s been sitting around since the Big
Bang—and that if found, would be a
“magic key” to performing quantum
computations that were otherwise
infeasible?
[A. 2004]: Even under such a strange assumption, we
still couldn’t solve NP-complete problems in polynomial
time without exploiting the problem structure
www.scottaaronson.com/papers