Exploring the Limits of the Efficiently Computable

Research Directions I Like In Complexity and Physics

Scott Aaronson (MIT) Papers and slides at www.scottaaronson.com

Quantum Mechanics in One Slide Probability Theory:

s

11   

s n

1   

s

 1

n s nn

      

p



p n

1           

q



q n

1     

p i

 0 ,

i n

  1

p i

 1 Linear transformations that conserve 1-norm of probability vectors:

Stochastic matrices

Quantum Mechanics:

u

11   

u n

1    

i

 C ,

u

1

n



u nn

         

n

1       1     

n

 

i n

  1 

i

2  1 Linear transformations that conserve 2-norm of amplitude vectors:

Unitary matrices

Quantum Computing

A general entangled state of n qubits requires ~2 n to specify:    

x x x

  

n

amplitudes Presents an obvious practical problem when using conventional computers to

simulate

quantum mechanics

Feynman 1981:

So then why not turn things around, and build computers that

themselves

exploit superposition?

Could such a machine get any advantage over a classical computer with a random number generator? If so, it would have to come from

interference

between amplitudes

BQP (Bounded-Error Quantum Polynomial-Time):

The class defined by Bernstein and Vazirani in 1993

Shor 1994:

Factoring integers is in

BQP NP-complete BQP NP P

Factoring

This Talk: Three Recent Directions

1. Meeting Experimentalists Halfway

Using complexity theory to find quantum advantage in systems of current experimental interest (e.g. linear-optical networks), which fall short of universal quantum computers

2. Publicly-Verifiable Quantum Money

First scheme based on a “standard” crypto assumption

3. Rise and Fall of Complexity in Thermodynamic Systems

Resource-bounded sophistication and coffee cups

1. Meeting Experimentalists Halfway

BosonSampling

(A.-Arkhipov 2011)

A rudimentary type of quantum computing, involving only

non-interacting photons Classical counterpart:

Galton’s Board Replacing the balls by photons leads to famously counterintuitive phenomena, like the Hong-Ou-Mandel dip

In general, we consider a network of beamsplitters, with n input “modes” (locations) and m>>n output modes n identical photons enter, one per input mode Assume for simplicity they all leave in different modes—there are possibilities

n

The beamsplitter network defines a column-orthonormal matrix A  C m  n , such that where

Per

     

S n i n

 1

Pr

x i



outcome

, 

S

 

Per

 

S

n  n submatrix of A corresponding to S 2 Amazing connection between permanents and physics, which even leads to a simpler proof of Valiant’s famous result that the permanent is

#P

-complete [A. 2011]

So, Can We Use Quantum Optics to Solve a

#P

-Complete Problem?

That sounds way too good to be true…

Explanation:

If X is sub-unitary, then |Per(X)| 2 will usually be exponentially small. So to get a reasonable estimate of |Per(X)| 2 for a given X, we’d generally need to repeat the optical experiment exponentially many times

Better idea:

Given A  C m  n as input, let BosonSampling be the problem of merely sampling from the same distribution D A that the beamsplitter network samples from—the one defined by Pr[S]=|Per(A S )| 2

Theorem (A.-Arkhipov 2011):

Suppose BosonSampling is

#P

Compared to (say) Shor’s factoring

NP Better Theorem:

Suppose we can sample D A even

BPP NP

, it’s possible to estimate Per(X), with high probability over a Gaussian random matrix

X

~

Ν

 

n



n C

We conjecture that the above problem is already

#P

-complete. If it is, then a fast classical algorithm for approximate BosonSampling would already have the consequence that

P #P

=

BPP NP

Challenges

Prove

#P

-completeness for natural

average-case approximation problems

(like permanents of Gaussians)— thereby yielding hardness for approximate BosonSampling As a first step, understand the distribution of Per(X), X Gaussian Early experimental implementations have been done (Rome, Brisbane, Vienna, Oxford)! But so far with just 3-4 photons. For scaling, will be crucial to understand the complexity of BosonSampling when a constant fraction of photons are lost Can the BosonSampling model solve hard “conventional” problems? How do we verify that a BosonSampling device is working correctly? [A.-Arkhipov 2014, A.-Nguyen 2014] BosonSampling with thermal states: fast classical algorithm to approximate Per(X) when X is positive semidefinite?

BQP

vs. the Polynomial Hierarchy

Can a quantum computer solve problems for which a classical computer can’t even efficiently

verify

the answers? Or better yet: that are still classically hard even if

P

=

NP

?

Boils down to: are there problems in

BQP

but not in

PH

? BosonSampling: A candidate for such a problem. If it’s solvable anywhere in

BPP PH

, then

PH

collapses.

A. 2009: Unconditionally, there’s a black-box sampling problem (Fourier Sampling) solvable in

BQP

but not in

BPP PH

Given a Boolean function output z  {0,1} n

f

: with probability  

n f

ˆ   2 

f

ˆ :  1 2

n

1 , 1 

x

  

n

 

x



z f

What’s the largest possible quantum speedup?

“Forrelation”:

Given two Boolean functions f,g:{0,1} n  {-1,1}, estimate how correlated g is with the Fourier transform of f: 1 2 3

n

/ 2  0 .

01 ?

 0 .

6 ?

x

, 

y

  

n f

A.-Ambainis 2014:

This problem is solvable using only 1 quantum query, but requires at least ~2 n/2 /n queries classically Furthermore, this separation is essentially the largest possible!

Any

N-bit problem that’s solvable with k quantum queries, is also solvable with ~N 1-1/2k classical queries

Conjecture (A. 2009):

Forrelation  Polynomial Hierarchy

2. Publicly-Verifiable Quantum Money

Quantum Money

Idea:

Quantum states that can be created by a bank, traded as currency, and verified as legitimate, but can’t be cloned by counterfeiters, because of quantum mechanics’ No-Cloning Theorem   

Wiesner ca. 1970:

First quantum money scheme, but only the bank could verify the bills.

If anyone can verify a bill, then computational assumptions clearly needed, in addition to QM A.-Christiano 2012:

First quantum money scheme where anyone can verify a bill, and whose security is based on a “conventional” crypto assumption

Our Hidden Subspace Scheme Quantum money state:

A

:  1 2

n

/ 4

x

 

A x A



R GF

 

n

dim 

n

2 Mint can easily choose a random A and prepare |A 

Corresponding “serial number” s:

Somehow describes how to check membership in A

and

in A  subspace of A), yet doesn’t reveal A or A  (the dual

Our proposal:

and q 1 ,…,q m Random low-degree polynomials p 1 ,…,p m that vanish on A and A  respectively

Procedure to Verify Money State

(assuming ability to decide membership in A and A



)

A



A

1. Project onto A elements

(reject if this fails)

2. Hadamard all n qubits to map |A  to |A   3. Project onto A  elements

(reject if this fails)

4. Hadamard all n qubits to return state to |A 

Theorem:

The above just implements a projection onto |A  —i.e., it accepts |  with probability |  |A  | 2

Security

Theorem:

There’s no efficient counterfeiting procedure, assuming there’s no an efficient quantum algorithm to learn a basis for A with 2 -O(n) probability, given p 1 ,…,p m and q 1 ,…,q m . [Recently: Attack on noiseless version of scheme]

Theorem:

If the A and A  membership tests are black boxes, then any counterfeiting procedure requires Ω(2 n/2 ) queries to them.

3. Rise and Fall of Complexity in Thermodynamic Systems

How to Measure Interesting Structure?

Can define structure and in many other ways One simpleminded measure: the Kolmogorov complexity of a coarse-grained description of our cellular automaton or other system

Sean Carroll’s example:

The Coffee Automaton

A., Carroll, Mohan, Ouellette, Werness 2015:

A probabilistic n  n reversible system that starts half “coffee” and half “cream.” At each time step, we randomly “shear” half the coffee cup horizontally or vertically (assuming a toroidal cup) We prove that the apparent complexity of this image has a rising-falling pattern, with a maximum of at least ~n 1/6 500 450 400 350 300 250 200 150 100 50 -100 0 100 300 500

Time Steps

700 900

Other Work

Quantum lower bound for the collision problem [A. 2002] Quantum (+classical!) lower bound for local search [A. 2004] First direct product theorem for quantum search [A. 2004]

PostBQP

=

PP

[A. 2004]

BQP/qpoly



QMA/poly

, learnability of quantum states [A. Drucker 2010, A. 2004, A. 2006] Algebrization [A.-Wigderson 2008]

Some Future Directions

Quantum copy-protected software Complexity theory of quantum states and unitary transformations Classification of quantum gate sets Noisy BosonSampling The power of quantum proofs See also my talk at Perimeter on Wednesday at 10:30, for complexity and quantum gravity!