when exactly do quantum computers provide a speedup? scott aaronson mit
TRANSCRIPT
When Exactly Do Quantum Computers Provide A Speedup?
Scott AaronsonMIT
“It’s been 20 years since Shor’s factoring algorithm. Where are all the amazing new quantum algorithms we were promised?”
Who promised you more quantum algorithms? Not me!
…Is that all? What else is there?
Quantum simulationFactoring
Grover search Adiabatic alg / quantum walks
+ A few other things…
The Parallelism Fallacy
Fueling the belief that countless more quantum algorithms should exist (or that are not finding them is a failure), seems to be the idea that a quantum computer could just “try every possible answer in parallel” (modulo some technical details)
But we’ve understood since the early 90s that that’s not how quantum algorithms work! You need to choreograph an interference pattern, where the unwanted paths cancel
The miracle, I’d say, is that this trick yields a speedup for any classical problems, not that it doesn’t work for more of them
Underappreciated challenge of quantum algorithms research: beating 60 years of classical algorithms research
An Inconvenient Truth
If we set aside NP-complete problems, there just aren’t that many compelling candidates left for exponential quantum speedups! (And for many of those, we do
have exponential speedups, and for many of the rest we have polynomial ones)
P
NP
NP-completeNP-hard
BQP(Quantum P)
Facto
ring
Graph Iso
Quant
um Si
m
3SAT
Lattice Problems
P≠BQP, NPBQP: Plausible conjectures,
which we have no hope of proving given
the current state of complexity theory
Rest of the Talk
I. Survey of the main families of quantum algorithms that have been discovered (and their limitations)
II. Results in the black-box model, which aim toward a general theory of when quantum speedups are possible
Quantum Simulation“What a QC does in its sleep”
The “original” application of QCs!
My personal view: still the most important one
Major applications (high-Tc superconductivity, protein folding, nanofabrication, photovoltaics…)
High confidence in possibility of a quantum speedup
Can plausibly realize even before universal QCs are available
Suppose we just want a quantum system for which there’s good complexity-theoretic evidence that it’s hard to simulate classically—we don’t care what it’s useful for
BosonSampling
Our proposal: Identical single photons sent through network of interferometers, then measured at output modes
A.-Arkhipov 2011, Bremner-Jozsa-Shepherd 2011: In that case, we can plausibly improve both the hardware requirements and the evidence for classical hardness, compared to Shor’s factoring algorithm
We showed: if a fast, classical exact simulation of
BosonSampling is possible, then the polynomial hierarchy
collapses to the third level.
Experimental demonstrations with 3-4
photons achieved (by groups in Oxford,
Brisbane, Rome, Vienna)
“The magic of the Fourier transform”
Shor-like AlgorithmsInteresting
In BQP: Pretty much anything you can think of that reduces to finding hidden structure in abelian groups
Factoring, discrete log, elliptic curve problems, Pell’s equation, unit groups, class groups, Simon’s problem…
Breaks almost all public-key cryptosystems used today
But theoretical public-key systems exist that are unaffected
Attempt to go further: Hidden Subgroup Framework
Can Shor’s algorithm be generalized to nonabelian groups?
Hidden Subgroup ProblemGiven: A finite group G, a function f:GZ such that f(x)=f(y) iff x,y belong to the same coset of a “hidden subgroup” H≤G
Problem: Find generators for H
But if G is nonabelian, “interpreting the results” of those queries could still be extremely hard!
Classically, this problem could require queries to f
Ettinger-Høyer-Knill 1997: Quantumly, logO(1)(|G|) queries always suffice
G~
Example Application:
Graph Isomorphism ≤HSP over the symmetric group
Alas, nonabelian HSP has been the Afghanistan of quantum algorithms!
Grover-like Algorithms
Bennett et al. 1997: For black-box searching, the square-root speedup of Grover’s algorithm is the best possible
Quadratic speedup for any problem involving searching an unordered list, provided the list elements can be queried in superposition
Implies subquadratic speedups for many other basic problems
Quantum Walk AlgorithmsChilds et al. 2003: Quantum walks can achieve provable exponential speedups over any classical algorithm (in query complexity), but for extremely “fine-tuned” graphs
Also lots of polynomial
speedups—e.g., Element Distinctness
in O(N2/3) time (Ambainis 2003)
THE GLUED TREES
Quantum Adiabatic Algorithm(Farhi et al. 2000)
HiHamiltonian with easily-prepared ground state
HfGround state encodes solution
to NP-complete problem
Problem: “Eigenvalue gap” can be exponentially small
LandscapeologyAdiabatic algorithm can find global minimum exponentially faster than simulated annealing (though maybe other classical algorithms do better)
Simulated annealing can find global minimum exponentially faster than adiabatic algorithm (!)
Simulated annealing and adiabatic algorithm both need exponential time to find global minimum
Quantum Machine Learning Algorithms
THE FINE PRINT:
1.Don’t get solution vector explicitly, but only as vector of amplitudes. Need to measure to learn anything!
2.Dependence on condition number could kill exponential speedup
3.Need a way of loading huge amounts of data into quantum state (which, again, could kill exponential speedup)
4.Not ruled out that there are fast randomized algorithms for the same problems (even just considering query complexity)
‘Exponential quantum speedups’ for solving linear systems, support vector machines, Google PageRank, computing Betti numbers…
“But you just listed a bunch of examples where you know a quantum speedup, and
other examples where you don’t! What you guys need is a theory, which would tell
you from first principles when quantum speedups are possible.”
The Quantum Black-Box ModelThe setting for much of what we know about the power of
quantum algorithms
fx f(x)
An algorithm can make query transformations, which map
as well as arbitrary unitary transformations that don’t depend on f (we won’t worry about their computational cost).
wxfaxwax waxwax ,,,, ,,,, (x=“query register,” a=“answer register,” w=“workspace”)
Its goal is to learn some property F(f) (for example: is f 1-to-1?)
“Query complexity” of F: The minimum number of queries used by any
algorithm that outputs F(f), with high probability, for every f of interest to us
Total Boolean Functions
1,01,0: NF
Example: NORQNORRORD NNN ~,
Theorem (Beals et al. 1998): For all Boolean functions F,
6FQOFD
How to reconcile with the exponential speedup of Shor’s algorithm? Totality.
Longstanding Open Problem: Is there any Boolean function with a quantum quantum/classical gap better than quadratic?
D(F): Deterministic query complexity of FR(F): Randomized query complexityQ(F): Quantum query complexity
Almost-Total Functions?
Conjecture (A.-Ambainis 2011): Let Q be any quantum algorithm that makes T queries to an input X{0,1}N.
Then there’s a classical randomized that makes poly(T,1/,1/) queries to X, and that approximates Pr[Q accepts X] to within on a ≥1- fraction of X’s
Theorem (A.-Ambainis): This would follow from an extremely natural conjecture in discrete Fourier analysis (“every bounded low-degree polynomial p:{0,1}N[0,1] has a highly influential variable”)
The Collision ProblemGiven a 2-to-1 function f:{1,…,N}{1,…,N}, find a collision (i.e., two inputs x,y such that f(x)=f(y))
Variant: Promised that f is either 2-to-1 or 1-to-1, decide which
Models the breaking of collision-resistant hash functions—a central problem in cryptanalysis
“More structured than Grover search, but less structured than Shor’s period-finding problem”
10 4 1 8 7 9 11 5 6 4 2 10 3 2 7 9 11 5 1 6 3 8Interesting
Birthday Paradox: Classically, ~N queries are necessary and sufficient to find a collision with high probability
Brassard-Høyer-Tapp 1997: Quantumly, ~N1/3 queries suffice
Grover on N2/3 f(x) values
N1/3 f(x) values queried classically
A. 2002: First quantum lower bound for the collision problem (~N1/5 queries are needed; no exponential speedup possible)
Shi 2002: Improved lower bound of ~N1/3. Brassard-Høyer-Tapp’s algorithm is the best possible
Symmetric Problems
New Results (Ben-David 2014): If F:SN{0,1} is any Boolean function of permutations, then D(F)=O(Q(F)12). If F is any function with a symmetric promise, and at most M possible results of each query, then R(F)=O(Q(F)12(M-1)).
A.-Ambainis 2011: Massive generalization of collision lower bound. If F is any function whatsoever that’s symmetric under permuting the inputs and outputs, and has sufficiently many outputs (like collision, element distinctness, etc.), then
FQFQOFR logpoly7
Upshot: Need a “structured” promise if you want an exponential quantum speedup
What’s the largest possible quantum speedup?
Period-finding: O(1) quantum queries, ~N1/4 classical queries
Simon’s problem, the glued-trees problem: O(log N) quantum queries, ~N classical queries
Forrelation (A. 2009): Given two Boolean functions f,g:{0,1}n{-1,1}, estimate how correlated g is with the Fourier transform of f:
?3/2
?3/11
2
1
1,0,2/3
nyx
yx
nygxf
Can we do even better?
Examplef(0000)=-1f(0001)=+1f(0010)=+1f(0011)=+1f(0100)=-1f(0101)=+1f(0110)=+1f(0111)=-1f(1000)=+1f(1001)=-1f(1010)=+1f(1011)=-1f(1100)=+1f(1101)=-1f(1110)=-1f(1111)=+1
g(0000)=+1g(0001)=+1g(0010)=-1g(0011)=-1g(0100)=+1g(0101)=+1g(0110)=-1g(0111)=-1g(1000)=+1g(1001)=-1g(1010)=-1g(1011)=-1g(1100)=+1g(1101)=-1g(1110)=-1g(1111)=+1
H
H
H
H
H
H
f
|0
|0
|0
g
H
H
H
Trivial 2-query quantum algorithm for Forrelation!
(Can even improve to 1 query using standard tricks)
A.-Ambainis 2014: By contrast, any classical randomized algorithm to solve Forrelation needs at least N / logN queries
Furthermore, this separation is optimal: any problem solvable with k quantum queries, is also solvable with ~N1-1/2k classical randomized queries
Our Conjecture: The above is tight for all k. A generalization of Forrelation involving k Boolean functions achieves it.
Summary
Single most important application of QC (in my opinion): Disproving the people who said QC was impossible!
Exponential quantum speedups depend on structure
For example, abelian group structure, glued-trees structure, forrelational structure…
After 20 years of quantum algorithms research, we know a lot about which kinds of structure sufficeThe black-box model lets us make formal statements about what kinds of structure don’t suffice for exponential speedups
In both cases, of course, many open problems remain
Sometimes we can even find such structure in real, non-black-box problems of practical interest (e.g., factoring)