Exploring the Limits of the Efficiently Computable

Research Directions I Like In Complexity and Physics

Scott Aaronson (MIT)Papers and slides at www.scottaaronson.com

Quantum Mechanics in One Slide

n

1

nnn

n

uu

uu

1

111

n

1

1,1

2

n

iii C

Quantum Mechanics:

Linear transformations that conserve 2-norm of

amplitude vectors:Unitary matrices

np

p

1

nnn

n

ss

ss

1

111

nq

q

1

1,01

n

iii pp

Probability Theory:

Linear transformations that conserve 1-norm of

probability vectors:Stochastic matrices

A general entangled state of n qubits requires ~2n amplitudes to specify:

Quantum Computing

nxx x

1,0

Presents an obvious practical problem when using conventional computers to simulate quantum mechanics

Feynman 1981: So then why not turn things around, and build computers that themselves exploit superposition?

Could such a machine get any advantage over a classical computer with a random number generator? If so, it would have to come from interference between amplitudes

BQP (Bounded-Error Quantum Polynomial-Time): The class of problems solvable efficiently by a quantum computer, defined by Bernstein and Vazirani in 1993

Shor 1994: Factoring integers is in BQP

NP

NP-complete

P

FactoringBQP

Interesting

1. Meeting Experimentalists Halfway

Using complexity theory to find quantum advantage in systems of current experimental interest (e.g. linear-optical networks), which fall short of universal quantum computers

2. Publicly-Verifiable Quantum Money

First scheme based on a “standard” crypto assumption

3. Rise and Fall of Complexity in Thermodynamic Systems

Resource-bounded sophistication and coffee cups

This Talk: Three Recent Directions

1. Meeting Experimentalists Halfway

BosonSampling (A.-Arkhipov 2011)

A rudimentary type of quantum computing, involving only non-interacting photons

Classical counterpart: Galton’s Board

Replacing the balls by photons leads to famously counterintuitive phenomena,

like the Hong-Ou-Mandel dip

In general, we consider a network of beamsplitters, with n input “modes” (locations) and m>>n output modesn identical photons enter, one per input modeAssume for simplicity they all leave in different modes—there are possibilities

The beamsplitter network defines a column-orthonormal matrix ACmn, such that

nS

n

iiixX

1,Per

n

m

2PeroutcomePr SAS

where nn submatrix of A corresponding to S

Amazing connection between permanents and physics, which even leads to a simpler proof of Valiant’s famous result that the permanent is #P-complete [A. 2011]

So, Can We Use Quantum Optics to Solve a #P-Complete Problem?

Explanation: If X is sub-unitary, then |Per(X)|2 will usually be exponentially small. So to get a reasonable estimate of |Per(X)|2 for a given X, we’d generally need to repeat the optical experiment exponentially many times

That sounds way too good to be true…

Better idea: Given ACmn as input, let BosonSampling be the problem of merely sampling from the same distribution DA that the beamsplitter network samples from—the one defined by Pr[S]=|Per(AS)|2

Theorem (A.-Arkhipov 2011): Suppose BosonSampling is solvable in classical polynomial time. Then P#P=BPPNP

Better Theorem: Suppose we can sample DA even approximately in classical polynomial time. Then in BPPNP, it’s possible to estimate Per(X), with high probability over a Gaussian random matrix nn

CΝX 1,0~

Upshot: Compared to (say) Shor’s factoring algorithm, we get different/stronger evidence that a

weaker system can do something classically hard

We conjecture that the above problem is already #P-complete. If it is, then a fast classical algorithm for approximate BosonSampling would already have the consequence that P#P=BPPNP

Prove #P-completeness for natural average-case approximation problems (like permanents of Gaussians)—thereby yielding hardness for approximate BosonSampling

As a first step, understand the distribution of Per(X), X Gaussian

Early experimental implementations have been done (Rome, Brisbane, Vienna, Oxford)! But so far with just 3-4 photons. For scaling, will be crucial to understand the complexity of BosonSampling when a constant fraction of photons are lost

Can the BosonSampling model solve hard “conventional” problems? How do we verify that a BosonSampling device is working correctly? [A.-Arkhipov 2014, A.-Nguyen 2014]

BosonSampling with thermal states: fast classical algorithm to approximate Per(X) when X is positive semidefinite?

Challenges

Can a quantum computer solve problems for which a classical computer can’t even efficiently verify the answers? Or better yet: that are still classically hard even if P=NP?

BQP vs. the Polynomial Hierarchy

BosonSampling: A candidate for such a problem. If it’s solvable anywhere in BPPPH, then PH collapses.

A. 2009: Unconditionally, there’s a black-box sampling problem (Fourier Sampling) solvable in BQP but not in BPPPH

Boils down to: are there problems in BQP but not in PH?

Given a Boolean function 1,11,0: nfoutput z0,1n with probability 2ˆ zf

nx

zx

nxfzf

1,0

12

1:ˆ

What’s the largest possible quantum speedup?

“Forrelation”: Given two Boolean functions f,g:0,1n-1,1, estimate how correlated g is with the Fourier transform of f:

?6.0

?01.01

2

1

1,0,2/3

nyx

yx

nygxf

A.-Ambainis 2014: This problem is solvable using only 1 quantum query, but requires at least ~2n/2/n queries classically

Furthermore, this separation is essentially the largest possible! Any N-bit problem that’s solvable with k quantum queries, is also solvable with ~N1-1/2k classical queries

Conjecture (A. 2009): Forrelation Polynomial Hierarchy

2. Publicly-Verifiable Quantum Money

Quantum MoneyIdea: Quantum states that can be created by a bank, traded as currency, and verified as legitimate, but can’t be cloned by counterfeiters, because of quantum mechanics’ No-Cloning Theorem

A.-Christiano 2012: First quantum money scheme where anyone can verify a bill, and whose security is based on a “conventional” crypto assumption

Wiesner ca. 1970: First quantum money scheme, but only the bank could verify the bills. If anyone can verify a bill, then computational assumptions clearly needed, in addition to QM

Our Hidden Subspace Scheme

Ax

nxA

4/2

1:

Quantum money state:

2

dim

2

nA

GFA nR

Corresponding “serial number” s: Somehow describes how to check membership in A and in A (the dual subspace of A), yet doesn’t reveal A or A

Our proposal: Random low-degree polynomials p1,…,pm and q1,…,qm that vanish on A and A respectively

Mint can easily choose a random A and prepare |A

Procedure to Verify Money State(assuming ability to decide membership in A and A)

A

A

1. Project onto A elements (reject if this fails)

2. Hadamard all n qubits to map |A to |A

3. Project onto A elements (reject if this fails)

4. Hadamard all n qubits to return state to |A

Theorem: The above just implements a projection onto |A—i.e., it accepts | with probability ||A|2

Security

Theorem: There’s no efficient counterfeiting procedure, assuming there’s no an efficient quantum algorithm to learn a basis for A with 2-O(n) probability, given p1,…,pm and q1,…,qm. [Recently: Attack on noiseless version of scheme]

Theorem: If the A and A membership tests are black boxes, then any counterfeiting procedure requires Ω(2n/2) queries to them.

3. Rise and Fall of Complexity in Thermodynamic Systems

How to Measure Interesting Structure?Can define structure and in many other ways

One simpleminded measure: the Kolmogorov complexity of a coarse-grained description of our cellular automaton or other system

Sean Carroll’s example:

The Coffee AutomatonA., Carroll, Mohan, Ouellette, Werness 2015: A probabilistic nn reversible system that starts half “coffee” and half “cream.” At each time step, we randomly “shear” half the coffee cup horizontally or vertically (assuming a toroidal cup)

We prove that the apparent complexity of this image has a rising-falling pattern, with a maximum of at least ~n1/6

Quantum lower bound for the collision problem [A. 2002]

Quantum (+classical!) lower bound for local search [A. 2004]

First direct product theorem for quantum search [A. 2004]

PostBQP = PP [A. 2004]

BQP/qpoly QMA/poly, learnability of quantum states [A.-Drucker 2010, A. 2004, A. 2006]

Algebrization [A.-Wigderson 2008]

Other Work

Some Future DirectionsQuantum copy-protected software

Complexity theory of quantum states and unitary transformations

Classification of quantum gate sets

Noisy BosonSampling

The power of quantum proofs

See also my talk at Perimeter on Wednesday at 10:30, for complexity and quantum gravity!