Hawking Quantum Wares at the Classical Complexity Bazaar Scott Aaronson (MIT) My Personal View Even if quantum mechanics hadn’t existed, theoretical computer scientists would eventually have had to invent it. Furthermore, understanding that point is not the worst way to learn about quantum mechanics itself! As Umesh discussed yesterday, today there are deep links—in both directions—between quantum computing and classical theoretical computer science To illustrate, I’ll start by telling you about one of my favorite pastimes: using quantum computing ideas to give simpler proofs of classical complexity theorems. Then I’ll tell you about lots of classical complexity questions that arose from quantum computing. In QC, each amplitude can be written as the sum of contributions from exponentially many paths: Furthermore, computing (or even approximating) a single amplitude is #P-complete! (#P: class of combinatorial counting problems) This simple observation turns out to provide surprising leverage in using quantum computing to prove statements about #P and vice versa Early example: PP (“decision version of #P”) is the class of languages decidable by a polynomial-time randomized algorithm that only needs to accept with probability  ½ if the answer is “yes,” or < ½ if the answer is “no” Theorem (Beigel-Reingold-Spielman 1991): PP is closed under intersection. Theorem (A. 2004): PP = PostBQP (i.e., quantum polynomial time with postselected measurements). This immediately gave a simpler proof of BeigelReingold-Spielman! Matrix Permanent: Valiant won last year’s Turing Award partly for his seminal proof in 1979 that this function is #P-complete— a proof that required strange, custom-made “gadgets” Last year I gave a new, simpler (I think!) proof of #Pcompleteness by combining three facts: (1) n-photon amplitudes correspond to nn permanents (2) Postselected quantum optics can simulate universal quantum computation [Knill-Laflamme-Milburn 2001] (3) Quantum computations can encode #P-complete quantities in their amplitudes One can also go the opposite direction, and use the #Pcompleteness of the permanent to say things about linear-optical quantum computing A.-Arkhipov 2011: Suppose every probability distribution that’s efficiently samplable by a linear-optical QC (even without adaptive measurements) is also efficiently samplable by a classical computer. Then P#P=BPPNP, and hence the polynomial hierarchy collapses. (Compared to Shor’s algorithm, “stronger” evidence that a “weaker” system can do something classical computers can’t, albeit no clear practical value) But the “right” question is, would an efficient classical algorithm that sampled a distribution close (in variation distance) to the linear-optical quantum computer’s, already imply a collapse of PH? The Gaussian Permanent Estimation (GPE) Problem: Given a matrix A with i.i.d. N(0,1) complex Gaussian entries, approximate Per(A) to within n! with probability 1- over A, in poly(n,1/,1/) time Conjecture: GPE is #P-complete. (As the variants that involve only approximation or average-case, but not both, are already known to be!) Theorem (AA): Assuming this conjecture, even fast approximate classical simulation of a linear-optical quantum computer would imply P#P=BPPNP. A crucial stepping-stone toward proving our #Pcompleteness conjecture would be to prove the following… Permanent Anti-Concentration Conjecture: There exist constants C,D and >0 such that for all n and >0, Pr X ~ N 0,1Cnn PerX    n! Cn  D  Empirically true! Also, we can prove it with determinant in place of permanent Relating Sampling to Search Theorem (A. 2011): Suppose classical computers can efficiently solve every search problem that quantum computers can solve. Then they can also efficiently sample every probability distribution that quantum computers can sample. Proof based on Kolmogorov complexity; almost nothing specific to quantum computing Can we similarly relate open questions about decision problems, promise problems, etc. to one another? Given Boolean functions f1,...,fk:{0,1}n{-1,1}, consider the following quantity R, which I call the forrelation: Observation: Given oracle access to the fi’s, there’s a polynomial-time quantum algorithm that approximates R to within 2(k+1)n/2, for all k=poly(n). Theorem (A. 2009): R can’t be so approximated in BPP or MA, even when k=2. Conjecture: R can’t even be approximated in PH. If so, this would give an oracle separation between BQP and PH, solving one of the main open problems of quantum complexity theory since 1993. A Recent Speculation In certain precise senses, the k-fold forrelation problem captures everything quantum computers can do Conjecture: k-fold forrelation yields the largest possible separation between quantum and randomized query complexities—O(k) versus (n1-1/2k) Partial proof (unpublished) by Ambainis Conjecture (a few days ago): If k=poly(n), and f1,...,fk are described by Boolean circuits, then k-fold forrelation is BQP-complete “Instantiating” Oracles Does the quantum algorithm for Forrelation have any actual applications? E.g., when k=2, are there pairs of efficiently-computable Boolean functions f,g, for which it’s interesting to know how well f is correlated with g’s Fourier transform? Old question (but still a good one). Consider Simon’s problem, where you’re given black-box access to a Boolean function f:{0,1}n{0,1}n, promised there exists an s0n such that f(x)=f(y)y=xs. Is there any interesting way to instantiate the black box by an efficiently computable function? Ike mentioned quantum money. This year, Paul Christiano and I proposed a new scheme for quantum Challenges: Is can this verify, actually How else money that anyone butsecure? that can’t be efficiently can one under provide “obfuscated programs” for counterfeited a plausible cryptographic membership? assumption.testing Given asubspace random subspace AF2n with dim(A)=n/2, our quantum dollar bills look like this: where the pi’s and qi’s are uniformly-random degree-4 polynomials that vanish on A and its dual subspace A* respectively. Using these polynomials, one can efficiently verify |A, but we conjecture that they don’t let one efficiently learn A or even copy |A. BPP-Complete Problems? Today, we know many nontrivial BQP-complete (promise) problems: Approximating the Jones polynomial Adiabatic evolution Approximate linear algebra on exp(n)-size matrices Ironically, progress on classical randomized computation lags behind here! Are there problems that are BPP-complete for interesting reasons? My candidate: Simulating simulated annealing The A.-Ambainis Conjecture “Every bounded low-degree polynomial has a highly influential variable” Formally: Let p:RnR be a real polynomial of degree d. Suppose 0p(x)1 for all x{0,1}n, and Then there’s an i[n] such that, if xi=x with ith bit flipped, Theorem (AA 2011): Suppose this conjecture holds. Then given any T-query quantum algorithm A, one can approximate A’s acceptance probability on most Boolean inputs by a poly(T)-query randomized algorithm. Also, one can’t prove PABQPA relative to a random oracle A, without also proving PP#P in the unrelativized world. Problem: Given an n2n2 Hermitian matrix A, with all eigenvalues in [0,1]. Approximate, to additive error , Theorem (Blier-Tapp 2009): If =1/poly(n), this problem is NP-complete. Theorem (ABDFS 2009 + Harrow-Montanaro 2010): If  is constant, this problem can’t be in P unless 3SAT is solvable in 2O(n) time. [Proof uses quantum + PCP Theorem!] Quantum Motivation: If the problem is NP-complete, then (almost certainly) QMA(2)=NEXP. If it’s solvable in npolylog(n) time, then QMA(2)EXP. Barak et al. 2012: Amazing connections to better-known problems, like Unique Games, Planted Clique... Summary I agree with Umesh. Quantum computing is fertilizing classical complexity theory with so many new questions (and sometimes even answers), that it will probably get harder and harder to be a classical complexity theorist, if you avert your eyes whenever you see a bra or ket.