Here are the PowerPoint slides
When Exactly Do Quantum
Computers Provide A Speedup?
Scott Aaronson
MIT
“It’s been 20 years since Shor’s factoring
algorithm. Where are all the amazing new
quantum algorithms we were promised?”
Quantum
simulation
Factoring
Grover
search
Adiabatic alg /
quantum walks
+ A few other things…
…Is that all? What else is there?
Who promised you more quantum algorithms? Not me!
The Parallelism Fallacy
Fueling the belief that countless more quantum algorithms
should exist (or that are not finding them is a failure), seems
to be the idea that a quantum computer could just “try every
possible answer in parallel” (modulo some technical details)
But we’ve understood since the early 90s that that’s not how
quantum algorithms work! You need to choreograph an
interference pattern, where the unwanted paths cancel
The miracle, I’d say, is that this trick yields a
speedup for any classical problems, not that it
doesn’t work for more of them
Underappreciated challenge of quantum algorithms
research: beating 60 years of classical algorithms research
An Inconvenient Truth
If we set aside NP-complete problems, there just aren’t that
many compelling candidates left for exponential quantum
speedups! (And for many of those, we do have exponential speedups,
and for many of the rest we have polynomial ones)
3SAT
NP-hard
NP-complete
NP
BQP
(Quantum P)
P
P≠BQP, NPBQP:
Plausible conjectures,
which we have no
hope of proving given
the current state of
complexity theory
Rest of the Talk
I.
Survey of the main families of quantum algorithms
that have been discovered (and their limitations)
II. Results in the black-box model, which aim toward
a general theory of when quantum speedups are
possible
Quantum Simulation
“What a QC does in its sleep”
The “original” application of QCs!
My personal view: still the most
important one
Major applications (high-Tc superconductivity, protein
folding, nanofabrication, photovoltaics…)
High confidence in possibility of a quantum speedup
Can plausibly realize even before universal QCs are
available
BosonSampling
Suppose we just want a quantum system for which there’s
good complexity-theoretic evidence that it’s hard to simulate
classically—we don’t care what it’s useful for
A.-Arkhipov 2011, Bremner-Jozsa-Shepherd 2011: In that
case, we can plausibly improve both the hardware
We showed: if a fast, classical
requirements and the evidence for classicalExperimental
hardness,
exact
of algorithm
demonstrations with 3-4
compared
to simulation
Shor’s factoring
BosonSampling is possible,
photons achieved (by
Ourhierarchy
proposal:
then the polynomial
groups in Oxford,
Identical
single Brisbane, Rome, Vienna)
collapses to the third
level.
photons sent
through network of
interferometers,
then measured at
output modes
Shor-like Algorithms
“The magic of the Interesting
Fourier transform”
In BQP: Pretty much anything you can think of that
reduces to finding hidden structure in abelian groups
Factoring, discrete log, elliptic curve problems, Pell’s
equation, unit groups, class groups, Simon’s problem…
Breaks almost all public-key cryptosystems used today
But theoretical public-key systems exist that are unaffected
Attempt to go further: Hidden Subgroup Framework
Can Shor’s algorithm be generalized to nonabelian groups?
Hidden Subgroup Problem
Given: A finite group G, a function f:GZ such that f(x)=f(y) iff
x,y belong to the same coset of a “hidden subgroup” H≤G
Problem: Find generators for H
Classically, this problem could require ~
G queries to f
Ettinger-Høyer-Knill 1997: Quantumly, logO(1)(|G|) queries
always suffice But if G is nonabelian, “interpreting the results” of
those queries could still be extremely hard!
Example Application:
Graph Isomorphism ≤
HSP over the symmetric group
Alas, nonabelian HSP has been the Afghanistan of quantum algorithms!
Grover-like Algorithms
Quadratic speedup for any problem
involving searching an unordered list,
provided the list elements can be
queried in superposition
Implies subquadratic speedups for
many other basic problems
Bennett et al. 1997: For black-box searching, the squareroot speedup of Grover’s algorithm is the best possible
Quantum Walk Algorithms
Childs et al. 2003: Quantum walks can achieve provable
exponential speedups over any classical algorithm (in query
complexity), but for extremely “fine-tuned” graphs
Also lots of
polynomial
speedups—e.g.,
Element Distinctness
in O(N2/3) time
(Ambainis 2003)
THE GLUED TREES
Quantum Adiabatic Algorithm
(Farhi et al. 2000)
Hi
Hamiltonian with easilyprepared ground state
Hf
Ground state encodes solution
to NP-complete problem
Problem: “Eigenvalue gap”
can be exponentially small
Landscapeology
Adiabatic algorithm can find global
minimum exponentially faster than
simulated annealing (though maybe other
classical algorithms do better)
Simulated annealing can find global
minimum exponentially faster than
adiabatic algorithm (!)
Simulated annealing and adiabatic
algorithm both need exponential time
to find global minimum
Quantum Machine Learning Algorithms
‘Exponential quantum speedups’ for solving linear
systems, support vector machines, Google PageRank,
computing Betti numbers…
THE FINE PRINT:
1. Don’t get solution vector explicitly, but only as vector of
amplitudes. Need to measure to learn anything!
2. Dependence on condition number could kill exponential speedup
3. Need a way of loading huge amounts of data into quantum state
(which, again, could kill exponential speedup)
4. Not ruled out that there are fast randomized algorithms for the
same problems (even just considering query complexity)
“But you just listed a bunch of examples
where you know a quantum speedup, and
other examples where you don’t! What
you guys need is a theory, which would tell
you from first principles when quantum
speedups are possible.”
The Quantum Black-Box Model
The setting for much of what we know about the power of
quantum algorithms
x
f
f(x)
“Query complexity” of F: The minimum
An algorithm can make query transformations, which map
number of queries used by any
x, w
x,aalgorithm
outputs
x,a,wF(f),
x, awith
fhigh
, w x, a, wthat
probability,
everya=“answer
f of interest
to w=“workspace”)
us
(x=“queryfor
register,”
register,”
as well as arbitrary unitary transformations that don’t depend
on f (we won’t worry about their computational cost).
Its goal is to learn some property F(f) (for example: is f 1-to-1?)
Total Boolean Functions
F : 0,1 0,1
N
D(F): Deterministic query complexity of F
R(F): Randomized query complexity
Q(F): Quantum query complexity
Example: DORN RORN N ,
QORN ~ N
Theorem (Beals et al. 1998): For all Boolean functions F,
D F O Q F
6
How to reconcile with the exponential
speedup of Shor’s algorithm? Totality.
Longstanding Open Problem: Is there any Boolean function
with a quantum quantum/classical gap better than quadratic?
Almost-Total Functions?
Conjecture (A.-Ambainis 2011): Let Q be any quantum
algorithm that makes T queries to an input X{0,1}N.
Then there’s a classical randomized that makes poly(T,1/,1/)
queries to X, and that approximates Pr[Q accepts X] to within
on a ≥1- fraction of X’s
Theorem (A.-Ambainis): This would follow from an extremely
natural conjecture in discrete Fourier analysis (“every bounded
low-degree polynomial p:{0,1}N[0,1] has a highly influential
variable”)
The Collision Problem
Given a 2-to-1 function f:{1,…,N}{1,…,N}, find a
collision (i.e., two inputs x,y such that f(x)=f(y))
10 4 1 8 7 9 11 5 6 4 2 10 3 2 7 9 11 5 1 6 3 8
Interesting
Variant: Promised that f is either 2-to-1 or 1-to-1,
decide which
Models the breaking of collision-resistant hash
functions—a central problem in cryptanalysis
“More structured than Grover search, but less
structured than Shor’s period-finding problem”
Birthday Paradox: Classically, ~N queries are necessary
and sufficient to find a collision with high probability
Brassard-Høyer-Tapp 1997: Quantumly, ~N1/3 queries suffice
Grover on N2/3 f(x) values
N1/3 f(x) values queried classically
A. 2002: First quantum lower bound for the collision problem
(~N1/5 queries are needed; no exponential speedup possible)
Shi 2002: Improved lower bound of ~N1/3. Brassard-HøyerTapp’s algorithm is the best possible
Symmetric Problems
A.-Ambainis 2011: Massive generalization of collision lower
bound. If F is any function whatsoever that’s symmetric
under permuting the inputs and outputs, and has sufficiently
many outputs (like collision, element distinctness, etc.), then
RF O QF poly log QF
7
New Results (Ben-David 2014): If F:SN{0,1} is any Boolean
function of permutations, then D(F)=O(Q(F)12). If F is any
function with a symmetric promise, and at most M possible
results of each query, then R(F)=O(Q(F)12(M-1)).
Upshot: Need a “structured” promise if you want an
exponential quantum speedup
What’s the largest possible
quantum speedup?
Period-finding: O(1) quantum queries, ~N1/4 classical queries
Simon’s problem, the glued-trees problem: O(log N) quantum
queries, ~N classical queries
Can we do even better?
Forrelation (A. 2009): Given two Boolean functions
f,g:{0,1}n{-1,1}, estimate how correlated g is with the Fourier
transform of f:
1
2
3n / 2
f x 1
x y
x , y0 ,1n
gy
1/ 3?
2 / 3?
f(0000)=-1
f(0001)=+1
f(0010)=+1
f(0011)=+1
f(0100)=-1
f(0101)=+1
f(0110)=+1
f(0111)=-1
f(1000)=+1
f(1001)=-1
f(1010)=+1
f(1011)=-1
f(1100)=+1
f(1101)=-1
f(1110)=-1
f(1111)=+1
Example
g(0000)=+1
g(0001)=+1
g(0010)=-1
g(0011)=-1
g(0100)=+1
g(0101)=+1
g(0110)=-1
g(0111)=-1
g(1000)=+1
g(1001)=-1
g(1010)=-1
g(1011)=-1
g(1100)=+1
g(1101)=-1
g(1110)=-1
g(1111)=+1
Trivial 2-query quantum algorithm for Forrelation!
|0
H
|0
H
|0
H
H
f
H
H
H
g
H
H
(Can even improve to 1 query using standard tricks)
A.-Ambainis 2014: By contrast, any classical randomized
algorithm to solve Forrelation needs at least N / logN queries
Furthermore, this separation is optimal: any problem solvable
with k quantum queries, is also solvable with ~N1-1/2k classical
randomized queries
Our Conjecture: The above is tight for all k. A generalization
of Forrelation involving k Boolean functions achieves it.
Summary
Exponential quantum speedups depend on structure
For example, abelian group structure, glued-trees structure,
forrelational structure…
Sometimes we can even find such structure in real, non-blackbox problems of practical interest (e.g., factoring)
After 20 years of quantum algorithms research, we know a
lot about which kinds of structure suffice
The black-box model lets us make formal statements about
what kinds of structure don’t suffice for exponential speedups
In both cases, of course, many open problems remain
Single most important application of QC (in my opinion):
Disproving the people who said QC was impossible!
© Copyright 2024