Download The Computer Science Picture of Reality

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
Document related concepts

Boson sampling wikipedia , lookup

Wave–particle duality wikipedia , lookup

Quantum chromodynamics wikipedia , lookup

Double-slit experiment wikipedia , lookup

Relativistic quantum mechanics wikipedia , lookup

Bra–ket notation wikipedia , lookup

Theoretical and experimental justification for the Schrödinger equation wikipedia , lookup

Bohr–Einstein debates wikipedia , lookup

Aharonov–Bohm effect wikipedia , lookup

Bell test experiments wikipedia , lookup

Basil Hiley wikipedia , lookup

Delayed choice quantum eraser wikipedia , lookup

Quantum decoherence wikipedia , lookup

Renormalization group wikipedia , lookup

Particle in a box wikipedia , lookup

Renormalization wikipedia , lookup

Measurement in quantum mechanics wikipedia , lookup

Topological quantum field theory wikipedia , lookup

Probability amplitude wikipedia , lookup

Density matrix wikipedia , lookup

Copenhagen interpretation wikipedia , lookup

Quantum electrodynamics wikipedia , lookup

Hydrogen atom wikipedia , lookup

Quantum entanglement wikipedia , lookup

Coherent states wikipedia , lookup

Quantum field theory wikipedia , lookup

Quantum dot wikipedia , lookup

Max Born wikipedia , lookup

Bell's theorem wikipedia , lookup

Scalar field theory wikipedia , lookup

Path integral formulation wikipedia , lookup

Many-worlds interpretation wikipedia , lookup

Quantum fiction wikipedia , lookup

Symmetry in quantum mechanics wikipedia , lookup

Quantum teleportation wikipedia , lookup

EPR paradox wikipedia , lookup

Orchestrated objective reduction wikipedia , lookup

Interpretations of quantum mechanics wikipedia , lookup

Quantum computing wikipedia , lookup

History of quantum field theory wikipedia , lookup

Quantum key distribution wikipedia , lookup

Quantum group wikipedia , lookup

T-symmetry wikipedia , lookup

Quantum state wikipedia , lookup

Quantum machine learning wikipedia , lookup

Canonical quantization wikipedia , lookup

Hidden variable theory wikipedia , lookup

Transcript 
Quantum Algorithms & Complexity
Umesh Vazirani
U.C. Berkeley
One does not, by knowing all the physical laws as we know
them today, immediately obtain an understanding of anything
much. (Richard Feynman, 1918-1988)
One does not, by knowing all the physical laws as we know
them today, immediately obtain an understanding of anything
much. (Richard Feynman, 1918-1988)
Quantum computers are the only known model of
Computation that violate the Extended Church-Turing
thesis.
Goals of Quantum Algorithms/Complexity
• Find exponential speedups for a range of natural
computational problems.
• Establish the limits of quantum algorithms.
• Relate quantum complexity classes, such as BQP and
QMA, to classical complexity classes, such as
BPP, MA, PH.
Goals of Quantum Algorithms/Complexity
• Find exponential speedups for a range of natural
computational problems.
• Establish the limits of quantum algorithms.
• Relate quantum complexity classes, such as BQP and
QMA, to classical complexity classes, such as
BPP, MA, PH.
Far reaching implications for cryptography,
computational complexity, physics, … Each of these
gives its own unique flavor to the questions.
Quantum resistant cryptography
• Quantum computers break much of modern cryptography.
RSA (factoring), Diffie-Helman (discrete log),
Elliptic curve crypto, Buchmann-Williams (Pell eqn)…
• Suppose we had a classical cryptosystem that was
as efficient and convenient as RSA, but was provably
not breakable even on a quantum computer.
• Then there would be an incentive to switch to the
new cryptosystem, well before a large scale quantum
computer were experimentally realized.
• Suppose we had a very efficient classical
cryptosystem that we believed was quantum resistant.
What kind of evidence could we present to “prove” it?
(Don’t have a working quantum computer to run heuristics)
• The answer relies crucially on our understanding of
the power and limitations of quantum computers.
Hidden Subgroup Problem
G finite group. H subgroup of G.
Given black box that evaluates f: G -> S:
f is constant on cosets of H.
Determine H.
G:
• G abelian: lens = fourier transform over G.
polynomial time quantum algorithm.
Shor: factoring. G = ZN. Period finding.
discrete log. G = Zp x Zp
[Hallgren] Pell’s equation
[van Dam, Hallgren, Ip] Hidden shift problems,
Breaking homomorphic encryption
[van Dam, Seroussi] Gauss sums
Quantum Algorithm for Abelian HSP
Random coset state: use f to set up state
 i  gH 
1
H

hH
gh
G:
=
gH
FT over G
H
FT over G:
FT + measurement gives uniformly random element of H 
Think of this as a random linear constraint on H …
Non-abelian hidden subgroup problem
Lens = (non-abelian) fourier transform over G.
Graph Isomorphism
SN Symmetric group
Short vector in Lattice:
Finding short vector not easy!
[Regev]
DN Dihedral group
Lattice Problems
• Finding short lattice vectors closely related to
Dihedral HSP.
• Random coset state preparation + Fourier sampling
gives sufficient info to reconstruct subgroup.
• But classically reconstructing subgroup appears to be
very difficult. Related to subset sum.
• Kuperberg’s
O( n )
2
quantum reconstruction algorithm.
Public-key cryptosystems based on Quantum
hardness of Shortest Lattice Vector.
[Ajtai-Dwork] cryptosystem.
[Regev]
• Improved efficiency based on assumption that finding
short lattice vectors is hard for quantum algorithms.
• New cryptosystem resembles hardness of solving noisy
linear equations mod p.
• Worst-case to average case reduction.
Learning with errors
Linear equations in n variables over Zp for p prime,
where n2 < p < 2n2
m noisy equations:
where a1 ,, am
and
ai , s  bi
 Z pn
ei  ai , s  bi is gaussian with mean 0 and standard
deviation n1.5
Theorem [Regev]: LWE is as hard as approximating
the shortest vector in a lattice to within n1.5
Worst-case to average-case reduction
• LWE specifies an average-case problem. Inputs
sampled from a fixed distribution.
• Quantum reduction showing that an arbitrary lattice
problem (worst-case) can be mapped to LWE.
• Example of the quantum method. Prove a purely
classical statement by quantum methods.
[Kerenidis, deWolf] lower bounds for locally
decodable codes.
LWE and Lattices
• Lattice L = {integer linear combinations of u1, …, un }
• Dual lattice L* = {v: <v,u> integer for all u in L}
• L* is the fourier transform of L.
LWE and Lattices
• Lattice L = {integer linear combinations of u1, …, un }
• Dual lattice L* = {v: <v,u> integer for all u in L}
• L* is the fourier transform of L.
DL
D*L
D*L
DL
• Sampling from DL with small width Gaussian implies
good approximation of shortest lattice vector.
• Polynomially large samples from DL yield an unbiased
estimator for D*L . If the width of the Gaussian
is large, this gives a way of, given x, approximating
the closest lattice vector to x in L*.
• Quantum reduction, given algorithm for approximating
closest vector in L*, to sampling from DL .
D*L
DL
• Sampling from DL with small width Gaussian implies good approximation
of shortest lattice vector.
• Polynomially large samples from DL yield an unbiased estimator for D*L .
If the width of the Gaussian is large, this gives a way of, given z,
approximating the closest lattice to z.
• Quantum reduction, given algorithm for approximating
closest vector in L*, to sampling from DL .

xL
x
 e y
y
2
/w
y  x
xL
To erase x, compute x given z=x+y: 
xL
 e y
2
/w
x y
2
/w
x y
y
0
 e y
y
Improving the Efficiency
Based on cyclic lattices:
• Lattices where the basis consists of vector v, and
all its cyclic shifts.
• Much more succinct. Key size n2 -> n
• Faster computation – use Fourier transforms.
• [Piekart, Rosen] collision resistant hash functions.
• [Gentry] Homomorphic encryption.
Open Questions
• Is there a quantum algorithm to find a short
vector in a cyclic lattice?
• Does the van Dam, Hallgren, Ip quantum algorithm for
breaking homomorphic encryption extend to
Gentry’s scheme?
• Is it possible to speed up Kuperberg’s quantum
reconstruction algorithm for the dihedral HSP?
• Is it possible to design a public-key cryptosystem
based on cyclic lattices?
Greater Security?
[Hallgren, Moore, Roettler, Russell, Sen 06] provide
very strong evidence of quantum hardness:
Hg1
Hg2
Hgk
k < poly(n) implies exponentially many measurements
For sufficiently non-abelian groups. Eg Sn, GLn
in particular: graph isomorphism.
Sufficiently non-abelian ~ exponential sized irreps + …
Can one base public-key cryptography on these stronger
impossibility results?
[Moore, Russell, V] One-way function, related to McEliese
Cryptosystem, based on hardness of HSP over GLn  Z 2
Goals of Quantum Algorithms/Complexity
• Find exponential speedups for a range of natural
computational problems.
• Establish the limits of quantum algorithms.
• Relate quantum complexity classes, such as BQP and
QMA, to classical complexity classes, such as
BPP, MA, PH.
An Old Question in Quantum Complexity Theory
• Is BQP C PH?
• [Bernstein, V ‘93] There is an oracle A: BQPA C MAA
Conjectured that same holds for PH – that recursive
fourier sampling is in BQP but not in PH.
• [Aaronson ‘09] Conjecture: Fourier checking is in
BQP, but not in PH.
Proof that this is true under the generalized Linial-Nisan
conjecture.
The original Linial-Nisan conjecture states that
logn-wise independent distributions fool AC0 circuits.
Resolved by Braverman. Generalized = almost logn-wise.
Hamiltonian Complexity
Computational complexity <--> condensed matter physics
• H = H1 + … + Hm , each Hi k-local.
• [Kitaev] Computing ground energy of H is QMA-hard.
• [Aharonov, et. al.] Adiabatic quantum computation is
universal.
• [Hastings] Area law for 1-D local Hamiltonians.
Efficient simulation of gapped Hamiltonians.
• [Aharonov, Gottesman, Irani, Kempe] Computing
ground states of 1-D local Hamiltonians QMA-hard.
Quantum PCP theorem?
• Given a promise that k-local hamiltonian H has
either ground energy 0 or cm for constant c,
determine which.
• Classical PCP theorem is a cornerstone of classical
complexity theory.
• Theory of inapproximability, room temperature QC
• [Aharonov, Arad, Landau, V] quantum gap amplification.
• How do you verify a theory where you require
exponential resources to calculate the predicted
outcome of the experiment?
One-way function. Start with P, Q primes.
Multiply N = PQ. See if quantum computer can
Factor.
• How do you verify the claims of a company
New-Wave, that claims to have built a quantum
Computer?
[Aharonov, et. Al.], [Broadbent, et. Al.]
Quantum interactive proofs.
Conclusions
Quantum algorithms and complexity theory explore
fundamental questions with profound implications:
• Quantum resistant cryptography.
• Probabilistic method <--> quantum method
Quantum complexity <--> classical complexity
• quantum complexity theory <--> condensed matter physics
• Verifying quantum computations.
Related documents
Quantum mechanical model
Quantum mechanical model
David Williams (University of Cambridge)
David Williams (University of Cambridge)
Project suggestion as part of the course 203-1-3431 November 7 , 2011
Project suggestion as part of the course 203-1-3431 November 7 , 2011
An Introduction to Quantum Computing
An Introduction to Quantum Computing
Prof. Bertrand Reulet, Université de Sherbrooke, Canada Talk: 23. May 2014
Prof. Bertrand Reulet, Université de Sherbrooke, Canada Talk: 23. May 2014
Outline Summary
Outline Summary
Probing contextuality with superconducting quantum circuits Talk 27. Oct. 2015 ABSTRACT:
Probing contextuality with superconducting quantum circuits Talk 27. Oct. 2015 ABSTRACT:
Chapter 3- Atomic Structure (light interaction with e-)
Chapter 3- Atomic Structure (light interaction with e-)
File
File
THE UNCERTAINTY PRINCIPLE The uncertainty principle states
THE UNCERTAINTY PRINCIPLE The uncertainty principle states
`12
`12
Abstract
Abstract
More with Quantum Numbers
More with Quantum Numbers