* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download The Computer Science Picture of Reality
Boson sampling wikipedia , lookup
Wave–particle duality wikipedia , lookup
Quantum chromodynamics wikipedia , lookup
Double-slit experiment wikipedia , lookup
Relativistic quantum mechanics wikipedia , lookup
Bra–ket notation wikipedia , lookup
Theoretical and experimental justification for the Schrödinger equation wikipedia , lookup
Bohr–Einstein debates wikipedia , lookup
Aharonov–Bohm effect wikipedia , lookup
Bell test experiments wikipedia , lookup
Basil Hiley wikipedia , lookup
Delayed choice quantum eraser wikipedia , lookup
Quantum decoherence wikipedia , lookup
Renormalization group wikipedia , lookup
Particle in a box wikipedia , lookup
Renormalization wikipedia , lookup
Measurement in quantum mechanics wikipedia , lookup
Topological quantum field theory wikipedia , lookup
Probability amplitude wikipedia , lookup
Density matrix wikipedia , lookup
Copenhagen interpretation wikipedia , lookup
Quantum electrodynamics wikipedia , lookup
Hydrogen atom wikipedia , lookup
Quantum entanglement wikipedia , lookup
Coherent states wikipedia , lookup
Quantum field theory wikipedia , lookup
Quantum dot wikipedia , lookup
Bell's theorem wikipedia , lookup
Scalar field theory wikipedia , lookup
Path integral formulation wikipedia , lookup
Many-worlds interpretation wikipedia , lookup
Quantum fiction wikipedia , lookup
Symmetry in quantum mechanics wikipedia , lookup
Quantum teleportation wikipedia , lookup
EPR paradox wikipedia , lookup
Orchestrated objective reduction wikipedia , lookup
Interpretations of quantum mechanics wikipedia , lookup
Quantum computing wikipedia , lookup
History of quantum field theory wikipedia , lookup
Quantum key distribution wikipedia , lookup
Quantum group wikipedia , lookup
Quantum state wikipedia , lookup
Quantum machine learning wikipedia , lookup
Quantum Algorithms & Complexity Umesh Vazirani U.C. Berkeley One does not, by knowing all the physical laws as we know them today, immediately obtain an understanding of anything much. (Richard Feynman, 1918-1988) One does not, by knowing all the physical laws as we know them today, immediately obtain an understanding of anything much. (Richard Feynman, 1918-1988) Quantum computers are the only known model of Computation that violate the Extended Church-Turing thesis. Goals of Quantum Algorithms/Complexity • Find exponential speedups for a range of natural computational problems. • Establish the limits of quantum algorithms. • Relate quantum complexity classes, such as BQP and QMA, to classical complexity classes, such as BPP, MA, PH. Goals of Quantum Algorithms/Complexity • Find exponential speedups for a range of natural computational problems. • Establish the limits of quantum algorithms. • Relate quantum complexity classes, such as BQP and QMA, to classical complexity classes, such as BPP, MA, PH. Far reaching implications for cryptography, computational complexity, physics, … Each of these gives its own unique flavor to the questions. Quantum resistant cryptography • Quantum computers break much of modern cryptography. RSA (factoring), Diffie-Helman (discrete log), Elliptic curve crypto, Buchmann-Williams (Pell eqn)… • Suppose we had a classical cryptosystem that was as efficient and convenient as RSA, but was provably not breakable even on a quantum computer. • Then there would be an incentive to switch to the new cryptosystem, well before a large scale quantum computer were experimentally realized. • Suppose we had a very efficient classical cryptosystem that we believed was quantum resistant. What kind of evidence could we present to “prove” it? (Don’t have a working quantum computer to run heuristics) • The answer relies crucially on our understanding of the power and limitations of quantum computers. Hidden Subgroup Problem G finite group. H subgroup of G. Given black box that evaluates f: G -> S: f is constant on cosets of H. Determine H. G: • G abelian: lens = fourier transform over G. polynomial time quantum algorithm. Shor: factoring. G = ZN. Period finding. discrete log. G = Zp x Zp [Hallgren] Pell’s equation [van Dam, Hallgren, Ip] Hidden shift problems, Breaking homomorphic encryption [van Dam, Seroussi] Gauss sums Quantum Algorithm for Abelian HSP Random coset state: use f to set up state i gH 1 H hH gh G: = gH FT over G H FT over G: FT + measurement gives uniformly random element of H Think of this as a random linear constraint on H … Non-abelian hidden subgroup problem Lens = (non-abelian) fourier transform over G. Graph Isomorphism SN Symmetric group Short vector in Lattice: Finding short vector not easy! [Regev] DN Dihedral group Lattice Problems • Finding short lattice vectors closely related to Dihedral HSP. • Random coset state preparation + Fourier sampling gives sufficient info to reconstruct subgroup. • But classically reconstructing subgroup appears to be very difficult. Related to subset sum. • Kuperberg’s O( n ) 2 quantum reconstruction algorithm. Public-key cryptosystems based on Quantum hardness of Shortest Lattice Vector. [Ajtai-Dwork] cryptosystem. [Regev] • Improved efficiency based on assumption that finding short lattice vectors is hard for quantum algorithms. • New cryptosystem resembles hardness of solving noisy linear equations mod p. • Worst-case to average case reduction. Learning with errors Linear equations in n variables over Zp for p prime, where n2 < p < 2n2 m noisy equations: where a1 ,, am and ai , s bi Z pn ei ai , s bi is gaussian with mean 0 and standard deviation n1.5 Theorem [Regev]: LWE is as hard as approximating the shortest vector in a lattice to within n1.5 Worst-case to average-case reduction • LWE specifies an average-case problem. Inputs sampled from a fixed distribution. • Quantum reduction showing that an arbitrary lattice problem (worst-case) can be mapped to LWE. • Example of the quantum method. Prove a purely classical statement by quantum methods. [Kerenidis, deWolf] lower bounds for locally decodable codes. LWE and Lattices • Lattice L = {integer linear combinations of u1, …, un } • Dual lattice L* = {v: <v,u> integer for all u in L} • L* is the fourier transform of L. LWE and Lattices • Lattice L = {integer linear combinations of u1, …, un } • Dual lattice L* = {v: <v,u> integer for all u in L} • L* is the fourier transform of L. DL D*L D*L DL • Sampling from DL with small width Gaussian implies good approximation of shortest lattice vector. • Polynomially large samples from DL yield an unbiased estimator for D*L . If the width of the Gaussian is large, this gives a way of, given x, approximating the closest lattice vector to x in L*. • Quantum reduction, given algorithm for approximating closest vector in L*, to sampling from DL . D*L DL • Sampling from DL with small width Gaussian implies good approximation of shortest lattice vector. • Polynomially large samples from DL yield an unbiased estimator for D*L . If the width of the Gaussian is large, this gives a way of, given z, approximating the closest lattice to z. • Quantum reduction, given algorithm for approximating closest vector in L*, to sampling from DL . xL x e y y 2 /w y x xL To erase x, compute x given z=x+y: xL e y 2 /w x y 2 /w x y y 0 e y y Improving the Efficiency Based on cyclic lattices: • Lattices where the basis consists of vector v, and all its cyclic shifts. • Much more succinct. Key size n2 -> n • Faster computation – use Fourier transforms. • [Piekart, Rosen] collision resistant hash functions. • [Gentry] Homomorphic encryption. Open Questions • Is there a quantum algorithm to find a short vector in a cyclic lattice? • Does the van Dam, Hallgren, Ip quantum algorithm for breaking homomorphic encryption extend to Gentry’s scheme? • Is it possible to speed up Kuperberg’s quantum reconstruction algorithm for the dihedral HSP? • Is it possible to design a public-key cryptosystem based on cyclic lattices? Greater Security? [Hallgren, Moore, Roettler, Russell, Sen 06] provide very strong evidence of quantum hardness: Hg1 Hg2 Hgk k < poly(n) implies exponentially many measurements For sufficiently non-abelian groups. Eg Sn, GLn in particular: graph isomorphism. Sufficiently non-abelian ~ exponential sized irreps + … Can one base public-key cryptography on these stronger impossibility results? [Moore, Russell, V] One-way function, related to McEliese Cryptosystem, based on hardness of HSP over GLn Z 2 Goals of Quantum Algorithms/Complexity • Find exponential speedups for a range of natural computational problems. • Establish the limits of quantum algorithms. • Relate quantum complexity classes, such as BQP and QMA, to classical complexity classes, such as BPP, MA, PH. An Old Question in Quantum Complexity Theory • Is BQP C PH? • [Bernstein, V ‘93] There is an oracle A: BQPA C MAA Conjectured that same holds for PH – that recursive fourier sampling is in BQP but not in PH. • [Aaronson ‘09] Conjecture: Fourier checking is in BQP, but not in PH. Proof that this is true under the generalized Linial-Nisan conjecture. The original Linial-Nisan conjecture states that logn-wise independent distributions fool AC0 circuits. Resolved by Braverman. Generalized = almost logn-wise. Hamiltonian Complexity Computational complexity <--> condensed matter physics • H = H1 + … + Hm , each Hi k-local. • [Kitaev] Computing ground energy of H is QMA-hard. • [Aharonov, et. al.] Adiabatic quantum computation is universal. • [Hastings] Area law for 1-D local Hamiltonians. Efficient simulation of gapped Hamiltonians. • [Aharonov, Gottesman, Irani, Kempe] Computing ground states of 1-D local Hamiltonians QMA-hard. Quantum PCP theorem? • Given a promise that k-local hamiltonian H has either ground energy 0 or cm for constant c, determine which. • Classical PCP theorem is a cornerstone of classical complexity theory. • Theory of inapproximability, room temperature QC • [Aharonov, Arad, Landau, V] quantum gap amplification. • How do you verify a theory where you require exponential resources to calculate the predicted outcome of the experiment? One-way function. Start with P, Q primes. Multiply N = PQ. See if quantum computer can Factor. • How do you verify the claims of a company New-Wave, that claims to have built a quantum Computer? [Aharonov, et. Al.], [Broadbent, et. Al.] Quantum interactive proofs. Conclusions Quantum algorithms and complexity theory explore fundamental questions with profound implications: • Quantum resistant cryptography. • Probabilistic method <--> quantum method Quantum complexity <--> classical complexity • quantum complexity theory <--> condensed matter physics • Verifying quantum computations.