* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download The Learnability of Quantum States
Wave–particle duality wikipedia , lookup
Ensemble interpretation wikipedia , lookup
Wave function wikipedia , lookup
Quantum dot cellular automaton wikipedia , lookup
Relativistic quantum mechanics wikipedia , lookup
Double-slit experiment wikipedia , lookup
Topological quantum field theory wikipedia , lookup
Renormalization wikipedia , lookup
Bell test experiments wikipedia , lookup
Basil Hiley wikipedia , lookup
Bohr–Einstein debates wikipedia , lookup
Scalar field theory wikipedia , lookup
Delayed choice quantum eraser wikipedia , lookup
Quantum decoherence wikipedia , lookup
Renormalization group wikipedia , lookup
Density matrix wikipedia , lookup
Particle in a box wikipedia , lookup
Measurement in quantum mechanics wikipedia , lookup
Coherent states wikipedia , lookup
Path integral formulation wikipedia , lookup
Quantum field theory wikipedia , lookup
Hydrogen atom wikipedia , lookup
Quantum electrodynamics wikipedia , lookup
Copenhagen interpretation wikipedia , lookup
Probability amplitude wikipedia , lookup
Quantum dot wikipedia , lookup
Bell's theorem wikipedia , lookup
Quantum entanglement wikipedia , lookup
Quantum fiction wikipedia , lookup
Many-worlds interpretation wikipedia , lookup
Symmetry in quantum mechanics wikipedia , lookup
Orchestrated objective reduction wikipedia , lookup
History of quantum field theory wikipedia , lookup
EPR paradox wikipedia , lookup
Interpretations of quantum mechanics wikipedia , lookup
Quantum teleportation wikipedia , lookup
Canonical quantization wikipedia , lookup
Quantum group wikipedia , lookup
Quantum computing wikipedia , lookup
Quantum machine learning wikipedia , lookup
Quantum state wikipedia , lookup
Quantum key distribution wikipedia , lookup
The Collision Lower Bound After 12 Years Lower bound for a collision problem Scott Aaronson (MIT) January 2002: As a grad student, I visit Israel for the first time, and give a talk at HUJI about the collision lower bound, which I’d proved a couple months prior. Avi Wigderson urges me to get to the point faster Plan of talk: What is the collision lower bound? What’s new in the last decade? What open problems remain? Black-Box Quantum Computation Black-Box Quantum Computation Given a function f:[n][m], want to determine some property of f: e.g. is it periodic? Crucial assumption: can only learn about f by Somewe Well-Known Examples: making “quantum queries”; no internal access Grover search (is there an x such that f(x)=1?): how many (n) queries to f are necessary Models and sufficient quantum algorithms Periodicity of f: actually work O(1) queries suffice Between 2 queries, can apply arbitrary unitary transformation independent of f “Complexity” = Minimum number of queries used by optimal algorithm that succeeds w.h.p. for every f The Collision Problem Given a 2-to-1 function f:[n][n], find a collision (i.e., two inputs x,y such that f(x)=f(y)) 10 4 1 8 7 9 11 5 6 4 2 10 3 2 7 9 11 5 1 6 3 8 Interesting Variant: Promised that f is either 2-to-1 or 1-to-1, decide which Models the breaking of collision-resistant hash functions—a central problem in cryptanalysis “Birthday Paradox”: Classically, (n) queries to f are necessary and sufficient to succeed with high probability Brassard-Høyer-Tapp (1997): O(n1/3) quantum collision-finding algorithm Grover’s algorithm over n2/3 f(x) values Do I collide with any of the pink values? n1/3 f(x) values, queried classically, sorted for fast lookup Could there be a quantum collision-finding algorithm that made only O(1) queries to f? “Almost!” Measure 2nd register “We’re not looking for a needle in a haystack—just for two identical pieces of hay!” Observation: Every 1-to-1 function differs from every 2-to-1 function in at least n/2 places So we can’t use, e.g., the optimality of Grover to rule out a fast quantum algorithm for the collision problem So, how can we rule out a superfast quantum collision-finder? What eventually worked was the polynomial method (Beals et al. 1998) deg p n max p' x 0 x n 2 max px 0 x n 1 0 Let 1 if f x h x, h 0 otherwise Lemma: If a quantum algorithm makes T queries to f, the probability p(f) that it accepts is a degree-2T polynomial in the (x,h)’s Now let qk p f k - to-1 functions f EX be the expected acceptance probability on a random k-to-1 function The Miracle: q(k) is itself a polynomial in k, of degree at most 2T Why? nr n d ! r dh n / k r EX xh , j , h r k - to-1 functions f n / k r h 1 j 1 k! k d h ! n n! n / k k!n / k h 1 n/k n r !n d ! k! n / k !n n / k ! r n!n! n / k r n / k ifr !kn doesn’t n / k !k! divide Technicality: What k dn? h ! d1 h 1 d2 r n (+ n r ! n d ! k ! / k !Markov’s My waydto resolve that technicality r 3 n / k r ! n!n! 1/5 k d ! Inequality) led to an (n ) quantum lower bound h n r !n d ! d n!n! n n n k k 1 k d 1 1 r 1 h k k k h 1 n r !n d ! n!n! h 1 r k 1 k d 1 nn k n rk k h r h 1 which is a degree-d polynomial in k. That’s why. Improvements Shi 2002: (n1/4) (n1/3) lower bound, but only for f:[n][m] where m>>n Ambainis, Kutin: (n1/3) with no range restriction Element Distinctness: Simply decide whether f has any collisions, with no promise 3 8 2 6 1 9 7 4 2 0 5 (n1/3) lower bound for Collision (n2/3) lower bound for Element Distinctness! (Why?) (n2/3) is optimal, by Ambainis 2003 Application: Graph Isomorphism If we had a fast quantum algorithm for Collision, then we could easily solve GI! For example, by looking for collisions in 1 G , , n! G , 1 H , , n! H Application: Quantum vs. Zero-Knowledge Merlin Arthur Zero-Knowledge protocol for verifying that f is 1-to-1: Arthur picks x, computes f(x), sends it to Merlin, asks him what x was Thus, collision lower bound shows that in a relativized world, quantum computers can’t efficiently solve all problems in Statistical Zero-Knowledge (SZK BQP) Application: Index Erasure Given a 1-to-1 function f, the following map would be useful for a huge number of quantum algorithms! A. 2002: By generalizing collision lower bound, showed this requires (n1/7) queries to f Midrijanis 2004: Improved to Ambainis et al. 2010: By harder, representationtheoretic argument, improved to optimal (n) Application: Hidden-Variable Theories Observation (A. 2004): In theories like Bohmian mechanics, if you could see the whole trajectory of a hidden variable at once, you could solve the collision problem in O(1) steps A “hidden-variable QC” could also do Grover search in ~n1/3 steps—but not faster! Almost the only model of computation I know that’s “slightly” more powerful than QC Conclusion: Not even a QC could efficiently sample hidden-variable trajectories! Application: Quantum-Secure PRFs Goldreich, Goldwasser, Micali 1986: Famous way to get a pseudorandom function, fs:{0,1}n{0,1}n, starting from a pseudorandom generator But GGM’s security argument breaks down in the presence of quantum adversaries, which can look at all fs values in superposition! Zhandry 2012: New quantum-secure GGM security proof Core of Zhandry’s argument (in retrospect): A fast quantum algorithm to distinguish fs from a random function could be used to violate the collision lower bound! The AMPS Firewall Paradox R = Faraway Hawking Radiation H = Near-Horizon and Horizon Modes Near-maximal entanglement B = Interior of “Old” Black Hole Also near-maximal entanglement Violates monogamy of entanglement! Harlow-Hayden 2013: Striking argument that Alice’s decoding task would require exponential time Complexity theory to the rescue of quantum field theory?? Abstraction of Alice’s computational problem: Given a “pseudorandom” n-qubit pure state |BHR produced by a known, poly-size quantum circuit. Decide whether, by acting only on R (the “Hawking radiation”), it’s possible to distill EPR pairs between R and B (the “black hole interior”) Alice’s task is QSZK-complete. And by the collision lower bound, QSZK is “unlikely” to equal BQP! Arbitrary Symmetric Problems Symmetric: Not Symmetric: Collision, element Simon and Shor problems, distinctness, Grover search… AND/OR trees… Conjecture (Watrous 2002): Randomized and quantum query complexities are polynomially related for all symmetric problems Theorem (A.-Ambainis 2011): Watrous’s conjecture holds! R = O(Q9 polylog Q) Still open whether this holds with and no … Short Quantum Proofs of Collision-Freeness? Permutation Testing Problem: Given f:[n][n], decide whether f is a permutation or -far from any permutation, promised that one is the case Generalizes collision, so certainly requires (n1/3) quantum queries A. 2011: even given a w-qubit quantum witness in support of f being a permutation, still need quantum queries to verify the witness Implies an oracle relative to which SZKQMA Open to extend to the original collision problem! Separate Components Problem (SCP) (Introduced by Lutomirski 2011, motivated by quantum money) Given oracle access to permutations 1,…,k :[n][n] (where, say, k=polylog(n)), as well as their inverses. Decide whether (i) 1,…,k are uniformly random, or (ii) there’s a partition [n]=AB, |A|=|B| such that the i’s map A to A and B to B but are otherwise random. QMA witness for case (ii): Challenge: Prove SCPQCMA I.e., show that any classical proof of case (ii) must either have n(1) bits, or require n(1) quantum queries to verify Would imply the first oracle separation between QCMA and QMA, and probably also BQP/poly and BQP/qpoly. “Quantum proofs and advice are good for something!” A-Kuperberg 2007: Quantum oracle separations Note that SCP Index Erasure! Suggests we might need far-reaching generalization of collision lower bound Challenge: Time-Space Tradeoff Conjecture: Any quantum algorithm for the collision problem needs n1/2-o(1) queries, if restricted to no(1) qubits of memory (I.e., many qubits were needed in the BHT algorithm) Currently, we only know quantum time-space tradeoffs for problems with many output bits! (E.g., T2S=(n3) for sorting—Klauck, Špalek, de Wolf 2004) Challenge: Adversary Proof of Collision Lower Bound Ambainis 2000: Quantum adversary method Most versatile quantum lower bound method known (more “quantum” than polynomial method; handles much wider range of problems) Reichardt 2010: “Negative-weight” generalization of adversary method is tight for all problems Belovs 2012: Explicit (n2/3) adversary lower bound for element distinctness There must be an explicit (n1/3) adversary lower bound for collision. So, find it! Concluding Thoughts No exponential quantum speedup Abelian group problems STRUCTURE Grover search Collision problem Non-abelian group problems Exponential quantum speedup Each advance we’ve made, in figuring out which types of structure quantum computers can and can’t exploit, has led to unexpected conceptual lessons For the “young people” here: Open problems beckon!