Hawking Quantum Wares at the Classical

advertisement
Hawking Quantum Wares at
the Classical Complexity
Bazaar
Scott Aaronson (MIT)
My Personal View
Even if quantum mechanics hadn’t existed,
theoretical computer scientists would
eventually have had to invent it.
Furthermore, understanding that point is
not the worst way to learn about quantum
mechanics itself!
As Umesh discussed yesterday, today there are
deep links—in both directions—between
quantum computing and classical theoretical
computer science
To illustrate, I’ll start by telling you about one of
my favorite pastimes: using quantum computing
ideas to give simpler proofs of classical
complexity theorems.
Then I’ll tell you about lots of classical complexity
questions that arose from quantum computing.
In QC, each amplitude can be written as the sum of
contributions from exponentially many paths:
Furthermore, computing (or even approximating) a
single amplitude is #P-complete!
(#P: class of combinatorial counting problems)
This simple observation turns out to provide
surprising leverage in using quantum computing to
prove statements about #P and vice versa
Early example: PP (“decision version of #P”) is the
class of languages decidable by a polynomial-time
randomized algorithm that only needs to accept
with probability  ½ if the answer is “yes,” or < ½ if
the answer is “no”
Theorem (Beigel-Reingold-Spielman 1991): PP is
closed under intersection.
Theorem (A. 2004): PP = PostBQP (i.e., quantum
polynomial time with postselected measurements).
This immediately gave a simpler proof of BeigelReingold-Spielman!
Matrix Permanent:
Valiant won last year’s Turing Award partly for his
seminal proof in 1979 that this function is #P-complete—
a proof that required strange, custom-made “gadgets”
Last year I gave a new, simpler (I think!) proof of #Pcompleteness by combining three facts:
(1) n-photon amplitudes correspond to nn permanents
(2) Postselected quantum optics can simulate universal
quantum computation [Knill-Laflamme-Milburn 2001]
(3) Quantum computations can encode #P-complete
quantities in their amplitudes
One can also go the opposite direction, and use the #Pcompleteness of the permanent to say things about
linear-optical quantum computing
A.-Arkhipov 2011: Suppose every probability distribution
that’s efficiently samplable by a linear-optical QC (even
without adaptive measurements) is also efficiently samplable by a
classical computer. Then P#P=BPPNP, and hence the
polynomial hierarchy collapses.
(Compared to Shor’s
algorithm, “stronger”
evidence that a “weaker”
system can do something
classical computers can’t,
albeit no clear practical value)
But the “right” question is, would an efficient classical
algorithm that sampled a distribution close (in variation
distance) to the linear-optical quantum computer’s, already
imply a collapse of PH?
The Gaussian Permanent Estimation (GPE) Problem:
Given a matrix A with i.i.d. N(0,1) complex Gaussian
entries, approximate Per(A) to within n! with
probability 1- over A, in poly(n,1/,1/) time
Conjecture: GPE is #P-complete.
(As the variants that involve
only approximation or average-case, but not both, are already known to be!)
Theorem (AA): Assuming this conjecture, even fast
approximate classical simulation of a linear-optical
quantum computer would imply P#P=BPPNP.
A crucial stepping-stone toward proving our #Pcompleteness conjecture would be to prove the following…
Permanent Anti-Concentration Conjecture:
There exist constants C,D and >0 such that for all n and >0,
Pr
X ~ N 0,1Cnn
PerX    n! Cn 
D

Empirically true!
Also, we can prove it with
determinant in place of
permanent
Relating Sampling to Search
Theorem (A. 2011): Suppose classical computers can
efficiently solve every search problem that quantum
computers can solve. Then they can also efficiently
sample every probability distribution that quantum
computers can sample.
Proof based on Kolmogorov complexity; almost
nothing specific to quantum computing
Can we similarly relate open questions about decision
problems, promise problems, etc. to one another?
Given Boolean functions f1,...,fk:{0,1}n{-1,1}, consider
the following quantity R, which I call the forrelation:
Observation: Given oracle access to the fi’s, there’s a
polynomial-time quantum algorithm that approximates R
to within 2(k+1)n/2, for all k=poly(n).
Theorem (A. 2009): R can’t be so approximated in BPP or
MA, even when k=2.
Conjecture: R can’t even be approximated in PH. If so,
this would give an oracle separation between BQP and
PH, solving one of the main open problems of quantum
complexity theory since 1993.
A Recent Speculation
In certain precise senses, the k-fold forrelation problem
captures everything quantum computers can do
Conjecture: k-fold forrelation yields the largest possible
separation between quantum and randomized query
complexities—O(k) versus (n1-1/2k)
Partial proof (unpublished) by Ambainis
Conjecture (a few days ago): If k=poly(n), and f1,...,fk are
described by Boolean circuits, then k-fold forrelation is
BQP-complete
“Instantiating” Oracles
Does the quantum algorithm for Forrelation have any
actual applications? E.g., when k=2, are there pairs of
efficiently-computable Boolean functions f,g, for
which it’s interesting to know how well f is correlated
with g’s Fourier transform?
Old question (but still a good one). Consider Simon’s
problem, where you’re given black-box access to a
Boolean function f:{0,1}n{0,1}n, promised there
exists an s0n such that f(x)=f(y)y=xs. Is there any
interesting way to instantiate the black box by an
efficiently computable function?
Ike mentioned quantum money. This year, Paul
Christiano and I proposed a new scheme for quantum
Challenges:
Is can
this verify,
actually
How
else
money
that anyone
butsecure?
that can’t
be efficiently
can one under
provide
“obfuscated
programs” for
counterfeited
a plausible
cryptographic
membership?
assumption.testing
Given asubspace
random subspace
AF2n with
dim(A)=n/2, our quantum dollar bills look like this:
where the pi’s and qi’s are uniformly-random degree-4
polynomials that vanish on A and its dual subspace A*
respectively. Using these polynomials, one can efficiently
verify |A, but we conjecture that they don’t let one
efficiently learn A or even copy |A.
BPP-Complete Problems?
Today, we know many nontrivial BQP-complete
(promise) problems:
Approximating the Jones polynomial
Adiabatic evolution
Approximate linear algebra on exp(n)-size matrices
Ironically, progress on classical randomized
computation lags behind here! Are there problems
that are BPP-complete for interesting reasons?
My candidate: Simulating simulated annealing
The A.-Ambainis Conjecture
“Every bounded low-degree polynomial has a highly influential variable”
Formally: Let p:RnR be a real polynomial of degree d.
Suppose 0p(x)1 for all x{0,1}n, and
Then there’s an i[n] such that, if xi=x with ith bit flipped,
Theorem (AA 2011): Suppose this conjecture holds. Then
given any T-query quantum algorithm A, one can
approximate A’s acceptance probability on most Boolean
inputs by a poly(T)-query randomized algorithm. Also,
one can’t prove PABQPA relative to a random oracle A,
without also proving PP#P in the unrelativized world.
Problem: Given an n2n2 Hermitian matrix A, with all
eigenvalues in [0,1]. Approximate, to additive error ,
Theorem (Blier-Tapp 2009): If =1/poly(n), this problem
is NP-complete.
Theorem (ABDFS 2009 + Harrow-Montanaro 2010): If  is
constant, this problem can’t be in P unless 3SAT is
solvable in 2O(n) time. [Proof uses quantum + PCP Theorem!]
Quantum Motivation: If the problem is NP-complete,
then (almost certainly) QMA(2)=NEXP. If it’s solvable in
npolylog(n) time, then QMA(2)EXP.
Barak et al. 2012: Amazing connections to better-known
problems, like Unique Games, Planted Clique...
Summary
I agree with Umesh. Quantum computing is
fertilizing classical complexity theory with so many
new questions (and sometimes even answers), that
it will probably get harder and harder to be a
classical complexity theorist, if you avert your eyes
whenever you see a bra or ket.
Download