The Quest for Quantum Computational Supremacy HELLO HILBERT
The Quest for Quantum Computational Supremacy HELLO HILBERT SPACE Scott Aaronson (University of Texas at Austin) Bernays Lecture, ETH Zurich, Sep. 3, 2019
How to Build a QC… Superconducting Qubits Trapped Ions (Ion. Q, Honeywell…) Cold Atoms (Lukin…) (Google, IBM, Rigetti…) Photonics Nonabelian Anyons (Microsoft…) (Psi. Quantum…)
Why Is Building It So Damn Hard? Decoherence: Unwanted interaction between the QC and its environment, prematurely “measuring” the QC The more operations and qubits, the worse things get In most QC researchers’ view, quantum faulttolerance (discovered in the mid-1990 s) provides the ultimate theoretical solution to decoherence But fault-tolerance itself will require very precise physical control over the qubits—of a sort experimentalists seem unlikely to achieve for years (though they’ve made great strides)
QUANTUM SUPREMACY | #1 Application of quantum computing: Refute the skeptics! For now, forget about fault-tolerance and even applications—just do something hard! Google and others currently racing to achieve this with ~50 -qubit systems
How to Achieve Quantum Supremacy Shor’s and Grover’s algorithms, even most quantum simulations: Too expensive for the near term Optimization: Unclear that there’s any real quantum speedup to be had with algorithms feasible today Idea (Terhal-Di. Vincenzo 2004, A. -Arkhipov 2011, Bremner-Jozsa-Shepherd 2011): Sampling problems. Instead of a single right answer, just ask for samples from a target probability distribution Advantages: experimental feasibility, high confidence in classical hardness Disadvantages: useless? how to check results?
The Random Circuit Proposal Challenge the QC by sending it a randomly generated quantum circuit C on n qubits Ask the QC to send back (quickly!) samples s 1, …, sk from DC, the distribution over n-bit strings obtained by applying C to 0… 0 Then at your leisure, using classical brute force, check if for some constant b (1, 2)
What’s Going On All 2 n possible output strings are exponentially unlikely—but some are unlikelier than others! Picking uniformly at random will get samples of average probability 1/2 n, but an ideal QC will get 2/2 n “Speckle”
How Hard Is Classical Spoofing? Best known classical method: “Schrödinger-Feynman algorithm” (A. -Chen 2017). Uses recursion to make best use of available memory. Can enhance further by using tensor networks to exploit 2 D locality. Demonstrated by Google, Alibaba, … with 60+ qubits A. -Chen 2017 also proved: A fast classical sampling algorithm would imply a fast classical algorithm to guess amplitudes 1/2 n better than chance
“But even if these sampling-based supremacy experiments work, they’ll just produce mostly-random bits, which is obviously useless…” 110100001101001111011011001100010100100 00
New Idea (A. 2018): Randomness from Quantum Supremacy Experiments Key Insight: If a QC passes our test for quantum supremacy, it’s proved more than just its quantumness. Under plausible hardness assumptions, it’s also proved that it must have generated the samples randomly! (At least somewhat) I. e. , even a QC would have a hard time generating plausible-looking samples in a secretly deterministic way
Obvious Point There are much easier ways to generate random bits! |0 H These are fine if you own/trust the random number generator. But what if you need to download random bits off the Internet—e. g. for cryptocurrencies? We learned from Snowden that the NSA has backdoored PRNGs. Would like to trust only a classical computer running known code, not the
Applications of Certified Randomness For private use: Cryptographic keys… For public use: Election auditing, lotteries, proof-of-stake cryptocurrencies… My protocol does require pseudorandom challenges, but: Even if the pseudorandom generator is broken later, the truly random bits will remain safe (“forward secrecy”) Even if the seed was public, the random bits can be private The random bits demonstrably weren’t known to anyone, even the QC, before it received a challenge (freshness)
Earlier Related Ideas Randomness from Bell violations: Colbeck, Renner et al. Upside: Uses only “current technology” Downside: Need to believe Alice and Bob are separated! Randomness from a full QC: Brakerski et al. 2018 2 -to-1 function f, plus trapdoor f f(x) measurement basis measurement result Upside: Fast verification / Downside: Requires full QC
Conclusions Google and others are now on the threshold of testing quantum supremacy using sampling tasks on ~50 qubit devices Even if achieved, this will leave the huge challenges of scalability and fault-tolerance—but it’ll already refute those who said quantum speedups are impossible Until recently, it was thought that sampling-based supremacy experiments had no applications in themselves. My certified randomness protocol changes that—though many challenges remain in analyzing it and making it practical
Summary of Whole Series The fundamental principles of computing were secretly about physics all along! The last few decades have made this explicit, most obviously through QC Quantum mechanics upholds the Church-Turing Thesis —but probably violates the Extended CT Thesis Can we really exploit the exponentiality of quantum states to solve certain problems faster? Or will yetunknown physics forever prevent quantum speedups? I’ve had the privilege of giving these talks at the point in history right before we start getting some answers
- Slides: 16