Three Questions About Quantum Computing Scott Aaronson University

Three Questions About Quantum Computing Scott Aaronson (University of Texas at Austin) Rome, September 13, 2018

Thank you! To the committee, my Ph. D advisor (Umesh Vazirani) and other teachers, my students and postdocs, my colleagues at UT Austin and around the world, the entire CS theory and quantum information research communities, my wife Dana, my children Lily and Daniel, and my parents.

Question 1: How could we demonstrate speedup (ideally useful speedup) from a quantum computer in the near future?

“Quantum Supremacy” For me, the #1 application of quantum computing: disprove the people who say it’s not. Interesting possible! Shor 1994: Fully scalable, universal fault-tolerant Wait, building a full scalable quantum computers will be able to factor an nfault-tolerant QC is 2 how hard? digit integer in only ~n steps More immediate way to prove quantum supremacy: sampling tasks. In the near future, could we get a quantum device to sample a probability distribution over n-bit strings (say, n 70), such that any classical algorithm would need ~2 n steps to sample the same distribution? (But how would we know? )

Boson. Sampling (A. -Arkhipov 2011) A rudimentary type of quantum computing, involving only identical photons passing through beamsplitters n-photon transition amplitudes: Now experimentally demonstrated with up to 6 photons! But scaling up is extremely hard, because of the unreliability of current single-photon sources Our main results: This simple optical setup could sample distributions that can’t be sampled by a classical computer in polynomial time, unless the “polynomial hierarchy” collapses. Even a fast classical algorithm for approximate sampling would have unlikely complexity consequences.

Random Circuit Sampling What Google is hoping to do in “O(1) years” with its 72 -qubit superconducting chip Bristlecone A. -Chen 2017: Proposed a test to apply to the outputs of a random quantum circuit, called “HOG” (Heavy Output Generation). Showed that, under a plausible-looking complexity assumption, there’s no fast classical algorithm to pass the HOG test

Certified Randomness from Quantum Supremacy (A. , in preparation) SEED CHALLENGES If a quantum computer repeatedly and quickly solves “HOG” challenges, then under a suitable complexity assumption, we show that its responses must contain lots of entropy; they can’t be deterministic Leads to a scheme to produce public verifiably-random bits for cryptocurrencies, etc. —perhaps with a nearterm QC with 50 -70 qubits! (1 st feasible application of QC? ? )

Question 2: What sorts of problems would be hard even for quantum computers? Can we turn the hardness of those problems to our advantage?

NP-complete Bounded-Error Quantum Polynomial-Time BQP NP Factoring P

Grover’s Algorithm and Its Optimality Grover 1996: A quantum computer can search a list of N elements for a single “marked element” using only ~ n steps Bennett, Bernstein, Brassard, Vazirani 1994: But if the list can only be accessed as a “black box, ” then not even a quantum computer can do better than this Proof involves the fact that, if we moved the marked element, on average only ~1/ n amplitude in our superposition would “notice” it—and QM is linear

Collision Lower Bound (A. 2002) My first notable result! Given a 2 -to-1 function f: [n], find a collision (i. e. , two inputs x, y such that f(x)=f(y)) 10 4 1 8 7 9 11 5 6 4 2 10 3 2 7 9 11 5 1 6 3 8 Models the breaking of collision-resistant hash functions—a central problem in cryptanalysis “Birthday Paradox”: Classically, ~ n queries to f are necessary and sufficient to find a collision with high probability

Brassard, Høyer, Tapp 1997: Quantum algorithm to find collisions with ~n 1/3 queries Could there be a quantum collision-finding algorithm that made only O(1) queries to f? “Almost!” Measure 2 nd register “We’re not looking for a needle in a haystack—just for two identical pieces of hay!” Observation: Every 1 -to-1 function differs from every 2 -to-1 function in at least n/2 places

I showed: any quantum algorithm for the collision problem needs at least ~n 1/5 queries to f. Yaoyun Shi improved to the optimal ~n 1/3 Proof used the polynomial method and A. A. Markov’s inequality: a superfast quantum algorithm to distinguish 1 -to-1 from 2 -to-1 functions, when applied to random k-to-1 functions, would lead to a low-degree polynomial that can’t exist 1 0

In 2012, the “firewall paradox” rocked quantum gravity… But Harlow and Hayden (2013) argued that creating a firewall at a black hole event horizon would require doing an exponentially long quantum computation. A linchpin of their argument: the collision lower bound!

Direct Product Theorem for Quantum Search (A. 2004) If a QC is searching for k marked items out of n, but it doesn’t even have enough time for Grover’s algorithm to find one of them, then the probability that it finds all k decreases like 1/exp(k) Proof again used the polynomial method—in this case, V. A. Markov’s inequality (!) Implication: In the black-box setting, there can’t even exist a magic “quantum advice state” that would make NP -complete problems easy for QCs if we found it

Question 3: Is there anything beyond quantum computing?

quantum The Extended Church. Turing Thesis Everything efficiently computable in the physical world is efficiently computable by a probabilistic Turing machine quantum

Relativity Computer DONE

Zeno’s Computer Time (seconds) STEP 1 STEP 2 STEP 3 STEP 4 STEP 5

Time Travel Computer A. -Watrous 2008: Computers with closed timelike curves, whether quantum or classical, could efficiently solve all and only the problems solvable by a conventional computer with polynomial memory. Forcing Nature to find a fixed-point is powerful!

Stochastic Hidden-Variable Theories Time u o Y Quantum state of the universe

What problems could you solve efficiently if you could see the entire history of a hidden variable? DQP, or Dynamical Quantum Polynomial-Time (A. 2005): A generalization of QC meant to model this possibility DQP can solve the collision problem in only O(1) steps! And do Grover search in only ~n 1/3 steps, rather than ~ n But it seems unlikely that even DQP can get an exponential speedup for unordered searching One of the only known models of computation that generalizes quantum computation, but only “slightly”

Summary We may soon have ~50 -70 qubit quantum computers that do something we’re pretty sure is faster than a classical computer—conceivably even something useful (like certified randomness)—though threatening public-key crypto, etc. will take a lot longer Contrary to a widespread misconception, QCs won’t just magically speed up everything: they’ll often get “Grovertype” speedups, but exponential speedups will depend on finding problems with special structure that a QC can exploit Going beyond QCs, if it’s possible, would probably require new physics beyond quantum mechanics. We should be skeptical of any computational model that would make everything easy—Nature seems more subtle than that