Three Questions About Quantum Computing Scott Aaronson (University of Texas at Austin) Rome, September 13, 2018

Thank you! To the committee, my PhD advisor (Umesh Vazirani) and other teachers, my students and postdocs, my colleagues at UT Austin and around the world, the entire CS theory and quantum information research communities, my wife Dana, my children Lily and Daniel, and my parents.

Question 1: How could we demonstrate speedup (ideally useful speedup) from a quantum computer in the near future?

Wait, building a full scalable fault-tolerant QC is how hard? “Quantum Supremacy” For me, the #1 application of quantum computing: disprove the people who say it’s not possible! Interesting Shor 1994: Fully scalable, universal fault-tolerant quantum computers will be able to factor an n-digit integer in only ~n2 steps Wait, building a full scalable fault-tolerant QC is how hard? More immediate way to prove quantum supremacy: sampling tasks. In the near future, could we get a quantum device to sample a probability distribution over n-bit strings (say, n70), such that any classical algorithm would need ~2n steps to sample the same distribution? (But how would we know?)

BosonSampling (A.-Arkhipov 2011) A rudimentary type of quantum computing, involving only identical photons passing through beamsplitters n-photon transition amplitudes: Now experimentally demonstrated with up to 6 photons! But scaling up is extremely hard, because of the unreliability of current single-photon sources Our main results: This simple optical setup could sample distributions that can’t be sampled by a classical computer in polynomial time, unless the “polynomial hierarchy” collapses. Even a fast classical algorithm for approximate sampling would have unlikely complexity consequences.

Random Circuit Sampling What Google is hoping to do in “O(1) years” with its 72-qubit superconducting chip Bristlecone A.-Chen 2017: Proposed a test to apply to the outputs of a random quantum circuit, called “HOG” (Heavy Output Generation). Showed that, under a plausible-looking complexity assumption, there’s no fast classical algorithm to pass the HOG test

Certified Randomness from Quantum Supremacy (A., in preparation) SEED CHALLENGES If a quantum computer repeatedly and quickly solves “HOG” challenges, then under a suitable complexity assumption, we show that its responses must contain lots of entropy; they can’t be deterministic Leads to a scheme to produce public verifiably-random bits for cryptocurrencies, etc.—perhaps with a near-term QC with 50-70 qubits! (1st feasible application of QC??)

Question 2: What sorts of problems would be hard even for quantum computers? Can we turn the hardness of those problems to our advantage?

Bounded-Error Quantum Polynomial-Time NP-complete Bounded-Error Quantum Polynomial-Time NP Factoring BQP P

Grover’s Algorithm and Its Optimality Grover 1996: A quantum computer can search a list of N elements for a single “marked element” using only ~n steps Bennett, Bernstein, Brassard, Vazirani 1994: But if the list can only be accessed as a “black box,” then not even a quantum computer can do better than this Proof involves the fact that, if we moved the marked element, on average only ~1/n amplitude in our superposition would “notice” it—and QM is linear

Collision Lower Bound (A. 2002) My first notable result! Given a 2-to-1 function f:[n][n], find a collision (i.e., two inputs x,y such that f(x)=f(y)) 10 4 1 8 7 9 11 5 6 4 2 10 3 2 7 9 11 5 1 6 3 8 Models the breaking of collision-resistant hash functions—a central problem in cryptanalysis “Birthday Paradox”: Classically, ~n queries to f are necessary and sufficient to find a collision with high probability

Brassard, Høyer, Tapp 1997: Quantum algorithm to find collisions with ~n1/3 queries Could there be a quantum collision-finding algorithm that made only O(1) queries to f? “Almost!” Measure 2nd register “We’re not looking for a needle in a haystack—just for two identical pieces of hay!” Observation: Every 1-to-1 function differs from every 2-to-1 function in at least n/2 places

I showed: any quantum algorithm for the collision problem needs at least ~n1/5 queries to f. Yaoyun Shi improved to the optimal ~n1/3 Proof used the polynomial method and A. A. Markov’s inequality: a superfast quantum algorithm to distinguish 1-to-1 from 2-to-1 functions, when applied to random k-to-1 functions, would lead to a low-degree polynomial that can’t exist 1

In 2012, the “firewall paradox” rocked quantum gravity… But Harlow and Hayden (2013) argued that creating a firewall at a black hole event horizon would require doing an exponentially long quantum computation. A linchpin of their argument: the collision lower bound!

Direct Product Theorem for Quantum Search (A. 2004) If a QC is searching for k marked items out of n, but it doesn’t even have enough time for Grover’s algorithm to find one of them, then the probability that it finds all k decreases like 1/exp(k) Proof again used the polynomial method—in this case, V. A. Markov’s inequality (!) Implication: In the black-box setting, there can’t even exist a magic “quantum advice state” that would make NP-complete problems easy for QCs if we found it

Question 3: Is there anything beyond quantum computing?

The Extended Church-Turing Thesis quantum The Extended Church-Turing Thesis Everything efficiently computable in the physical world is efficiently computable by a probabilistic Turing machine quantum

Relativity Computer DONE We can also base computers on that other great theory of the 20th century, relativity! The idea here is simple: you start your computer working on some really hard problem, and leave it on earth. Then you get on a spaceship and accelerate to close to the speed of light. When you get back to earth, billions of years have passed on Earth and all your friends are long dead, but at least you’ve got the answer to your computational problem. I don’t know why more people don’t try it!

STEP 1 Zeno’s Computer STEP 2 Time (seconds) STEP 3 STEP 4 Another of my favorites is Zeno’s computer. The idea here is also simple: this is a computer that would execute the first step in one second, the next step in half a second, the next in a quarter second, and so on, so that after two seconds it’s done an infinite amount of computation. Incidentally, do any of you know why that WOULDN’T work? The problem is that, once you get down to the Planck time of 10^{-43} seconds, you’d need so much energy to run your computer that fast that, according to our best current theories, you’d exceed what’s called the Schwarzschild radius, and your computer would collapse to a black hole. You don’t want that to happen. STEP 3 STEP 4 STEP 5

Time Travel Computer A.-Watrous 2008: Computers with closed timelike curves, whether quantum or classical, could efficiently solve all and only the problems solvable by a conventional computer with polynomial memory. Forcing Nature to find a fixed-point is powerful! So OK, how about the TIME TRAVEL COMPUTER! The idea here is that, by creating a loop in time – a so-called “closed timelike curve” -- you could force the universe to solve some incredibly hard computational problem, just because that’s the only way to avoid a Grandfather Paradox and keep the laws of physics consistent. It would be like if you went back in time, and you told Shakespeare what plays he was going to write, and then he wrote them, and then you knew what the plays were because he wrote them … like, DUDE. You know, I’ve actually published a paper about this stuff. That was one of my MORE serious papers.

Stochastic Hidden-Variable Theories Quantum state of the universe You Time Quantum state of the universe

What problems could you solve efficiently if you could see the entire history of a hidden variable? DQP, or Dynamical Quantum Polynomial-Time (A. 2005): A generalization of QC meant to model this possibility DQP can solve the collision problem in only O(1) steps! And do Grover search in only ~n1/3 steps, rather than ~n But it seems unlikely that even DQP can get an exponential speedup for unordered searching One of the only known models of computation that generalizes quantum computation, but only “slightly”

Summary We may soon have ~50-70 qubit quantum computers that do something we’re pretty sure is faster than a classical computer—conceivably even something useful (like certified randomness)—though threatening public-key crypto, etc. will take a lot longer Contrary to a widespread misconception, QCs won’t just magically speed up everything: they’ll often get “Grover-type” speedups, but exponential speedups will depend on finding problems with special structure that a QC can exploit Going beyond QCs, if it’s possible, would probably require new physics beyond quantum mechanics. We should be skeptical of any computational model that would make everything easy—Nature seems more subtle than that