slide1 l.
Download
Skip this Video
Download Presentation
Quantum Algorithms & Complexity

Loading in 2 Seconds...

play fullscreen
1 / 27

Quantum Algorithms & Complexity - PowerPoint PPT Presentation


  • 219 Views
  • Uploaded on

Quantum Algorithms & Complexity. Umesh Vazirani U.C. Berkeley. One does not, by knowing all the physical laws as we know them today, immediately obtain an understanding of anything much. (Richard Feynman, 1918-1988) . One does not, by knowing all the physical laws as we know

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Quantum Algorithms & Complexity' - lahela


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Quantum Algorithms & Complexity

Umesh Vazirani

U.C. Berkeley

slide2

One does not, by knowing all the physical laws as we know

them today, immediately obtain an understanding of anything

much. (Richard Feynman, 1918-1988)

slide3

One does not, by knowing all the physical laws as we know

them today, immediately obtain an understanding of anything

much. (Richard Feynman, 1918-1988)

Quantum computers are the only known model of

Computation that violate the Extended Church-Turing

thesis.

slide4

Goals of Quantum Algorithms/Complexity

  • Find exponential speedups for a range of natural
  • computational problems.
  • Establish the limits of quantum algorithms.
  • Relate quantum complexity classes, such as BQP and
  • QMA, to classical complexity classes, such as
  • BPP, MA, PH.
slide5

Goals of Quantum Algorithms/Complexity

  • Find exponential speedups for a range of natural
  • computational problems.
  • Establish the limits of quantum algorithms.
  • Relate quantum complexity classes, such as BQP and
  • QMA, to classical complexity classes, such as
  • BPP, MA, PH.

Far reaching implications for cryptography,

computational complexity, physics, … Each of these

gives its own unique flavor to the questions.

slide6

Quantum resistant cryptography

  • Quantum computers break much of modern cryptography.
  • RSA (factoring), Diffie-Helman (discrete log),
  • Elliptic curve crypto, Buchmann-Williams (Pell eqn)…
  • Suppose we had a classical cryptosystem that was
  • as efficient and convenient as RSA, but was provably
  • not breakable even on a quantum computer.
  • Then there would be an incentive to switch to the
  • new cryptosystem, well before a large scale quantum
  • computer were experimentally realized.
slide7

Suppose we had a very efficient classical

  • cryptosystem that we believed was quantum resistant.
  • What kind of evidence could we present to “prove” it?
  • (Don’t have a working quantum computer to run heuristics)
  • The answer relies crucially on our understanding of
  • the power and limitations of quantum computers.
slide8

Hidden Subgroup Problem

G finite group. H subgroup of G.

Given black box that evaluates f: G -> S:

f is constant on cosets of H.

Determine H.

G:

  • G abelian: lens = fourier transform over G.
  • polynomial time quantum algorithm.
  • Shor: factoring. G = ZN. Period finding.
  • discrete log. G = Zp x Zp
  • [Hallgren] Pell’s equation
  • [van Dam, Hallgren, Ip] Hidden shift problems,
  • Breaking homomorphic encryption
  • [van Dam, Seroussi] Gauss sums
quantum algorithm for abelian hsp
Quantum Algorithm for Abelian HSP

Random coset state: use f to set up state

G:

gH

=

FT over G

FT over G:

FT + measurement gives uniformly random element of

Think of this as a random linear constraint on H …

non abelian hidden subgroup problem

Graph Isomorphism

SN Symmetric group

Non-abelian hidden subgroup problem

Lens = (non-abelian) fourier transform over G.

Short vector in Lattice:

Finding short vector not easy!

DNDihedral group

[Regev]

slide11

Lattice Problems

  • Finding short lattice vectors closely related to
  • Dihedral HSP.
  • Random coset state preparation + Fourier sampling
  • gives sufficient info to reconstruct subgroup.
  • But classically reconstructing subgroup appears to be
  • very difficult. Related to subset sum.
  • Kuperberg’s quantum reconstruction algorithm.
slide12

Public-key cryptosystems based on Quantum

hardness of Shortest Lattice Vector.

  • [Ajtai-Dwork] cryptosystem.
  • [Regev]
  • Improved efficiency based on assumption that finding
  • short lattice vectors is hard for quantum algorithms.
  • New cryptosystem resembles hardness of solving noisy
  • linear equations mod p.
  • Worst-case to average case reduction.
slide13

Learning with errors

Linear equations in n variables over Zp for p prime,

where n2 < p < 2n2

m noisy equations:

where

and is gaussian with mean 0 and standard

deviation n1.5

Theorem [Regev]: LWE is as hard as approximating

the shortest vector in a lattice to within n1.5

slide14

Worst-case to average-case reduction

  • LWE specifies an average-case problem. Inputs
  • sampled from a fixed distribution.
  • Quantum reduction showing that an arbitrary lattice
  • problem (worst-case) can be mapped to LWE.
  • Example of the quantum method. Prove a purely
  • classical statement by quantum methods.
  • [Kerenidis, deWolf] lower bounds for locally
  • decodable codes.
slide15

LWE and Lattices

  • Lattice L = {integer linear combinations of u1, …, un }
  • Dual lattice L* = {v: <v,u> integer for all u in L}
  • L* is the fourier transform of L.
slide16

LWE and Lattices

  • Lattice L = {integer linear combinations of u1, …, un }
  • Dual lattice L* = {v: <v,u> integer for all u in L}
  • L* is the fourier transform of L.

D*L

DL

slide17

D*L

DL

  • Sampling from DL with small width Gaussian implies
  • good approximation of shortest lattice vector.
  • Polynomially large samples from DL yield an unbiased
  • estimator for D*L . If the width of the Gaussian
  • is large, this gives a way of, given x, approximating
  • the closest lattice vector to x in L*.
  • Quantum reduction, given algorithm for approximating
  • closest vector in L*, to sampling from DL .
slide18

D*L

DL

  • Sampling from DL with small width Gaussian implies good approximation
  • of shortest lattice vector.
  • Polynomially large samples from DL yield an unbiased estimator for D*L .
  • If the width of the Gaussian is large, this gives a way of, given z,
  • approximating the closest lattice to z.
  • Quantum reduction, given algorithm for approximating
  • closest vector in L*, to sampling from DL .

To erase x, compute x given z=x+y:

slide19

Improving the Efficiency

  • Based on cyclic lattices:
  • Lattices where the basis consists of vector v, and
  • all its cyclic shifts.
  • Much more succinct. Key size n2 -> n
  • Faster computation – use Fourier transforms.
  • [Piekart, Rosen] collision resistant hash functions.
  • [Gentry] Homomorphic encryption.
slide20

Open Questions

  • Is there a quantum algorithm to find a short
  • vector in a cyclic lattice?
  • Does the van Dam, Hallgren, Ip quantum algorithm for
  • breaking homomorphic encryption extend to
  • Gentry’s scheme?
  • Is it possible to speed up Kuperberg’s quantum
  • reconstruction algorithm for the dihedral HSP?
  • Is it possible to design a public-key cryptosystem
  • based on cyclic lattices?
slide21

Greater Security?

[Hallgren, Moore, Roettler, Russell, Sen 06] provide

very strong evidence of quantum hardness:

Hg1

Hg2

Hgk

k < poly(n) implies exponentially many measurements

For sufficiently non-abelian groups. Eg Sn, GLn

in particular: graph isomorphism.

Sufficiently non-abelian ~ exponential sized irreps + …

Can one base public-key cryptography on these stronger

impossibility results?

[Moore, Russell, V] One-way function, related to McEliese

Cryptosystem, based on hardness of HSP over

slide22

Goals of Quantum Algorithms/Complexity

  • Find exponential speedups for a range of natural
  • computational problems.
  • Establish the limits of quantum algorithms.
  • Relate quantum complexity classes, such as BQP and
  • QMA, to classical complexity classes, such as
  • BPP, MA, PH.
slide23

An Old Question in Quantum Complexity Theory

  • Is BQP C PH?
  • [Bernstein, V ‘93] There is an oracle A: BQPA C MAA
  • Conjectured that same holds for PH – that recursive
  • fourier sampling is in BQP but not in PH.
  • [Aaronson ‘09] Conjecture: Fourier checking is in
  • BQP, but not in PH.
  • Proof that this is true under the generalized Linial-Nisan
  • conjecture.
  • The original Linial-Nisan conjecture states that
  • logn-wise independent distributions fool AC0 circuits.
  • Resolved by Braverman. Generalized = almost logn-wise.
slide24

Hamiltonian Complexity

Computational complexity <--> condensed matter physics

  • H = H1 + … + Hm , each Hi k-local.
  • [Kitaev] Computing ground energy of H is QMA-hard.
  • [Aharonov, et. al.] Adiabatic quantum computation is
  • universal.
  • [Hastings] Area law for 1-D local Hamiltonians.
  • Efficient simulation of gapped Hamiltonians.
  • [Aharonov, Gottesman, Irani, Kempe] Computing
  • ground states of 1-D local Hamiltonians QMA-hard.
slide25

Quantum PCP theorem?

  • Given a promise that k-local hamiltonian H has
  • either ground energy 0 or cm for constant c,
  • determine which.
  • Classical PCP theorem is a cornerstone of classical
  • complexity theory.
  • Theory of inapproximability, room temperature QC
  • [Aharonov, Arad, Landau, V] quantum gap amplification.
slide26

How do you verify a theory where you require

  • exponential resources to calculate the predicted
  • outcome of the experiment?
  • One-way function. Start with P, Q primes.
  • Multiply N = PQ. See if quantum computer can
  • Factor.
  • How do you verify the claims of a company
  • New-Wave, that claims to have built a quantum
  • Computer?
  • [Aharonov, et. Al.], [Broadbent, et. Al.]
  • Quantum interactive proofs.
slide27

Conclusions

Quantum algorithms and complexity theory explore

fundamental questions with profound implications:

  • Quantum resistant cryptography.
  • Probabilistic method <--> quantum method
  • Quantum complexity <--> classical complexity
  • quantum complexity theory <--> condensed matter physics
  • Verifying quantum computations.