The Computer Science Picture of Reality - PowerPoint PPT Presentation

1 / 27
About This Presentation
Title:

The Computer Science Picture of Reality

Description:

Quantum Algorithms & Complexity Umesh Vazirani U.C. Berkeley – PowerPoint PPT presentation

Number of Views:97
Avg rating:3.0/5.0
Slides: 28
Provided by: vaz5
Category:

less

Transcript and Presenter's Notes

Title: The Computer Science Picture of Reality


1
Quantum Algorithms Complexity
Umesh Vazirani U.C. Berkeley
2
One does not, by knowing all the physical laws as
we know them today, immediately obtain an
understanding of anything much. (Richard
Feynman, 1918-1988)
3
One does not, by knowing all the physical laws as
we know them today, immediately obtain an
understanding of anything much. (Richard
Feynman, 1918-1988)
Quantum computers are the only known model of
Computation that violate the Extended
Church-Turing thesis.
4
Goals of Quantum Algorithms/Complexity
  • Find exponential speedups for a range of natural
  • computational problems.
  • Establish the limits of quantum algorithms.
  • Relate quantum complexity classes, such as BQP
    and
  • QMA, to classical complexity classes, such as
  • BPP, MA, PH.

5
Goals of Quantum Algorithms/Complexity
  • Find exponential speedups for a range of natural
  • computational problems.
  • Establish the limits of quantum algorithms.
  • Relate quantum complexity classes, such as BQP
    and
  • QMA, to classical complexity classes, such as
  • BPP, MA, PH.

Far reaching implications for cryptography,
computational complexity, physics, Each of
these gives its own unique flavor to the
questions.
6
Quantum resistant cryptography
  • Quantum computers break much of modern
    cryptography.
  • RSA (factoring), Diffie-Helman (discrete log),
  • Elliptic curve crypto, Buchmann-Williams (Pell
    eqn)
  • Suppose we had a classical cryptosystem that was
  • as efficient and convenient as RSA, but was
    provably
  • not breakable even on a quantum computer.
  • Then there would be an incentive to switch to
    the
  • new cryptosystem, well before a large scale
    quantum
  • computer were experimentally realized.

7
  • Suppose we had a very efficient classical
  • cryptosystem that we believed was quantum
    resistant.
  • What kind of evidence could we present to prove
    it?
  • (Dont have a working quantum computer to run
    heuristics)
  • The answer relies crucially on our
    understanding of
  • the power and limitations of quantum computers.

8
Hidden Subgroup Problem
G finite group. H subgroup of G. Given black box
that evaluates f G -gt S f is constant on
cosets of H. Determine H.
G
  • G abelian lens fourier transform over G.
  • polynomial time quantum algorithm.
  • Shor factoring. G ZN. Period finding.
  • discrete log. G Zp x Zp
  • Hallgren Pells equation
  • van Dam, Hallgren, Ip Hidden shift problems,
  • Breaking homomorphic encryption
  • van Dam, Seroussi Gauss sums

9
Quantum Algorithm for Abelian HSP
Random coset state use f to set up state
G
gH

FT over G
FT over G
FT measurement gives uniformly random element
of
Think of this as a random linear constraint on H
10
Non-abelian hidden subgroup problem
Lens (non-abelian) fourier transform over G.
Short vector in Lattice
Finding short vector not easy!
DN Dihedral group
Regev
11
Lattice Problems
  • Finding short lattice vectors closely related
    to
  • Dihedral HSP.
  • Random coset state preparation Fourier
    sampling
  • gives sufficient info to reconstruct subgroup.
  • But classically reconstructing subgroup appears
    to be
  • very difficult. Related to subset sum.
  • Kuperbergs quantum reconstruction
    algorithm.

12
Public-key cryptosystems based on Quantum
hardness of Shortest Lattice Vector.
  • Ajtai-Dwork cryptosystem.
  • Regev
  • Improved efficiency based on assumption that
    finding
  • short lattice vectors is hard for quantum
    algorithms.
  • New cryptosystem resembles hardness of solving
    noisy
  • linear equations mod p.
  • Worst-case to average case reduction.

13
Learning with errors
Linear equations in n variables over Zp for p
prime, where n2 lt p lt 2n2 m noisy
equations where and
is gaussian with mean 0 and standard deviatio
n n1.5
Theorem Regev LWE is as hard as
approximating the shortest vector in a lattice to
within n1.5
14
Worst-case to average-case reduction
  • LWE specifies an average-case problem. Inputs
  • sampled from a fixed distribution.
  • Quantum reduction showing that an arbitrary
    lattice
  • problem (worst-case) can be mapped to LWE.
  • Example of the quantum method. Prove a purely
  • classical statement by quantum methods.
  • Kerenidis, deWolf lower bounds for locally
  • decodable codes.

15
LWE and Lattices
  • Lattice L integer linear combinations of u1,
    , un
  • Dual lattice L v ltv,ugt integer for all u in
    L
  • L is the fourier transform of L.

16
LWE and Lattices
  • Lattice L integer linear combinations of u1,
    , un
  • Dual lattice L v ltv,ugt integer for all u in
    L
  • L is the fourier transform of L.

DL
DL
17
DL
DL
  • Sampling from DL with small width Gaussian
    implies
  • good approximation of shortest lattice vector.
  • Polynomially large samples from DL yield an
    unbiased
  • estimator for DL . If the width of the Gaussian
  • is large, this gives a way of, given x,
    approximating
  • the closest lattice vector to x in L.
  • Quantum reduction, given algorithm for
    approximating
  • closest vector in L, to sampling from DL .

18
DL
DL
  • Sampling from DL with small width Gaussian
    implies good approximation
  • of shortest lattice vector.
  • Polynomially large samples from DL yield an
    unbiased estimator for DL .
  • If the width of the Gaussian is large, this
    gives a way of, given z,
  • approximating the closest lattice to z.
  • Quantum reduction, given algorithm for
    approximating
  • closest vector in L, to sampling from DL .

To erase x, compute x given zxy
19
Improving the Efficiency
  • Based on cyclic lattices
  • Lattices where the basis consists of vector v,
    and
  • all its cyclic shifts.
  • Much more succinct. Key size n2 -gt n
  • Faster computation use Fourier transforms.
  • Piekart, Rosen collision resistant hash
    functions.
  • Gentry Homomorphic encryption.

20
Open Questions
  • Is there a quantum algorithm to find a short
  • vector in a cyclic lattice?
  • Does the van Dam, Hallgren, Ip quantum
    algorithm for
  • breaking homomorphic encryption extend to
  • Gentrys scheme?
  • Is it possible to speed up Kuperbergs quantum
  • reconstruction algorithm for the dihedral HSP?
  • Is it possible to design a public-key
    cryptosystem
  • based on cyclic lattices?

21
Greater Security?
Hallgren, Moore, Roettler, Russell, Sen
06 provide very strong evidence of
quantum hardness
Hg1
Hg2
Hgk
k lt poly(n) implies exponentially many
measurements
For sufficiently non-abelian groups. Eg Sn,
GLn in particular graph isomorphism.
Sufficiently non-abelian exponential sized
irreps
Can one base public-key cryptography on these
stronger impossibility results? Moore, Russell,
V One-way function, related to
McEliese Cryptosystem, based on hardness of HSP
over
22
Goals of Quantum Algorithms/Complexity
  • Find exponential speedups for a range of natural
  • computational problems.
  • Establish the limits of quantum algorithms.
  • Relate quantum complexity classes, such as BQP
    and
  • QMA, to classical complexity classes, such as
  • BPP, MA, PH.

23
An Old Question in Quantum Complexity Theory
  • Is BQP C PH?
  • Bernstein, V 93 There is an oracle A BQPA
    C MAA
  • Conjectured that same holds for PH that
    recursive
  • fourier sampling is in BQP but not in PH.
  • Aaronson 09 Conjecture Fourier checking is
    in
  • BQP, but not in PH.
  • Proof that this is true under the generalized
    Linial-Nisan
  • conjecture.
  • The original Linial-Nisan conjecture states that
  • logn-wise independent distributions fool AC0
    circuits.
  • Resolved by Braverman. Generalized almost
    logn-wise.

24
Hamiltonian Complexity
Computational complexity lt--gt condensed matter
physics
  • H H1 Hm , each Hi k-local.
  • Kitaev Computing ground energy of H is
    QMA-hard.
  • Aharonov, et. al. Adiabatic quantum
    computation is
  • universal.
  • Hastings Area law for 1-D local Hamiltonians.
  • Efficient simulation of gapped Hamiltonians.
  • Aharonov, Gottesman, Irani, Kempe Computing
  • ground states of 1-D local Hamiltonians QMA-hard.

25
Quantum PCP theorem?
  • Given a promise that k-local hamiltonian H has
  • either ground energy 0 or cm for constant c,
  • determine which.
  • Classical PCP theorem is a cornerstone of
    classical
  • complexity theory.
  • Theory of inapproximability, room temperature
    QC
  • Aharonov, Arad, Landau, V quantum gap
    amplification.

26
  • How do you verify a theory where you require
  • exponential resources to calculate the predicted
  • outcome of the experiment?
  • One-way function. Start with P, Q primes.
  • Multiply N PQ. See if quantum computer can
  • Factor.
  • How do you verify the claims of a company
  • New-Wave, that claims to have built a quantum
  • Computer?
  • Aharonov, et. Al., Broadbent, et. Al.
  • Quantum interactive proofs.

27
Conclusions
Quantum algorithms and complexity theory explore
fundamental questions with profound implications
  • Quantum resistant cryptography.
  • Probabilistic method lt--gt quantum method
  • Quantum complexity lt--gt classical complexity
  • quantum complexity theory lt--gt condensed matter
    physics
  • Verifying quantum computations.
Write a Comment
User Comments (0)
About PowerShow.com