Download
1 / 29
290 likes | 293 Vues
This talk outlines the future and past of quantum lower bounds by discussing the quantum query model, quantum lower bounds for collision and set comparison problems, and open problems in the field.
E N D
The Future (and Past) of Quantum Lower Bounds by Polynomials Scott Aaronson UC Berkeley
Outline • The quantum query model • Quantum lower bounds for collision and set comparison problems • Open problems
Quantum Query Model Count only number of queries, not number of computational steps Let X=xi…xn be input In quantum algorithm, each basis state has form |i,z, where i = index to query z = workspace Query transformation O maps each |i,z to |i,zxi (i.e. XOR’s xi into workspace)
Quantum Query Model (con’t) Algorithm consists of interleaved queries and unitaries: U0 O U1 … UT-1 O UT Ut: arbitrary unitary that doesn’t depend on xi’s (we don’t care how hard it is to implement) At the end we measure to obtain a basis state |i,z, then output (say) first bit of z
Quantum Query Complexity Let f(X) be the function we’re trying to compute Algorithm computes f if it outputs f(X) with probability at least 2/3 for every X Q(f) = minimum # of queries made by quantum algorithm that computes f Immediate: Q(f) R(f) D(f) R(f) = randomized query complexity D(f) = deterministic query complexity
Why Is This Model Interesting? • Because we can prove things Search for car keys here
Quantum lower bounds for collision and set comparison problems
Collision Problem • Given • Promised: • (1) X is one-to-one (permutation) or • (2) X is two-to-one • Problem: Decide which w.h.p., using few queries to the xi • Randomized alg: (n)
Result • Any quantum algorithm for the collision problem uses (n1/5) queries (A, STOC’2002) • Shi improved to (n1/4) • (n1/3) when |range| 3n/2 • Previously no lower bound better than (1). Open since 1997
Implications • Oracle A for which SZKA BQPA • SZK: Statistical Zero Knowledge • No “trivial” polytime quantum algorithms for • graph isomorphism • nonabelian hidden subgroup • breaking cryptographic hash functions
Brassard-Høyer-Tapp (1997) (n1/3) quantum alg for collision problem Grover’s algorithm over n2/3 xi’s Do I collide with any of the pink xi’s? n1/3 xi’s, queried classically, sorted for fast lookup
Previous Lower Bound Techniques • Block sensitivity (Beals et al. 1998): Q(f) = (bs(f)) • Quantum adversary method (Ambainis 2000) • Problem: Every 1-1 input differs in at least n/2 places from every 2-1 input
P(X) = acceptance probability on input X Proposition (follows Beals et al. 1998): P(X) is a polynomial of degree 2T over the (xi,h)
Proof: Initially, amplitude i,z of each |i,z is a degree-0 polynomial over the (xi,h). A query replaces each i,z by increasing its degree by 1. The Ut’s can’t increase degree. At the end, squaring amplitudes doubles degree.
Let Input Distribution • D(g): Uniform distribution over g-to-1 inputs • Technicality: g might not divide n • But assume for simplicity that it does • Problem: Show that, if T=O(n), then P(g) is a univariate polynomial of degree 2T for integers 1gn
Let • Then for some I, Monomials of P(X) • I(X) = product of r variables (xi,h)
So • since Calculating (I,g): #1 • “Range” of I: Y. w=|Y|. • (I,g) = 0 unless YS (“range” of X)
Calculating (I,g): #2 • Given an S containing Y, # of g-to-1 inputs of size n: n!/(g!)n/g • Let {y1,…,yw} be distinct values in Y • ri = # of times yi appears in Y • r1 + … + rw = r • # of g-to-1 inputs X with range S s.t. I(X)=1:
Polynomial in g of degree w + (r-w) = r 2T Becomes ~polynomial(g)
Markov’s Inequality Let p be a polynomial bounded in [0,b] in the interval [0,a], that has derivative at least c somewhere in that interval. Then c b a
Lower Bound • 0 P(g) 1 for all 0 g n • P(1) 1/10 and P(2) 9/10 • So dP/dg 4/5 somewhere • (n1/4) lower bound would follow if g always divided n • Can fix to obtain an (n1/5) bound • Shi found a better way to fix
Set Comparison • What the SZKA BQPA result actually uses • Input: f,g : {1,…,2n} {1,…,n} • Promise: Either (1) Range(f) = Range(g) or (2) |Range(f) Range(g)| > 1.1n • Problem: Decide which w.h.p. • Result:(n1/7) quantum lower bound
Idea • Take the total range from which X and Y are drawn to have size 2n/g • Draw X and Y individually from sub-ranges of size n/(g), where so (1)=(2)=1, yet n/(g) 2n/g for g > 2 • Again acceptance prob. is a polynomial in g • That grows quadratically weakens the bound from (n1/5) to (n1/7)
Other ‘Collisionoid’ Functions • Set equality: Suppose either (1) Range(f) = Range(g) or (2) Range(f) Range(g) = The best quantum lower bound is still (1)! • Element distinctness: Decide whether there exist ij such that xi=xj • Quantum upper bound: O(n3/4) (Buhrman et al. ‘01) • Quantum lower bound: (n2/3) (Shi ‘02) • Conjecture (Watrous): R(f) and Q(f) are polynomially related for every symmetric function
AND AND E E E Trees! Is Q(f) = O(deg(f)) for every f? Conjecture: No OR 2-level game tree Ambainis’ adversary method yields (n) But best known polynomial lower bound is ((n log n)1/4) (Shi ‘01) E
Is SZK QMA Relative to an Oracle? In the collision problem, suppose f:{0,1}n{0,1}n is 1-to-1 rather than 2-to-1. Can you give me a polynomial-size quantum certificate, by which I can verify that fact in polynomial time?
Generalizing the Polynomial Method • Instead of a polynomial P(X), have a positive semidefinite matrix (X) • Every entry of (X) is a polynomial in X of degree 2T • For all X, all eigenvalues of (X) must lie in [0,1] • Acceptance probability = maximum eigenvalue • is 2m2m, where m = size of certificate • Can we show collision function is not represented by a low-degree “matrix polynomial”?
Randomized Certificate Complexity RC(f) • RC(f) = maxXRCX(f) • RCX(f) = min # of randomized queries needed to distinguish X from any Y s.t. f(Y)f(X) with ½ prob. • Quantum Certificate Complexity QC(f) • Example: For f=MAJ(x1,…,xn), letting X=00…0, • RCX(MAJ) = 1 • A 2002: QCX(f) = (RCX(f)) (uses adversary method) • Can this be shown using polynomial method? RC(f) and QC(f)
