Transcript Slide 1
Quantum Versus Classical
Proofs and Advice
n
x{0,1}
|
Scott Aaronson
Waterloo MIT
Greg Kuperberg
UC Davis
Can “quantum proofs” let us verify certain theorems
exponentially faster than classical proofs?
Yes (we think!)
But to argue for the power of quantum proofs, we’ll
have to introduce a new kind of evidence:
“Quantum Oracle Separations”
(It’s not just that we failed to find the old kind of
evidence—we can tell you exactly why we failed)
Schrödinger’s Zoo
QMA: Quantum Merlin-Arthur
Class of problems for which a “yes” answer can be
verified in quantum polynomial-time, with help from a
polynomial-size quantum witness state
QCMA: Quantum Classical Merlin-Arthur
Same, except now the witness has to be classical
Closely related to quantum proofs is quantum advice…
BQP/qpoly: Class of problems solvable in quantum
polynomial time, with help from a “quantum advice state”
|n that depends only on the input length n
BQP/poly: Same, except now advice has to be classical
Surely it
should at
least be easy
to separate
these classes
by oracles…
PP/poly
PP
Dream
on!
QMA
BQP/qpoly
QCMA
BQP/poly
MA
BQP
P/poly
This Talk: Quantum Oracle Separations
Theorem: There exist “quantum oracles” U and V such
that QMAU QCMAU and BQPV/qpoly BQPV/poly
Quantum oracle: A sequence of unitary
transformations {Un} that a quantum algorithm can
apply in a black-box fashion
Models subroutines that take quantum input and
produce quantum output
A new kind of evidence that two complexity classes are
different
Idea has already found other applications in quantum
computing [A07] [MS07]
The Oracle Problem We’ll Use
Choose an n-qubit state | uniformly at random
Let U be the unitary that maps ||0 to ||1, and
||0 to ||0 whenever |=0
Problem: Given oracle access to U, decide whether
• (YES) U=U for some , or
• (NO) U=I is the identity transformation
Clearly this problem is in QMAU
(The witness: | itself)
Claim: The problem is not in QCMAU
Underlying Question: How much does
an nk-bit classical hint help in searching for
an unknown 2n-dimensional unit vector?
Intuition: Not much!
2n-dimensional unit sphere
2
n
k
“advice regions”
To prove the intuition, we need a
geometric lemma…
Let be a probability measure over N-dimensional
unit vectors
Call p-uniform if it can be obtained by starting
from the uniform measure, and then conditioning on
an event that occurs with probability p
Lemma: If is p-uniform, then for every fixed
quantum state |,
EX |
2
1 log1 / p
O
N
Intuition: Best you can do is let be
the uniform measure over the fraction p
of states that are closest to |
|
Lower Bound
Theorem: Suppose we’re given oracle access to an
n-qubit unitary U, and want to decide whether
(i) U=I is the identity operator, or
Quantum oracles relative to
(ii) U=U for some secret
which QMAU “marked
QCMAUstate”
and |.
U/qpoly
Then even BQP
if we’re
given an
m-bitU/poly
classical witness
BQP
in support of
case
(ii), we
need
now
follow
by still
standard
arguments
n
2
m 1
queries to U to verify the witness.
Proof uses
BBBV hybrid
argument
Almost-Matching Upper Bound
Theorem: We can find an n-qubit “marked state”
| using an m-bit classical hint, together with
2n
O
1
m
queries to the quantum oracle U. (Provided m2n)
Idea: A “mesh” of 2m states.
Merlin tells Arthur the state
closest to |, which Arthur
then uses as a starting point
for Grover’s algorithm
But What About A Classical Oracle
Separation Between QMA and QCMA?
We’ve had essentially one candidate problem for
this: Group Non-Membership (Babai)
Problem: Given a group G, a subgroup HG, and
an element xG, is xH?
Here G and H are specified as black-box groups
I.e. every xG is labeled by a meaningless string
s(x), and we’re given an oracle that maps s(x)
and s(y) to s(xy) and s(x-1)
Group Non-Membership (as an oracle problem) is
known to be in AM but outside MA
Watrous (2000) showed how to solve GNM in QMA,
using the state
1 The Group
Conclusion:
H
h
Non-Membership
H hHproblem
cannot, alas, lead to an
as a witness
oracle separation between
QMA and QCMA.
Our result: Arthur can verify xH using
(1) a polynomial-size classical witness from Merlin, and
(2) polynomially many quantum queries to the group oracle
(but possibly an exponential amount of computation)
Idea: “Pull the group out of the black box”
Isomorphism
claimed by
Merlin
Explicit group
Black-box group
Merlin gives Arthur an explicit group , together with
a claimed isomorphism f:G
(defined by its action on generators)
Arthur checks that f is a homomorphism using the
BCLR tester
He checks that f is one-to-one by solving an instance
of the Hidden Subgroup Problem
(f is one-to-one kernel of f is trivial)
Ettinger-Høyer-Knill: Hidden Subgroup Problem
has polynomial quantum query complexity
Once we’ve replaced G by an explicit group, no more
queries to the group oracle are needed
Open Problems
Can we prove a classical oracle separation between
QMA and QCMA?
Bigger question: Whenever we prove a quantum
oracle separation, can we also prove a classical one?
Is Group Non-Membership in QCMA?
(I.e. is the computational complexity polynomial,
in addition to the query complexity?)
Other quantum oracle separations?
QMA vs. QMA(2)