Results 11  20
of
30
The quantum PCP conjecture
 ACM SIGACT News
, 2013
"... The classical PCP theorem is arguably the most important achievement of classical complexity theory in the past quarter century. In recent years, researchers in quantum computational complexity have tried to identify approaches and develop tools that address the question: does a quantum version of t ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
(Show Context)
The classical PCP theorem is arguably the most important achievement of classical complexity theory in the past quarter century. In recent years, researchers in quantum computational complexity have tried to identify approaches and develop tools that address the question: does a quantum version of the PCP theorem hold? The story of this study starts with classical complexity and takes unexpected turns providing fascinating vistas on the foundations of quantum mechanics, the global nature of entanglement and its topological properties, quantum error correction, information theory, and much more; it raises questions that touch upon some of the most fundamental issues at the heart of our understanding of quantum mechanics. At this point, the jury is still out as to whether or not such a theorem holds. This survey aims to provide a snapshot of the status in this ongoing story, tailored to a general theoryofCS audience. 1
Quantum commitments from complexity assumptions
 In Luca Aceto, Monika Henzinger, and Jir Sgall, editors, Automata, Languages and Programming, volume 6755 of Lecture
"... ar ..."
A polynomialtime theory of matrix groups and black box groups
 in these Proceedings
"... We consider matrix groups, specified by a list of generators, over finite fields. The two most basic questions about such groups are membership in and the order of the group. Even in the case of abelian groups it is not known how to answer these questions without solving hard number theoretic proble ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
We consider matrix groups, specified by a list of generators, over finite fields. The two most basic questions about such groups are membership in and the order of the group. Even in the case of abelian groups it is not known how to answer these questions without solving hard number theoretic problems (factoring and discrete log); in fact, constructive membership testing in the case of 1 × 1 matrices is precisely the discrete log problem. So the reasonable question is whether these problems are solvable in randomized polynomial time using number theory oracles. Building on 25 years of work, including remarkable recent developments by several groups of authors, we are now able to determine the order of a matrix group over a finite field of odd characteristic, and to perform constructive membership testing in such groups, in randomized polynomial time, using oracles for factoring and discrete log. One of the new ingredients of this result is the following. A group is called semisimple if it has no abelian normal subgroups. For matrix groups over finite fields, we show that the order of the largest semisimple quotient can be determined in randomized polynomial time (no number theory oracles required and no restriction on parity). As a byproduct, we obtain a natural problem that belongs to BPP and is not known to belong either to RP or to coRP. No such problem outside the area of matrix groups appears to be known. The problem is the decision version of the above: Given a list A of nonsingular d × d matrices over a finite field and an integer N, does the group generated by A have a semisimple quotient of order ≥ N? We also make progress in the area of constructive recognition of simple groups, with the corollary that for a large class of matrix groups, our algorithms become Las Vegas.
Impossibility of Succinct Quantum Proofs for CollisionFreeness
"... We show that any quantum algorithm to decide whether a function f: [n] → [n] is a permutation or far from a permutation must make Ω n1/3/w queries to f, even if the algorithm is given a wqubit quantum witness in support of f being a permutation. This implies that there exists an oracle A such that ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
We show that any quantum algorithm to decide whether a function f: [n] → [n] is a permutation or far from a permutation must make Ω n1/3/w queries to f, even if the algorithm is given a wqubit quantum witness in support of f being a permutation. This implies that there exists an oracle A such that SZKA 6 ⊂ QMAA, answering an eightyearold open question of the author. Indeed, we show that relative to some oracle, SZK is not in the counting class A0PP defined by Vyalyi. The proof is a fairly simple extension of the quantum lower bound for the collision problem. 1
A Full Characterization of Quantum Advice
"... We prove the following surprising result: given any quantum state ρ on n qubits, there exists a local Hamiltonian H on poly (n) qubits (e.g., a sum of twoqubit interactions), such that any ground state of H can be used to simulate ρ on all quantum circuits of fixed polynomial size. In terms of comp ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
We prove the following surprising result: given any quantum state ρ on n qubits, there exists a local Hamiltonian H on poly (n) qubits (e.g., a sum of twoqubit interactions), such that any ground state of H can be used to simulate ρ on all quantum circuits of fixed polynomial size. In terms of complexity classes, this implies that BQP/qpoly ⊆ QMA/poly, which supersedes the previous result of Aaronson that BQP/qpoly ⊆ PP/poly. Indeed, we can exactly characterize quantum advice, as equivalent in power to untrusted quantum advice combined with trusted classical advice. Proving our main result requires combining a large number of previous tools—including a result of Alon et al. on learning of realvalued concept classes, a result of Aaronson on the learnability of quantum states, and a result of Aharonov and Regev on ‘QMA+ superverifiers’—and also creating some new ones. The main new tool is a socalled majoritycertificates lemma, which is related to boosting in machine learning, and which seems likely to find independent applications. In its simplest version, this lemma says the following. Given any set S of Boolean functions on n variables, any function f ∈ S can be expressed as the pointwise majority of m = O (n) functions f1,..., fm ∈ S, such that each fi is the unique function in S compatible with O (log S) input/output constraints.
Two results about quantum messages
 In Proceedings of the 39th International Symposium on Mathematical Foundations of Computer Science (MFCS
, 2014
"... ar ..."
(Show Context)
Quantum Money from Hidden Subspaces (Extended Abstract)
 STOC’12, MAY 19–22, 2012
, 2012
"... Forty years ago, Wiesner pointed out that quantum mechanics raises the striking possibility of money that cannot be counterfeited according to the laws of physics. We propose the first quantum money scheme that is (1) publickey—meaning that anyone can verify a banknote as genuine, not only the bank ..."
Abstract
 Add to MetaCart
Forty years ago, Wiesner pointed out that quantum mechanics raises the striking possibility of money that cannot be counterfeited according to the laws of physics. We propose the first quantum money scheme that is (1) publickey—meaning that anyone can verify a banknote as genuine, not only the bank that printed it, and (2) cryptographically secure, under a “classical” hardness assumption that has nothing to do with quantum money. Our scheme is based on hidden subspaces, encoded as the zerosets of random multivariate polynomials. A main technical advance is to show that the “blackbox” version of our scheme, where the polynomials are replaced by classical oracles, is unconditionally secure. Previously, such a result had only been known relative to a quantum oracle (and even there, the proof was never published). Even in Wiesner’s original setting—quantum money that can only be verified by the bank—we are able to use our techniques to patch a major security hole in Wiesner’s scheme. We give the first privatekey quantum money scheme that allows unlimited verifications and that remains unconditionally secure, even if the counterfeiter can interact adaptively with the bank. Our money scheme is simpler than previous publickey quantum money schemes, including a knotbased scheme of Farhi et al. The verifier needs to perform only two tests, one in the standard basis and one in the Hadamard basis— matching the original intuition for quantum money, based on the existence of complementary observables. Our security proofs use a new variant of Ambainis’s
MIT
"... The class QMA (k), introduced by Kobayashi et al., consists of all languages that can be verified using k unentangled quantum proofs. Many of the simplest questions about this class have remained embarrassingly open: for example, can we give any evidence that k quantum proofs are more powerful than ..."
Abstract
 Add to MetaCart
(Show Context)
The class QMA (k), introduced by Kobayashi et al., consists of all languages that can be verified using k unentangled quantum proofs. Many of the simplest questions about this class have remained embarrassingly open: for example, can we give any evidence that k quantum proofs are more powerful than one? Can we show any upper bound on QMA (k), besides the trivial NEXP? Does QMA (k) = QMA (2) for k ≥ 2? Can QMA (k) protocols be amplified to exponentially small error? In this paper, we make progress on all of the above questions. • We give a protocol by which a verifier can be convinced that a 3Sat formula of size n is satisfiable, with constant soundness, given O ̃ ( n) unentangled quantum witnesses with O (logn) qubits each. Our protocol relies on Dinur’s version of the PCP Theorem and is inherently nonrelativizing. • We show that assuming the famous Additivity Conjecture from quantum information theory, anyQMA (2) protocol can be amplified to exponentially small error, and QMA (k) = QMA (2) for all k ≥ 2. • We give evidence that QMA (2) ⊆ PSPACE, by showing that this would follow from “strong amplification ” of QMA (2) protocols. • We prove the nonexistence of “perfect disentanglers ” for simulating multiple Merlins with one. 1