A STUDY OF QMA, QCMA, AND THEIR ORACLE SEPARATION
by
MIR SHAHAB ALDIN RAZAVI HESSSABI
(Under the Direction of E. Rodney Canfield)
ABSTRACT
To compare the power of quantum and classical advice, Aharonov and Naveh introduced QMA and QCMA classes. Although QMA=QCMA is still an open problem, it is still possible to construct a relativized world in which these two classes can be compared. Aaronson and Kuperberg presented an oracle separation of these two classes. They showed that even if in addition to an m� bit classical description of a marked state , a quantum black box which |��� recognizes is provided to any quantum algorithm, it still needs �� |��� � ������ queries before it can find the marked state . In this study a simple review of |��� MA and IP followed by an in depth and more intuitive description of
QMA/QCMA oracle separation is presented.
INDEX WORDS: QMA, QCMA, Oracle, Quantum Computing.
A STUDY OF QMA, QCMA, AND THEIR ORACLE SEPARATION
by
MIR SHAHAB ALDIN RAZAVI HESSABI
B.S., Shahid Beheshti University, Iran, 2006
M.S., University of Tehran, Iran, 2007
A Thesis Submitted to the Graduate Faculty of The University of Georgia in
Partial Fulfillment of the Requirements for the Degree
MASTER OF SCIENCE
ATHENS, GEORGIA
2009
© 2009
Mir Shahab Aldin Razavi Hessabi
All Rights Reserved
A STUDY OF QMA, QCMA, AND THEIR ORACLE SEPARATION
by
MIR SHAHAB ALDIN RAZAVI HESSABI
Major Professor: E. Rodney Canfield
Committee: Michael R. Geller Jeffrey Smith
Electronic Version Approved:
Maureen Grasso Dean of the Graduate School The University of Georgia December 2009 iv
ACKNOWLEDGEMENTS
I am heartily thankful to my supervisor, Rod E. Canfield, whose encouragement, guidance and support from the initial to the final level enabled me to develop an understanding of the subject.
Lastly, I offer my regards to all of those who supported me in any respect during the completion of the project.
Shahab Razavi
v
TABLE OF CONTENTS
Page
ACKNOWLEDGEMENTS ...... iv
LIST OF FIGURES ...... vii
CHAPTER
1 PRELIMINARIES ...... 1
1.1 INTRODUCTION ...... 1
1.2 QUBITS ...... 2
1.3 MULTIPLE QUBITS ...... 5
1.4 QUANTUM GATES ...... 6
1.5 THE DENSITY OPERATOR ...... 9
1.6 PURE AND MIXED STATES ...... 10
1.7 QUANTUM ORACLE ...... 10
1.8 QUANTUM TURING MACHINE ...... 11
2 CLASSICAL PROOF SYSTEMS ...... 12
2.1 INTERACTIVE DEFINITION OF NP ...... 12
2.2 INTERACTIVE PROOF SYSTEMS ...... 14
2.3 ARTHUR MERLIN GAME ...... 21
3 QUANTUM PROOF SYSTEMS ...... 23
3.1 QUANTUM INTERACTIVE PROOF SYSTEM ...... 23
3.2 FORMAL DEFINITION OF QIP ...... 25 vi
3.3 QUANTUM MERLIN ARTHUR ...... 27
3.4 QUANTUM CLASSICAL MERLIN ARTHUR ...... 29
4 ORACLE SEPERATION ...... 30
4.1 QUANTUM ORACLE SEPERATION OF QMA AND QCMA ...... 30
5 CONCLUSION ...... 36
5.1 GENERAL QUESTIONS ...... 36
GLOSSARY ...... 38
BIBLIOGRAPHY ...... 42
vii
LIST OF FIGURES
Page
Figure 1: Bloch Sphere ...... 4
Figure 2: Visualization of the Hadamard gate on the Bloch sphere ...... 8
Figure 3: Controlled�NOT gate and its matrix representation ...... 9
Figure 4: The NP proof�system ...... 13
Figure 5: An interactive pair of Turing machines ...... 14
Figure 6: Quantum circuit for a 3�message QIP ...... 27
1
CHAPTER 1
PRELIMINARIES
1.1 INTRODUCTION
It was thirty years ago that Richard Feynman raised the question, namely, how can we simulate quantum phenomena in a computer. Considering the nature of quantum mechanics such a simulation needs exponentially many bits to be able to represent a quantum system of size n. He then came up with the idea of a computational system based on quantum mechanics.
In 1985 David Deutsch [12] described a universal quantum Turing machine.
He proved that any physical system could be simulated if a two state system could be made to evolve by means of a set of simple operations. Due to the similarity between those operations and classical gates they are called quantum gates. In 1994 Peter Shor [13] found a quantum algorithm to factor large numbers in polynomial time.
A year later, Lov Grover [11] proved a tight bound of for the quantum ��√�� search algorithm based on quantum oracles.
During the last 30 years the research on quantum computation has had its own ups and downs, but it never could stop researchers form exploiting the different aspects of this field. One of the ongoing research areas on QC is quantum complexity theory. Understanding the relations between different 2 classes and their power and weakness not only does give us a better
understanding of the field but also it helps us in developing more efficient
algorithms.
Two of these classes are Quantum Merlin Arthur and Quantum Classical
Merlin Arthur. The study of these two and their relation gives us a proof on whether the quantum advice contains more information than classical advice of
the same length. Although the equality of these two classes still remains an
open problem to be exploited, it is possible to consider these two classes in a
relativized world and compare their strength. Such a world is defined by the
use of quantum oracles. Aaronson and Kuperberg [15] have studied the
relation between these two classes and showed an oracle separation between
them. In this study we present an in�depth and more intuitive version of their
proof.
The rest of this study is prepared as follows: in chapter one the essential
definitions and classes are given. In chapter 2 a brief review of classical
interactive proof system is presented. QMA and QCMA is then defined in
chapter 3. Chapter 4 contains the proof of QMA and QCMA oracle separation.
At the end in chapter 5, conclusion and open problems are given.
1.2 QUBITS
Like bits in classical computation, quantum bits or qubits for short are the
fundamental blocks of quantum computing. Qubits are actual physical objects,
but treating them as a mathematical concept with specific properties benefits 3 us in generalizing the theory of quantum computation and quantum
information in a way that our model does not rely on any specific system.
Like its classical cousin, a state is associated with each qubit. This state is
represented by “ ” notation called Dirac notation. But unlike bit which by its |� � definition can only be in state 0 or 1, qubit can be in a state other that or |� 0� . That is, qubit can be in a superposition of states which is a linear |� 1� combination of states:
|� �� � �|� 0� � �|� 1� where and are complex numbers. The states and are the � � |� 0� |� 1� computational basis states which form an orthonormal basis for the state vector space.
Another difference between bit and qubit is how we measure its state. It is quite easy to determine the state of a classical bit, that is, to examine the bit and get 0 or 1 as the result. But rather remarkably it is not true for qubits. We cannot examine a qubit to determine the state of it, which is actually the value of and . As an alternative, quantum mechanics provides us with much more � � restricted information about the quantum state. This information is given to us by measuring the qubit and getting 0 with probability or 1 with probability � |�| . And since the probabilities must sum to one, we have . � � � |�| |�| � |�| � 1 Despite this restriction in determining the state of a qubit, before measuring or in another word collapsing a qubit into either 0 or 1, a qubit can exist in a continuum of states between and . These states can be manipulated and |� 0� |� 1� transformed in ways that result in an outcome of computation. 4
We can picture the state of a qubit with a geometric representation. Since
, we may rewrite the equation of state as � � |�| � |�| � 1
�� � �� � �|� �� � � �cos |� 0� � � sin |� 1�� 2 2 where , and are real numbers. But since has no observable effects for �� � � � � our presentation we can ignore it and rewrite the above equation as
� �� � |� �� � cos |� 0� � � sin |� 1� 2 2 The numbers and define a point on the unit three�dimensional sphere, � � as shown in Figure 1. This sphere which is called Bloch sphere is a useful means of visualizing a single qubit. This representation can help us in understanding many of the operations on a single qubit but due to lack of a simple generalization of the Bloch sphere for multiple qubits this intuition is
limited.
Figure 1 Bloch Sphere
5
1.3 MULTIPLE QUBITS
If instead of a single qubit a system has qubits, then this system has � � 2 computational basis states. These base states are very similar to their classical counterparts with the difference that we represent them using Dirac notation.
For example a system with a pair of qubits has four computational basis states denoted , , , and . As for the single qubit, a pair can exist is in a |� 00� |� 01� |� 10� |� 11� superposition of all these four states. This superposition is a linear combination of all these four base states in which a complex coefficient, or amplitude, is associated with each base state.
|� �� � ���|� 00� � ���|� 01� � ���|� 10� � ���|� 11� Similar to the case for a single qubit, a measurement results in � �� with probability with the state of the qubits after � 00,01,10,11� |��| measurement being . Since represents the probability of observing � |� �� |��| � therefore . For a system with multiple qubits it is possible to � ∑����,��� |��| � 1 measure any subset of the qubits. In our case of two qubits we can measure the first qubit. Measuring the first qubit alone gives of 0 with probability
, leaving the post measurement state � � |���| � |���| ′ ��|� � ��|� � � � � 00 � � 01 �� � � � � �|���| � |���| Note that the post measurement state needs to be re�normalized to satisfy the normalization condition.
6
1.4 QUANTUM GATES
Just like classical computers, quantum computers rely on their gates to
manipulate data and transform it from one form to another. These gates can be
separated into two groups, single qubit gates and multiple qubit gates. In the
next two sections we define these two groups of gates.
1.4.1 SINGLE QUBIT GATES
The only non trivial classical single bit logical gate is the NOT gate. This gate
interchanges the 0 and 1 states of a classical bit. That is, if a bit is in state 0 it
changes to 1 and vice versa. It is possible to define a process that has the same
effect on quantum states and . Although such a process sounds |� 0� |� 1� promising for defining quantum analogous of NOT gate, it does not specify the
effect of applying this gate on a qubit in a superposition of states. In fact
quantum NOT gate acts linearly and interchanges the role of and in a |� 0� |� 1� superposition. That means it transfers the state
�|� 0� � �|� 1� to
�|� 1� � �|� 0� One convenient way to represent the NOT gate is in matrix form, which follows directly from the linearity of quantum gates. In fact if a quantum state is written as a vector then all of the quantum gates can be represented as matrices.
For historical reasons the matrix for the quantum NOT is called X. 7
0 1 � � � � 1 0 A single qubit state can be written in matrix notation as
� ��� where the top entry corresponds to the amplitude of and the bottom entry to |� 0� the amplitude of . As a result the act of NOT gate on a qubit is |� 1�
� � � � � � � � � � As it was mentioned earlier any quantum gate can be described by a matrix but not every matrix is representing a quantum gate. Recalling that the square of amplitudes in a vector corresponding with a quantum state represent probabilities, we need these probabilities add up to 1 after a gate acts on the vector. Mathematically speaking that means all the matrices correspond quantum gates should be unitary, that is, where is the adjoint of � � � � � � � � and is the identity matrix. � One of the other important single qubit gates is the Hadamard gate which if acts on or outputs a state halfway between and . The |� 0� |� 1� |� 0� |� 1� corresponding matrix with this gate is
1 1 1 � � � � √2 1 �1 To give a better perception of the operation of a quantum gate, a visualization of Hadamard gate on the input state is given in �|� 0� � |� 1� �⁄√2 Figure 2 by considering the Bloch sphere picture. The Hadamard gate acts on a 8 qubit by first rotating the Bloch sphere ° about the axis, followed by a 90 �� reflection through the plane. ��� ��
z z |� 0�z
y y y x x x
|� 0� � |� 1� √2
|� 1� Figure 2 Visualization of the Hadamard gate on the Bloch sphere
1.4.2 MULTIPLE QUBITS GATES
The only multiple qubit quantum logical gate that we study is the CNOT gate, since the combination of CNOT gate and single qubit gates gives a universal set of gates. That is, any multiple qubit logical gate may be composed from CNOT and single qubit gates. A proof of this is given in section 4.5 of [14].
There are a couple of different ways to represent CNOT gate, two of which are given in Figure 3. CNOT takes two qubits as the input, one control bit and one target bit, and it flips the target bit if the control bit is 1.
|� 00� � |� 00�; |� 01� � |� 01� ; |� 10� � |� 11� ; |� 11� � |� 10� Notice that the size of the matrix to describe CNOT gate is . That is � � 2 � 2 because the vector that represents the state of a two qubit system has 4 entries, and each column of this matrix describes the transformation that occurs to its relative computational basis. The first column describes the 9 transformation of and so on. Bear in mind that a system with n qubits |� 00� needs a vector of size to describe it since there are different � � 2 2 computational bases. Respectively a matrix of is needed to describe the � � 2 � 2 transformation that a gate applies to this system.
� � � � |�� |�� 1 0 0 0 �0 1 0 0� 0 0 0 1 |� �� |� � � �� 0 0 1 0 Figure 3 Controlled�NOT gate and its matrix representation
1.5 THE DENSITY OPERATOR
Up to this point we formulate a quantum system by its state vector. Another alternative approach is to use density operator or density matrix. This alternative tool, which is mathematically equivalent to the state space, helps with understanding some commonly encountered scenarios in quantum mechanics.
This formulation is mostly helpful when the state of a system is not completely known. That is, a quantum system which is in one of a number of states , where is an index, with respective probabilities . This system can |� ��� � �� be described by a density matrix as follows
� � � �� |� ������|� � Now, we can present the evolution of the system by a unitary matrix using its density matrix as follows 10
� � � � � � �� |� ������|� � � �� �|� ������|� � � ��� � �
1.6 PURE AND MIXED STATES
A quantum system is said to be in a pure state if its state is exactly known. |� �� In this case the density operator is simply . � � |� �����| If a quantum system is not in a pure state then it is in a mixture of different pure states. The state of such a system is called mixed state.
1.7 QUANTUM ORACLE
In theory of computation sometimes it is helpful if we suppose a black box is given to us that takes an input and returns an output in time. This type of ��1� black box is sometimes known as oracle.
Considering what the oracle gets as input, what operation it does on the input, and what it returns as the output, we can define the oracle in different ways. For the purpose of this study, we assume that the oracle gets a quantum register, applies an infinite sequence of unitary matrices, or quantum gates, and returns the result. Keep in mind that the oracle applies the gate in ��1� time.
11
1.8 QUANTUM TURING MACHINE
Quantum Turing machine is defined in the same way that classical Turing
machine is defined, except for the fact that QTM should be reversible and obeys
the unitary constraints.
The machine is defined over an alphabet Σ and a set of states with a � single infinite tape that a single head accesses it. A unitary transformation
Σ Σ where is map, specifies the transitions of the �: � � � � � � f � �: � � ��, �� machine. Let the current state of machine be and represent the state of the � � machine’s tape. Then at each time step two operations take palce:
1. changes the sate of machine and its tape to ′ and ′ respectively. � � � � � 2. The head of the machine moves according to ′ . ��� � Note that since M is unitary and the direction of head’s motion solely depends on ′ the machine is reversible. � 12
CHAPTER 2
CLASSICAL PROOF SYSTEMS
2.1 Interactive Definition of NP
We can define NP Proof system in different ways. Loosely speaking it can be defined as the set of all theorems having a verifiable proof in polynomial time.
But a more dominant definition for NP is the one presented by Cook [9].
The NP proof system consists of two deterministic Turing machines P and V which are called prover and verifier respectively. The prover is exponential� time, while the verifier is polynomial�time. These two TMs interact in an elementary way via a common tape. Besides this communication tape there is another common reading tape which is used to feed the system with an input x. if x belongs to an NP language L, then P computes a new string y, whose length is bounded by a polynomial in the length of x, and writes it on the communication tape, Figure 4. Now it is V’s job to check if (where is ���� � � � a polynomial�time computable function relative to language ) and if so halts � and accepts.
Obviously for this procedure to be acceptable as an NP proof, it shall meet a couple of requirements. Firstly, it should be possible to prove a “true” theorem.
Secondly, it should not be possible to prove a “false” theorem. Thirdly, no 13 matter how much time the prover spends on the proving procedure, it is
essential for the verifier to be able to verify the answer in polynomial time.
INPUT TAPE
R R
P V
W R
COMMUNICATION TAPE WORK TAPE WORK TAPE
Figure 4 The NP proof�system
The underlying definition of proof in theorem�proving procedure makes the
difference in the procedure. Like the concept of a proof, the notion of theorem�
proving is intuitive. This intuition must be formalized and NP is an example of
this formalization. However like any other formalization of an intuition, NP
cannot represent all aspects of the original concept. It captures a simplified
version of theorem�proving procedure which can only “be written down in a text
book”. This restriction arises from the way we communicate a proof. In this
section, another way of communicating a proof is presented which is based on
interaction. Compared to NP this is a more general way of communicating a
proof. The interactive proof�system can be thought of as a one to one
interaction with a tutor in which the recipient can ask questions during the
process of a proof.
14
2.2 INTERACTIVE PROOF SYSTEMS
To formalize our definition of interactive proof�system, we need to define
interactive Turing Machine. An ITM is a Turing Machine which has a read�only
input tape, a work tape, and a random tape. The random tape is the only
source of randomness of the machine. It contains a series of zeros and ones, which can be thought as the outcome of tossing a fair coin, and can be
scanned from left to right. Besides these tapes an interactive machine needs a
read�only and a write�only tape for communication. The writing head on the
latter tape can only move to right, write on a blank cell, and cannot move to
right without writing.
INPUT TAPE RANDOM TAPE RANDOM TAPE
R R R R
P V
W R
COMMUNICATION TAPE WORK TAPE R W WORK TAPE
COMMUNICATION TAPE
Figure 5 An interactive pair of Turing machines
15
An interactive pair, Figure 5, of Turing machines (P, V) is an ordered pair of two interactive Turing machines in which P and V share the same input tape and P’s write�only tape is V’s read�only tape and vice versa.
This pair (P, V) is an ordered pair in a sense that V starts the computation and each machine takes turn to do the computation. In their turn, each machine becomes active and performs internal computation. Each machine can communicate by the other one using the communication tape. During the activation time machine P can write a message on V’s read�only tape (P’s write� only tape) and vice versa. The ith message of each machine is the entire message written on the other machine’s tape during the activation of that machine. The computation can be terminated by either P or V while they are active. Considering this scheme the text of computation of P and V on input string x can be represented by where is the ith message sent ���, ��, … , ��, ��� �� from P to V, and is the ith message of V to P. In this sequence can be �� �� empty if V ends the computation.
The set of all possible computation texts is denoted by (P, V)[x]. This set forms a probability space. The probability of each computation in this space is taken over the random bits of both machines.
Definition 2.1 Let L be a language over . Let (P, V) be a pair of interactive � �0,1� Turing machines with P the prover having infinite power and V the verifier, having polynomial time. Then (P, V) is an interactive proof�system for L if and only if: 16
1) For any input ∈ of size n, V halts and accepts x with probability at � � least for some . 1 � 1 � � �� 2) For any ITM P’ and ∉ , V halts and accepts x with probability at most � � for some . 1 � � �� Essentially the former condition states that for ∈ there is an ITM P that � � with high probability can prove to V that x belongs to L. Or in another word, it is easy to prove a true theorem to V with high probability. On the other hand, the latter states that if ∉ no matter how hard we try it is not possible to � � convince V that x belongs to L with a high probability. In other words, it is not easy to prove a false theorem. These two conditions indicate that V need not trust the machine it is interacting with. In fact, V only relies on its random bits to accept or reject the proof given by P. As you might have noticed, just like NP, the focus is on the “yes instances”: that is, we don’t care about the “no instances”.
Theorem 2.1 Let
#��� � ���, ��|� �� � ��� � ������� ���� ������� � ���������� ������������ then #SAT belongs to IP.
Proof idea: Before we present a proof for this theorem we need to set a protocol that is used by P and V to communicate their messages.
For let be the Boolean function of bits defined as follows. For 0 � � � � �� � , equals the number of satisfying assignments of ��, ��, … , �� � �0,1� �����, ��, … , ��� 17
φ such that for . That means is the number of satisfying � � �, �� � �� ���� assignments of φ.
It can be easily shown that for every and : � � � ��, ��, … , ��
�����, ��, … , ��� � �������, ��, … , ��,, 0� � �������, ��, … , ��, 1� Having defined f now we can present the protocol. This protocol consists of m+1 phases. It gets the pair as an input and begins with phase 0. ��, �� Phase 0: P sends to V. ���� Then V checks if and rejects if not. ���� � � Phase 1: P sends and to V. ���0� ���1� Then V checks if and rejects if not. ���� � ���0� � ���1� Phase 2: P sends , , , and to V. ���0,0� ���0,1� ���1,0� ���1,1� Then V checks if and and rejects ���0� � ���0,0� � ���0,1� ���1� � ���1,0� � ���1,1� if not.
� Phase m: P sends for all possible assignments to the ’s. �����, ��, … , ��� �� Then V checks each of equations linking with and rejects if any of ��� 2 ���� �� them fails.
Phase m+1: V checks if the values of for each assignments to �����, ��, … , ��� the ’s are correct by evaluating φ on that assignment. �� Although this protocol gives an exact solution to our problem, it does not give us any proof that #SAT belongs to IP. The problem with this protocol is the length of messages that P sends to V. These messages are doubled in length with every phase since V requires and to confirm the one �����… ,0� �����… ,1� 18 value . We can solve this problem by extending the function to non� ���… � �� Boolean inputs and confirming the single value with z selected at �����… , �� random. In this way we can confirm the value of only by a single value of . �� ���� This change in function f results in a probabilistic proof which is acceptable as long as it satisfies the two conditions presented in Definition 2.1.
Proof: to complete the proof we need to use a technique called arithmetization.
In this technique a polynomial is associated with φ by simulating ����, ��, … , ��� the Boolean ∧, ∨, and ~ operations with the arithmetic operations in the following way. Let α and β be subformulas. We replace expressions
� � � �� �� and � � �� 1 � �
� � � �� � � � � � � �1 � ���1 � �� The polynomial p’s variables can be assigned both Boolean and non�Boolean
values. On Boolean values p agrees with φ on that assignment. But for non�
Boolean values p returns a value that has no obvious interpretation in φ.
Nevertheless, the proof uses such assignments to analyze φ. p is used to redefine the function defined previously. �� For and let 0 � � � � ��, ��, … , �� � �
�����, ��, … , ��� � � ����, ��, … , ��� ����,…,�� � ��,�� As you can see this redefinition still agrees with the original definition of �� when the ’s take on Boolean values. Also since each of the functions �� 19
is expressed as a polynomial in through the degree of these �����, ��, … , ��� �� �� polynomials is at most that of p.
Equipped with this redefined function we can present the protocol for #SAT. V receives as an input initially and obtains p by arithmetizing φ. ��, �� Phase 0: P sends a prime q larger than and a proof of its primality to V. It � 2 also sends to V. q is the number of elements of the field used for all ���� � further arithmetic.
V checks the primality of q and checks if . It rejects if either fail. � � ���� Phase 1: P sends the coefficients of as a polynomial in . ����� � Using these coefficients V evaluates and . V checks the degree of the ���0� ���1� polynomial to be less than n and that . V rejects if either fails. ���� � ���0� � ���1� V sends chosen at random from to P. �� � Phase 2: P sends the coefficients of as a polynomial in . �����, �� � Using these coefficients V evaluates and . V checks the degree of �����, 0� �����, 1� the polynomial to be less than n and that . V rejects if ������ � �����, 0� � �����, 1� either fail.
V sends chosen at random from to P. �� �
� Phase i: P sends the coefficients of as a polynomial in . �����, … , ����, �� � Using these coefficients V evaluates and . V checks �����, … , ����, 0� �����, … , ����, 1� the degree of the polynomial to be less than n and that �������, … , ����� � . V rejects if either fail. �����, … , ����, 0� � �����, … , ����, 1� V sends chosen at random from to P. �� � 20
� Phase m+1: V computes the value of and compares it the value of ����, … , ��� and accepts if they are equal. �����, … , ��� It remains to show that this protocol indeed accepts #SAT. There are two conditions need to be satisfied in order for this protocol to be accepted as proof that #SAT belongs to IP. The first condition holds if the number of true assignments of φ is k and P follows the protocol. That is, at the end of phase m+1 V halts and accepts. Second, we need to show that no prover can �� persuade V to accepts with a high probability if φ doesn’t have k assignments.
In Phase 0 an incorrect value for should be sent to V by to prevent ����� ���� �� V from rejecting right away. That means in Phase 1, V calculates one of the values of or incorrectly, and therefore the coefficients of as a ���0� ���1� ����� polynomial in , sent by , must be wrong. Let represents the function � �� ������ with these wrong coefficients.
At this point if P is lucky and the value of , for chosen at random ������� �� from , is equal to then V accepts. But this is unlikely since for : � ������ � � 10
�� Pr�������� � ������� � � This bound comes from the fact that a polynomial in a single variable of degree at most d can have no more than d roots, unless it always evaluate to 0.
Since the degree of the polynomial for is at most , and we have already ������ � stated that they do not agree everywhere, thus the two polynomials and ������� can agree at most on places. The size of is greater than . The � ������ � � 2 21 chance of be one of the places that the polynomials agree is less than , � � � � � �2 which is less than for . �� � � � 10 If P is unlucky and and do not agree on , it needs to continue ������� ������ �� sending incorrect coefficients to V in the next phases. And in any phase the chance of P to be lucky and sends the coefficients of a polynomial that agrees with the actual polynomial on a randomly select element is less than for �� � . That is, for each � � 10 1 � � � �
�� Pr�������, … , ��� � �����, … , ���� � � Thus, by giving an incorrect value for , is forced to give incorrect ���� �� values for , and so on, unless it gets lucky at some phase and ������ �����, ��� � the two polynomials agree on . But the probability of that is the number of �� phases times which is at most . If P never gets lucky and sends �� 1 � � �� incorrect polynomial, it eventually needs to send an incorrect value for
. But at phase m+1 V checks the value of and will catch any error �����, … , ��� �� at that point. Therefore if is not the number of satisfying assignments of φ, no � prover can convince the verifier to accept with probability greater than . And 1 �� this completes the proof.
2.3 ARTHUR MERLIN GAME
Interactive proof system can be constructed with “Arthur�Merlin” game, in which Arthur plays the role of V and Merlin plays the role of P, introduced by
Babai [10]. The main difference between this game and Interactive proof
System is the visibility of V’s random tape to P. 22
In an Arthur�Merlin game, unlike the interactive proof system, both P and V can start the game. To distinguish between these cases we denote the game of length f(x), x is an input, by AM(f(x)) in which Arthur starts the game.
Analogously, MA(f(X)) corresponds the Arthur�Merlin games where Merlin makes the first move.
23
CHAPTER 3
QUANTUM PROOF SYSTEMS
3.1 QUANTUM INTERACTIVE PROOF SYSTEM
Shamir [3] proved that there is an interactive proof system for every language in PSPACE based on the work of Lund, Fortnow, Karloff, and Nisan [1]. And since every language which has an interactive proof system is in PSPACE [2], this implies that . A non�constant number of messages are �� � ������ required to be passed between prover and verifier for all known protocols for
PSPACE. Under the assumption that the polynomial time hierarchy is proper, the number of required messages cannot be reduced to a constant even by using a parallel scheme. This is a result of equivalency of AM and constant� round interactive proof systems [5, 10].
An attempt, of coursed a failed one, to reduce the required round of messages to a constant number is to change the verifier. That is, it should be designed in a way that it sends all of its randomly generated numbers to prover in one or a constant number of messages. Then it receives all the responses, and check for validity of the proof.
Although this protocol sounds promising, it fails to satisfy the soundness, one of the conditions we have mentioned before for a correct 24 interactive proof. Having all the random bits coming from the verifier, the
prover can cheat by “looking ahead” and basing its proof on random numbers
that would have been sent in later rounds in the non�constant round protocol.
However if instead of using a classical ITM we use a quantum one then we can fix this problem, and represent a constant round message protocol that satisfies both soundness and completeness. It was Watrous [6] who introduced the quantum analogues of IP in the same way Babai first introduced Interactive
Proof Systems.
QIP also consists of a prover, P, and a verifier, V. The job of P is to convince
V that a given input string satisfies some property, and it is V who tries to verify the validity of the proof given by P. The key difference between QIP and IP is that in QIP prover and verifier are quantum Turing machines. That means, they are capable of processing quantum messages.
Before we present the formal definition of QIP, we sketch the corrected version of the above method to communicate a proof with constant rounds of messaging using QTMs.
First the prover sends a superposition of random numbers and corresponding answers to them to the verifier. Using a classical protocol for
PSPACE, the verifier checks the correctness of the responses. Since the verifier checks the uniformity of the superposition later, the prover cannot cheat by biasing the superposition towards a certain random number. Then the verifier chooses a position in the list of numbers and responses, sends the response 25 starting at that position to the prover, and challenges the prover to invert the
computation it performed to obtain these responses.
We call the indices of the random numbers and responses below the chosen
position low�indices and the remaining indices high�indices. The low�indices
responses, which are not sent to the prover in the second round, should now
only depend on the low�indices random numbers otherwise the prover has
cheated. Now it is time for the verifier to check the superposition of high�indices
is uniform by some defined measurement. Nevertheless, if the prover wants to
cheat by basing the low�indices responses on high�indices, then high�indices
random numbers and low�indices responses are entangled. This is detectable
by the verifier, since with high probability the high�indices random numbers fail
the uniformity test.
Performing this process polynomially many times in a parallel fashion
reduces the probability that the verifier fails to detect if the prover is cheating.
3.2 FORMAL DEFINITION OF QIP
In this section we present a formal definition of Quantum Interactive Proof
System. Although in general QIP can be defined as a non�constant round
system, but here we only present the constant round QIP which is easily
extendable to a non�constant round protocol. The presented definition is based
on quantum circuit model which is defined in chapter 1.
An m�message verifier V is a polynomial�time computable mapping Σ � �: � Σ , where each is an encoding of a � �1, … , �� � ���� � � ��⁄ 2 � 1�� ���, �� 26 quantum circuit composed of quantum gates. These gates are selected from
some appropriately chosen universal set of gates. This set includes the
Hadamard gate and any universal gate for reversible computation such as the
Fredkin gate or Toffoli gate for the purpose of our definition. The encoding
is identified by the quantum circuit that encodes it. To have polynomial ���, �� sized circuits, it is assumed that the size of circuit is polynomial in length of
the encoding . There are two sets of Qubits V acts on in its round, ���, �� message Qubits and ancilla Qubits. The former represents the communication
channel between verifier and prover, whereas the latter is the set of private
Qubits of V. One of the ancilla qubits is assigned to be the output Qubit.
An m�message prover P is a mapping from Σ to the set of all � � �1, … , �� quantum circuits . Since the prover has infinite power, ���� � � ��⁄ 2 � 1⁄ 2 �� there are no restrictions on the size of any of or on the gates these ���, �� circuits are composed of. Likewise the verifier the prover’s Qubits are divided into message Qubits and ancilla Qubits. Although the prover is infinite power in computational sense but note that it is still confined to the physics laws.
These laws are enforced by requiring that the prover’s actions correspond to quantum circuits.
Given a prover/verifier pair , for the case of a quantum circuit, ��, �� � � 3 Figure 6, can be considered.
Assuming all the qubits is set to initially, the probability that a given |0� �� input x being accepted by a pair is defined to be the probability that a ��, �� measurement ′ or ���, 1�, ���, 1�, ���, 2�, … , ���, � �, ���, �� ���� � ����� ����� 27
′ are applied in a sequence as � ��,1�, ���, 1�, … , ���, � �, ���, �� ���� � ����� ���� illustrated.
Verifier’s ancilla Output qubit qubits V(x,1) V(x,2)
Message qubits
P(x,1) P(x,2)
Prover’s ancilla qubits
Figure 6 Quantum circuit for a 3�message QIP
Let L be a language over and V an m�message verifier. L has an m� �0,1� message quantum proof system with error probability , if and only if � 1. There is an m�message prover P such that , the pair accepts �� � � ��, �� with probability 1. � 2. For all m�message prover ′, if then the pair accepts with � � � � ��, �� � probability at most . �
3.3 QUANTUM MERLIN ARTHUR
We can define QMA as a restricted version of QIP. That is, QMA is QIP(1), which means a 1�message QIP. Since in this protocol only one message is sent to the verifier the focus is on the message and the verifier not on the prover. The 28 verifier as before is a family of polynomial�time uniformly generated ���� quantum circuits by a deterministic procedure that on input outputs a � description of and runs in time polynomial to . These circuits are �� |�| composed of some universal, finite set of quantum gates (for example the standard basis discussed in [7] and the Shor basis which is discussed in [4].
Moreover, it is assumed that the size of each circuit is no longer than its �� description, or in other words no compact description of large circuits is allowed.
As we mentioned in previous section, the qubits used by each can be �� separated to input qubits and the ancilla qubits. While the input qubits are assumed to be initialized to , the ancilla qubits are set to , which is also |0� �� |��� known as quantum advice state. We can now define the class of QMA.
Definition 3.1 A language Σ is in QMA if there exists a polynomial�time � � � uniformly generated family of quantum circuits Σ such that � ������ 1. if then there exists a quantum state such that � �� |���
� � � 2 Pr�� ������� |��� � �3 2. if then for all quantum states , � � � � � 1 � �� |�� Pr�� ������� |��� � �3 As before, noted that rather than being an input to the circuit , it is an � �� input to the procedure that produces the description of . The input to a given �� circuit is the quantum advice state used to indicate whether or not �� |��� � belongs to . It should be noted that instead of “hard�coding” into and � � �� 29 having a family of circuits, the definition uses just one circuit for each input
length. That means, QMA can also be defined using one circuit with two inputs
and . |��� �
3.4 QUANTUM CLASSICAL MERLIN ARTHUR
Aharonov and Naveh [8] questioned the basis of QMA. Namely: is it essential that the witness is quantum for the protocol to work or not? In other words, can witness be classical while the verifier is quantum and we get the same result? This question yields a new class, namely QCMA. Whether or not QMA and QCMA are equal is still an open problem, but Aaronson and Kuperberg
[15] showed that these two classes can be separated using an oracle.
Definition 3.2 Let L be a language over Σ . Then if there exists a � � � ���� polynomial�time uniformly generated family of quantum circuits Σ such � ������ that:
1. if then there exists a where , � 2 � �� � |�| � �����|�|� Pr�� ������� �� � �3 2. if then there exists a where , � 1 � �� � |�| � �����|�|� Pr�� ������� �� � �3
30
CHAPTER 4
ORACLE SEPERATION
4.1 QUANTUM ORACLE SEPARATION OF QMA AND QCMA
Although separation of QMA and QCMA is still an open problem, Aaronson and Kuperberg present an oracle separation between these two classes. In their paper [15] they gave both a quantum and a classical oracle separation. In this chapter we study the quantum results of that paper.
Theorem 4.1 There exist an oracle such that . � � � ��� � ���� The proof idea of this theorem is to assign a p�uniform probability measure to the set of associated states with a given witness . Using this measure it can � be shown that the difference between two subsequent states after applying the oracle on , a randomly drawn state from the p�uniform measure, cannot � |��� be significant with high probability. That means, if we chose a state |��� randomly from the set of associated states with the classical witness, with high probability, we need to apply the oracle U exponentially many times in length of
before we get the desired answer. Using such a technique Aaronson |��� 31 introduced a unary language that belongs to QMA but not QCMA. Below a � detailed proof is provided.
Definition 4.1 Let be the uniform probability measure over N�dimensional � pure states, . A probability measure is called p�uniform measure if for ��� �� � all , . This measure can be obtained equivalently by conditioning � � �0,1� �� � � on an event occurring with probability at least p in a uniform measure . � For instance if the set of all possible states over has a uniform ��� �� probability then by conditioning on bits of classical information of , 1 � � log� �� |�� we obtain a p�uniform measure.
Lemma 4.1 Let be a p�uniform probability measure over . Then for all ��� � �� �
1 1 � log �� � ���|�|���|����� � � � � �
That is, if is drawn from a p�uniform measure, the square fidelity between |��� and every mixed state has small expectation. |��� � A geometric proof of this Lemma is presented in section 3.1 of [15]. For now we assume the lemma to prove Theorem 4.1.
Theorem 4.2 Let be an n�qubit unitary oracle that we are given access to. In � order to decide whether 32
1. There exists an n�qubit “quantum marked state” such that |��� �|��� � and whenever ; or �|��� �|��� � |��� ��|�� � 0 2. is the identity operator. � � �
We need � �� queries to verify the witness with bounded probability of ������ error, even if an m�bit classical witness in support of case 1 is given to us. � Proof: Suppose , since for the case of � the theorem is � � � � o�2 � � � �2 � certainly true. Let be an n�qubit unitary operator such that �� ��|��� � �|��� and whenever . Let be a quantum algorithm that queries ��|��� � |��� ��|�� � 0 � , and it is goal is to determine whether or not there exists a quantum state � |��� such that . � � �� Let be the set of ’s associated with a given witness . Given � ���� |��� � � �0,1� that this set is a partition of , for each n�qubit pure state , it can be ��� �� |��� shown that there exists a witness such that � �
� |����� � � 1 � �� �|�� � ��� �� � �2 Hardwire into . To finish the proof we just need to show that if is � � � |��� chosen uniformly at random from , with high probability cannot decides � ��� � � whether or by making queries. � � � �� � � � ���2 ⁄�� � 1�� Suppose makes queries to . For , let Φ denotes the final � � � 0 � � � � |� ��� state of after tth query. Assuming that for the first queries and � � � � � � � �� 33 for the remaining queries, is the final state after the first t queries � � � |Φ� ��� and is the final state after all of the queries. Since the computations of |Φ� ��� |Φ� ��� and differ only by one query, with high probability over the choice of |Φ� ����� marked state , cannot be very far from . By triangle inequality, |��� |Φ� ��� |Φ� ����� this concludes that cannot be far from unless is large enough. |Φ� ��� |Φ� ��� � Assuming the “control case” , the above statement can be expressed � � � more formally by considering the marginal state of the query register, , just �� before the tth query. This state can be decomposed into an arbitrary set of pure states . That is, . Then for every , the component |φ� ��� �� � ∑ p�|φ� ���φ� �|� � |φ� ��� orthogonal to is unaffected by the tth query. Thus |���
Φ Φ φ φ φ �|� ��� � |� ������ � � p�. 2�� ����� � 2 � p����� ��� ���� � �
φ φ � 2�� p���� ��� ���� � 2���|��|�� � where the third inequality is a result of Cauchy�Schwarz inequality (the average of the square root is at most the square of the average). Now let be the � uniform probability measure over . is 2�m�uniform. So by Lemma 4.1, � ��� � �
Φ Φ �|����� ��|� ��� � |� ������� � 2�|����� ����|��|��� � 2��|����� ���|��|���
�� 1 � ln�1⁄ 2 � � � 1 � 2� � � � �� � � 2 2 34
And finally by triangle inequality we have,
Φ Φ � Φ Φ � � � � � � � � 1 �|������ ���|� ��� � |� ����� � � �|������ ���|� ��� � |� ������� � � ��� � � ��� 2
This implies that, for Φ and Φ to be distinguishable with � bias, we |� ��� |� ��� �1� must have � . � � � ��2 ⁄�� � 1�� To finish the proof of Theorem 4.1, we use Theorem 4.2 to give a quantum oracle separation between QMA and QMCA.
Proof of Theorem 4.1: Let L be a unary language chosen uniformly at random.
And let the oracle be as follows: if , then there exists an n� � � � ������� 0 � � qubit marked state chosen uniformly at random such that , |���� �|���� � �|���� whereas for every state perpendicular to , . Otherwise, if � |��� |���� �|��� � |��� 0 � , then is the n�qubit identity operation. Given the definition it is easy to � �� show that . The verifier prepares the state for a � � � ��� �1⁄√2��|0� �|� ��� � |1� �|� ��� given quantum witness . Then it applies the oracle to the second register |��� �� conditioned that the first register is . Next the verifier applies a Hadamard |1� �� gate to the first register, measures it, and accepts if it is . If , then � |1� �� 0 � � there exists a witness, the same as the marked state , which causes the |���� verifier to accept with probability 1. But if then there is no witness that � 0 � � can cause the verifier to accept with nonzero probability. 35
On the contrary, over the choice of L and U we claim that with � � � ���� probability 1. To prove our claim, we first fix a QCMA machine M, and let ����� be the event that succeeds on . That is, either and there exists a string � � 0 0 � � such that accepts with probability at least , or and for all , � � � |0� �|� ��� 2⁄ 3 0 � � accepts with probability at most . Theorem 4.2 implies that with a � � � |0� �|� ��� 1⁄ 3 fixed length witness the number of queries to U grows exponentially as n grows larger. In other word, the probability of verifying a witness by querying to the oracle polynomially many times using a fixed length string as the witness goes to 0 as n grows larger. This can be written as
�,� � � � � 2 �� �� ���|� �1�, … , � �� � 1�� � �3 Hence
���,�����1� � ���2�� … � � 0 Now, since the number of possible QCMA machines is only countably infinite [7], then by the union bound,
���,����: ���1� � ���2�� … � � 0 as well.
36
CHAPTER 5
CONCLUSION
5.1 GENERAL QUESTIONS
How powerful quantum computers are, is a question that researcher has been trying to answer from the first time the concept of quantum computation was introduced. The main question is, namely, “Does a quantum register contain more information than a classical register with the same length”. Due to the nature of quantum physics this question is a hard one which remains open till now. But this is not the end of the road as we can still compare these two sets of information with the help of oracles. To do so Aharonov and Naveh introduced QMA and QCMA classes and Aaronson and Kuperberg presented an oracle separation between these two. Although an oracle separation does not prove that these two classes are different and as the result quantum advices are more helpful, such a separation gives us some clue regarding the differences between those two.
Here are some questions their answers can further our understanding of the relative power of quantum and classical advices.
37
Open Problem 5.1. Is it possible to separate QMA and QCMA without the help
of an oracle?
Open Problem 5.2. Using the presented results, is it possible to find a tight
bound on the number of queries made to an oracle in order to find the Eigen
vectors of an unknown matrix?
38
GLOSSARY
Amplitude: refer to superposition.
Ancilla: bits/qubits is a set of working bits/qubits that allows an extra working space during the computation.
Bloch sphere: is a visualization of a single qubit state. It provides an excellent mean to test quantum computing and quantum information ideas.
Gate: is a mean to manipulate information. By laws of physics, quantum gates, unlike the classical gates, should be reversible. Quantum gates can be represented by unitary matrices.
IP: is the class of languages for which there exists polynomial time � � � Σ Turing machine V, an infinite power Turing machine P and a polynomial p. The order set (P, V) is called an interactive proof system for L. P presents a proof that a given string belongs to L and V checks if the presented proof is � � � Σ correct. These to machine exchange a messages and at the end V halts ��|�|� and accepts with probability at least if or accepts with probability at 2� 3 � � � most if . 1� 3 � � � 39
Oracle: a black box that receives a query/string as an input and produces an
output by performing some operation on the input in time. ��1�
MA: is class of languages for which there exists an interactive proof � � � Σ system (P, V) that exchange only one message. For more information refer to IP.
NP: is the class of languages for which there exists a deterministic Turing � � � Σ machine M and a polynomial p such that for every input string � � � Σ 1. M runs for polynomial time in length of x
2. For every , there exists a witness y of length such that � � � ��|�|� ���, �� is 1
3. For every , is 0 for all strings y of length � � � ���, �� ��|�|�
P: is the class of languages for which there exists a deterministic Turing � � � Σ machine M such that for every input string � � � Σ 1. M runs for polynomial time in length of x
2. For every , M outputs 1 � � � 3. For every , M outputs 0 � � �
PSPACE: is the set of languages for which there exists a Turing machine � � � Σ using a polynomial number of working bits, with no limitation on the amount of time that it takes to decides L. 40
Pure State: is the state of a physical system whose state is exactly known. For
further reading refer to chapter 1 sections 5 and 6.
QCMA: is defined similarly to QMA, except that the quantum witness is |��� replaced with a classical string y.
QMA: is the class of languages for which there exists a quantum Turing � � � Σ machine Q and a polynomial p such that for every input string � � � Σ 1. Q runs for polynomial time in length of x
2. For every , there exists a quantum witness of length such � � � |��� ���� that Q accepts with probability at least given as input 2� � � � � 3 |��|�� 3. For every , Q accepts with probability at most for all � � � � 1 � � � |��|�� �3 witness of length |��� ��|�|�
QTM: is a similar machine to Turing machine except it acts on quantum bits
(qubits) instead of classical bits.
Qubit: is the analogous of classical bit. Qubits represents the basic blocks of quantum computers in which the information is contained. Although qubits are real physical objects, in theory of complexity we mostly work with a mathematical model of them.
41
State: refer to state space.
State Space: is a complex vector space with inner product, Hilbert space, which is associated to any isolated physical system. Such a system is described completely by a unit vector, state vector or state for short, in its state space.
Superposition: is a linear combination, , of states with amplitude . ∑� ���� ��� �� ��� ��
Turing machine: a theoretical representation of any computational device which manipulates symbols contained on an infinite length tape. The concept was first introduced by Alan Turing in 1973.
Witness: a classical or quantum string w that contains information regarding a proof or a claim. Such a string helps a prover to check the claim by checking some property of that string. For example an ordered set of vertices can be a witness of the claim, namely, a graph has a Hamiltonian cycle.
42
BIBLIOGRAPHY
[1] L. Carsten, F. Lance and K. Howard. Algebraic methods for interactive proof systems. Journal of the ACM. � New York, NY, USA : ACM, 1992. � 4 : Vol. 39. � pp. 859 � 868.
[2] P. Christos H. Games against nature. Proceedings of the 24th Annual
Symposium on Foundations of Computer Science. � Washington, DC, USA : IEEE
Computer Society, 1983. � pp. 446�450.
[3] S. Adi. IP=PSPACE. Journal of the ACM. � New York, NY, USA : ACM, 1992. �
4 : Vol. 39. � pp. 869 � 877.
[4] B. P. Oscar. On universal and fault�tolerant quantum computing: a novel basis and a new constructive proof of universality for Shor’s basis. Proceedings of the 40th Annual Symposium on Foundations of Computer Science. �
Washington, DC, USA : IEEE Computer Society, 1999. � pp. 486�494.
[5] S. Goldwasser and M. Sipser. Private coins versus public coins in interactive proof systems. Proceedings of the eighteenth annual ACM symposium on Theory of computing. � New York, NY, USA : ACM, 1986. � pp. 59 � 68
[6] J. Watrous. PSPACE has constant�round quantum interactive proof systems. Theoretical Computer Science. � Essex, UK : Elsevier Science
Publishers Ltd., 2003. � 3 : Vol. 292. 43
[7] A. Kitaev. Quantum computations: algorithms and error correction. Russian
Mathematical Surveys. � 1997. � 6 : Vol. 52. � pp. 1191�1249.
[8] D. Aharonov and T. Naveh.Quantum NP � a survey. � 2002.
[9] Stephen A. Cook. The Complexity of Theorem�Proving
Procedures. Proceedings of the third annual ACM symposium on Theory of
computing. � New York, NY, USA : ACM, 1971. � pp. 151 � 158.
[10] L. Babai. Trading group theory for randomness. Proceedings of the
seventeenth annual ACM symposium on Theory of computing. � New York, NY,
USA : ACM, 1985. � pp. 421 � 429.
[11] Lov K. Grover. A fast quantum mechanical algorithm for database search.
Proceedings of the twenty�eighth annual ACM symposium on Theory of computing. � New York, NY, USA : ACM, 1996. � pp. 212 � 219.
[12] DAVID DEUTSCH. Quantum theory, the Church�Turing principle and the universal quantum computer. Proceedings of the Royal Society of London. �
London, England, 1985. � pp. 97�117.
[13] Peter W. Shor. Polynomial�Time Algorithms for Prime Factorization and
Discrete Logarithms on a Quantum Computer. SIAM Journal on Computing. �
Philadelphia, PA, USA : Society for Industrial and Applied Mathematics, 1997. �
5 : Vol. 26. � pp. 1484 � 1509.
[14] Michael A. Nielsen and Issac L. Chuang. Quantum computation and
quantum information. � New York, NY, USA : Cambridge University Press,
2000. 44
[15] Scott Aaronson and Greg Kuperberg. Quantum versus Classical Proofs and
Advice. Proceedings of the Twenty�Second Annual IEEE Conference on
Computational Complexity. � Washington, DC, USA : IEEE of Computer Science,
2007. � pp. 115�128.