In 1994, a mathematician figured out how to make a quantum computer do something that no ordinary classical computer could. The work revealed that, in principle, a machine based on the rules of quantum mechanics could efficiently break a large number into its prime factors — a task so difficult for a classical computer that it forms the basis for much of today’s internet security.
A surge of optimism followed. Perhaps, researchers thought, we’ll be able to invent quantum algorithms that can solve a huge range of different problems.
But progress stalled. “It’s been a bit of a bummer trajectory,” said Ryan O’Donnell of Carnegie Mellon University. “People were like, ‘This is amazing, I’m sure we’re going to get all sorts of other amazing algorithms.’ Nope.” Scientists discovered dramatic speedups only for a single, narrow class of problems from within a standard set called NP, meaning they had efficiently verifiable solutions — such as factoring.
That was the case for nearly three decades. Then in April, researchers invented a fundamentally new kind of problem that a quantum computer should be able to solve exponentially faster than a classical one. It involves calculating the inputs to a complicated mathematical process, based solely on its jumbled outputs. Whether the problem stands alone or is the first in a new frontier of many others has yet to be determined.
“There is a sense of excitement,” said Vinod Vaikuntanathan, a computer scientist at the Massachusetts Institute of Technology. “A lot of people are thinking about what else is out there.”
Computer scientists try to understand what quantum computers do better by studying mathematical models that represent them. Often, they imagine a model of a quantum or classical computer paired with an idealized calculating machine called an oracle. Oracles are like simple mathematical functions or computer programs, taking in an input and spitting out a predetermined output. They might have a random behavior, outputting “yes” if the input falls within a certain random range (say, 12 to 67) and “no” if it doesn’t. Or they might be periodic, so that an input between 1 to 10 returns “yes,” 11 to 20 yields “no,” 21 to 30 produces “yes” again, and so on.
Let’s say you have one of these periodic oracles and you don’t know the period. All you can do is feed it numbers and see what it outputs. With those constraints, how fast could a computer find the period? In 1993, Daniel Simon, then at the University of Montreal, found that a quantum algorithm could calculate the answer to a closely related problem exponentially faster than any classical algorithm.
The result enabled Simon to determine one of the first hints of where dramatic superiority for quantum computers could be expected. But when he submitted his paper to a leading conference, it was rejected. The paper did, however, interest a junior member of the conference’s program committee — Peter Shor, who at the time was at Bell Laboratories in New Jersey. Shor went on to find that he could adapt Simon’s algorithm to calculate the period of an oracle, if it had one. Then he realized he could adapt the algorithm once again, to solve an equation that behaves similarly to a periodic oracle: the equation that describes factoring, which is periodic.
Shor’s result was historic. The quantum algorithm he discovered could rapidly reduce gigantic numbers into their constituent prime factors, something that no known classical algorithm can do. In the years that followed, researchers discovered other efficient quantum algorithms. Some of them, like Shor’s algorithm, even provided exponential advantage, but no one could prove a dramatic quantum advantage on any NP problem that wasn’t periodic.
This dearth of progress led two computer scientists, Scott Aaronson of the University of Texas, Austin, and Andris Ambainis of the University of Latvia, to make an observation. Proofs of quantum advantage always seemed dependent on oracles that had some kind of nonrandom structure, such as periodicity. In 2009, they conjectured that there couldn’t be dramatic speedups on NP problems that were random, or unstructured. No one could find an exception.
Their conjecture put a bound on the powers of quantum computers. But it said only that there were no dramatic speedups for a specific type of unstructured NP problem — those with yes or no answers. If a problem involved figuring out more specific, quantitative answers, which is known as a search problem, the conjecture didn’t apply.
With that in mind, researchers Takashi Yamakawa of NTT Social Informatics Laboratories and Mark Zhandry of NTT Research and Princeton University decided to experiment with a specific search problem, introduced in 2005 by Oded Regev.
Imagine a set of weather vanes that are all pointing in the same direction. Give each of them a measured shove, then let a gusty wind influence their direction. Regev wanted to determine, based on their final directions, where they all pointed initially. Problems like this came to be called “learning with errors,” because the shove and the wind act like a source of random error on the original direction. There is evidence that it is hard to solve for both classical and quantum algorithms.
Yamakawa and Zhandry tweaked the setup. They modified the strength of those starting shoves, making them more predictable. They also caused the wind to be determined by a random oracle so that it was even more random in certain cases but completely dormant in others.
With these modifications, the researchers discovered that a quantum algorithm could efficiently find the initial direction. They also proved that any classical algorithm must be slower by an exponential factor. Like Shor, they then adapted their algorithm to solve a real-world version of the problem, which replaces the oracle with an actual mathematical equation.
Computer scientists are still working to understand and build on the problem. Vaikuntanathan compares it to a different one that arises when doing data compression: When information is being squeezed down, two bits can accidentally be squeezed into the same place, overwriting them. The problem of predicting those collisions in advance, so that you can avoid them, bears some resemblance. “That’s a class of problems which basically look like this,” he said. “Maybe these problems can be solved quantumly.”
There were hopes that an unstructured problem like the new one might be solvable even on today’s fledgling versions of quantum computers, thereby providing a means to test them. The thinking was that unstructured problems might take fewer resources to program, or be less sensitive to noise, since they are already random. But so far, the new problem still appears too advanced for existing quantum computers to solve. “It’s a weird problem. I had not thought to define it,” said Aaronson. “But in retrospect, it has some very nice features.”
The result provides the first example of dramatic quantum advantage on an unstructured NP problem. Could there be many other problems that the quantum world changes from practically unsolvable to solvable? There is now more reason to think so.
“It’s somewhat overturned our beliefs about what kinds of problems quantum computers could be good at,” said O’Donnell.