IBM Q System One (2019), the first circuit-based commercial quantum computer

Quantum computing is a type of computation whose operations can harness the phenomena of quantum mechanics, such as superposition, interference, and entanglement. Devices that perform quantum computations are known as quantum computers.^[1][2] Though current quantum computers are too small to outperform usual (classical) computers for practical applications, larger realizations are believed to be capable of solving certain computational problems, such as integer factorization (which underlies RSA encryption), substantially faster than classical computers. The study of quantum computing is a subfield of quantum information science.

There are several models of quantum computation with the most widely used being quantum circuits. Other models include the quantum Turing machine, quantum annealing, and adiabatic quantum computation. Most models are based on the quantum bit, or "qubit", which is somewhat analogous to the bit in classical computation. A qubit can be in a 1 or 0 quantum state, or in a superposition of the 1 and 0 states. When it is measured, however, it is always 0 or 1; the probability of either outcome depends on the qubit's quantum state immediately prior to measurement. One model that does not use qubits is continuous variable quantum computation.

Efforts towards building a physical quantum computer focus on technologies such as transmons, ion traps and topological quantum computers, which aim to create high-quality qubits.^{[3]: 2–13} These qubits may be designed differently, depending on the full quantum computer's computing model, as to whether quantum logic gates, quantum annealing, or adiabatic quantum computation are employed. There are currently a number of significant obstacles to constructing useful quantum computers. It is particularly difficult to maintain qubits' quantum states, as they suffer from quantum decoherence. Quantum computers therefore require error correction.^[4][5]

Any computational problem that can be solved by a classical computer can also be solved by a quantum computer.^[6] Conversely, any problem that can be solved by a quantum computer can also be solved by a classical computer, at least in principle given enough time. In other words, quantum computers obey the Church–Turing thesis. This means that while quantum computers provide no additional advantages over classical computers in terms of computability, quantum algorithms for certain problems have significantly lower time complexities than corresponding known classical algorithms. Notably, quantum computers are believed to be able to quickly solve certain problems that no classical computer could solve in any feasible amount of time—a feat known as "quantum supremacy." The study of the computational complexity of problems with respect to quantum computers is known as quantum complexity theory.

History

Quantum computing began in 1980 when physicist Paul Benioff proposed a quantum mechanical model of the Turing machine.^[7] Richard Feynman and Yuri Manin later suggested that a quantum computer had the potential to simulate things a classical computer could not feasibly do.^[8][9] In 1986 Feynman introduced an early version of the quantum circuit notation.^[10] In 1994, Peter Shor developed a quantum algorithm for finding the prime factors of an integer with the potential to decrypt RSA-encrypted communications.^[11] In 1998 Isaac Chuang, Neil Gershenfeld and Mark Kubinec created the first two-qubit quantum computer that could perform computations.^[12][13] Despite ongoing experimental progress since the late 1990s, most researchers believe that "fault-tolerant quantum computing [is] still a rather distant dream."^[14] In recent years, investment in quantum computing research has increased in the public and private sectors.^[15][16] On 23 October 2019, Google AI, in partnership with the U.S. National Aeronautics and Space Administration (NASA), claimed to have performed a quantum computation that was infeasible on any classical computer,^[17][18][19] but whether this claim was or is still valid is a topic of active research.^[20][21]

In December 2021 McKinsey & Company analysis states that "..investment dollars are pouring in, and quantum-computing start-ups are proliferating". They go on to note that "While quantum computing promises to help businesses solve problems that are beyond the reach and speed of conventional high-performance computers, use cases are largely experimental and hypothetical at this early stage."^[22]

Quantum circuit

A quantum circuit diagram implementing a Toffoli gate from more primitive gates

Definition

The prevailing model of quantum computation describes the computation in terms of a network of quantum logic gates.^[23] This model is a complex linear-algebraic generalization of boolean circuits.^[a]

A memory consisting of ${\textstyle n}$ bits of information has ${\textstyle 2^{n))$ possible states. A vector representing all memory states thus has ${\textstyle 2^{n))$ entries (one for each state). This vector is viewed as a probability vector and represents the fact that the memory is to be found in a particular state.

The bits of classical computers are not capable of being in superposition, so one entry must have a value of 1 (i.e. a 100% probability of being in this state) and all other entries would be zero.

In quantum mechanics, probability vectors can be generalized to density operators. The quantum state vector formalism is usually introduced first because it is conceptually simpler, and because it can be used instead of the density matrix formalism for pure states, where the whole quantum system is known.

We begin by considering a simple memory consisting of only one quantum bit. When measured, this memory may be found in one of two states: the zero state or the one state. We may represent the state of this memory using Dirac notation so that

$${\displaystyle |0\rangle :={\begin{pmatrix}1\\0\end{pmatrix));\quad |1\rangle :={\begin{pmatrix}0\\1\end{pmatrix))}$$

${\textstyle |\psi \rangle }$

${\textstyle |0\rangle }$

${\textstyle |1\rangle }$

$${\displaystyle |\psi \rangle :=\alpha \,|0\rangle +\beta \,|1\rangle ={\begin{pmatrix}\alpha \\\beta \end{pmatrix));\quad |\alpha |^{2}+|\beta |^{2}=1.}$$

${\textstyle \alpha }$

${\textstyle \beta }$

${\textstyle |\psi \rangle }$

${\textstyle |0\rangle }$

${\textstyle |1\rangle }$

${\textstyle |\alpha |^{2))$

${\textstyle |\beta |^{2))$

${\textstyle \alpha }$

${\textstyle \beta }$

The state of this one-qubit quantum memory can be manipulated by applying quantum logic gates, analogous to how classical memory can be manipulated with classical logic gates. One important gate for both classical and quantum computation is the NOT gate, which can be represented by a matrix

$${\displaystyle X:={\begin{pmatrix}0&1\\1&0\end{pmatrix)).}$$

${\textstyle X|0\rangle =|1\rangle }$

${\textstyle X|1\rangle =|0\rangle }$

The mathematics of single qubit gates can be extended to operate on multi-qubit quantum memories in two important ways. One way is simply to select a qubit and apply that gate to the target qubit whilst leaving the remainder of the memory unaffected. Another way is to apply the gate to its target only if another part of the memory is in a desired state. These two choices can be illustrated using another example. The possible states of a two-qubit quantum memory are

$${\displaystyle |00\rangle :={\begin{pmatrix}1\\0\\0\\0\end{pmatrix));\quad |01\rangle :={\begin{pmatrix}0\\1\\0\\0\end{pmatrix));\quad |10\rangle :={\begin{pmatrix}0\\0\\1\\0\end{pmatrix));\quad |11\rangle :={\begin{pmatrix}0\\0\\0\\1\end{pmatrix)).}$$

$${\displaystyle \operatorname {CNOT} :={\begin{pmatrix}1&0&0&0\\0&1&0&0\\0&0&0&1\\0&0&1&0\end{pmatrix)).}$$

${\textstyle \operatorname {CNOT} |00\rangle =|00\rangle }$

${\textstyle \operatorname {CNOT} |01\rangle =|01\rangle }$

${\textstyle \operatorname {CNOT} |10\rangle =|11\rangle }$

${\textstyle \operatorname {CNOT} |11\rangle =|10\rangle }$

${\textstyle X}$

${\textstyle |1\rangle }$

${\textstyle |0\rangle }$

In summary, a quantum computation can be described as a network of quantum logic gates and measurements. However, any measurement can be deferred to the end of quantum computation, though this deferment may come at a computational cost, so most quantum circuits depict a network consisting only of quantum logic gates and no measurements.

Any quantum computation (which is, in the above formalism, any unitary matrix of size ${\displaystyle 2^{n}\times 2^{n))$ over ${\displaystyle n}$ qubits) can be represented as a network of quantum logic gates from a fairly small family of gates. A choice of gate family that enables this construction is known as a universal gate set, since a computer that can run such circuits is a universal quantum computer. One common such set includes all single-qubit gates as well as the CNOT gate from above. This means any quantum computation can be performed by executing a sequence of single-qubit gates together with CNOT gates. Though this gate set is infinite, it can be replaced with a finite gate set by appealing to the Solovay-Kitaev theorem.

Quantum algorithms

Progress in finding quantum algorithms typically focuses on this quantum circuit model, though exceptions like the quantum adiabatic algorithm exist. Quantum algorithms can be roughly categorized by the type of speedup achieved over corresponding classical algorithms.^[25]

Quantum algorithms that offer more than a polynomial speedup over the best-known classical algorithm include Shor's algorithm for factoring and the related quantum algorithms for computing discrete logarithms, solving Pell's equation, and more generally solving the hidden subgroup problem for abelian finite groups.^[25] These algorithms depend on the primitive of the quantum Fourier transform. No mathematical proof has been found that shows that an equally fast classical algorithm cannot be discovered, although this is considered unlikely.^{[26][self-published source?]} Certain oracle problems like Simon's problem and the Bernstein–Vazirani problem do give provable speedups, though this is in the quantum query model, which is a restricted model where lower bounds are much easier to prove and doesn't necessarily translate to speedups for practical problems.

Other problems, including the simulation of quantum physical processes from chemistry and solid-state physics, the approximation of certain Jones polynomials, and the quantum algorithm for linear systems of equations have quantum algorithms appearing to give super-polynomial speedups and are BQP-complete. Because these problems are BQP-complete, an equally fast classical algorithm for them would imply that no quantum algorithm gives a super-polynomial speedup, which is believed to be unlikely.^[27]

Some quantum algorithms, like Grover's algorithm and amplitude amplification, give polynomial speedups over corresponding classical algorithms.^[25] Though these algorithms give comparably modest quadratic speedup, they are widely applicable and thus give speedups for a wide range of problems.^[28] Many examples of provable quantum speedups for query problems are related to Grover's algorithm, including Brassard, Høyer, and Tapp's algorithm for finding collisions in two-to-one functions,^[29] which uses Grover's algorithm, and Farhi, Goldstone, and Gutmann's algorithm for evaluating NAND trees,^[30] which is a variant of the search problem.

Potential applications

Cryptography

A notable application of quantum computation is for attacks on cryptographic systems that are currently in use. Integer factorization, which underpins the security of public key cryptographic systems, is believed to be computationally infeasible with an ordinary computer for large integers if they are the product of few prime numbers (e.g., products of two 300-digit primes).^[31] By comparison, a quantum computer could efficiently solve this problem using Shor's algorithm to find its factors. This ability would allow a quantum computer to break many of the cryptographic systems in use today, in the sense that there would be a polynomial time (in the number of digits of the integer) algorithm for solving the problem. In particular, most of the popular public key ciphers are based on the difficulty of factoring integers or the discrete logarithm problem, both of which can be solved by Shor's algorithm. In particular, the RSA, Diffie–Hellman, and elliptic curve Diffie–Hellman algorithms could be broken. These are used to protect secure Web pages, encrypted email, and many other types of data. Breaking these would have significant ramifications for electronic privacy and security.

Identifying cryptographic systems that may be secure against quantum algorithms is an actively researched topic under the field of post-quantum cryptography.^[32][33] Some public-key algorithms are based on problems other than the integer factorization and discrete logarithm problems to which Shor's algorithm applies, like the McEliece cryptosystem based on a problem in coding theory.^[32][34] Lattice-based cryptosystems are also not known to be broken by quantum computers, and finding a polynomial time algorithm for solving the dihedral hidden subgroup problem, which would break many lattice based cryptosystems, is a well-studied open problem.^[35] It has been proven that applying Grover's algorithm to break a symmetric (secret key) algorithm by brute force requires time equal to roughly 2^n/2 invocations of the underlying cryptographic algorithm, compared with roughly 2ⁿ in the classical case,^[36] meaning that symmetric key lengths are effectively halved: AES-256 would have the same security against an attack using Grover's algorithm that AES-128 has against classical brute-force search (see Key size).

Quantum cryptography could potentially fulfill some of the functions of public key cryptography. Quantum-based cryptographic systems could, therefore, be more secure than traditional systems against quantum hacking.^[37]

Search problems

The most well-known example of a problem that allows for a polynomial quantum speedup is unstructured search, which involves finding a marked item out of a list of ${\displaystyle n}$ items in a database. This can be solved by Grover's algorithm using ${\displaystyle O({\sqrt {n)))}$ queries to the database, quadratically fewer than the ${\displaystyle \Omega (n)}$ queries required for classical algorithms. In this case, the advantage is not only provable but also optimal: it has been shown that Grover's algorithm gives the maximal possible probability of finding the desired element for any number of oracle lookups.

Problems that can be efficiently addressed with Grover's algorithm have the following properties:^[38][39]

1. There is no searchable structure in the collection of possible answers,
2. The number of possible answers to check is the same as the number of inputs to the algorithm, and
3. There exists a boolean function that evaluates each input and determines whether it is the correct answer

For problems with all these properties, the running time of Grover's algorithm on a quantum computer scales as the square root of the number of inputs (or elements in the database), as opposed to the linear scaling of classical algorithms. A general class of problems to which Grover's algorithm can be applied^[40] is Boolean satisfiability problem, where the database through which the algorithm iterates is that of all possible answers. An example and possible application of this is a password cracker that attempts to guess a password. Breaking symmetric ciphers with this algorithm is of interest to government agencies.^[41]

Simulation of quantum systems

Since chemistry and nanotechnology rely on understanding quantum systems, and such systems are impossible to simulate in an efficient manner classically, many^[who?] believe quantum simulation will be one of the most important applications of quantum computing.^[42] Quantum simulation could also be used to simulate the behavior of atoms and particles at unusual conditions such as the reactions inside a collider.^[43] Quantum simulations might be used to predict future paths of particles and protons under superposition in the double-slit experiment.^[44] About 2% of the annual global energy output is used for nitrogen fixation to produce ammonia for the Haber process in the agricultural fertilizer industry while naturally occurring organisms also produce ammonia. Quantum simulations might be used to understand this process of increasing production.^[45]

Quantum annealing and adiabatic optimization

Quantum annealing or Adiabatic quantum computation relies on the adiabatic theorem to undertake calculations. A system is placed in the ground state for a simple Hamiltonian, which slowly evolved to a more complicated Hamiltonian whose ground state represents the solution to the problem in question. The adiabatic theorem states that if the evolution is slow enough the system will stay in its ground state at all times through the process.

Machine learning

Since quantum computers can produce outputs that classical computers cannot produce efficiently, and since quantum computation is fundamentally linear algebraic, some express hope in developing quantum algorithms that can speed up machine learning tasks.^[46][47] For example, the quantum algorithm for linear systems of equations, or "HHL Algorithm", named after its discoverers Harrow, Hassidim, and Lloyd, is believed to provide speedup over classical counterparts.^[48][47] Some research groups have recently explored the use of quantum annealing hardware for training Boltzmann machines and deep neural networks.^[49][50][51]

Computational biology

In the field of computational biology, quantum computing has played a big role in solving many biological problems. One of the well-known examples would be in computational genomics and how computing has drastically reduced the time to sequence a human genome. Given how computational biology is using generic data modeling and storage, its applications to computational biology are expected to arise as well.^[52]

Computer-aided drug design and generative chemistry

Deep generative chemistry models emerge as powerful tools to expedite drug discovery. However, the immense size and complexity of the structural space of all possible drug-like molecules pose significant obstacles, which could be overcome in the future by quantum computers. Quantum computers are naturally good for solving complex quantum many-body problems^[53] and thus may be instrumental in applications involving quantum chemistry. Therefore, one can expect that quantum-enhanced generative models^[54] including quantum GANs^[55] may eventually be developed into ultimate generative chemistry algorithms. Hybrid architectures combining quantum computers with deep classical networks, such as Quantum Variational Autoencoders, can already be trained on commercially available annealers and used to generate novel drug-like molecular structures.^[56]

Developing physical quantum computers

Challenges

There are a number of technical challenges in building a large-scale quantum computer.^[57] Physicist David DiVincenzo has listed these requirements for a practical quantum computer:^[58]

• Physically scalable to increase the number of qubits
• Qubits that can be initialized to arbitrary values
• Quantum gates that are faster than decoherence time
• Universal gate set
• Qubits that can be read easily

Sourcing parts for quantum computers is also very difficult. Many quantum computers, like those constructed by Google and IBM, need helium-3, a nuclear research byproduct, and special superconducting cables made only by the Japanese company Coax Co.^[59]

The control of multi-qubit systems requires the generation and coordination of a large number of electrical signals with tight and deterministic timing resolution. This has led to the development of quantum controllers which enable interfacing with the qubits. Scaling these systems to support a growing number of qubits is an additional challenge.^[60]

Quantum decoherence

One of the greatest challenges involved with constructing quantum computers is controlling or removing quantum decoherence. This usually means isolating the system from its environment as interactions with the external world cause the system to decohere. However, other sources of decoherence also exist. Examples include the quantum gates, and the lattice vibrations and background thermonuclear spin of the physical system used to implement the qubits. Decoherence is irreversible, as it is effectively non-unitary, and is usually something that should be highly controlled, if not avoided. Decoherence times for candidate systems in particular, the transverse relaxation time T₂ (for NMR and MRI technology, also called the dephasing time), typically range between nanoseconds and seconds at low temperature.^[61] Currently, some quantum computers require their qubits to be cooled to 20 millikelvin (usually using a dilution refrigerator^[62]) in order to prevent significant decoherence.^[63] A 2020 study argues that ionizing radiation such as cosmic rays can nevertheless cause certain systems to decohere within milliseconds.^[64]

As a result, time-consuming tasks may render some quantum algorithms inoperable, as maintaining the state of qubits for a long enough duration will eventually corrupt the superpositions.^[65]

These issues are more difficult for optical approaches as the timescales are orders of magnitude shorter and an often-cited approach to overcoming them is optical pulse shaping. Error rates are typically proportional to the ratio of operating time to decoherence time, hence any operation must be completed much more quickly than the decoherence time.

As described in the Quantum threshold theorem, if the error rate is small enough, it is thought to be possible to use quantum error correction to suppress errors and decoherence. This allows the total calculation time to be longer than the decoherence time if the error correction scheme can correct errors faster than decoherence introduces them. An often-cited figure for the required error rate in each gate for fault-tolerant computation is 10⁻³, assuming the noise is depolarizing.

Meeting this scalability condition is possible for a wide range of systems. However, the use of error correction brings with it the cost of a greatly increased number of required qubits. The number required to factor integers using Shor's algorithm is still polynomial, and thought to be between L and L², where L is the number of digits in the number to be factored; error correction algorithms would inflate this figure by an additional factor of L. For a 1000-bit number, this implies a need for about 10⁴ bits without error correction.^[66] With error correction, the figure would rise to about 10⁷ bits. Computation time is about L² or about 10⁷ steps and at 1 MHz, about 10 seconds.

A very different approach to the stability-decoherence problem is to create a topological quantum computer with anyons, quasi-particles used as threads and relying on braid theory to form stable logic gates.^[67][68]

Quantum supremacy

Quantum supremacy is a term coined by John Preskill referring to the engineering feat of demonstrating that a programmable quantum device can solve a problem beyond the capabilities of state-of-the-art classical computers.^[69][70][71] The problem need not be useful, so some view the quantum supremacy test only as a potential future benchmark.^[72]

In October 2019, Google AI Quantum, with the help of NASA, became the first to claim to have achieved quantum supremacy by performing calculations on the Sycamore quantum computer more than 3,000,000 times faster than they could be done on Summit, generally considered the world's fastest computer.^[73][74][75] This claim has been subsequently challenged: IBM has stated that Summit can perform samples much faster than claimed,^[76][77] and researchers have since developed better algorithms for the sampling problem used to claim quantum supremacy, giving substantial reductions to the gap between Sycamore and classical supercomputers^[78][79][80]and even beating it.^[81][82][83]

In December 2020, a group at USTC implemented a type of Boson sampling on 76 photons with a photonic quantum computer Jiuzhang to demonstrate quantum supremacy.^[84][85][86] The authors claim that a classical contemporary supercomputer would require a computational time of 600 million years to generate the number of samples their quantum processor can generate in 20 seconds.^[87] On November 16, 2021 at the quantum computing summit IBM presented a 127-qubit microprocessor named IBM Eagle.^[88]

Skepticism

Some researchers have expressed skepticism that scalable quantum computers could ever be built, typically because of the issue of maintaining coherence at large scales, but also for other reasons.

Bill Unruh doubted the practicality of quantum computers in a paper published back in 1994.^[89] Paul Davies argued that a 400-qubit computer would even come into conflict with the cosmological information bound implied by the holographic principle.^[90] Skeptics like Gil Kalai doubt that quantum supremacy will ever be achieved.^[91][92][93] Physicist Mikhail Dyakonov has expressed skepticism of quantum computing as follows:

"So the number of continuous parameters describing the state of such a useful quantum computer at any given moment must be... about 10³⁰⁰... Could we ever learn to control the more than 10³⁰⁰ continuously variable parameters defining the quantum state of such a system? My answer is simple. No, never."^[94][95]

Candidates for physical realizations

For physically implementing a quantum computer, many different candidates are being pursued, among them (distinguished by the physical system used to realize the qubits):

• Superconducting quantum computing^[96][97] (qubit implemented by the state of small superconducting circuits [Josephson junctions])
• Trapped ion quantum computer (qubit implemented by the internal state of trapped ions)
• Neutral atoms in optical lattices (qubit implemented by internal states of neutral atoms trapped in an optical lattice)^[98][99]
• Quantum dot computer, spin-based (e.g. the Loss-DiVincenzo quantum computer^[100]) (qubit given by the spin states of trapped electrons)
• Quantum dot computer, spatial-based (qubit given by electron position in double quantum dot)^[101]
• Quantum computing using engineered quantum wells, which could in principle enable the construction of quantum computers that operate at room temperature^[102][103]
• Coupled quantum wire (qubit implemented by a pair of quantum wires coupled by a quantum point contact)^{[104][105][106]}
• Nuclear magnetic resonance quantum computer (NMRQC) implemented with the nuclear magnetic resonance of molecules in solution, where qubits are provided by nuclear spins within the dissolved molecule and probed with radio waves
• Solid-state NMR Kane quantum computers (qubit realized by the nuclear spin state of phosphorus donors in silicon)
• Vibrational quantum computer (qubits realized by vibrational superpositions in cold molecules)^[107]
• Electrons-on-helium quantum computers (qubit is the electron spin)
• Cavity quantum electrodynamics (CQED) (qubit provided by the internal state of trapped atoms coupled to high-finesse cavities)
• Molecular magnet^[108] (qubit given by spin states)
• Fullerene-based ESR quantum computer (qubit based on the electronic spin of atoms or molecules encased in fullerenes)^[109]
• Nonlinear optical quantum computer (qubits realized by processing states of different modes of light through both linear and nonlinear elements)^[110][111]
• Linear optical quantum computer (qubits realized by processing states of different modes of light through linear elements e.g. mirrors, beam splitters and phase shifters)^[112]
• Diamond-based quantum computer^{[113][114][115][116]} (qubit realized by the electronic or nuclear spin of nitrogen-vacancy centers in diamond)
• Bose-Einstein condensate-based quantum computer^[117][118]
• Transistor-based quantum computer – string quantum computers with entrainment of positive holes using an electrostatic trap
• Rare-earth-metal-ion-doped inorganic crystal based quantum computers^[119][120] (qubit realized by the internal electronic state of dopants in optical fibers)
• Metallic-like carbon nanospheres-based quantum computers^[121]

The large number of candidates demonstrates that quantum computing, despite rapid progress, is still in its infancy.^[122]

Models of computation for quantum computing

There are a number of models of computation for quantum computing, distinguished by the basic elements in which the computation is decomposed. For practical implementations, the four relevant models of computation are:

• Quantum gate array – Computation decomposed into a sequence of few-qubit quantum gates.
• One-way quantum computer – Computation decomposed into a sequence of Bell state measurements and single-qubit quantum gates applied to a highly entangled initial state (a cluster state), using a technique called quantum gate teleportation.
• Adiabatic quantum computer, based on quantum annealing – Computation decomposed into a slow continuous transformation of an initial Hamiltonian into a final Hamiltonian, whose ground states contain the solution.^[123]
• Topological quantum computer – Computation decomposed into the braiding of anyons in a 2D lattice.^[124]

The quantum Turing machine is theoretically important but the physical implementation of this model is not feasible. All of these models of computation—quantum circuits,^[125] one-way quantum computation,^[126] adiabatic quantum computation,^[127] and topological quantum computation^[128]—have been shown to be equivalent to the quantum Turing machine; given a perfect implementation of one such quantum computer, it can simulate all the others with no more than polynomial overhead. This equivalence need not hold for practical quantum computers, since the overhead of simulation may be too large to be practical.

Relation to computability and complexity theory

Computability theory

Any computational problem solvable by a classical computer is also solvable by a quantum computer.^[6] Intuitively, this is because it is believed that all physical phenomena, including the operation of classical computers, can be described using quantum mechanics, which underlies the operation of quantum computers.

Conversely, any problem solvable by a quantum computer is also solvable by a classical computer. It is possible to simulate both quantum and classical computers manually with just some paper and a pen, if given enough time. More formally, any quantum computer can be simulated by a Turing machine. In other words, quantum computers provide no additional power over classical computers in terms of computability. This means that quantum computers cannot solve undecidable problems like the halting problem and the existence of quantum computers does not disprove the Church–Turing thesis.^[129]

Quantum complexity theory

While quantum computers cannot solve any problems that classical computers cannot already solve, it is suspected that they can solve certain problems faster than classical computers. For instance, it is known that quantum computers can efficiently factor integers, while this is not believed to be the case for classical computers.

The class of problems that can be efficiently solved by a quantum computer with bounded error is called BQP, for "bounded error, quantum, polynomial time". More formally, BQP is the class of problems that can be solved by a polynomial-time quantum Turing machine with an error probability of at most 1/3. As a class of probabilistic problems, BQP is the quantum counterpart to BPP ("bounded error, probabilistic, polynomial time"), the class of problems that can be solved by polynomial-time probabilistic Turing machines with bounded error.^[130] It is known that ${\displaystyle {\mathsf {BPP\subseteq BQP))}$ and is widely suspected that ${\displaystyle {\mathsf {BQP\subsetneq BPP))}$, which intuitively would mean that quantum computers are more powerful than classical computers in terms of time complexity.^[131]

The suspected relationship of BQP to several classical complexity classes.^[27]

The exact relationship of BQP to P, NP, and PSPACE is not known. However, it is known that ${\displaystyle {\mathsf {P\subseteq BQP\subseteq PSPACE))}$; that is, all problems that can be efficiently solved by a deterministic classical computer can also be efficiently solved by a quantum computer, and all problems that can be efficiently solved by a quantum computer can also be solved by a deterministic classical computer with polynomial space resources. It is further suspected that BQP is a strict superset of P, meaning there are problems that are efficiently solvable by quantum computers that are not efficiently solvable by deterministic classical computers. For instance, integer factorization and the discrete logarithm problem are known to be in BQP and are suspected to be outside of P. On the relationship of BQP to NP, little is known beyond the fact that some NP problems that are believed not to be in P are also in BQP (integer factorization and the discrete logarithm problem are both in NP, for example). It is suspected that ${\displaystyle {\mathsf {NP\nsubseteq BQP))}$; that is, it is believed that there are efficiently checkable problems that are not efficiently solvable by a quantum computer. As a direct consequence of this belief, it is also suspected that BQP is disjoint from the class of NP-complete problems (if an NP-complete problem were in BQP, then it would follow from NP-hardness that all problems in NP are in BQP).^[132]

The relationship of BQP to the basic classical complexity classes can be summarized as follows:

${\displaystyle {\mathsf {P\subseteq BPP\subseteq BQP\subseteq PP\subseteq PSPACE))}$

It is also known that BQP is contained in the complexity class ${\displaystyle \color {Blue}{\mathsf {\#P))}$ (or more precisely in the associated class of decision problems ${\displaystyle {\mathsf {P^{\#P))))$),^[132] which is a subclass of PSPACE.

It has been speculated that further advances in physics could lead to even faster computers. For instance, it has been shown that a non-local hidden variable quantum computer based on Bohmian Mechanics could implement a search of an N-item database in at most ${\displaystyle O({\sqrt[{3}]{N)))}$ steps, a slight speedup over Grover's algorithm, which runs in ${\displaystyle O({\sqrt {N)))}$ steps. Note, however, that neither search method would allow quantum computers to solve NP-complete problems in polynomial time.^[133] Theories of quantum gravity, such as M-theory and loop quantum gravity, may allow even faster computers to be built. However, defining computation in these theories is an open problem due to the problem of time; that is, within these physical theories there is currently no obvious way to describe what it means for an observer to submit input to a computer at one point in time and then receive output at a later point in time.^[134][135]