Introduction
This year marks the centenary of quantum mechanics. Despite earlier work by Max Planck, it was Albert Einstein's Nobel prize-winning 1905 paper1 on the photoelectric effect that gave us what is arguably the greatest scientific theory of all time. Subsequently, the stones that make up the exquisite structure of quantum mechanics were laid out, one by one, by a stream of legendary giants such as Niels Bohr, Erwin Schrödinger and Werner Heisenberg — sometimes to the horror of Einstein. An almost inevitable consequence of this collective foundational effort over so many years is that quantum mechanics, for all its elegance, is built upon a rather disjointed, ad hoc set of axioms.
Quantum mechanics has forced us to rethink the nature of the physical world, its teachings often running counter to our misleading macroscopic experience. It is time to pause and reflect on what we've learned in the course of these 100 years. Alongside Christopher Fuchs2, I contend that there is a fresh perspective to be taken on the axioms of quantum mechanics that could yield a more satisfactory foundation for the theory.
New horizons
Quantum mechanics has changed our outlook on the world. The transistor, the laser, superconductivity, the atomic bomb — these early applications of the theory are but a few among those that have reshaped the way we live. The transistor made possible a dramatic increase in computation speed. However, given enough time, cog-and-wheels devices such as Charles Babbage's analytical engine are, in principle, capable of the same calculations. In a very real sense, the modern electronic computer is essentially a classical device. Could genuinely quantum-mechanical effects be harnessed for computing purposes?
In the early 1980s, it occurred to Richard Feynman3 and David Deutsch4 that a quantum computer could become so efficient that it would far outperform its classical counterpart. For example, an atom can be simultaneously in its ground and excited states. If we assign classical bit 0 to one state and bit 1 to the other (Fig. 1), this gives us a quantum bit, or qubit. If we string together ten qubits, they can be collectively in all 1024 classical states of ten bits, and we can compute using all those states in parallel. If we replace those ten qubits by one thousand, we obtain 21,000 (roughly 10301) simultaneous operations. This entails an amount of parallelism that could not be matched by a classical computer the size of the Universe, in which each elementary particle would be harnessed as a processing unit.
Figure 1: Assign classical bits 0 and 1 to, for example, the ground and excited states of an atom, and the power of quantum computation is unleashed.
But, even if the quantum computer existed, could it perform calculations that are impossible in the classical world?
Full size image (49 KB)Quantum computing was at first regarded as a mere theoretical concept, but interest in it grew when Peter Shor discovered a way to use its capabilities to factorize large numbers efficiently5. Such a computer would threaten the public-key cryptographic schemes currently in use, in particular for the secure transmission of credit card numbers over the Internet. Electronic commerce in its current form is saved from a catastrophic collapse only because the construction of a full-size quantum computer is, for the moment, eluding our technological capabilities. And we can only shiver to think of the effect that such a collapse of classical cryptography could have on national security.
Even though the potential of quantum computers is mind-boggling, that does not change the theoretical notion of what is computable. The mathematical theory of computability is rooted in the 1936 groundbreaking work of Alan Turing6. According to this theory, a problem is deemed to be computable if an algorithm can solve it, no matter how long it would take — even, indeed, should it take longer than the lifetime of the Universe. From this perspective, quantum computers can only solve problems that are already classically computable.
Enter cryptography
This begs the question: are there information-processing tasks that are impossible even in principle in the classical world, but that become possible through quantum mechanics? Even though unpublished for nearly fifteen years, the answer came to Stephen Wiesner well before anyone had thought of quantum computing. Around 1970, he discovered that quantum-mechanical effects could be used to produce banknotes that would be impossible to counterfeit7. Because quantum information cannot be cloned, Wiesner realized that a banknote that contained quantum information would be impossible to copy. Unfortunately, this revolutionary (albeit impractical) idea went completely unnoticed, except by Wiesner's former undergraduate classmate Charles H. Bennett.
Almost a decade elapsed before Bennett told me of Wiesner's idea, which led to our joint invention of quantum cryptography8, 9. For ages, mathematicians had searched for a system that would allow two people to exchange messages in absolute secrecy. In the 1940s, Claude Shannon proved that this goal is impossible unless the two communicating parties share a random secret key that is as long as the message they want to communicate10; moreover, that secret key can be used once only. In quantum cryptography, however, this pessimistic theorem can be thwarted by exploiting both the impossibility of measuring quantum information reliably and the unavoidable disturbance caused by such measurements. When information is appropriately encoded as quantum states, any attempt by an eavesdropper to access it necessarily entails a probability of spoiling it irreversibly. This disturbance can be detected by the legitimate users, allowing them to establish an unconditionally secure confidential channel with no need for a shared secret key. After we reported11 the first experimental realization of quantum cryptography, Deutsch wrote12 in New Scientist: "Alan Turing's theoretical model is the basis of all computers. Now, for the first time, its capabilities have been exceeded." It is interesting to note that quantum computers threaten most of the classical cryptographic schemes in use today, but that quantum cryptography offers an unconditionally secure alternative.
The most obvious goal of cryptography always has been the secure transmission of confidential information, but the past three decades have seen the rise of a host of novel applications for cryptographic techniques, such as digital signatures and secure multiparty computation. However, all these classical concepts are obviously defeated if cheaters are allowed unlimited computing power. Moreover, most of their proposed implementations fall prey to quantum computing attacks5. After the success of quantum cryptography in confidential communication, it was natural to hope that quantum techniques could also assist in designing unconditionally secure protocols for these more sophisticated tasks.
One of the simplest tasks is known as 'bit commitment' — a rather abstract concept but a crucial stepping-stone to achieving more impressive cryptographic goals. In a bit-commitment scheme, one party (Alice) commits to a bit by sending something to the other party (Bob). Later, Alice can unveil the commitment, thereby letting Bob know to which bit she had committed. The scheme is 'concealing' if it's impossible for Bob to learn anything about the committed bit simply by analysing what Alice sent him when she committed; it is 'binding' if it's impossible for Alice to delay until unveiling the choice of bit she wants to show Bob.
For many years, the design of an unconditionally concealing and binding protocol to implement bit commitment by quantum means was considered the key to unlock almost everything we may wish to do with cryptography. Unfortunately, it was proven — independently by Dominic Mayers13 and by Hoi-Kwong Lo and Hoi Fung Chau14 — that such quantum schemes are impossible.
A fresh perspective
Quantum mechanics can help cryptography, but only up to a point: it does allow unconditionally secure transmission of confidential information, but not unconditionally secure bit commitment. These two facts are generally considered to be deep theorems of modern quantum information science. But do their implications reach beyond information science? What might they tell us about the wider physical world?
Fuchs — the prime mover in this intellectual venture — has gone so far as to suggest that the first of these theorems (the possibility of perfect confidentiality), or perhaps others of a similar informational flavour, could serve as the basis of a new foundation for quantum mechanics, in which information takes centre stage. Inspired by the fascinating discussions I had had with Fuchs, it occurred to me that the second theorem (the impossibility of bit commitment) could be just as fundamental15. Imagine, what if all of quantum mechanics could be derived simply by taking those two quantum cryptographic theorems as axioms?
Admittedly, in its original form this idea was trashed by John Smolin, who devised an artificial world in which unconditional confidentiality was possible but not bit commitment, and his world was anything but a quantum one16. But discussions with Jeffrey Bub breathed new life into Fuchs' and my dream. With Rob Clifton and Hans Halvorson, he chose to pull away somewhat from cryptography and declare more fundamental properties of quantum information as their axioms: the fact that no manipulations taking place at some point in space can have an instantaneously observable effect at some remote other point (the 'no-signalling property'); and that information cannot be cloned. This pair replaced the axiom that transmitting information with unconditional confidentiality is possible, and they kept the axiom that unconditionally secure bit commitment is impossible.
To derive anything from these information-theoretic essentials, they had to assume that the laws of physics can be formalized in the framework of mathematical tools known as C*-algebras. But it is amazing where their axioms took them: they were able to derive basic kinematic features of quantum mechanics, such as the principle of interference, the non-commutativity of measurements and the existence of space-like separated entanglement17. A fascinating feature in their approach is that the impossibility of bit commitment is used to prove not only that entanglement exists, but that it must survive indefinitely across time and space — which is indeed the single most non-classical property of quantum mechanics.
These are only the first steps, but could we eventually base quantum mechanics on information-theory axioms alone, without the need for specific assumptions about the physical theory (such as the use of C*-algebras)? Could we infer more about quantum mechanics than purely the kinematic properties mentioned above? Which other theorems of quantum information science might make powerful axioms for quantum mechanics when we turn the table round?
On that last point, I have a suggestion. Consider the field of communication complexity, which concerns the amount of information that must be transmitted between two parties to compute some function of private inputs that they hold. It turns out that the required transfer can be reduced dramatically in some cases when the parties share prior entanglement18. Nevertheless, even in the presence of unlimited shared entanglement, some boolean functions require a number of bits of communication that grows linearly with the input size.
It was discovered by Wim van Dam19, and independently by Richard Cleve, that all boolean functions could be computed with a single bit of communication, should physics allow a certain form of non-local correlation even stronger than those provided by quantum entanglement. What makes this discovery so interesting is that those super-quantum correlations do not violate the no-signalling property20. In other words, quantum mechanics exhibits non-local properties within the framework of Einstein's causality — but not as strongly as it could.
Once again we should ask what all of this is trying to tell us about nature. I suggest that this could be another axiom: it is not possible to compute all bipartite boolean functions with a single bit of communication. How much more of quantum mechanics might be derived from it?
A century after Einstein's annus mirabilis, quantum information science could turn out to be much more than just an application of quantum theory. It could define its very nature.
