Memory-Sample Lower Bounds for Learning with Classical-Quantum Hybrid Memory

In this work, we model a quantum learning algorithm as a program with hybrid memory consisting of $q$ qubits of quantum memory and $m$ bits of classical memory. At each stage, a random sample $(a_{i},b_{i}=M(a_{i},x))$ is given to the algorithm. The quantum learning algorithm applies an arbitrary quantum channel to the hybrid memory, controlled by the random sample. Although the channel can be arbitrary, we impose the outcome to be a hybrid classical-quantum state of at most $q$ qubits and $m$ bits. We stress that there is no limitation on the complexity of the quantum channel (and this only makes our results stronger as we are proving here lower bounds for such algorithms).

With the above model, we give the following main theorem.

Our main theorem implies that for many learning problems, the availability of a quantum memory of size up to $\Omega(r)$, does not reduce the size of classical memory or the number of samples that are needed. As coherent quantum memory is challenging for near-term intermediate-scale quantum computers and is probably expensive even if and when quantum computers are widely viable, the impact of quantum memory is further limited for these learning problems.

To make the theorem more precise, let us take parity learning as an example. The above theorem says that a quantum learning algorithm needs either $\Omega(n^{2})$ bits of memory, or $\Omega(n)$ qubits of quantum memory, to conduct efficient learning; otherwise, it requires $2^{\Omega(n)}$ random samples. At first glance, it seems that the constraint on quantum memory is trivial: if the target is to learn an $n$-bit unknown secret, a linear amount of memory always seems necessary to store the secret. However, noticing that our main theorem applies to quantum learning algorithms with hybrid memory and rules out algorithms with $n^{2}/1000$ bits and $n/1000$ qubits of hybrid memory for parity learning, the main theorem yields non-trivial and compelling memory-sample lower bounds. Note also that our results (and previous results) are valid even if the goal is to output only one bit of the secret. Currently, we do not know whether our main theorem is tight. For parity learning, we are not aware of any quantum learning algorithm that uses only $O(n)$ qubits of quantum memory. We leave closing the gap as a fascinating open question.

The main theorem naturally applies to other learning problems considered in [GRT18], including learning sparse parities, learning from sparse linear equations, and many others. We do not present an exhaustive list here but refer the readers to [GRT18] for more details.

Along the way, we propose a new approach for proving the classical memory-sample lower bounds. We call this approach, the “badness levels” method. The approach is technically equivalent to the previous approach in [Raz17, GRT18] but is conceptually simpler to work with and we are able to lift it to the quantum case.

We note that proving a linear lower bound on the size of the quantum memory, without classical memory, is significantly simpler (but to the best of our knowledge such a proof has not appeared prior to our work). We present such a proof in Appendix C. In Appendix C, we state and prove Theorem 3 that shows a simpler proof for a linear lower bound on the quantum-memory size (without classical memory). While Theorem 3 is qualitatively weaker than our main result in most cases, as it only gives a lower bound for programs with only quantum memory but without a (possibly quadratic) classical memory, Theorem 3 is technically incomparable and is stated in terms of quantum extractors, rather than classical extractors. Additionally, the proof of Theorem 3 is significantly simpler than the proof of our main theorem.

Since our proof builds on the previous line of works on classical memory-sample lower bounds for learning, specifically, on the proof technique of [Raz17, GRT18], we provide a brief review of these proofs, using parity learning [Raz18] as an example. In below, $M(a,x)$ denotes the inner product of $a$ and $x$ in $\mathbb{F}_{2}$.

Consider a classical branching program that tries to learn an unknown and uniformly random $x\in\{0,1\}^{n}$ from samples $(a,b)$, where $a\in\{0,1\}^{n}$ is uniformly random and $b=M(a,x)$. We can associate every state $v$ of the branching program with a distribution $P_{X|v}$ over $\{0,1\}^{n}$, indicating the distribution of $x$ conditioned on reaching that state. At the initial state, without any information about $x$, the distribution is uniform (which has the smallest possible $\ell_{2}$-norm). Along a computational path on the branching program, the distribution $P_{X|v}$ evolves and eventually gets concentrated (with large $\ell_{2}$-norms) in order to output $x$ correctly. Therefore, during the evolution, $P_{X|v}$ should at some stage have mildly large $\ell_{2}$-norms ($2^{\varepsilon n}$ times larger than uniform for some small constant $\varepsilon>0$). If we set such a distribution as a target, the distribution is hard to achieve with random samples. Only with $2^{-\Omega(n)}$ probability, the branching program can make significant progress towards the target; while most of the time a sample just splits the distributions (both the current and the target distribution) into two even parts, and that does not help much in getting closer to the target distribution (with large $\ell_{2}$ norm).

To put it more rigorously, we examine the evolution of the inner product

$$\langle P_{X|v},P\rangle=\sum_{x\in\{0,1\}^{n}}P_{X|v}(x)\cdot P(x)$$

between the distribution $P_{X|v}$ on the current state $v$, and a target distribution $P$. Receiving a sample $(a,b)$ implies that $M(a,x)=b$, hence only the part of $P_{X|v}$ supported on such $x$ proceeds. If this part is close to $\frac{1}{2}$ probability, we say that $a$ divides $P_{X|v}$ evenly. Denoting the new distribution as $P_{X|v}^{(a,b)}$, after proper normalization the new inner product is

$$\langle P_{X|v}^{(a,b)},P\rangle=\sum_{\begin{subarray}{c}x\in\{0,1\}^{n}\\ M(a,x)=b\end{subarray}}P_{X|v}(x)\cdot P(x)\bigg{/}\sum_{\begin{subarray}{c}x\in\{0,1\}^{n}\\ M(a,x)=b\end{subarray}}P_{X|v}(x).$$

(1)

Ideally, both $P_{X|v}$ and the point-wise product vector $P_{X|v}\cdot P$ should have reasonably small $\ell_{2}$-norms. Due to the extractor property of $M$, most of $a\in\{0,1\}^{n}$ should divide both vectors evenly, and thus the denominator is close to $\frac{1}{2}$ while the enumerator is close to $\frac{1}{2}\langle P_{X|v},P\rangle$. That means, given a uniformly random $a$, we get limited progress on the inner product. On the other hand, from $\langle U,P\rangle=2^{-n}$ with uniform distribution $U$ to $\langle P,P\rangle=2^{2\varepsilon n}\cdot 2^{-n}$, the branching program needs to make multiple steps of progression. Therefore it happens with an extremely small probability.

To ensure that the above statement goes smoothly, we require the following properties for every state $v$ in the branching program:

• •

  The $\ell_{2}$-norm $\big{\|}P_{X|v}\big{\|}_{2}$ is small.

• •

  The $\ell_{2}$-norm $\big{\|}P_{X|v}\cdot P\big{\|}_{2}$ is small, which is implied when the $\ell_{\infty}$-norm $\big{\|}P_{X|v}\big{\|}_{\infty}$ is small.

• •

  The denominator in Eq. 1 is bounded away from $0$ for every sample $(a,b)$.

These properties do not hold by themselves. Instead, we execute a truncation procedure on the branching program before choosing a target distribution. More specifically, the branching program is modified so that it stops whenever it:

• •

  ($\ell_{2}$ truncation): Reaches a state $v$ with large $\big{\|}P_{X|v}\big{\|}_{2}$;

• •

  ($\ell_{\infty}$ truncation): Reaches a state $v$ with large $P_{X|v}(x)$ when the unknown concept is $x$;

• •

  (Sample truncation): Or, for the next sample $(a,b)$, $a$ does not divide $P_{X|v}$ evenly.

It turns out that after $\ell_{2}$ truncation, the other two truncation steps add $2^{-\Omega(n)}$ error in each stage of the branching program. Therefore the proof boils down to proving a $2^{-\Omega(n^{2})}$ bound on the probability of reaching a state with large $\big{\|}P_{X|v}\big{\|}_{2}$, from which by a standard union bound, we can prove the memory-sample lower bounds for parity learning: either $2^{\Omega(n)}$ samples or $\Omega(n^{2})$ bits of memory are necessary.

As mentioned above, to bound the probability of reaching a state with a large $\ell_{2}$-norm, the basic idea is to fix its distribution as the target distribution $P$, and bound the increment of the inner product $\langle P_{X|v},P\rangle$. This was done in [Raz17, GRT18] by designing a potential function that tracks the average of $\langle P_{X|v},P\rangle^{k}$ for some $k=\Theta(n)$, where the average is over states $v$ in the same stage of the branching program. Here we propose another approach using the concept of badness levels. Although it is technically equivalent to the potential function approach in the classical case, it is more pliable and easier to be adapted to the quantum case. We view this approach as a separate contribution of our work.

We first define a bad event to be a pair $(v,a)$ of the state $v$ and the upcoming part of the sample $a$, such that $\langle P_{X|v},P\rangle\geq 2^{-n}$, and for one of the two possible outcomes $b$,

$$\sum_{\begin{subarray}{c}x\in\{0,1\}^{n}\\ M(a,x)=b\end{subarray}}P_{X|v}(x)\cdot P(x)\geq\left(\frac{1}{2}+2^{-\delta n}\right)\cdot\langle P_{X|v},P\rangle$$

(2)

with some small constant $\delta$. In other words, the inner product $\langle P_{X|v},P\rangle$ is large enough, while not being divided evenly by $a$. From Eq. 1 we know that the inner product gets at most roughly doubled through a bad event. In contrast, in the good case, the inner product either gets a mere $(1+2^{-\delta n})$ multiplicative factor or is already smaller than the baseline $2^{-n}$. Also, the extractor property of $M$ ensures that for every state $v$, over uniformly random $a$, the bad event happens with at most $2^{-\Omega(n)}$ probability.

Now, the badness level $\beta(v)$ of a state $v$ keeps track of how many times the computational path went through bad events before reaching $v$.³³3For now we think of $\beta(v)$ as a natural number. In the actual proof, $\beta(v)$ is a distribution on natural numbers, as for different computational paths reaching the same state, the count of bad events can be different. The above observations on the bad events imply that (omitting the smaller factors):

• •

  For every state $v$, $\langle P_{X|v},P\rangle$ is bounded by $2^{\beta(v)}\cdot 2^{-n}$;

• •

  Heading to the next stage, $\beta(v)$ increases by $1$ with probability $2^{-\Omega(n)}$.

Therefore at each stage, the total weight of states with badness level $\beta$ is at most $2^{-\Omega(\beta n)}$. Thus any state with $\langle P_{X|v},P\rangle\geq 2^{2\varepsilon n}\cdot 2^{-n}$ must have $2^{-\Omega(n^{2})}$ probability.

In this section, we present an attempt to prove the same $2^{\Omega(n)}$-sample or $\Omega(n^{2})$-quantum-memory lower bound for the pure quantum case. Along the way we identify some obstacles to proving memory-sample lower bounds for quantum learning algorithms, and in the next section we show how to overcome these obstacles while proving lower bounds for hybrid learning algorithms, with quadratic-size classical-memory and linear-size quantum-memory.

Following the same framework as the above described proof for the classical case, we first need to transfer all the notions to a quantum algorithms:

• •

  The state $v$ is a quantum state in the Hilbert space of quantum memory;

• •

  The distribution $P_{X|v}$ is still well-defined: It is the distribution of $x$ when the quantum memory is measured to $v$ (see Section 3.4 and Eq. 3);

• •

  We are still able to implement $\ell_{2}$ truncation: If $P_{X|v}$ has large $\ell_{2}$-norm, project the entire system to the orthogonal subspace $v^{\perp}$ of $v$ and repeat, until there is no such state $v$ (see Section 4.1 for details).

• •

  We are also able to implement sample truncation, in a similar manner to $\ell_{2}$ truncation. As the criteria here depends on $a$, we separately create a copy of the current system for each $a$, truncate the states $v$ using projection when $P_{X|v}$ is not evenly divided by $a$ in each copy, and then merge them back together. We prove that the error introduced by this truncation is small.

Here comes the first major obstacle: $\ell_{\infty}$ truncation. In the classical case, $\ell_{\infty}$ truncation is implemented for each individual $x$, in contrast to $\ell_{2}$ truncation where the states are removed altogether. Relying on the fact that it is already known that the $\ell_{2}$ norm of the distribution is small, using Markov inequality, one can prove that the error introduced by the $\ell_{\infty}$ truncation is small.

However, when we try to emulate the classical implementation of $\ell_{\infty}$ truncation with quantum truncation, that is, to only project to $v^{\perp}$ the system conditioned on the specific $x$ where $P_{X|v}(x)$ is large, instead of for every $x$, it may lead to huge changes to the distributions $P_{X|u}$ on states $u$ non-orthogonal to $v$. The following example illustrates such a scenario:

Moving on, we fix a target state $v$ with a target distribution $P_{X|v}$ which exceeds the $\ell_{2}$-norm threshold, and the goal is again to prove a $2^{-\Omega(n^{2})}$ amplitude bound on $v$. The bad event should still be defined as a pair $(v,a)$ satisfying Eq. 2, with $v$ now being a quantum state. We then run into the second major obstacle: it is not clear how to define badness levels.

If we define the badness level $\beta(v)$ for each state $v$ individually by examining the bad events over the historical states, then it is not clear how to measure the total weight of a badness level $\beta$. In the classical case, we simply define the total weight as the total probability of states with badness level $\beta$. But here in the quantum case, it turns out that such a definition either depends on the choice of basis, which might have large increment in each stage, or completely fails to imply the desired amplitude bound on the target state.

The other choice is to have a more operational definition of badness levels, and it is indeed tempting to define $\beta$ as another register whose updates are controlled by the quantum memory. The problem with such definitions is that the bad event (Eq. 2) is not linear in $v$. Therefore an operational definition of badness level, which is a linear operator, inevitably introduces error that escalates fast with the number of stages.

The obstacles in the previous section are for proving quadratic quantum memory lower bound. We note that proving linear quantum memory lower bound (without classical memory) is not hard: the proof can be entirely information theoretical, as with very limited memory, say, $\frac{1}{2}n$ qubits, the information gained from each sample is exponentially small, despite the memory being quantum. We present such a proof in Appendix C.

The lower bounds that we prove here are with hybrid memory: To learn parity with both classical and quantum memory, an algorithm needs either $2^{\Omega(n)}$ samples, or $\Omega(n^{2})$ classical memory, or $\Omega(n)$ quantum memory (Theorem 1). We now describe how we overcome the previously mentioned obstacles.

For a vector $v\in\mathbb{C}^{d}$ and $p\in[1,\infty]$, we define the $\ell_{p}$ norm of $v$ as

$$\|v\|_{p}=\left(\sum_{i=1}^{d}|v_{i}|^{p}\right)^{1/p}.$$

For two vectors $u,v\in\mathbb{C}^{d}$, define their inner product as $\langle u,v\rangle=u^{\dagger}v=\sum_{i=1}^{d}\overline{u_{i}}v_{i}$. So $\|v\|_{2}^{2}=\langle v,v\rangle$. We also view every distribution $P$ over a set $\mathcal{X}$ as a non-negative real vector with $\|P\|_{1}=1$.

We specifically use Dirac notation to denote unit vectors, $|v\rangle\in\mathbb{C}^{d}$ implies that $\||v\rangle\|_{2}=1$. For a non-zero vector $u\in\mathbb{C}^{d}$, let $|v\rangle\sim u$ be the normalization of $u$, that is, $|v\rangle=u/\|u\|_{2}$.

For every vector $v\in\mathbb{C}^{d}$, let $\operatorname{Diag}v\in\mathbb{C}^{d\times d}$ be the diagonal matrix whose diagonal entries represent $v$. Conversely, for every square matrix $M$, let $\operatorname{diag}M$ be the vector consisting of the diagonal entries of $M$. For a matrix (or generally a linear operator) $M$, we use $\|M\|_{\mathrm{Tr}}$ and $\|M\|_{2}$ to denote its trace norm and spectral norm respectively, that is,

$$\big{\|}M\big{\|}_{\mathrm{Tr}}=\mathrm{Tr}\left[\sqrt{MM^{\dagger}}\right],\quad\big{\|}M\big{\|}_{2}=\max_{v\neq 0}\|Mv\|_{2}/\|v\|_{2}.$$

For an Hermitian $M\in\mathbb{C}^{d\times d}$, we say it is a positive semi-definite operator if for every $v\in\mathbb{C}^{d}$, $v^{\dagger}Mv\geq 0$. A (partial) density operator is a positive semi-definite operator with its trace being $1$ (or at most $1$, respectively).

The state of $q$ qubits can be represented in a Hilbert space $\mathcal{V}=(\mathbb{C}^{2})^{\otimes q}=\mathbb{C}^{2^{q}}$. In a product of $m$ Hilbert spaces $\mathcal{V}_{[m]}=\mathcal{V}_{1}\otimes\cdots\otimes\mathcal{V}_{m}$, a multipartite partial system $V_{1},\ldots,V_{m}$ is represented by a partial density operator $\rho_{V_{[m]}}$. For a subset $I\subseteq[m]$ of indices, the subsystem on $\{V_{i}\}_{i\in I}$ (or $V_{I}$ for short) is defined by tracing out $j\notin I$, that is,

$$\rho_{V_{I}}=\mathrm{Tr}_{V_{j\notin I}}[\rho_{V_{[m]}}].$$

Now for any two disjoint subsets $I,J\subset[m]$, given some $|v_{J}\rangle\in\mathcal{V}_{J}=\bigotimes_{j\in J}\mathcal{V}_{j}$, the conditional system on $V_{I}$ is defined as

$$\rho_{V_{I}|v_{J}}=\left(\mathbb{I}_{V_{I}}\otimes\langle v_{J}|\right)\rho_{V_{I\cup J}}\left(\mathbb{I}_{V_{I}}\otimes|v_{J}\rangle\right),$$

which is a partial density operator on $V_{I}$. Note that the trace

$$\mathrm{Tr}\left[\rho_{V_{I}|v_{J}}\right]=\langle v_{J}|\rho_{V_{J}}|v_{J}\rangle$$

only depends on the system $\rho$ and $|v_{J}\rangle$, while being independent of the choice of $I$.

Another simple fact that will be repeatedly used later on is that for an orthogonal basis $\mathcal{B}$ of $V_{J}$, we have

$$\rho_{V_{I}}=\mathrm{Tr}_{V_{J}}[\rho_{V_{I\cup J}}]=\sum_{|v_{J}\rangle\in\mathcal{B}}\rho_{V_{I}|v_{J}}.$$

In the underlying space $\mathcal{V}_{1}\otimes\cdots\otimes\mathcal{V}_{m}$ of the multipartite system, we say $\mathcal{V}_{i}$ is classical if there is a fixed orthogonal basis $\mathcal{B}_{i}$ of $\mathcal{V}_{i}$, such that for every multipartite system $\rho_{V_{[m]}}$, every pair of distinct $|v_{i}\rangle\neq|v_{i}^{\prime}\rangle\in\mathcal{B}_{i}$ and every two states $|v\rangle,|v^{\prime}\rangle\in\bigotimes_{j\neq i}\mathcal{V}_{j}$, we have

$$\langle v_{i},v|\rho_{V_{[m]}}|v_{i}^{\prime},v^{\prime}\rangle=0.$$

Without loss of generality, in the rest of the work we always assume $\mathcal{B}_{i}$ is the set of computational basis states. We also identify $\mathcal{V}_{i}$ with the discrete set $\mathcal{B}_{i}$, and remove the Dirac brackets when we talk about the classical elements in $\mathcal{V}_{i}$. In this case every multipartite system $\rho_{V_{[m]}}$ can be written as a direct sum

$$\rho_{V_{[m]}}=\bigoplus_{v_{i}\in\mathcal{V}_{i}}\rho_{V_{[m]\setminus\{i\}}|v_{i}}.$$

The reader may find this direct sum viewpoint easier to handle in some later scenarios.

When $V_{I}$ is classical, conditioned on any $|v_{J}\rangle\in\mathcal{V}_{J}$ with $J$ disjoint from $I$, the system $\rho_{V_{I}|v_{J}}$ is represented as a diagonal matrix on $V_{I}$. If $\mathrm{Tr}[\rho_{V_{I}|v_{J}}]>0$, it induces a distribution over  the computation basis states of $V_{I}$, defined as

$\displaystyle P^{\rho}_{V_{I}|v_{J}}=\operatorname{diag}\rho_{V_{I}|v_{J}}/\mathrm{Tr}[\rho_{V_{I}|v_{J}}].$

(3)

In the rest of this paper, whenever we use this notation $P^{\rho}_{V_{I}|v_{J}}$, it is always implicitly assumed that $\mathrm{Tr}[\rho_{V_{I}|v_{J}}]>0$ and the distribution exists.

In this work we typically consider the following scenario: There is a quantum memory register $V$ ranging in the Hilbert space $\mathcal{V}$, and a classical memory register $W$ ranging in the set of memory states $\mathcal{W}$, along with some classical information $X\in\mathcal{X}$ (later in the work, it is the concept to be learned) that is correlated with $V$ and $W$. We will make use of the following fact:

For a learning problem that corresponds to the matrix $M$, a branching program of hybrid memory with $m$-bit classical memory, $q$-qubit quantum memory and length $T$ is specified as follows.

At each stage $0\leq t\leq T$, the memory state of the branching program is described as a classical-quantum system $\rho^{(t)}_{VW}$ over quantum memory space $\mathcal{V}=(\mathbb{C}^{2})^{\otimes q}$ and classical memory space $\mathcal{W}=\{0,1\}^{m}$. The memory state evolves based on the samples that the branching program receives, and therefore depends on the unknown element $x\in_{R}\mathcal{X}$. We can then interpret the overall systems over $XVW$, in which ${X}$ consists of an unknown concept $x$, resulting in a classical-quantum system $\rho^{(t)}_{XVW}$. It always holds that the distribution of $x$ is uniform, i.e.,

$$\rho^{(t)}_{X}=\mathrm{Tr}_{VW}[\rho^{(t)}_{XVW}]=\frac{1}{2^{n}}\mathbb{I}_{X}.$$

Initially the memory $VW$ is independent of $X$ and can be arbitrarily initialized. We assume that

$$\rho^{(0)}_{XVW}=\frac{1}{2^{n}}\mathbb{I}_{X}\otimes\frac{1}{2^{q}}\mathbb{I}_{V}\otimes\frac{1}{2^{m}}\mathbb{I}_{W}.$$

At each stage $0\leq t<T$, the branching program receives a sample $(a,b)$, where $a\in_{R}\mathcal{A}$ and $b=M(a,x)$, and applies an operation $\Phi_{t,a,b}\in\mathscr{T}_{\mathcal{V}\otimes\mathcal{W}}$ over its memory state. Thus the evolution of the entire system can be written as

$$\rho^{(t+1)}_{XVW}=\mathop{\mathbf{E}\mbox{}}\limits_{a\in_{R}\mathcal{A}}\left[\sum_{x\in\mathcal{X}}|x\rangle\langle x|\otimes\Phi_{t,a,M(a,x)}\big{(}\rho^{(t)}_{VW|x}\big{)}\right].$$

Finally, at stage $t=T$, a measurement over the computational bases is applied on $\rho^{(T)}_{VW}$, and the branching program outputs an element $\widetilde{x}\in X$ as a function of the measurement result $(v,w)\in\{0,1\}^{q+m}$. The success probability of the program is the probability that $\widetilde{x}=x$ which can be formulated as

$$\sum_{\begin{subarray}{c}x\in\mathcal{X},v\in\{0,1\}^{q},w\in\mathcal{W}\\ \widetilde{x}(v,w)=x\end{subarray}}\langle x,v,w|\rho^{(T)}_{XVW}|x,v,w\rangle.$$

Here we describe how to truncate a partial classical-quantum system $\rho_{XVW}$ according to some property $G(v,w)$ of desire on $\rho_{X|v,w}$. The goal is to remove the parts of $\rho_{XVW}$ where $G$ is not satisfied. We execute the following procedure:

1. 1.

   Maintain a partial system $\rho^{\prime}_{XVW}$ initialized as $\rho_{XVW}$, and subspaces $\mathcal{V}_{w}\subseteq\mathcal{V}$ initialized as $\mathcal{V}$ for each $w\in\mathcal{W}$.

2. 2.

   Pick $w\in\mathcal{W}$ and $|v\rangle\in\mathcal{V}_{w}$ such that $\mathrm{Tr}[\rho^{\prime}_{X|v,w}]>0$ and $G(v,w)$ is false.

3. 3.

   Change the partial system $\rho^{\prime}_{XVW}$ into the following system by projection:

   $$\big{(}\mathbb{I}_{X}\otimes(\mathbb{I}_{VW}-|v,w\rangle\langle v,w|)\big{)}\rho^{\prime}_{XVW}\big{(}\mathbb{I}_{X}\otimes(\mathbb{I}_{VW}-|v,w\rangle\langle v,w|)\big{)},$$

   and change $\mathcal{V}_{w}$ to its subspace orthogonal to $|v\rangle$, that is

   $$\{|v^{\prime}\rangle\in\mathcal{V}_{w}\mid\langle v|v^{\prime}\rangle=0\}.$$

4. 4.

   Repeat from step 2 until there is no such $w$ and $|v\rangle$. Denote the final system as $\rho^{|G}_{XVW}$.

In step 2 we pick $w$ and $|v\rangle$ arbitrarily as long as it satisfies the requirements, however we could always think of it as iterating over $w\in\mathcal{W}$ and processing each $\rho_{XV|w}$ separately. The choices of $|v\rangle$ for each $w$ do affect the final system $\rho^{|G}_{XVW}$; Yet as we will see later, these choices are irrelevant to our proof.

Below, we give two useful lemmas on truncated systems.