
What are we going to do with quantum computers? - hunglee2
https://www.technologyreview.com/s/610250/hello-quantum-world/
======
quotemstr
I wonder whether we'll first use quantum computers to perform cryptanalysis
against archived unencrypted traffic.

We've conducted ourselves for decades underthe assumption that the
cryptographic invariants securing internet communications would hold. Looking
to the future, we can switch to quantum-resistant ciphers and go on with our
lives.

But the past? Mass decryption of archived communication would lead to learning
things we never wanted to know. It would cause economic ruin, social turmoil,
and worse on a huge scale. And it may now be inevitable. Everyone has secrets.

We should start moving toward quantum-resistant cryptography _now_ so that by
the time these machines become practical, sensitive information will have
fallen out of most archives.

~~~
petters
> It would cause economic ruin, social turmoil, and worse on a huge scale.

I don't think this is true at all. No one has the capacity to store everything
and governments would be the ones that come closest. Why would they cause all
those bag things? It does not make sense.

I am not saying they won't use it, but it will not have nearly those effects
that you list.

~~~
brodie78382
> No one has the capacity to store everything

Don't be so sure about that:
[https://en.wikipedia.org/wiki/Utah_Data_Center](https://en.wikipedia.org/wiki/Utah_Data_Center)

~~~
petters
1\. Even if it is of infinite capacity, one datacenter will not be able to
store _everything_. The data needs to be moved there as well.

2\. My point was that there's no way NSA will use the data stored there in
ways that will give the effects mentioned in the grandparent post.

------
Torai
_Serious quantum computers ARE FINALLY HERE_

That would involve both the hardware and software is ready for production and
use.

So it's my thing or is it MIT Technology Review writers who are misleading
common people into thinking quantum computing will be usable in a couple of
years?

~~~
andybak
Yes. From my layman's view the fact that there are serious scientists in the
field who still doubt that practical quantum computation is even realistically
possible surely indicates we're not on the verge of being able to order one
for delivery.

~~~
OscarCunningham
On the other hand I'm sure you could find lots of other achievements where
some scientists were denying it was possible right up to the point it was
achieved.

~~~
rwallace
Could you?

Sure, we can all think of cases where someone said something was impossible
and then eventually it was achieved.

But are there any cases where the expert consensus on the _physical
possibility_ of something wasn't established until it was achieved in
practice? I can't think of one off the top of my head.

Nuclear energy? No, the physical possibility of this was understood in the
thirties; the objection was that, as one scientist put it, you would have to
turn a whole country into a uranium refinery. Which wasn't exactly wrong; the
Manhattan project took engineering resources in the ballpark of a small
country.

Supersonic flight? No, artificial objects had been going supersonic for
centuries.

Spaceflight? No, the physics of this was well understood long before it was
achieved.

Any that I'm missing?

~~~
OscarCunningham
Right, people had consensus on the physical possibility, but not on whether
the engineering problems were surmountable.

But I think there _is_ a consensus on the physical possibility of quantum
computing in principle. The [threshold
theorem]([https://en.wikipedia.org/wiki/Quantum_threshold_theorem](https://en.wikipedia.org/wiki/Quantum_threshold_theorem))
is very convincing.

~~~
rwallace
Be careful: there's an important distinction. There is a consensus that
quantum computers can, for certain problems, perform computation exponential
in the number of qubits. But the often unspoken assumption is that the
difficulty of getting the computation to stay coherent, is polynomial in the
number of qubits. That's currently the big unknown. If it's not, then that's
what would be meant by practical quantum computers being physically
impossible.

~~~
OscarCunningham
Is that not the problem that the threshold theorem solves?

~~~
rwallace
As I understand it (disclaimer: not a physicist), that's the open question:
does there exist a stable configuration of atoms that will create conditions
such that the threshold theory applies in full, errors are adequately
corrected, and an N-qubit quantum computer can be built and operated for cost
polynomial rather than exponential in N? Or does that line of thinking rely on
assumptions that can't actually be met?

------
grondilu
I personally envision quantum computers and machine learning working together
to "solve" biology. QC would solve difficult molecular dynamics problems (like
protein foldings, enzymatic reactions...) and ML would learn those results to
simulate large aggregates of such molecules (like a whole cell or even a whole
organism).

~~~
ianai
From how QC is done, that seems unlikely. It seems to me a QC would best model
quantum processes but anything larger would require astronomical numbers if
qubits.

------
nightcracker
Is it possible to massively speed up ray tracing by representing geometry in a
quantum program and then using superposition to evaluate many ray paths
simultaneously? That would be exciting in <N> years for real time accurate ray
tracing.

This is just a wild guess without much knowledge of quantum computing at all
though.

~~~
nhaehnle
In short, no.

Quantum computers don't really compute many things in parallel. Or rather,
they do, but the problem is getting the results out.

To stick with your ray tracing question, you could probably indeed trace an
exponentially (in the size of the computer) number of rays, but at the end you
have to do go back to the classical world to actually read out data, and you'd
essentially be able to only read out the result of one ray picked at random.

Quantum computers are only know to provide exponential speedups in cases where
there is some algebraic structure to exploit when condensing the exponentially
many computations down to a single result. That's why you can get an
exponential speedup for factoring or discrete logarithm, but not for symmetric
cryptography or really any other useful problem (except for the kind of
circular problem of simulating quantum systems).

That's what makes me personally hope that quantum computers will never scale.
The likely outcome of quantum computing is the worst of all worlds: all known
practically useful cryptography will be broken, and practically nothing will
really benefit.

~~~
OscarCunningham
>The likely outcome of quantum computing is the worst of all worlds: all known
practically useful cryptography will be broken, and practically nothing will
really benefit.

I agree with you on the technical points, but I think this is a tad
pessimistic.

Firstly, by the time we have quantum computing we will probably also have
quantum cryptography. Quantum cryptography is secure against quantum computers
and is also vastly more simple than existing crypto (no complicated algorithms
to mess up). So I expect cryptography to improve.

Secondly, while quantum computers won't be useful for everything, they will
have amazing applications. The "simulating quantum systems" thing will be
hugely useful for studying chemistry. And Grover's algorithm will provide a
significant speedup for a whole host of interesting problems, especially in
machine learning.

~~~
Moodles
> Quantum cryptography is secure against quantum computers and is also vastly
> more simple than existing crypto (no complicated algorithms to mess up).

Can you explain this statement? I understand that algorithms such as RSA might
require particular padding or what have you to be secure in practice, but is
quantum-resistant crypto much different?

~~~
OscarCunningham
The phrase "quantum-resistant crypto" usually means classical algorithms (e.g.
those involving elliptic curves) that are resistant to quantum computers.

What I'm talking about is "quantum cryptography", in which qubits are actually
used in the protocol. Quantum cryptography is also known to be secure against
quantum computers (indeed it's secure against arbitrary amounts of computing
resources, unless our theories of physics are wrong).

It's also simpler than RSA or elliptic curves, so I hope that (after the kinks
are worked out) it will also be less susceptible to bad implementations and
side-channel attacks.

~~~
Moodles
Apologies as I misread "quantum" as "quantum-resistant" above. However, I
would still contest that quantum key exchange is "simpler". I mean, you need a
quantum channel and to accurately exchange qubits without disturbance. Not to
mention a small initial secret. It doesn't really work too well with our
current infrastructure.

~~~
OscarCunningham
Agree with most of your points. But I suspect building a quantum
infrastructure will be easier (and therefore occur earlier) than building
quantum computers.

>Not to mention a small initial secret

This is interesting, what are you referring to here?

~~~
PeterisP
Doesn't quantum transmission infrastructure require _direct_ connections from
A to B? I.e. you could use it for a _single_ uninterrupted fiber cable, or for
the channel between your antenna and a satellite, but not with our common
fiber infrastructure that relies on repeaters / re-transmitters.

As soon as there's any device between you and the recipient that breaks the
entanglement, all the guarantees of quantum encryption go out of the window,
and it's possible to attack the comms at that retransmission point.

~~~
OscarCunningham
>Doesn't quantum transmission infrastructure require direct connections from A
to B?

No, the retransmitters can preserve the entanglement (and A and B can verify
that this has been done).

In fact (providing qubits can be stored) the transmission can be done
indirectly and in advance.

The telecom company produces lots of entangled qubits and gives a bunch to
each customer, keeping half of each pair for itself. Then when Alice wants to
communicate securely with Bob they ask the telecom company to take the
corresponding qubits and perform a joint measurement. This entangles Alice's
qubits with Bob's (like making a connection at a telephone exchange). Then
Alice and Bob can measure their qubits (in various bases) to create a one-
time-pad.

The clever thing is that Alice and Bob can (by checking that on a portion of
the qubits their results always matched when they used the same basis) verify
that they did indeed have maximally entangled qubits and therefore no one was
listening-in.

------
montrose
I've always assumed that, however here quantum computers are in labs you can
read articles about, they're herer at the NSA. Is there any external evidence
that the NSA is already using them?

~~~
HaoZeke
None actually. If the NSA or anyone had managed to find a use for the sort of
Quantum computers that are floating around the world would be very different.

However currently these computers are constrained by classical memory and read
write operations are still classical.

I'm willing to bet it'll be a century more at this rate before quantum
computing comes of age.

Since the 40s people have been hyping them without any sort of clear
understanding.

~~~
OscarCunningham
>40s

This is a typo, surely? Quantum computers were first proposed in the 80s.

~~~
HaoZeke
Yup, sorry, typed that on an alphanumeric.

But tech-hype has always existed, side by side with those claiming tech has
maxed out... It's disappointing to see the media even try TBH.

------
Asdfbla
How long does a computation step in a quantum computer (which I guess is
technically a measurement) actually take? I'm (at a superficial level) aware
of Grover's and Shor's algorithms, but only in the sense that they provide
asymptotic speedups in the number of steps required for the computation. In
classical computers it's easy to envision some model where a step is just some
constant number of cycles or whatever, but how long do the measurements take
in quantum computers?

I guess it depends on the specific experimental setup of your quantum computer
somehow, but I'm just curious about the real-world speeds. A hypothetical
computer that does few steps but takes a minute for each measurement wouldn't
be so useful.

~~~
mirekrusin
Single measurement collapses to some fixed state. You need to reset the whole
thing and do measurement again. Repeat it many times and you'll start seeing
distribution that you're interested in. Your solution/algo will amplify
correct answers.

Single measurement is like revealing single pixel of a picture. If you do it
enough times, you know what's on the picture.

~~~
PeterisP
Yeah, so the question is about the order of magnitude it takes for each such
simple measurement; how much time does it take to reset the whole thing and do
measurement again - how many times per second/hour/whatever can we hope do do
that.

~~~
mcguire
And how many times do you need to do it to get the precision you want?

------
TekMol
I never got really far explaining myself what a quantum computer is. From what
I understand, this is what we can do with a quantum bit:

    
    
        class Qbit
        {
         var $p;
    
         function randomize($p)
         {
          $this->p=$p;
         }
        
         function observe()
         {
          if ( $this->p > random() ) $this->p=1;
          else                       $this->p=0;
          return $this->p;
         }
        }
    

The interesting things probably get possible when you have multiple qbits. Not
just a normal array of qbits, but qbits that have some kind of interaction
(entanglement?).

Would it be possible to simulate 'multiqbits' in a piece of code similarly
small as the one above?

~~~
jcranmer
You're missing several important things:

* The amplitude of a qubit is effectively a complex probability instead of a real one.

* Don't think of an n-qubit machine as having n instances of qubit. The representation you want is essentially:
    
    
        struct quantum_state {
          uint64_t bits;
          complex_t amplitude;
        };
        struct quantum_register {
          int num_bits;
          size_t num_states;
          struct quantum_state *states;
        };
    

(quantum registers are usually emulated as sparse vectors for space
efficiency).

From a simulation perspective, quantum computers are just linear algebra
operations, albeit over the complex field instead of the reals. The difficulty
is that the equivalent vectors and matrices are of exponential size (2^n for
an n-qubit computer), and the interesting operations don't exhibit regular
patterns that permit aggressive optimization.

~~~
TekMol

        The amplitude of a qubit is effectively a
        complex probability instead of a real one
    

Does this have any implications as long as there is only one qbit?

------
erikj
I thought "serious" meant at least one million error-corrected qubits or so,
and it seems to me that we're at least two decades away from this. The article
is talking about the 50 qubits milestone without proper error correction.

~~~
neltnerb
Why do you think so many qubits would be needed in order for it to be serious?
The article quotes quantum computer researchers as saying 50-100 qubits could
perform computations that are intractable on any classical computer. I'm
inclined to believe them, the state space grows way faster than linearly as
you entangle more particles.

~~~
Strilanc
To encode 100 logical error-corrected qubits, you need on the order of 100K to
1M physical qubits. People mix up the two types all the time.

------
YeGoblynQueenne
>> Not just any computer, but one on the verge of passing what may, perhaps,
go down as one of the most important milestones in the history of the field.

Well, I don't know enough about quantum computers to be able to tell what's
going on here, but "on the verge" and "finally here" sound a bit
contradictory. Are we expecting to have useful quantum computers soon, like
the article's opening paragraph suggests, or do we already have them, as the
title does?

------
fiatjaf
There must be a way to explain the principle behind quantum computers for a
layman that understands both computers and quantum mechanics. Where is that
explanation?

~~~
anonytrary
This is a tall order considering physicists haven't really come up with a
layman explanation for the latter. The best way to understand quantum
mechanics is to do the math, taking the Copenhagen interpretation to be true.
Sadly, this is the only way to gain an intuition for quantum mechanics.

------
intrasight
As was mentioned in the article, applications in chemical and physical
simulation seem very promising. I would think that error correction would not
be an issue. You would use QC to identify possible solutions which could then
be verified by traditional computers.

------
kensai
Who is the market leader now? Is it D-Wave or IBM? Someone else?!

~~~
stochastic_monk
D-Wave computers are quantum annealers, not machines capable of running, for
example, Grover’s or Shor’s algorithm.

And even these algorithms can help asymptotic complexity, but not solve an NP
complete problem in polynomial time.

(Even AES256 is pretty much safe against a quantum attack, since a quantum
computer effectively square roots the time complexity, and that just leaves
key-exchange protocols, of which several QR-variants exist.)

Personally, I think the hype far outweighs the value, even compared to Big
Data/IoT.

~~~
taejo
> And even these algorithms can help asymptotic complexity

Is this a theorem or conjecture?

~~~
stochastic_monk
Existing quantum algorithms have not yet been found which have reduced NP-
complete problems to polynomial time. (See [0] for a pretty comprehensive
list.)

IE, I was talking about quantum algorithms we have, none of which have done
so, not stating the impossibility of such an algorithm.

I am not aware of a proof that comments on whether or not such an algorithm is
impossible, however.

[0]: [https://math.nist.gov/quantum/zoo/](https://math.nist.gov/quantum/zoo/)

------
Digit-Al
Anyone know how you'd debug a quantum algorithm? It doesn't look like it would
be possible to step through the code in a debugger.

~~~
vpribish
you can simulate it in a regular computer and debug there.

------
Kequc
The government is going to use them to finally start decrypting all of the VPN
traffic they've been storing all these years.

------
recentdarkness
Finally a viable platform to mine bitcoin and other crypto currencies

~~~
zakk
You cannot mine Bitcoin with a quantum computer, as there is no quantum
algorithm to calculate SHA hashes.

~~~
tromp
All hashcash based PoW, including bitcoin's, is subject to quantum speedup by
Grover's search algorithm. It allows you to find a hash output with 80 leading
zero bits in roughly 2^40 steps rather than the 2^80 steps classically needed.

------
samirm
what a clickbait title

------
mesozoic
Bitcoin mining mostly

------
selimthegrim
[https://twitter.com/preskill/status/966088602659667968](https://twitter.com/preskill/status/966088602659667968)

