"Just as it took decades for us to get supercomputers in our pockets, it will take decades to work through all the engineering problems necessary to build large-enough quantum computers."
This is not an accurate analogy, and you shouldn't believe that there is a continuous engineering path to practical quantum computing as there was for miniaturization of semiconductors. We understood that there was "plenty of room at the bottom" for semiconductors and classical computation and had "Moore's Law" which pointed to a future with supercomputers in our pocket. However the physics of quantum computation are not so well bounded today, and the author acknowledges that we may not be able to build such quantum computers, and he is placing a bet.
Let me place my bet: error correction will prove intractable for quantum computation, with a recursive relationship between the size and coherence time of a topological qubit, such that the minimum number of particles required to factor N-bit numbers will exceed the number of particles in the universe for an N that is small enough to just keep using RSA on classical computers.
That's such a weird thing to say. It's not like computing as it is now was considered possible in the beginning.
I remember sitting with a bunch of the German senior communication networks folks in the tube in Hamburg and they were talking stories of the past, when their professors told them how utterly impossible/ridiculous today's networking is.
Ridiculous to make such speculation about error correction when it was such a surprise to find it was even possible in the first place. The real answer to most QC questions is “we don’t know”
>But if the unimaginable happens, that would leave us with cryptography based solely on information theory: one-time pads and their variants.
If I remember correctly Zones of Thought series by Vernor Vinge has aliens that can do that (I don't want to spoil out why, because it's one of the great ideas in the book). As a countermeasure, there are spaceships carrying massive amount of bits around to be used as one-time pads.
You remember correctly. This is present in "A fire upon the deep" by Vinge, which is one of the best sci-fi books I have read (although I am not particularly well read). Really, that book contained several concepts (the drifting tech zones, the hive mind mechanisms, etc) that made it an amazing read. I would recommend it to anyone who appreciates sci-fi.
EDIT: I forgot to add that the book was also a Hugo Award (Best Novel) winner, which I just noticed/remembered as I took it down from my bookshelf to re-read it... =o)
> Yes, I know that quantum key distribution is a potential replacement for public-key cryptography. But come on -- does anyone expect a system that requires specialized communications hardware and cables to be useful for anything but niche applications?
I don't think there is any inherent reason why this would have to be done using "specialized communications hardware and cables". Didn't the Chinese just demonstrate entanglement sharing via satellite?
I could imagine a post-quantum computing era where it is even possible to know, with certainty, if you have been hacked, or data breached, because of quantum cryptography. We are not any where near this kind of technology right now, but the physics is real.
Yes, sounds a lot like the "I think there is a world market for maybe five computers" prediction by IBM's president in 1943.
Practical quantum cryptography is actually not that far away IMHO as the theory is solid and there have been many successful test deployments in the field already.
Sure the equipment is specialized but not much more than e.g. the electronics that you need for a mobile baseband station or other specialized applications. You mostly need a good single-photon source and some high-quality optical components and there's no fundamental obstacle to producing those in large quantities and (eventually) for an affordable price. Also, high-quality fiber-optical cables are expensive but not prohibitively so, hence intra-city quantum links seem absolutely feasible and even inter-city connections are doable (and as you pointed out even satellite or line-of-sight communication is possible).
In my understanding the main issue that most cryptographers have with schemes like quantum key distribution is that they require classical cryptography in the bootstrapping process, so by their argument they can never be better than those classical schemes. They often forget to mention though that the adversary needs to be able to crack the classical cryptography during the key exchange process (i.e. within a few milliseconds to seconds), so the method is still much safer than any classical key exchange method except if you're facing a god-like adversary.
The "five computers" taken out of context might seem ridiculous but it is hard to believe that wouldnt have been obvious back then and so must have been understood differently, e.g. five mainframes to connect to per terminal and/or diversion to discourage competition. And it's not qualified over time, so it might have meant the very near future.
... or five architectures, five development boxes and the rest restricted implementations, ie. five different co-processors e.g. for time table scheduling which were selling by the time already.
The Wikipedia page on Watson discusses attempts at finding the source for this quote, but explains that there seems to be no consensus on this. https://en.wikipedia.org/wiki/Thomas_J._Watson
It does quote Howard Aiken saying this in 1952:
Originally one thought that if there were a half dozen
large computers in this country, hidden away in research
laboratories, this would take care of all requirements
we had throughout the country
Even though it's likely that Watson never made this particular statement, the sentiment that the statement itself carries was a real one, and certainly existed in the 40's.
What would be interesting to know is when the shift happened from computers being seen as a niche tool to something that everybody would use.
> Sure the equipment is specialized but not much more than e.g. the electronics that you need for a mobile baseband station
Was under the impression that these computers were supercooled down to near absolute zero otherwise they are overwhelmed by decoherence, this problem has been solved?
Achieving those temperatures is a fairly involved process.
For quantum cryptography you don't need qubits but entangled photons, and you need to be able to create pairs of these and measure the polarization of individual photons with high efficiency. Both of these things can be accomplished at room temperature (though there are technologies for photon detection that require cooling to very low temperatures).
Really enjoy the topic but find it hard to parse some claims that come out. D-wave a while ago made some bold statements that were shot down by many respected in the field, yet they seem to be progressing still and putting out papers.
Simply measuring power in qubits seems to be not the entire story yet most reporting on the subject often boils down to that. I should read up more.
> I could imagine a post-quantum computing era where it is even possible to know, with certainty, if you have been hacked, or data breached, because of quantum cryptography.
How so?
(Because none of that seems to even remotely have anything to do with quantum cryptography. It's a key exchange - and one with some very bad properties I might say, because it assumes a hell of a lot of things already existing like an authenticated channel. But it does nothing to detect breaches or whether you've been hacked.)
That amounts of specialized hardware. Strong lasers and receivers for each user, network of quantum repeater satellites. How do you connect to your bank in a cloudy day or when it rains?
Quantum key distribution is a method of securely exchanging a symmetric key from afar. Once you have that symmetric key, you encode your message with the key (say using a one-time pad), and send it via a classical channel as usual, and the other person decodes it.
So what could happen is that that every month you could have a session with your bank to exchange a 100MB secure key using quantum key distribution. Then during the month, you and the bank could use regular internet to communicate securely using the key.
Numerous post-quantum public key cryptosystems exist that a completely classical party can run. Schneier left these out of his discussion for key distribution if quantum supremacy were to ever occur.
Perpetual motion machines. We heard it before. Controlled fusion, free energy, bla bla bla, bullshit, more bullshit, and a bit mor bullshit. Ohh look! The Santa Claus !
This is not an accurate analogy, and you shouldn't believe that there is a continuous engineering path to practical quantum computing as there was for miniaturization of semiconductors. We understood that there was "plenty of room at the bottom" for semiconductors and classical computation and had "Moore's Law" which pointed to a future with supercomputers in our pocket. However the physics of quantum computation are not so well bounded today, and the author acknowledges that we may not be able to build such quantum computers, and he is placing a bet.
Let me place my bet: error correction will prove intractable for quantum computation, with a recursive relationship between the size and coherence time of a topological qubit, such that the minimum number of particles required to factor N-bit numbers will exceed the number of particles in the universe for an N that is small enough to just keep using RSA on classical computers.