But we have a way to go: "Also in 2012, the factorization of 21 was achieved, setting the record for the largest number factored with a quantum computer."
I'd love to know what the NSA's version of this would be. Given their mission, and the financials resources available to them - it's difficult for me to imagine that they don't have technology at-their-disposal that blows most people's minds in terms of power and capabilities.
3 billion records doesn't seem to be that much. I mean, even with a desktop computer, having a month to compute something meaningful out of that doesn't seem far fetched. I really don't think they need sci-fi computers for all of that. 3B/month * 12months * 5 years = 180 billion records. That's a lot but large tech companies seem to deal with those kinds of numbers all year long.
Shor's algorithm allows quick factorization of primes. RSA encryption, the main way that things are encrypted today, relies on the assumption that factoring large primes is computationally infeasible. So quantum computers would allow the NSA to read RSA-encrypted data.
What we do know is that there is a known algorithm to factor number in polynomial time on quantum computers and there is not a known algorithm to do so on classical computers. Assuming that factoring numbers is actually a hard problem on classical computers (unproven, but generally accepted), then quantum computers are more powerful than classical ones.
Since Moore's Law is giving us one more bit of decryption per unit time every 1.5 years, 4096 * 1.5 years is probably going to precede the heat death of the universe handily. But 6000-or-so years of Moore's Law does tax credulity.
PGP is a piece of software, and not an algorithm. I believe it uses RSA and AES by default, but I could be wrong :)
AFAIK RSA, DSA, Diffie-Hellman, and ECC are all known to be vulnerable to Shor's Algorithm (which, granted, do make up a lot of the crypto in common use), but there are lesser-used algorithms like McEliece and NTRU that are not vulnerable.
That said, quantum computers are still very far from breaking modern cryptography. We're playing around with a handful of qubits, but to break something like a 4096 bit RSA key would take trillions of quantum gates.
A qubit represents a single bit, in its two possible states: 1 and 0. Alone, the qubit could hold the probabilities that the bit will be a 0 or a 1 when you observe it. But for a quantum computer to be cool, you have to include entanglement!
When 2 qubits are entangled, they represent the probabilities of each of the 4 possibilities: 00, 01, 10, 11. If you only had the probability of each bit separately, say 10%/90% and 40%/60%, then the state would just be the multiplication of the two values: 4% for 00, 6% for 01, 36% for 10, 54% for 11. And if the first bit's probability changes, the second bit doesn't change. A simple multiplication will give you the new answer.
But entanglement means the probabilities are dependent on the values of other bits :) So say: if the first is a 0, the second has a 90% chance of also being a 0. And if the first is 1, the second only has a 50% chance of being a 0 or a 1. So if the first has a 20% chance of being a 0, that gives us 18% for 00, 2% for 01, 40% for 10 and 40% for 11. The values of the bits are linked to each other. It's not limited to a simple linear percentage; it can get more complicated by running the bits through various gates. So if the first bit's probability changes, you have to recalculate the new probabilities of B given A. That's when it would take exponential time using a classical computer, but it's all done instantaneously via entanglement.
The traditional rap against the NSA is that they've had productive breaks on all our conventional crypto constructions for decades (a more refined, modern bit of innuendo about NSA is that they have a cookbook of surprising implementation faults; side channels, for instance, that we haven't thought of yet --- here it's worth remembering that very few people in the world truly understand x64 and ARM microarchitecture, and Venn diagram overlap of those people and cryptographers is microscopic).
Crypto implementors have worked under the assumption that most crypto is suspect, given that they're outspent 100:1 by NSA, for decades.
"Revelations" about quantum computing at NSA as applied to cryptography would change basically nothing about how the smart money would bet on NSA capabilities.
Quantum computing allows specific types of quantum simulations to be performed in polynomial time instead of exponential time. The most powerful classical computers cannot get around what is known as the fermion sign problem.
I think super-accurate simulations would be very exciting; imagine a world where experiments are conducted using computers, but give the same exact results as their "real-life" counterparts.
They already are, and have been for many years now. Here's one example from a couple of years ago (https://www.fbo.gov/index?s=opportunity&mode=form&tab=core&i...) but there have been much larger-scale investments too.
Because of its coding and codebreaking relevance, this stuff is squarely within their charter. They are all over it.
According to wikipedia there is a "history of controversy."  Can anyone here provide more details?
It looks like it's the real thing in terms of being able to do a lot of useful quantum calculations that can't be done as easily with classical computers. It's not the full deal in terms of being able to do everything a 'true' quantum computer should be able to do - sounds like it might be able to help the NSA out with their data problem though.
Some people believe the Dwave device shouldn't be labeled as a "Quantum Computer" because the general community typically uses the Quantum Computer label for a device which could compute NP-Complete problems in linear time instead of exponential time, the Dwave device cannot do this.
If you are interested in what exactly the D-Wave computer is doing, http://www.scottaaronson.com/blog/?p=1400 is a good source.
There is a genneral algorithm that could solve many (all?) NP-Complete problems in the square root of the time it takes classical algorithms, but that is still exponential.
NSA with quantum computers - pre-crime analysis
CIA is already working on this with Recorded Future, and NYPD created a system with the help of Microsoft to create statistics to see where most crime is "likely" to happen and when.
I think we'll see a lot of very powerful technologies (quantum computers, mosquito-drones that can poison you in your sleep, etc) that can be so easily abused by governments, because they won't resist using them to get rid of people they don't like, especially if these technologies step on legal gray areas, but even if they don't (not like "mass spying of citizens" is anywhere close to gray area), or if they think they can keep their usage secret.
This is why it's going to be extremely important that the people get very outraged at such abuses as soon as even small ones happen using these technologies in the next few decades, to find balance in the law and government, before it's too late (these things will be moving fast).
Can you be specific as to how quantum algorithms are going to allow NSA to do "pre-crime analysis"? Could you talk a little bit more about the applicability of quantum algorithms to big data statistics problems?
You were very quick to comment on this thread, so I'm asking expecting that you have some interesting thoughts about quantum computing.
It isn't far fetched to think of evolved quantum algorithms for making better predictions than we currently do. On the other hand, some people kind of have the impression that with quantum computers suddenly NP won't be an issue anymore. Which is simply not true. Most problems we have will simply go unsolved and quantum computers will introduce problems of their own.
If you're referring to the algorithm I think you're referring to, you only get the speedup if your linear system is Hermitian and has O(polylog(n)) nonzero entries, which doesn't really help us if we care about things like weather modelling.
I doubt it. It would take O(n) just to copy that data into your quantum computer.
So, if the question you want to ask is "what is some property of the solution of the (sparse) set of linear equations" rather than wanting to know the (inherently O(n)) solution itself, you can get exponential speedup.