Quantum computing bombshells that are not April Fools
scottaaronson.blog264 points by Strilanc 4 days ago
264 points by Strilanc 4 days ago
I worked at a quantum computing company that builds superconducting QC chips (so, not really applicable to one of the “bombshells” from the article). My team was designing the software stack which allows to control the QC, run quantum jobs/algorithms, and calibrate the parameters.
I’ve made two attempts to explain the work we’ve been doing and to explain the current realistic state of the industry:
1. A talk at PyCon: https://youtu.be/tT1YLP5T71Y
2. A free ebook “ Quantum Computing For Software Engineers” https://leanpub.com/quantum-computing-for-software-engineers
The company I left a few months ago is planning its IPO this year. Like almost all other quantum companies, it’s gonna be a SPAC merger, not a pure IPO. Those traded companies mentioned in the other comments are mostly SPACs as well.
Thank you for posting/sharing.
My mid-sized US city (Chattanooga) has recently announced a partnership with Vanderbilt and EPB (local govt-owned fiber ISP) which creates a Quantum Computing Research Facility [$,$$$,$$$,$$$] [1].
As locals are covering this news, I keep having this thought that nobody (perhaps less than a few?) even knows what those words mean (certainly not me). You speak confidently and clearly enough that I'm incline to believe it's kind of real.
So thanks for sharing your P[0]V with this dumbass (former data center) electrician (me). All the "Quantum"-phrasing represents to me is more local job opportunities.
>>@3m27s: "Quantum computing is basically trying to treat some isolated piece of the universe to behave slightly less randomly, for a very brief timeframe, so that it is useful to you when you try to solve some problem."
>>@20m: [simple flow-chart of interacting with Quantum Processing Unit]
>>@final.words: [paraphrasing] "Right now you buy a quantum computer simply to research quantum computers. Ours is $14MM"
>>@final.meme: <https://i.imgur.com/WKaN3mL.png> [2]
>>Q&A further listening recommendation: <https://www.preposterousuniverse.com/podcast/2024/05/13/275-...>
>>"If you learn the examples on <https://quantum.country> you will be among top 1% of QC newhires."
[0] that quantum computing is "kind of real", which is how it always feels when being-described
[1] <https://www.vanderbilt.edu/chancellor/initiatives-and-outrea...>
[2] explain yourself (you really think you can include this slide in your presentation and then not talk about its implication(s)?!)
The meme refers to the notion where an observation (i.e. interaction) collapses the wave function to a single value. As in, prior to observation, a system in a quantum superposition is said to be "in multiple states at the same time", and after the obsevation only one state exists, while all other possibilities are gone (or exist in other worlds, according to one of the interpretations of quantum mechanics [0]).
So, in that meme, the guy looks at one girl (the observed state) and "ignores" all other girls (all other possible states).
[0] https://en.wikipedia.org/wiki/Many-worlds_interpretation
I'm about 20 minutes into:
>>https://www.preposterousuniverse.com/podcast/2024/05/13/275-...
Which was recommended from the top_commenter's link to his own professional QPU programming presentation. I remain interested in learning more about this pure magic.
Ya'lls words both seem to represent worlds which I doubt even more words could help me into ever understanding(s).
I definitely understand being "in multiple states at the same time" — — —
> I worked at a quantum computing company
the moment i read it i immediately thought about Rakhim, then i checked your username and indeed it was you. Fun!
If they're going public I imagine they already sell some kind of QC chips. But, like, who buys them? Yesterday there was a new paper [1] that shows how Shor's algorithm could break realistic encryptions with as little as 10,000 qubits (instead of millions), but as far as I know quantum hardware is still orders of magnitude below even that target. So how big can the market actually be? Shipping to universities or other QC companies for playing around with some actual hardware is nice and all, but in the end someone will be left holding the bag. There is zero profit to be made at the end of the chain.
>There is zero profit to be made at the end of the chain.
Think of all the "sales" that comprise such things as space missions (ones without immediate real-world use) or large hadron collider. Or any other large, expensive, long scientific project. If you measure the outcome purely in money within decades, these things can be said to be zero or negative profit.
How much profit was at the end of the chain of the current Artemis lunar mission? Well, zero or negative, but lots of companies and people up the chain made meaningful progress and made a living. Quantum computing is just like that in my opinion.
The biggest problem in my eyes is the "game" of commercialization. This technology is in early research phase, but it's so expensive and not immediately game-changing that the public funding was never enough. So, companies started to play the "we sell products" and "we do IPO" games, which IMO doesn't make sense.
Profit is serves as a decentralized coordination for the allocation of scarce resources of the infinite number of commodities and combinatorics of products and services that exist in the world.
Have you read Basic Economics by Sowell?
At this point my bet is that the breakthrough isn't going to be qbits per chip, it's going to be entanglements-per-second in quantum networking. If you could string together simpler processors in a cluster at anything approaching interesting scales then all of a sudden the orders of magnitude become a lot less constrained and it's just a money problem.
Quantum networking is a lesser problem than changing the state and keeping intact long enough. You can already move quantum state over fiber optics pretty reliably, so transport exists, but what then? You need to put the qubits of the connected chip into the corresponding state (which takes time), and do it many times, and all that time is an overhead.
Superconducting QCs are fast, but the state degrades incredibly quickly, so you only have a fraction of a second (maybe a millisecond at best, currently) until the entire state is garbage. Some other modalities like trapped ion are the opposite: state can live long, but each operation is orders of magnitude slower.
During my 3.7 years at the company, we had dozens of sales of full-stack quantum computers, chips + cryostat + control electronics + software, ranging from 5 to ~100 physical qubits. Naturally, the buyers are mostly research institutions and univercities who need a real quantum computer to do research on quantum computation and simulation (to a lesser degree with the superconducting technology, though).
(Often the research is done purely within clasically-simulated quantum computers, i.e. virtual QCs, but to verify and make the research publishable they need to run at least partial sub-problems on a real chip.)
Another, smaller, market is HPC centers. They buy and install quantum computers into existing HPC infrastructure because a) they have a few customers who need it (sometimes those same research institutions/universities), and b) they need to solve the integration problem for the future when QCs are actually used for real-world problems and big customers come to HPCs to run both classical and quantum high-performance jobs.
Here is an excerpt from my book I linked above, just to give a bit more context:
---
Since quantum computers are essentially analog devices that allow you to control, in a limited fashion, a set of quantum objects, you can do some research in foundational quantum physics. [...] Still, given the current state of the industry, classical computers outperform most quantum systems. But the research applied to smaller QCs can be scaled once the hardware scales.
Of course, the main area is quantum computing itself. From abstract, mathematical notions of algorithms to very low-level questions of calibration, many universities and research organizations are eager to have a quantum computer available to prove their theories and discover new properties. Commercial companies that deal with material science, battery technology, agriculture, and chemistry are buying quantum computers (or at least buying access to one) because they want to be ready if and when truly large-scale QCs become available. [...]
And finally, integration research. This is the least known and least discussed topic in the industry but is very important. Its significance is one of the motivations for writing this book. Quantum computers, being research tools, are not normal products. They are driven by software, like anything else, but this software changes rapidly and is rarely written with long-term evolution in mind. If you buy a quantum computer today, chances are your code will not work on any other quantum computer, or even on the next iteration of the same machine. At the same time, researchers often need to work with multiple types of machines simultaneously, and HPC (high-performance computing) centers, i.e. supercomputing data centers, want to integrate quantum computers into their existing infrastructure and provide a "quantum compute" service to their users.
Does quantum have any money making prospects?
Breaking encryption is illegal. Making encryption is difficult to profit from.
Other than that, what’s the value add?
Scaring people, then selling them stuff that you claim will deal with the scare. It's practically a license to print money.
Here's hoping that my stock for D-Wave ends up being worth something.
Quantum computing seems super cool, but I've been a little skeptical of it actually ever yielding anything useful. I would love to be wrong, it seems neat, and I have read through a few books on the subject and played with simulators, so I'm not completely talking out of my ass here, but quantum as a whole has kind of felt like vaporware to me.
As I said, I have stock in D-Wave, obviously it would be in my best interest for quantum to end up as cool as it seems.
D-Wave is not making the type of quantum computers these breakthroughs would apply to, even if scaled up, as far as i know.
They recently bought a more gate based quantum computing company [1]
[1] https://www.dwavequantum.com/company/newsroom/press-release/...
You can rent Quantum computing time from IBM cloud today:
https://www.ibm.com/quantum/products
https://quantum.cloud.ibm.com/docs/en/guides/plans-overview
I have NOT used it, but the idea is interesting.
hello,
as always: imho (!)
i've used the ibm quantum platform together with python/qiskit during my last project - which was something like: simulate quantum-networks on "real" quantum-computers...
ibm's support, introductions / documentation anbd usability of the platform is really great.
idk ... not comparable / much better than most of the quantum-computing hardware startups i know / looked at. of course, its easy if you have "deep pockets" like ibm does ... ;))
ok, back to the quantum platform:
it had a free-tier on the "old" quantum-platform - until july 2025: 10 minutes of compute on a set of machines - back then up to 127 qubits - per month ... no identification necessary / just an email-address.
sadly this "very generous" free-tier was killed of during the transition to the all new "quantum cloud platform" during spring/summer 2025 ...
and it really works like a charm :)
just my 0.02€
You can rent it, but it's basically worthless at this stage.
there's still a long road to commercial applications but today's hardware is simulating quantum systems beyond the scale of classical methods, for example [1]; an interesting line of work opposite to this can be found in those who improve classical methods towards such examples [2], but these are only developed because of the existing quantum hardware
Really though, today's IBM hardware is good fun to play with, eg for generating moderately large GHZ states
[1] https://arxiv.org/abs/2510.26845 [2]https://arxiv.org/abs/2306.14887
Is there anything you can do on a rented QC that you can't do cheaper on a simulated QC on a "classical" CPU/GPU today?
hello,
yes ... especially if you want to execute quantum-circuits which use a lot of qubits.
why!? one approach of the simulation of quantum-computers rely on the so called "state vector" of the machine, and its memory-usage grows exponentially.
for example qiskit AER
* https://qiskit.github.io/qiskit-aer/stubs/qiskit_aer.Stateve...
just as an example:
for 32 qubits, the simulator needs 64 GB RAM
=?> double the RAM for each additional qubit
so: for 36 qubits, the simulator needs 1 TB RAM
:)
so it gets pretty "costly" to do simulations rather quickly ...
just my 0.02€
No. They're a decent playground for prototyping hybrid algorithms but even that is limited. No one has yet published a hybrid algorithm on a rentable QC provider that has better benchmark performance than a modern CPU/GPU implementation.
I got some too. Obviously the principles behind quantum computing are perfectly sound. It's just those pesky engineering obstacles.
One of the companies around today or in the near future will be the one who makes it work at a practical scale. It will have enormous impact, but I think it will be a slow-burn kind of thing as making effective use of quantum computers will take a long time to evolve, IMHO.
Unfortunately, Google and IBM are also working on this stuff and they have deep pockets. They might do it, but even if they don't they may very well decide to acquire whoever does.
These stocks (IONQ, RGTI, QBTS, XNDU) are a sort of thinking-man's LOTTO ticket which will have its numbers called anytime within the next 5 to 20 years (probably closer to 20). I think they're worthwhile to hold in affordable quantities to see what happens. It might hit big, or it might fizzle out for a variety of reasons. There will also be some hype-driven market sugar-rushes along the way that are an opportunity to rake in a modest profit. This has happened already with IONQ, RGTI and QBTS earlier this year. It will certainly happen again when the patagonia-vest people get jazzed about something.
You might benefit from https://en.wikipedia.org/wiki/Index_fund
Like 95% of my investing money ends up going to fairly-low-risk ETFs like VOO or VTI, not too different than from an index fund.
Still, that last five percent is more or less my gambling money. I put it into individual stocks with the hope they get huge. Sometimes it works out well, like when I bought $700 of Nvidia in 2022. Sometimes it goes badly, like when I bought a bunch of Sears stock with the hope they'd bounce back.
I think I'm still technically "up" with my gambling money, though it's in the budget of "stuff I'd be ok going to zero".
Well, if it comes out of your gambling budget and you treat it as entertainment, then there's nothing wrong with that. At least the expected average payout is way better most other forms of gambling.
Feels a bit nice to live not only with the disturbance caused by unpredictability of AI, but by unpredictability of QC too, refreshing
To put this in context, we've had a streak of improvements to Shor's algorithm that have put the horizon much closer. In 2022, people from Microsoft estimated that it would take more than 10M (physical) qubits to implement factoring. We're now standing at a 1000x improvement. It's still years away for sure, but who can be unhappy with all that progress?
ms paper: https://arxiv.org/abs/2211.07629
Caution: that 10M estimate assumes gate error rates 10x lower than the ones assumed in the papers from TFA.
One thing I find rather amazing about all of this is the degree to which the Bitcoin community has tried, for years, to claim that quantum computers will be another other than a complete break.
Sure, it takes a pretty nice quantum computer or a pretty good algorithm or a degree of malice on the part of miners to break pay-to-script-hash if your wallet has the right properties, but that seems like a pretty weak excuse for the fact that the entire scheme is broken, completely, by QC.
Does there even exist a credible post-quantum proof protocol that could be used to “rescue” P2SH wallets?
The best proposal I have heard for rescuing P2SH wallets after cryptographically relevant quantum computers exist is to require vulnerable wallets to precommit to transactions a day ahead of time. The precommitment doesn't reveal the public key. When the public key must be exposed as part of the actual transaction, an attacker cannot redirect the transaction for at least one day because they don't have a valid precommitment to point to yet.
That’s kind of adorable. Would you need to pay to record a commitment? If so, how? If not, what stops someone from DoSing the whole scheme?
I don't think you're understanding how cryptography works. A commitment is basically a hash that is both binding and hiding. In this example it's probably easiest to think of it as a hash. So you hash your post-quantum public key (something like falcon-512) and then sign that hash with your actual bitcoin private key (ecdsa, discrete-log, not quantum safe) and then publish that message to the bitcoin network. Then quantum happens at some point and bitcoin needs to migrate but where do funds go? Well you reveal the post-quantum public key and then you can prove that funds from the ecdsa key should go there. From a technical perspective, this is a complete and fool proof system. DoSing isn't really a concern if you publish to the actual bitcoin network and it's impossible for someone to use up the key space (2^108 combinations at least).
The reason this is a dumb idea is because coordination and timing. When does the cutover happen? Who decides which transactions no longer count as they were "broken" b/c of quantum computing? The idea is broken but not from technical fundamentals.
The DoS attack in this scenario is someone just submitting reasonable-looking but ultimately bad precommitments as fast as possible. The intuition is that precommitments must be hard to validate because, if there was an easy validation mechanism, you would have just used that mechanism as the transaction mechanism. And so all these junk random precommitments look potentially legitimate and end up being stored for later verification. So all you have to do to take down the system is fill up the available storage with junk, which (given the size of bot networks and the cost of storing something for a day) seems very doable.
If the question is storage, bitcoin itself provides a perfectly good mechanism. idk the exact costs but it'd be in the range of ~$0.45 to store a commitment. That's cheap enough to enable good users with small numbers of keys but also expensive enough to prevent spam. It's kind of the whole point of blockchains.
As for verification being expensive, it sounds like you don't know the actual costs. It's basically a hash. Finding the pre-image of a hash is very expensive to the point of being impossible. Verifying a pre-image + hash function = a hash is extremely cheap. That's the whole point of 1-way functions. Bitcoin itself is at ~1000 EH/s (exahashes per second)
Again, this isn't a technical problem. It's a coordination problem.
Commitment validation would indeed be trivial.
This whole scheme fails if an attacker can manage to delay a transaction for a day, and if the commitment also commits to a particular transaction fee, then the user trying to rescue their funds can’t easily offer a larger transaction fee if their transaction is delayed. But if the commitment does not commit to a transaction fee, then an attacker could force the transaction fee to increase arbitrarily.
Maybe the right strategy would be commit, separately, to multiple different choices of transaction fee.
Yes, that would be a concern. You could require a proof of work to submit a precommitment, so that DoSing was at least expensive to do. You could have some sort of deposit mechanism, where a precommitment would lock down 0.1 bitcoins (from a quantum-secure wallet) until the precommitment was used. I admit I'm glad I don't have to figure out those details.
24-hour latency to make a payment? What is this, the 20th century?
This is for rescue, not for payment. Once you've moved the coins to quantum-secure wallet, the delay would no longer be needed.
...probably some people would be very inconvenienced by this. But not as inconvenienced as having the coins stolen or declared forever inaccessible.
> ...probably some people would be very inconvenienced by this. But not as inconvenienced as having the coins stolen or declared forever inaccessible.
I don't know why anyone f's around with crypto anymore. So many caveats, such a scammy ecosystem. It just doesn't seem worth the trouble to support a ransomware and money laundering tool.
> the Bitcoin community has tried, for years, to claim that quantum computers will be another other than a complete break.
Who specifically is claiming this? Satoshi literally mentioned the need to upgrade if QC is viable on bitcointalk in 2010.
Call me crazy, but I think if bitcoin is ever broken they're more likely to move to a centralized ledger than a more secure decentralized ledger. Roughly nobody invested in bitcoin cares about the original mission, they just care about their asset prices.
On the brightside at least we'll have a clear indicator for when quantum computers actually arrive.
If Bitcoin is broken then your bank encryption and everything else is broken also.
As far as I know quantum computers still can't even honestly factor 7x3=21, so you are good. And the 5x3=15 is iffy about how honest that was either.
https://news.ycombinator.com/item?id=45082587
Bitcoin uses 256-bit encryption, it's a universe away from 5x3=15.
You are assuming that progress on factoring will be smooth, but this is unlikely to be true. The scaling challenges of quantum computers are very front-loaded. I know this sounds crazy, but there is a sense in which the step from 15 to 21 is larger than the step from 21 to 1522605027922533360535618378132637429718068114961380688657908494580122963258952897654000350692006139 (the RSA100 challenge number).
Consider the neutral atom proposal from TFA. They say they need tens of thousands of qubits to attack 256 bit keys. Existing machines have demonstrated six thousand atom qubits [1]. Since the size is ~halfway there, why haven't the existing machines broken 128 bit keys yet? Basically: because they need to improve gate fidelity and do system integration to combine together various pieces that have so far only been demonstrated separately and solve some other problems. These dense block codes have minimum sizes and minimum qubit qualities you must satisfy in order for the code to function. In that kind of situation, gradual improvement can take you surprisingly suddenly from "the dense code isn't working yet so I can't factor 21" to "the dense code is working great now, so I can factor RSA100". Probably things won't play out quite like that... but if your job is to be prepared for quantum attacks then you really need to worry about those kinds of scenarios.
1) yes, everything is affected, but everything else is being migrated to PQC as we speak
2) "256-bit encryption" has different meanings in different contexts. "256-bit security" generally refers to cryptosystem for which an attack takes roughly 2^256 operations. this is true for AES-256 (symmetric encryption) assuming classical adversaries. this is not true for elliptic curve-based algorithms even though the standard curves are "256-bit curves", but that refers to the size of the group and consequently to the size of the private key. the best general attacks use Pollard's rho algorithm which takes roughly 2^128 operations, i.e., 256-bit curves have 128-bit security.
in the context of quantum attackers, AES-256 is still fine although theoretically QCs halve the security; however its not that big of a deal in practice and ultimately AES-128 is still fine, because doing 2^64 "quantum operations" is presumed to be difficult to do in practice due to parallelization issues etc.
the elliptic curve signatures (used in Bitcoin) are attacked using Shor's algorithm where the big deal is that it is asymptotically polynomial (about O(n^3)) meaning that factoring a 256-bit number is only 256^3/4^3 = 262144x more difficult compared to factoring 15. this is a big difference from "standard" exponential complexity where the difficulty increases exponentially by factors of 2^n. (+ lets ignore that elliptic curve signatures dont rely on factoring but the problem is essentially the same because Shor does both because those are hidden subgroup problems)
the analysis is more complex but most of it is essentially in that paper and explains it nicely.
Your bank doesn’t depend only on cryptography. It would be still a lot of effort to simply make transfer from a bank account. Quantum computer will not magically give an answer for a password of a hash you don’t have. TLS is moving to post quantum as we speak.
For crypto currency you have all the data you need to break whole system ready in your hands as you will be able to produce private key from public keys of wallets. Cryptocurrency depends only on cryptography.
In Bitcoin's case, public keys are only revealed during a transaction.
And every transaction completely spends the source keypairs' funds.
So the only attack vector a quantum computer could use is:
1. Observing newly broadcast/unconfirmed transactions
2. Deriving the private key(s) from the public key(s)
3. Creating and broadcasting its own transaction using the stolen keypairs before the original transaction confirms (presumably with a higher fee to win the confirmation race).
Please correct me if I'm wrong.
EDIT: correction: every transaction completely spends any selected UTXO of an associated keypair, not all of the "source keypairs' funds". Thus the attack vector also includes being able to steal from any keypair that has ever made a transaction and also has UTXOs.
The newest transaction mechanism (taproot; P2TR) exposes the public key of the receiver as part of the transaction. If it becomes more commonly used, the supply of bitcoins with exposed public keys would start going up again. See figure 5 of https://arxiv.org/pdf/2603.28846#page=14 .
If your bank’s encryption is broken in the future, then, to recover, you will need to change your password, and that’s all. Bitcoin does not have that luxury.
Also, your bank can switch to securing TLS with post-quantum key exchange algorithms with little difficulty and with no particular scalability or re-architecting challenges.
As for “256-bit”, the best known quantum attack against symmetric ciphers is Grover’s algorithm, and Grover’s algorithm will never break a targeted 256-bit symmetric key in the lifetime of the universe even if run by a hypothetical alien civilization with a Dyson sphere. (It might plausibly break one of many targeted keys in a multi-key attack run by advanced aliens, but this won’t steal your money and it could be easily mitigated by moving to 384 or 512 bits.)
All serious financial businesses already have a quantum strategy and are actively working on transitioning their cryptography to post-quantum secure algorithms.
Bitcoin doesn't use 256 bit encryption, unless you mean 256-bit hashing. The cryptographic algorithms that are mostly under quantum threat are asymmetric, e.g. digital signatures.
> All serious financial businesses already have a quantum strategy and are actively working on transitioning their cryptography to post-quantum secure algorithms.
That’s hilarious and it’s not even April 1 anymore.
Lots of serious financial businesses still use FTP or use SFTP running some unbelievably bad server implementation on a Windows machine somewhere that uses such outdated cryptography that it doesn’t even interoperate with modern OpenSSH. Operations do not necessarily score highly on the ACID scale. It’s tied together with duct tape and baling wire.
On the other hand, the system works and is really remarkably resilient to various failure modes. You would be hard pressed to cause more than severe annoyance by compromising these crappy old systems.
I work in the sector, and I'm responsible in my own organisation for our quantum strategy. Most, if not all, of the serious players are doing this. This doesn't mean we have replaced all our old crypto; far from it.
NIST has defined a timeline for post quantum readiness to be complete by 2035. Crypto migrations historically take a long time; you can't just replace your own stuff, or upgrade just a server. All the clients that interact have to upgrade as well or it all breaks.
> If Bitcoin is broken then your bank encryption and everything else is broken also.
Its a lot easier for your bank to change encryption methods than it is for bitcoin. Presumably you mean TLS here (where else do banks use encryption? Disk encryption?). People are already deploying experiments with quantum-proof TLS.
> As far as I know quantum computers still can't even honestly factor 7x3=21, so you are good. And the 5x3=15 is iffy about how honest that was either.
This is probably the wrong way to look at it. Once you start multiplying numbers together (for real, using error corrected qubits), you are already like 85% there. Like if this was a marathon, the multiplying thing is like a km from the finish line. By the time you start seeing people there the race would already be mostly over.
I still don’t really get the argument, like okay this extremely rich theoretical attacker can obtain the private key for the cert my service uses, and somehow they’re able to sniff my traffic and could then somehow extract creds. But that doesn’t give them my 2fa which is needed to book each transaction, and as soon as these attacks are in the wild anti fraud/surveillance systems will be in much harder mode.
I don’t see QC coming as meaning bank accounts will be emptied.
disclaimer: I work at a bank on such systems
My bank definitely doesn't require 2FA on every transaction. It only requires it to log in. I guess other people have more security concious banks then me.
Even still, i think there is some benefit to attackers being able to passively monitor connections. Getting the info neccesary to conduct some other type of fraud outside of the system. Lots of frauds live or die on knowing enough about the victim's financial situation.
However it really doesn't matter, when it happens we will just switch to different encryption.
It’s turning into a bit of a grift now. So many crypto agility “consultants “ popping up with their slop graphics. Never mind the fact that even if a relevant quantum computer is built it will still cost the user millions of dollars to break each RSA key pair…
I dont neccesarily think it would cost millions per key pair. Hard to say with the technology so immature, but it seems like the sort of thing with huge upfront costs but low marginal costs. Once you have a QC you dont have to build a new one for the next key pair.
Sooo it’s essentially claiming that the impossible thing is essentially a bit less impossible, but currently still impossible. Nice
The whole thing is that we have proofs that this is possible, and have been seeing continuous engineering progress. Having followed this for awhile, it seems to me that saying quantum computing is "still impossible" at this stage is like saying that GTA VI is still impossible, based on its unpredictable timelines.
Sorry, I meant a quantum computer that is actually built where these theories can actually be applied. Current quantum computers are as useful as current nuclear fusion reactors.
I am just over any sensational headlines from the past 10 years. They really need to drop a tweet like "Check out my quantum computer that is actually useful" like Sam Altman did with GPT to convince me.
At this stage, it's more like Musk and self driving cars, but at least QC around the corner is from mid 1990s
Well yes, but this is research - it progresses gradually and incrementally until eventually it is ready to be deployed. I for one am really interested in following these progress updates, rather than just being surprised when it finally drops. In particular, I find the recommendation to switch to quantum-resistant technology to be very important.
Related:
Discussion on the Google one,
Safeguarding cryptocurrency by disclosing quantum vulnerabilities responsibly
Note that. The primary mechanism in error-correction paper is "selective quantum observations". It means we don't need to use all available resource but selectively error-correct. Similar idea is also recently explored in quantum chaos, whereby system is still chaotic but localisation can be observed in the ancillary system.
Related phenomenon is quantum Zeno Effect, https://en.wikipedia.org/wiki/Quantum_Zeno_effect Zeno Effect appears over selective observation, rather than selective states.
This site is almost impossible to read on mobile unless you have good vision. Normally I can just hit the button in my phone browser to read it in reader mode, but this site doesn’t support that either. It’s a shame.
I am surprised that in 2026 more websites don’t seem so concerned about responsive design, especially when the goal is to read the content.
Yeah, I have the same issue (Firefox). Every website nowadays should have a responsive layout that works for smartphones.
Reading mode in your browser…?
> Normally I can just hit the button in my phone browser to read it in reader mode, but this site doesn’t support that either.
I would love to use reading mode in my browser if this site supported it. As I noted.
If you request the desktop site, reading mode will be available (that’s my experience anyway).
Can quantum computing do even basic math yet? I think this was the holdup. Or perhaps I'm missing the point.
This is a good question, and currently the answer is no. Quantum computers can only run very short, simple algorithms right now, because the qubits they're built out of are noisy. You need a lot of error correction, which the community is working on.
The thing is, unlike ordinary computers, quantum computers can factor numbers about as easily as they can multiply them. So as soon as they can multiply two large integers, they'll also be able to factor the result and break RSA encryption based on keys of that size.
This blog post gives a good sense of the state of the art and what progress might look like:
Why haven't quantum computers factored 21 yet? https://algassert.com/post/2500
And isn't the response already known in the validation process?
I don't understand your question. Can you elaborate?
Replication of quantum factorisation records with a 8bits home computer, Abacus and a dog
What are you trying to say here? This makes no sense.
That's a famous paper that debunk a lot of things related to marketing announcements. Basically nothing has truly factorized 15, let alone 21.
I think "basic math" here means arithmetic or similar. Solutions exists, but current machines are noisy:
V. Vedral, A. Barenco, and A. Ekert, Quantum net- works for elementary arithmetic operations, Physi- cal Review A 54, 147 (1996).
[flagged]
This comment is wildly inappropriate and violates the community guidelines here. I suggest you delete it.
[dead]
[dead]
[flagged]
[flagged]
So does BTC need to hard fork? Good luck getting to a consensus again ...
If QC gets to the point where breaking RSA and ECC in the real world is actually going to happen, I'd imagine you will find a consensus rather quickly.
If an upgrade becomes necessary, it would be a soft fork. (Consensus would still be a challenge)
I’m impressed by the BTC obsession: this will definitely impact the banking sector as a whole even before. Quantum FUD, here we come.
The banking sector can relatively trivially move to a new encryption scheme - this is one of the huge advantages of centralized systems. Also, the banking sector, rather than trying to provide anonymity/pseudonimity, has KYC - they can relatively simply disable remote access if they think a current system is no longer secure, and get everyone to come in to a physical office and get a secure version, after manually verifying they are the rightful holder of the account.
Tldr; Bitcoin relies entirely on encryption, banking does not. So broken encryption is a catastrophe for Bitcoin, but just a bad week for banking.
> they can relatively simply disable remote access if they think a current system is no longer secure, and get everyone to come in to a physical office
After all these years of it not being required? I think that's... very naive with regard to how clients would respond.
I'm not saying it would be pretty, but it would still be infinitely better than what migtn happen in Bitcoin land - where people will either be able to steal money from those wallets directly, or the owners will permanently lose access.
Upgrading decades old legacy systems? Good luck with that.
External access to banks is already using the latest versions of TLS, so no luck needed, they will just need to upgrade as they do constantly.
Maybe it's a good time to start promoting my 5 year old, lightweight, hand-crafted, battle-tested, quantum-resistant blockchain: https://capitalisk.com/
It's about 5000 lines of custom code. Crypto signature library written from scratch.
> Crypto signature library written from scratch.
That's a sentence every white hat cryptography enthusiast loves to hear lol.
It's a very simple signature algorithm. They're welcome to try and crack it. If there is an issue with it, it shouldn't be hard to identify within those few hundred lines. Nobody found any issues in the last 5 years though.
Isn't it a good thing that there exists at least one blockchain in the world which isn't based on the same crypto library used by every other project? What if those handful of libraries have a backdoor? What if the narrative that "you shouldn't roll out your own crypto" is a psyop to get every project to depend on the same library in order to backdoor them all at once at some future date?
Strange how finance people always talk about hedging but in tech, nobody is hedging tech.
> What's wrong with hedging?
To be (an actual) hedge, something needs to be very solidly understood (by the purchaser), a very solid investment in its own right, and either reverse correlated or independently correlated specifically with a particular asset being hedged.
And not based on analysis of one "hedging" scenario, because both are going to be owned over a huge distribution of scenarios.
Probably the worst indicator of an investment being credible, is a promoter who has to stoop to the floor to ask "What's wrong with hedging?", as if that manipulative bon mot was ever in question, or was the relevant question.
If a motivated promoter can only make a very bad case, believe them.
And, if an "expert" attempts to get respect for their work from non-experts, instead of from other experts, there is something very wrong. Because the former makes no sense.
--
If you don't know how to get respect from experts, study more, and figure out how to trash what you have. Counterintuitive. But if you have anything original right, thats how to find it. Identify it. Purify it. And be in a better position to build again, with just a little more leverage, and repeat. Or communicate it clearly to someone qualified to judge it.
You won't have to persuade anyone.
If you have to persuade someone, either you don't have something, or you don't understand what you have well enough to properly identify and communicate it.
You have ambition. You have motivation. You have interest. You follow through and build. That is it. Don't stop. Ego derails ambition. Kill your darlings. Keep going.
Why would experts care about my product? There's no big money behind it. The big money has to come in first, then the experts come later to tell the big money whatever they want to hear. Maybe they want to hear the truth maybe not... Either way the paymaster always hears what they want.
Besides, I am an expert. I studied cryptography at university as part of my degree. I have 15 years of experience as a software engineer including 2 years leading a major part of a $300 million dollar cryptocurrency project which never got hacked... I know why the experts were not interested in my project and after careful analysis, I believe it has nothing to do with flaws in my work.
If anything, it might be because my project doesn't have enough flaws...
At this stage, I hope you're right. I hope I will find the flaws in my projects that I've been looking for after 5 years.
You are leaving something out then. Which you allude to.
Bravo on five years! I recently solved a problem that took me over 30. I originally thought, 3-5 months maybe, then 3-5 years, ... I am happy it didn't take 50. I have killed a lot of my own darlings.
Well apparently you know what you are doing, I am sure you have something.
I have found the best language models are great at attacking things. You may have already done that, but if not its worth a try. Free brutality.
