Slashdot Mirror
IBM Builds A Limited Quantum Computer
phr1 writes "IBM has announced and Yahoo has noted that the first working implementation of Shor's
factoring algorithm. Using NMR techniques they built a seven-qubit
quantum computer and factored the number 15 into the factors 3 and 5.
This is by far the most complicated quantum computation ever done.
It's quite an amazing feat--many people thought quantum computing
was just a theoretical curiosity and Shor's algorithm could never
be implemented in practice."
to factor 15 as it does the product of two 128 bit primes, what's stopping this computer from breaking current asymmetric crypto right now?
--
grep "xercist"
If a private sector company has been able to climb the steep hill that is quantum computing, how far has the US govt been able to get with their nearly unlimited budget?
It has been widely acknowledged that such agencies as the NSA have been at least a decade or more ahead of the private sector. The first govt to get a working quantum computer not only has unbreakable encryption, they are able to read any code of foreign nations. The stakes are incredible!
Soon, they will be watching all of us. Better read 1984 quickly my fellow citizens!
2 years back i heard someone(i belive it was bruse schneir), say that the NSA or los alamos had built a quanum computer, and it could factor the number 7, down to 1 and 7, not to hard. but still an impressive feat.
-- free as in swatantryam - not soujanyam.
Now all I need to do is write a proprietary OS for it, and convince IBM to let me keep the rights!
I'm thinking of calling my company "Quantumsoft"
And my software would be able to slow the quantum computer to a crawl!
The Kruger Dunning explains most post on
So, what happens if you ask it to factor a prime? Does it explode? ;-)
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
If they had to hand-craft a molecule to factor the number 15, it would seem that quantum computing would have to be very specialized. Do they have any schemes for creating a general purpose quantum CPU?
Give a man a fire, and he'll be warm for a day, but set him on fire, and he'll be warm for the rest of his life.
even though we can factor 15 == 3*5, we are still far away from useful quantum computer applications. the problem is that the coherence time of the atoms is fairly short and only O(10^3) computations can be performed before the system is decoherent. there are many interesting (but rather technical) papers about this subject and how to build quantum computers with quantum dots or any other solid state devices. you can get a glimpse of what is going on at the front of physics at http://xxx.lanl.gov/. just search for quantum+computing...
... for GnuPG to have 100000 bit keys? Quickly?
From the Yahoo article:
;-)
"Previously the largest computer IBM had built was based on five atoms."
So what about the 2 ton behemoths everyone's been buying for years?
My brother found this for me not too long ago. The math involved can get rather intense, but I think it 's worth pointing out:
An Introduction to to Quantum Computing for Non-Physicists - Available in PDF, PostScript, and others.
If you do a google search, you probably can find it elsewhere, also.
--GFish4
And I thought my 4-bit key's were safe!
Damn the relentless progress of computing!
I don't think the point was that this molecule could only factor 15 (well, maybe, but read on). The point is that they needed to make a molecule with 7 atoms that could interact in a certain way. To do bigger problems, they will need to design a molecular structure that fits many more atoms together. However, that structure will be able to solve *any* problems possible within its capacity.
Just send in Robert Redford and his team of lovable misfits to get the black box out of the answering machine!
I believe the UI on this thing is more of the "Switches and Lamps" variety.
cat
... "They should have asked me to do it. They could
have saved a lot of money."
Ben "You have your mind on computers, it seems."
I'm not a computer scientist, so for us lay people interested in cryptography, which methods could this compromise?
I am guessing it would only be those which use factoring large numbers as their "hard" problem. Right? Obviously RSA style public key based encryption is in danger, but that just means I need to find a secure channel to exchange keys.
What implications does this have for things like IDEA or even Xoring with a big chunk of random data?
The technique used here (NMR) is probably the best understood way of doing quantum computing (a lot of the basics are dragged straight out of medical imaging technology). Unfortunately it has a very fundamental limitation: the initialisation phase scales exponentially. Everything else is practical, but for every qubit you add you need to add exponentially more molecules to your system. Since you start off with a "billion billion" molecules you get a good head start, but systems much beyond seven qubits become very difficult and anything practical is impossible.
Of course almost all current quantum computing schemes have fatal flaws and NMR is well ahead of everyone else (with the possible exception of ion trapping). However in most other schemes the flaws aren't fundamental (just really, really, difficult to fix).
Disclosure: I have worked on a competing quantum computing scheme (neutral atoms). It's crap too.
Los Alamos built a three-qubit quantum computer a while back. I don't have references, except a few mentions in other news articles. Sorry.
2 1, 00.html
But in March of 2000, a group claimed to have built a 7-qubit quantum computer. It's based on some different techniques than previously used, but the researcher said that the techniques can't go past 15 qubits. Check it out at:
http://www.wired.com/news/technology/0,1282,351
If you put a cat inside this computer, will it die?
--- -- - -
Give me LIBERTY, or give me a check.
It's also discussed at news.com .
Looking for any old 8-bit Heathkit/Zenith software/hardware - http://heathkit.garlanger.com
Looks like the number of qbits available in a quantum computer is doubling every 18 months. The article notes the 2 qbit computer was built in 1998, the 4 qbit unit in August 2000 and now a 7 qbit computer in December 2001....they've still got another couple of months to get the 8th qbit....
7 Qbits already? That's great! No one should ever need more than 640 Qbits.
Sheesh, evil *and* a jerk. -- Jade
Start here: http://www.qubit.org/
As below, so above and beyond, I imagine drawn beyond the lines of reason. Push the envelope. Watch it bend.
At JPL, among, there is a group working on quantum key distribution. The aim is to have entanged photons distributed at the same rate (or almost the same rate) as the data, and to use this as a crypto key that is totally unbreakable. Untappable, unbreakable, impervious.
Doesn't it strike anyone as strange and cool that quantum computers and quantum key distribution are coming to fruition at almost exactly the same time?
muerte
However, if and when this takes off, there'll be a sweet spot where it is easier to build the extra weaker computers than the more powerful larger one. Ie, $20 for a 7 qubit processor but $50 for one with 8 qubits; you'd be better off with the weaker ones.
Dyolf Knip
Yeah, that's why you see so many computers today that are really a bunch of 4 bit processors running in parallel. Cause it's so much cheaper.
Democrats or Republicans. They are both taking us to the same place and they are not afraid of us anymore.
Quantum computing could conceivably obsolete public key (asymmetric) cryptography. However it doesn't break conventional cryptography. A sufficiently strong quantum computer can turn an O(f(n)) computation into O(f(sqrt(n)) but that's all. For example, it could break a 56-bit key in 2**28 steps instead of 2**56 steps. That means 128-bit keys could conceivably be broken by quantum computers (in 2**64 steps). However, by doubling the key length (say to 256 bits) you get the security against quantum computers that you now get against conventional computers.
7 qubits!?!? Sheesh, Noah's Ark was 300 qubits long, by 50 wide, by 30 high. And seven is supposed to be impressive thousands of years later?
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
If we don't get a more secure encryption system out before the real quantum big guns come out, e-commerce etc is basically stuffed.
The behavior of divide by zero is user defined on most computers. You can have the computer say whatever you want it to say. You've just got to mess with the interrupt vector table.
Btw, the limit of 1/x as x approaches zero is infinity. but 1/x isn't infinity. If it were you could do things like
1/x = inf
2/x = inf
so 1 == 2
autopr0n is like, down and stuff.
I dearly love SSH, but if it's based on inherently transparent (to quantum computers) mathematics, it's worthless - perhaps worse, since I trust it.
We need to begin considering this problem NOW, before the privacy of just about everybody is opened up to the whim of somebody with enough money to buy a quantum computer!
There will definitely be, as Quantum computing hits mainstream in the next 5-15 years, a co-existence period - like twilight, the period of greatest danger, when the world of computing is based neither entirely on binary or quantum systems - and we're heading for that with momumental speed.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
20-30 years is about right. AT&T proved the posibility of optical computing I can't remember the exact year but It was somewhere between 1980 and 1997. How long after that did it take for galium-arsenide optical processors to get put into DVD-rom drives. Anyways, I full well expect the Playstation 7 or the Xbox 5 to be using quantum-computers so that those 3-d games can be played with some kinda full immersion system with real physics. At the rate we're going now we won't need encryption, since noone outside the NSA or the FBI or the military will be allowed to use it. In fact it will probably be illegal to choose an operating system or modify any hardware device purchased.
https://www.gnu.org/philosophy/free-sw.html
Thats precisely what you have. In somecases a thousand 32bit processors running in parallel rather than a single 32000 bit processor.
I even have a dual celeron under my desk as it was (and continues to be) cheaper than a Sparc or Alpha (and many others) but is (for what I do with it) close enough is speed to the other that I don't notice.
Rod Taylor
So can I, but I cannot communicate those values to anyone as my nervous system (controllings hands, mouth, etc) cannot handle the load and crashes.
Too bad really. Having the answers to all the questions and not being able to share.
Rod Taylor
Yeah, that's why you see so many big computers today that are really a bunch of 32 bit processors running in parallel. Cause it's so much cheaper.
autopr0n is like, down and stuff.
Which gets back to the original point. Quantum computing is just a way to sieve multiple solutions in parallel. Much akin to the idea of DNA Computing.
Think of a beowolf cluster of 1,000,000 athlons at 1.4ghz compared to a single 486 60mhz. The time per solution is hugely different even if the exact same binary program is used to solve the problem.
Also QC does not break any barriers related to NP != P. If a QC computer works this does not change. It just means some NP problems become faster to solve.
Tom
Someday, I'll have a real sig.
And maybe you're not.
Come on, give it up, that's
The only thing that's secure against quantum computers is one-time pads, which are impractical over the internet.
Unfortunately, that means people using factoring-based keys are in trouble today, because an adversary with a sufficiently large budget (and sufficent access to certain routers) could stockpile a rather large portion of Internet traffic for cracking at such time that it becomes feasible to do so.
Evidence and paranoia leads one to suspect certain parties do evesdrop on a certain fraction of email, particularly email sent across international cables. If such email is already being filtered for certain keywords, how much harder is it to filter it for apparently encrypted email and shelve it for later use?
Just some specific problems like factoring.
For GENERAL brute force search type problems
the speedup is as I described. See the articles
at qubit.org for more info.
Ok, I'm not educated on the matter. Please tell me how RSA is not a factoring problem. Iduno about other public key systems, but I was pretty sure that fast factoring of large numbers breaks RSA.
There are no trails. There are no trees out here.
Oh. Sorry. Reread top level post. Ignore please.
There are no trails. There are no trees out here.
Actually, Shor's algorithm takes a O(e^N) algorithm on a classical computer (factoring into primes) and reduces it to a O(N^2)algorithm, so not only does it reduce an exponetial order algorithm to a polynomial algorithm, which is already achieving the holy grail of computing computationally hard problems, but does so in spades. Essentially, if QC's can scale to the number of bits required and operate at any decent clock speed (more on this in a bit) then RSA will go the way of the dodo. So will every other encryption scheme that I know of that is based on a computationally hard to compute key that a QC algorithm can be written for. (BTW, Shor also created an effcient O(N^4) algorithm for the discreet log, which is also used in some encryption schemes, or so I am told).
Granted I am not a security/encrytion expert, so your statement about this only being effective for assymetric encrytion schemes may be correct if conventially encryption is not based on a hard key, but I thought that all encryption was based on hard keys (BTW, isn't cryptography the creation of a code to hide/diguise the data, as opposed to encrypting it with a function?).
With regard to "clock" speed (There is no fundamental reason a QC needs to be clocked, but for the sake of simplicity let's say it is), NMR states are, I think, stable on the order of milliseconds, so maybe the computer could "clock" several hundred computations per second. It would still take awhile to do several million comps, or about how many comps will be required to factor something on the order of 10^25 with Shor's algorithm, but timewise that's on the order of months, not the known age of the universe like it would be for a regular computer (figures are from memory, and are meant to illustrate the orders of magnitude involved, not necessarily be completely accurate).
Granted this is all a guesstimate, but I think a pretty conservative one.
Someone else quoted rate of ~ O(10^3) computations before decoherence. A QC is probablistic, which means that you run it over and over under an interation produces the correct result. The chance of getting an incorrect answer decreases with each iteration. Shor's algorithm takes either 3 or 4 computations (defined in a QC as a evolution of the wave state) per iteration. I may be a little off here, it's been awhile, but it's definitely around that so if that quote is acurrate, decoherence is no problem, at least for the quoted setup. It also, assuming a decoherence time on the order of ms, appears to be faster than my above guess.
Essentially, even if QC's can't crack various keys in realtime, they could make key generation/distribution a real pain in the ass and essentially end the era of uncrackable encryption (unless of course it is quantum encryption which is in theory uncrackable, but I know alot less about that)
Does anyone have any data on how many comps/sec various qubit models can handle? I'd like to see if my guess was close:)
A friend of mine there says their employee evaluation system has three ratings: "OK", "Not OK", and "Nobel Prize". He's only partly kidding; they have several Nobel laureates on staff.
You're right that the NSA knew about Differential Cryptanalysis years before anyone. I extrapolated this largely using the same facts - but if you read _AC_ carefully they openly acknowledge this.
But you're wrong in the fact that DES IS resistant to DC. The bit S-box design the NSA gave IBM are designed to make it STRONGER against DC NOT weaker.
"As in choosing the key length , another of the NSA'a design criteria was based on making the algorithm [DES] resistant to differential cryptanalysis..." _AC_ first edition Schneier page 238
If you want to bust the NSA's chops complain that they made the key length go from 128 to (effectively) 56 bits. Now that hurt...
=tkk
Bill Gates - Creationist?!?
Namely, Grover's algorithm would enable you to brute force a symmetric key of size N in O(exp(N/2)) time rather than the current O(exp(N)) time.
In other words, if quantum computers (even with very large number of qubits) are built, today's public key cryptosystems would no longer be secure, but today's symmetric cyphers would simply need to have their key length doubled to keep the same rough level of security.
-- Stanislav Shalunov
You should have used 5-bit keys like me.
Everytime you look at porn a devil gets their horns.
The big whoha is that factoring numbers is computationally difficult. Public Key encryption
is based upon the fact that it is very easy to randomly pick some prime numbers and multiply them together to get an answer. The number that is produced can only be produced by multiplication of those two numbers, so there is only one pair of numbers that can be deduced by factorisation. Now, there is no easy way to determine the factors of a number, the only way is to use a brute force approach. That takes time, due to the large amount of time needed, it makes this ideal for implementation in a cryptographic system, and guess what? That's what most public key systems use. So it makes it possible for somebody to totally undermine all the existing e-commerce infrastructure and grep all of your passwords and credit card numbers and al-Queda arms shipments.
IBM announcement - in history section:
"But in 1994, Peter Shor of AT&T Research described a specific quantum algorithm for factoring large numbers exponentially faster than conventional computers -- fast enough to defeat the security of many public-key cryptosystems. The potential of Shor's algorithm stimulated many scientists to work toward realizing the quantum computers' potential. Significant progress has been made in recent years by numerous research groups around the world."
Maybe Magic Lantern isn't needed, and maybe the feds should be more concerned about quantum scientist as the next great public threat? Lets' see now... Hacker used to be a positive connotation.....how to turn Quantum into a negitive connotation...or is ther another name by which these scientists go by?
given that a quantum computer could factorise a number N into factors a1, a2, a3,...etc in a defined time, we can therefore tell whether N is prime by seeing if it returns a1=1, a2=N.
Would it be possible to build a 'super' quantum computer which checks simultaneously all numbers from 0 -> 2^n (where n is the number of qbits) and returns only those which are prime.
In other words, you would be carrying out 2^n computations simultaneously, each of which is comprised of 2^n computations ?
"phr1 writes "IBM has announced and Yahoo has noted that the first working implementation of Shor's factoring algorithm."
/grammarnazi]
[grammarnazi]
Apparently, phr1 does not need to use.
Complete sentences. =P
Either that or get rid of the "that".
[clicks jackboots,
-Kasreyn
Kasreyn: Cheerfully playing the part of Devil's Advocate to hairtrigger
http://www.technetcast.com/tnc_play_stream.html?st ream_id=310
Check the slides too at:
http://cm.bell-labs.com/who/rob/qcintro.pdf
Regards,
Marc
How stupid.
autopr0n is like, down and stuff.
According the very definition you linked:
1.a: A specified or indefinite number or amount.
Is infinity not an indefinite number?
autopr0n is like, down and stuff.
I never did learn AWK. (/me reads awk(1)). Hmm... An interesting tool. And lighter-weight than Perl. Might use this for bootdisks or base system scripts or something... Interesting... Thanks.
Need I go on?