Quantum Computing Breakthrough in Japan

An anonymous reader writes "A research team funded by NEC and RIKEN, Japan's Institute of Physical and Chemical Research, are the first to demonstrate a Controlled NOT (CNOT) quantum gate. The CNOT gate when coupled with a rotational gate would create a universal gate. The universal gate would be the basis for quantum computing. ETA for the first quantum computers: 10 to 100 years." When quantum computers first come to fruition, the best part will be reminiscing about how terrible computers were "back in the day."

A couple of Thoughts

[ericspinder]

With that much computer power.

• So much for 128 bit encryption or 512, etc
• SETI would run out of signals to process

If you crash your quantum computer would you rip a hole in the space-time continum. Maybe that is how black holes get started; one for every planet that just gets to this point and then loads Windows on a quantum computer.

Re:A couple of Thoughts

This black hole brought to you by Microsoft!

"And you thought we sucked before!"

--
actually, no. the universe doesnt crash.. least not yet..

Re:A couple of Thoughts

[Bingo+Foo]

No, mathematical encryption today relies on the rate at which certain problems get harder to solve with increasing size. A non-polynomial scaling problem is, for all practical purposes, an impossible problem to solve when made bigger. That's why 4096 bit encryption will never be subject to a distributed crack competition (on classical computers). It's just so much harder than 64 bit. A quantum computer which could reduce such problems to polynomial time could solve not only 4096-bit, but 65536-bit and 4294967296-bit encryption in human-scale amounts of time (even if it's several years), instead of the millions of universe ages that Moore's Law tracking classical machines would require.

The availability of quantum computers for encryption cracking will just result in a change to another type of cryptography that does not rely on the unproven assumption that factorizing large integers is NP hard. These future encryption methods may be less mathematical and more physical.

Re:A couple of Thoughts

[child_of_mercy]

I'm not so sure one time pads will hold up to quantum mathematics where state or position are the key elements.

as long as a solution exists. not matter how improbable, it can be arrived at, as the gates in superposition go through all the possibilities simultaneously.

so, to my admittedly limited understanding, where brute forcing means it's statistically likely you'll crack conventional encryption after a certain limited number of iterations, and a certainty once you exhaust all the possibilities, unless the chance of brute forcing an OTP is exactly infinite then it's still going to be a snap to a machine that evaluates all states simultaneously.

But i don't pretend to have a deep understanding of the field.

So I promise not to get upset if someone now brutally demolishes my thinking

Re:A couple of Thoughts

[cfallin]

OTP works by having a completely random key that is as long as the data itself. It is then combined with the data in some way (say, for example, XOR) and reversed at the other end given the correct key.

The key (no pun intended) here is that there is no way to know when you have the correct key. With the XOR example, there exist keys that will produce every possible combination of output bits, and no way to tell which one is right. So trying to decrypt it is no different than generating random bit patterns the length of the data and seeing which output "looks right" - even looking for outputs that are valid English, you will encounter every possible sentence of the given data length.

I'm working on my own quantum computer

[Dancin_Santa]

But that's really neither here nor there.

Re:I'm working on my own quantum computer

[swingkid]

This may say more about my sense of humor, but that's one of the funniest things I've ever seen on slashot.

What is going to run on these computers?

[Apoptosis66]

We are already hitting the limits of how much code can work together without being riddled by bugs. I think we need a advance in programming first.

Re:What is going to run on these computers?

[supun]

Unreal Tournament 2104

Re:What is going to run on these computers?

[Ignominious+Cow+Herd]

we'll have to say goodbye to https, ssh, pgp, etc.

No more etc!? Where will we put all our configuration files?

Re:And with this first step...

[bigberk]

All of todays encryption becomes irrelevant

Not for a while, but it really does make you wonder. Pretty much all of the strongest encryption we have to date (except huge one-time pads shared between parties) rely on classical crypto: it's all about computational infeasibility of solving certain equations.

Quantum computing does have the potential to make this obsolete. All SSL -- used by banks, governments, might be breakable. PGP would be breakable.

It seems reasonable that governments will tightly control developments in this field once they catch on to what's at stake. IMHO, an enemy with the power to break classical crypto is a much greater threat than a jackass carrying an exacto knife.

No more encryption?

[Rimbo]

I think that modern encryption schemes could be broken really quickly.

Imagine what kind of encryption you could do with quantum computing. When the first computers were built, most of the standard methods of encryption became obsolete -- ones that usually involved simple letter-substitution. That wasn't the end of encryption; those same computers enabled new ways to encrypt messages.

So it stands to reason that the existence of quantum computers would lead to new quantum encryption methods, which would take millions of years for the best quantum computers to crack using brute-force.

Re:No more encryption?

[ultitool]

Modern schemes wouldn't be necessary because quantum cryptography would become the standard and is proven to be unbreakable by the laws of quantum mechanics. Any interaction (malicious or otherwise) of a third party is noticable to the proper parties and the message/key transmission is just repeated until a clean send is achieved.
Here, here and google (of course) provide some good reading if you're interested

Re:No more encryption?

[222]

You shouldnt confuse quantum computing with quantum cryptography. Quantum cryptography, even with a quantum computer, would still be unbreakable because of how it utilizes the randomness of photons, one time pads, and one hell of an anti-easedropping mechanism.
Quantum computing would also have a far more severe impact on modern cryptography than breaking it "really quickly". With the ability to instantly factor every large prime, for example, it would nullify the best we've got.

Re:No more encryption?

[roystgnr]

Modern schemes wouldn't be necessary because quantum cryptography would become the standard and is proven to be unbreakable by the laws of quantum mechanics.

Doesn't quantum cryptography require a point to point optic channel capable of successfully transmitting individual photons without interfering with their polarization (as well as detectors and receivers for such)? Even if people get fiber optic lines to their homes in the next few decades, I'm pretty sure we'll never see anything like that available to home users. If you want unbreakable cryptography today, you can use a one time pad with less inconvenience.

Re:No more encryption?

[freshmkr]

With the ability to instantly factor every large prime, for example, it would nullify the best we've got.

Nonsense! I can instantly factor every large prime--in my head!!

You can too.

--Tom

The Reason Progress Is So Slow

[Myriad]

The real reason why the development of quantum computers is going so slow is pretty simple: everytime they check on their progress they lose the damned thing!

(with appologies to Mr. Heisenberg)

Blockwars: realtime, multiplayer, and free!

Factoring in the effects of computational advances

[HalfFlat]

From the article,

That means calculations, such as working out the factors of prime numbers, which present problems for even the fastest supercomputers could be trivialized by a quantum computer.

Once they get prime numbers licked, they'll move on to the composite ones. To live in such heady times!

Re:hmm... hardware outpaces software again?

[bruthasj]

Yeah! It's called J2EE. You should check it out sometime. I'm sure the next incarnation, J3EE, will suck the living juice out of any quantum computer thrown at it.

Re:Quantum Computers

[geekoid]

yes, and well only need, maybe, 5 in the world...

Re:Quantum Computers

[00420]

Then again, if you chart processor and memory usage, you will find that nothing will run Windows 2015

At least call it by its proper codename. It's called Longhorn, not Windows 2015

Re:/.'ed? No worries:

[mike_g]

That means calculations, such as working out the factors of prime numbers, which present problems for even the fastest supercomputers could be trivialized by a quantum computer.

Hell, I have an awesome algorithm that runs in O(1) time for determining the factors of prime numbers, but no one is writing a news story about me.

What if ....

[2Bits]

What if we really achieve breakthrough and can really make usable quantum computers, while we still couldn't break through the math bottleneck, and all crypto suddenly become irrelevant?

Now we have a computer that can break all crypto, and we have no new crytpo algo that would make even a quantum computer crack for millions of years, would the governments in the world allow manufacturing of such a beast?

I have a quantum computer too..

[Epistax]

I don't know where it is, but it's moving at exactly 3.65 m/s.

They're fixing them?

[The+Munger]

When quantum computers first come to fruition, the best part will be reminiscing about how terrible computers were "back in the day."

No, they'll still be terrible. They'll just be terrible really quickly.

Some facts about Quantum Computing

[vlad_petric]

CNOT has been done before. IBM in fact has demonstrated Shor's algorithm on 15 (the smallest number that can be factorized with that algorithm). This required 7 qubits.

In a regular computer, data flows through "static" gates. In a quantum computer, the data (qubits) is stationary and the "gates" are in fact carefully crafted laser pulses (the article is not very specific about this particular CNOT gate though)

1-2 qubits is easy. More qubits are quite difficult to put together. That's why most of the current quantum computers barely do 10 qubits.

Errors are of analogical nature. Correcting them (with Q-ECC codes) is quite expensive - a more reliable qubit requires a couple normal qubits and gates (I say more reliable because the whole thing is probabilistic)

Quantum data is very "transient" - it cannot be copied. It can be teleported however (teleportation destroys the source). Storage is however difficult (keeping a superposition of qubits coherent for humanly-observable times is almost intractable)

A quantum computer can do an operation on 2^k superpositions at the same time (in other words, exponential work in constant time). Selecting the "right" answer from the superposition of 2^k results takes however 2^(k/2) (Lov Grover's algorithm) - so it's still exponential. This is one of the reasons quantum computers were not shown to be more powerful than regular ones (i.e QP != P) . Yes, Shor's factorization algorithm works in polynomial time on quantum computers, and is furthermore quite efficient, but factorization has been shown to be in P anyway (although the current "regular" algorithm is not efficient at all)

Re:Some facts about Quantum Computing

[dirtydamo]

Shor's factorization algorithm works in polynomial time on quantum computers, and is furthermore quite efficient, but factorization has been shown to be in P anyway (although the current "regular" algorithm is not efficient at all)


No, factorization has NOT been shown to be in P (or at least, I have never heard of this -- care to give references)?

Primality proving was recently shown to be in P, but that is a much easier problem.

Re:Some facts about Quantum Computing

[necama]

Last I checked, the best algorithms for factoring were still in NP; otherwise public key encryption would never be trusted for anything.

For that matter, the same algorithm, with very little change, also solves the discrete log problem and the hidden subgroup problem in polynomial time.

As for quantum data being "transient," it is true that most of the quantum information systems have decoherence problems. But, if memory serves, there are some with coherence times that can be measured in seconds. With refocusing techniques, you could probably hold onto a qubit state all day in those systems.

It'll be a while before we're ready to do that, though.

And, as others have pointed out, this is hardly the first time anybody has shown a CNOT gate. Chuang did this at IBM a few years back at least as part of his implementation of Shor's Algorithm to factor 15. I also believe it has been shown in a few other systems, but I'd need to dig through some archives first and track references.

Re:Here it is...

[The+Munger]

The new cliche will be pointing out cliches. The slashdotters who involve themselves in writing cliche +5 funnies will attract another crowd who moan about cliched +5 funnies.

Then they're be another crowd who analyse people moaning about people who write cliched +5 funnies. This mob is starting to come through.

Then people will start a cliched response to that level in the chain, and on, and on it will go until everyone on the planet is involved in the huge chain of cliched jokes, witty responses, and critique. After that, the sheer scale will evolve its own cliched jokes and the process will become... a chain!!!

Then ensuing feedback loop (having already swallowed all of humanity), will eventually achieve a sentience of its own (a product of the infinite monkey syndrome) and the Slashdot servers will grow legs and crawl away.

So please everyone, keep posting your cliched jokes. And if you don't post the jokes, post replies attacking the jokes. And if you don't post attacks, post some insight on the aggresion. And if you don't do that, think of something even more original. Eventually, we will all become the creators of a new form of life after which, I for one will welcome our Slashdot serving overlord.

IAAQCR (I Am A Quantum Computation Researcher)

[bifurcation]

Some very apt points, but I'd like to make a couple of corrections:

IBM in fact has demonstrated Shor's algorithm

I'm not certain that IBM hasn't done something similar, but I believe that the work you're referring to is an experiment at Los Alamos which used Nuclear Magnetic Resonance and lasers to manipulate nuclear spins as qubits.

... the "gates" are in fact carefully crafted laser pulses ...

Again, this is true in the Los Alamose experiment, but in general, gates can take on a bunch of different forms. In an NMR system, pulsed lasers are gates; in optical systems, things beam splitters and phase shifters (and the qubits do travel between gates); in solid-state systems, different electric fields are used to manipulate states.

If you can do quantum computing ...

[vlad_petric]

Then you can probably do quantum cryptography as well. Quantum cryptography has the nice property that an evesdropper cannot intercept the message without destroying it.

Anyway, RSA can be broken by factorization. Diffie-Hellman however requires the inversion of the discrete exponential function. While quantum computing can factorize in P-time, it cannot inverse an arbitrary function in a reasonable amount of time. It can do it more efficiently than a normal computer (2^(k/2) time as opposed to 2^k with Lov Grover's search algorithm, where k is the number of bits), but it's still exponential.

In any case, I wouldn't worry yet ... Shor's algorithm, for 512 bits, requires in the order of tens of thousands qubits (with realistic quantum error correction). So far the highest number of qubits that were put together is around 10.

Re:If you can do quantum computing ...

Diffie-Hellman however requires the inversion of the discrete exponential function.

Which you can also solve very well on a QC. Schor also proposed a (less famous) algorithm for this, or more exactly, for computing the discrete logarithm (which is a sufficent condition to break diffie hellman, but which is not even proven to be necessary...). Actually it was in the same paper.

So you do not need to use grover to speed up brute force. Even on a classical setting there are better ways to compute discrete logarithms than just doing brute force (let's it's smart brute force).For instance baby-step giant-step achieves the square root, but there are better ways (but you need some algebra :))

Not the first

This is not the first controlled not gate. Controlled not operations have been implemented in quantum optical systems for a few years now. The problem with quantum optics is that you cannot make the systems with lithography.

As they say in the article, it is the first controlled not quantum gate in a solid state device.
It is very important to make that distinction, since quantum optical systems have much less decoherence then solid state devices, which makes them a better candidate from a fundamental point of view. Combining that with the electronic-optical hybrid chip that was discussed in a posting here a few days ago, I think that you cannot rule out the possibility that quantum computers will be implemented in such hybrid systems as well.

No

[pmc]

You may be thinking of Polish Military Intelligence, but they did not "break" Enigma as such. They managed to break an Enigma system - the combination of machine and method of operation - which was to modern eyes fairly weak. Just before the invasion of Poland in 1939 the Germans changed they system and the Poles could not read it anymore (not because they couldn't figure it out, but that the methods used to crack it were too slow - they couldn't build the bombes which were an essential part of the cracking).

The most significant thing they did was to workout the wiring of the Enigma machine itself. There are 26! ways to wire the machine, and one of the Polish mathematicians - Marian Rejewski - in a stroke of genius - managed to work this out.

The British Intelligence built on the work of the Poles at Bletchly Park duing WW2. Turing in particular produced what was called "The Prof's Book" which was a systematic method for breaking Enigma regardless of the system being used with it. Note that the cracking couldn't be done cold - in particular the woring of the rotors in the enigma machines were required (as well as the wiring of the machine itself - although oddly this was never changed).

What both the Poles and the Allies realised was that Enigma had a huge weakness - it could never encipher a character as itself. The German's knew about this, but thought it was just a quirk.

Later on Shark appeared. This was a cypher system similar to Enigma except it worked on teletype messages. To break this Colossus was born, but the same general idea worked. Ironically, although this was the first Turing machine*, Turing actually had very little directly to do with it.

Thus ends the "Miniature Guide to Codebreaking in Europe in WW2"

* Actually, the German Z3 was the first Turing machine, in 1941. This is not the usual case of "to the victor the spoils" as nobody was sure that the Z3 was a Turing machine until about 1990, althought Conrad Zuse, its designer, thought it might be. I've always vaguely wondered if, by using the same tricks, you could get the difference engine to become a Turing machine.