Solid State Quantum Computer Finds 15=3x5 — 48% of the Time

← Back to Stories (view on slashdot.org)

Solid State Quantum Computer Finds 15=3x5 — 48% of the Time

Posted by timothy on Sunday August 26, 2012 @03:41AM from the please-show-your-work dept.

mikejuk writes "The Shor quantum factoring algorithm has been run for the first time on a solid state device and it successfully factored a composite number. A team from UCSB has managed to build and operate a quantum circuit composed of four superconducting phase qubits. The design creates entangled bits faster than before and the team verified that entanglement was happening using quantum tomography. The final part of the experiment implemented the Shor factoring algorithm using 15 as the value to be factored. In 150,000 runs of the calculation, the chip gave the correct result 48% of the time. As Shor's algorithm is only supposed to give the correct answer 50% of the time, this is a good result but not of practical use."

30 of 262 comments (clear)

Min score:

Reason:

Sort:

Maths by Anonymous Coward · 2012-08-26 03:45 · Score: 3, Funny

Sometimes 2+2=5, give the thing a break!
1. Re:Maths by Anonymous Coward · 2012-08-26 03:51 · Score: 4, Funny
  
  Of course 2 + 2 = 5. Take two strings. Tie 2 knots in each. Then tie them together and count the knots.
Re:That's no moon... by Anonymous Coward · 2012-08-26 03:48 · Score: 5, Funny

To be fair, it could have been either until we looked.
(And you could have posted either here or at the correct story.)
Can someone explain... by Crudely_Indecent · 2012-08-26 03:55 · Score: 4, Insightful

From TFA:

As Shor's algorithm is only supposed to give the correct answer 50% of the time, this is a good result.
How is it useful to have the correct answer 50% of the time? When designing computing algorithms, wouldn't you want it to return the correct answer 100% of the time?

--

"Lame" - Galaxar
1. Re:Can someone explain... by Anonymous Coward · 2012-08-26 03:58 · Score: 5, Informative
  
  Consider problems which take a lot longer to compute than to verify. It may be much faster to compute the answer with a quantum computer, then check it with a regular computer, than to simply compute it with a regular computer.
2. Re:Can someone explain... by gmueckl · 2012-08-26 03:59 · Score: 4, Informative
  
  That depends. Sometimes you have a hard time finding a possible result, but verifying it is simple. Factorization is just such a problem. So you repeat the algorithm and test the result until the test succeeds. If this is on average faster than a completely deterministic approach, you have won.
  
  --
  http://www.moonlight3d.eu/
3. Re:Can someone explain... by Anonymous Coward · 2012-08-26 04:03 · Score: 5, Funny
  
  How is it useful to have the correct answer 50% of the time?
  Cat life-support devices.
4. Re:Can someone explain... by Anonymous Coward · 2012-08-26 04:12 · Score: 5, Funny
  
  If you can factor really large prime numbers,
  I can factor really large prime numbers in my head.
5. Re:Can someone explain... by thue · 2012-08-26 04:12 · Score: 4, Insightful
  
  For a concrete example, the RSA public key includes a number n, which is the sum of two secret primes p and q. The encryption is broken if an attacker can derive p and q from n by factorization. ( http://en.wikipedia.org/wiki/RSA_(algorithm)#Operation )
  if you could factorize an RSA public key 48% of the time then it would be a pretty big deal, since it would render RSA completely obsolete.
6. Re:Can someone explain... by Sancho · 2012-08-26 04:19 · Score: 4, Informative
  
  RSA public key includes a number n, which is the sum of two secret primes p and q
  Just FYI, it's the product of two secret primes. Product is for multiplication, while sum is for addition.
7. Re:Can someone explain... by ShanghaiBill · 2012-08-26 04:23 · Score: 4, Informative
  
  How is it useful to have the correct answer 50% of the time?
  In many cases, it is very useful. If you need to crack a code by factoring a 200 digit number, getting the right answer 50% of the time would be fantastic. You just try repeatedly until you get the right answer.
  
  When designing computing algorithms, wouldn't you want it to return the correct answer 100% of the time?
  Of course. That is why the "quantum" computer would be just part of the solution. Overall, your algorithm would look like this:
  correct_answer() {
  for (;;)
  answer = quantum_result();
  if (verify_answer(answer)) {
  return answer;
  }
  }
  }
  
  This solution would be good enough for any problem where verifying an answer is much faster than finding an answer. Most NPC problems fall into this category.
8. Re:Can someone explain... by __aaltlg1547 · 2012-08-26 04:43 · Score: 5, Interesting
  
  That may be so, but computing the prime factorization of 15 is not in that class.
  I don't think you should even get to call something a middle-school dropout can figure in his head faster than he can say "Fries with that?" computation. So-called quantum computers still barely qualify as expensive but useless toys.
  Post again when a quantum computer can solve a real mathematical puzzle at a speed comparable to what a traditional computer can do. That would be news.
  Scientists have been touting the supposedly vast potential of quantum computing for decades now. D-E-C-A-D-E-S. But thanks to fundamental limitations of the nature of what they are, it's really hard to get them to barely work at all. It appears we could forever be stuck at the point where the qubits can be minimally processed but quantum decoherence can't be held off long enough to get a useful result. Meanwhile traditional methods of computing continue to forge ahead, although the rate of increase is slowing. Just keep in mind: quantum computing is 2500 years behind traditional computing methods in general, 175 years behind automated mechanical methods and more than 70 years behind electronic computers.
  Electronic computing methods overtook all other methods extremely quickly, but they faced only technical challenges not challenges posed by the fundamental nature of what they were trying to do. You can regard them in some ways as fancy abacuses: they literally count chunks of charge the way an abacus uses the position of beads to represent numbers (or in principle anything else). With qubits, you are attempting to get definite results by exploiting the indefinite character of things like the spin states of electrons. That's not just hard. It may be intractably hard. But if somebody can get it to work it might be very valuable to the NSA and anybody else interested in cracking the security of computing systems.
9. Re:Can someone explain... by cryptizard · 2012-08-26 04:50 · Score: 4, Informative
  
  Thats how we find primes right now. All the practical algorithms are probabilistic. If a number is prime, running the algorithm always returns "prime". If it is composite, running the algorithm will result in "prime" about half the time and "composite" about half the time. This is fine, however, because we can run the algorithm n times and our confidence is .5^n, which grows very small very fast.
10. Re:Can someone explain... by neokushan · 2012-08-26 04:54 · Score: 4, Insightful
  
  Yeah, scientists were theorising about the Higgs-boson for deacdes as well. Sometimes it takes that long to get somewhere.
  It's very early days for quantum computing. The fact that they've taken something from pure theory and made it actually do something is a fantastic indicator that they're onto something. So what if it takes another 5 decades to get there, the implications would still be incredible by that point.
  
  --
  +1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
11. Re:Can someone explain... by goffster · 2012-08-26 05:00 · Score: 4, Insightful
  
  An algorithm that could factor a 4096 bit number even 10%
  of the time would be enough to consider 4096 key as completely unsafe
  for cryptography.
  It is easy enough to verify the result.
12. Re:Can someone explain... by sjames · 2012-08-26 05:31 · Score: 3, Informative
  
  I believe it's just confusing wording. They're saying 48% is good because at best it could only have been 50%. It's impractical because it is only 4 qbits and so conventional computing can easily do the job faster and cheaper for numbers that small (for that matter, it' small enough that a lookup table is an attractive solution).
13. Re:Can someone explain... by ld+a,b · 2012-08-26 05:36 · Score: 3, Insightful
  
  Let me remind you of the zeroth law of thermodynamics - You can't have nice things.
  By that law I predict Shor's algorithm works in practice as follows:
  6=2x3 96%
  15=3x5 48%
  35=5x7 24%
  77=7x11 12%
  143=11x13 6%
  Good luck breaking RSA.
  
  --
  10 little-endian boys went out to dine, a big-endian carp ate one, and then there were -246.
14. Re:Can someone explain... by Wraithlyn · 2012-08-26 05:40 · Score: 5, Insightful
  
  There should be a "-1 Bitching That This Doesn't Meet My Personal Criteria For News" mod. Every. Damn. Article. Somebody has to come write an essay on how completely not interesting or impressive this is to them.
  Yes, factoring 15 isn't particularly impressive. Thank you, Captain Fucking Obvious.
  Now if you'd bothered to RTFA, you'd have noted it already directly discusses this:
  
  Of course, factoring 15 isn't something that is going to threaten the PKI and cryptography in general, but factoring larger numbers is just a matter of increasing the number of qubits and this approach does seem to be a scalable solid state approach.
  So they can instantly factor numbers (well, with ~50% success), with an approach that *seems scalable*. That's news to me.
  Maybe in a few months, there will be another story about how they failed to scale this approach up. That will be an additional piece of news. Failure can be news.
  Some of us are interested in the journey, not just the destination.
  
  --
  "Mind, as manifested by the capacity to make choices, is to some extent present in every electron." -Freeman Dyson
15. Re:Can someone explain... by Anonymous Coward · 2012-08-26 05:57 · Score: 3, Informative
  
  With qubits, you are attempting to get definite results by exploiting the indefinite character of things like the spin states of electrons. That's not just hard. It may be intractably hard.
  
  Actually, the math and abstract procedure of how to do this is pretty well understood. The question of how to get definite answers from such quantum states is solved, in the sense the algorithm's results are very quickly and easily shown to have worked or not (and not just by multiplying the two factors, the result of the quantum portion of calculation has to be converted into actual factors via classical computation, and is obvious when this fails). The jump from probabilistic states to definite answers is already quite clear.
  The hard part is improving the signal to noise ratio essentially. It is not the managing of the quantum states, but managing of the apparatus to keep it doing what you want it to do. And that is one of the big results of this paper. It is not about the 48% being good enough to be practical, it is that the 48% result is almost the ideal 50% case. This means that outside noise and device failure due to improperly carrying out the steps was quite small, which suggest that the number of qubits could be scaled up, and still have the algorithm followed. It is pretty well understood what the limitations of the algorithm is, and known that it could still be very, very useful, but that won't go anywhere if the algorithm can't be implemented.
Size, not reliability by TheRaven64 · 2012-08-26 03:57 · Score: 4, Interesting

Validating the result is cheap on a classical computer. Even for very large values, multiplying two 4096-bit values together and checking the result is incredibly cheap. A quantum computer that could give the right set of divisors for a 4096-bit prime 1% of the time would still let you very quickly find which of the answers that it gave was correct. The limitation is the size, not the reliability.

--
I am TheRaven on Soylent News
One word: by drainbramage · 2012-08-26 04:02 · Score: 4, Funny

Close enough for government work.

--
No brain, no pain.
1. Re:One word: by fuzzyfuzzyfungus · 2012-08-26 04:25 · Score: 3, Insightful
  
  In this case, I suspect that the NSA would readily agree... This quantum computer is far too small for any practical purposes that couldn't be brute-forced with a TI-83 much more easily; but tepid accuracy isn't a big deal if checking your work is computationally inexpensive...
2. Re:One word: by __aaltlg1547 · 2012-08-26 05:40 · Score: 4, Funny
  
  Close enough for government work.
  Did you count that with a quantum computer, because by traditional methods I get 5 words 100% of the time.
Well heck, Intel might buy it. by Anonymous Coward · 2012-08-26 04:04 · Score: 5, Funny

Historically, they're a bit more tolerant about that math thing.
NSA likely already built one by IamTheRealMike · 2012-08-26 04:10 · Score: 5, Interesting

It seems that quantum computing has consistently been viewed as harder than it really is, judging by the ever-decreasing timescales between breakthroughs. Judging from the history of cryptography, and the military value of being able to break RSA, it's not unreasonable to expect that the NSA may have been trying to build such a chip for some time and could potentially have succeeded.
Some months ago James Bamford, who is the premier chronicler of the NSA and has a history of being given accurate leaks, claimed the NSA had made a "huge breakthrough" in its ability to break codes - and that the datacenter they're currently building is a part of the solution. The NSA denied everything of course. But if academics are now able to build a working implementation of Shors algorithm for small numbers, that strongly implies that a focussed team with practically infinite budgets could have already succeeded in building one that can handle crypto-sized numbers.
1. Re:NSA likely already built one by Sancho · 2012-08-26 04:34 · Score: 4, Insightful
  
  And before anyone freaks out and thinks that the NSA is reading their e-mail, keep in mind that they have to be very selective about how and when they use results from their quantum computer. This is similar to breaking ENIGMA--you want the enemy to think that their codes are secure, so you don't suddenly counter all of their plans perfectly. You certainly don't turn this on e.g. classical organized crime, as that could give away your capabilities on a considerably less valuable target.
Re:First post - from a quantum computer by StillAnonymous · 2012-08-26 05:43 · Score: 4, Funny

They've done studies, you know. 48% of the time, it works every time.
Re:That's no moon... by Anonymous Coward · 2012-08-26 08:55 · Score: 3, Informative

Schrödinger wrote about the cat idea in order to demonstrate how ridiculous that particular model of quantum physics is; he'd be rolling in his grave if he knew that people were taking it as truth...
Great! Congrats! by drolli · 2012-08-26 08:58 · Score: 4, Interesting

Disclaimer: I am a former researcher in the field, left to some other job.
What you can see at UCSB is what happens when a team of scientists which ae skilled in engineering, working as a team, and collaborating with everybody happens to have the right guy as the leader (with the right policy about co-authors on publications).
Everybody whom i met from this team was open, honest, and friendly; they have worked hard and long on it and they accumulated some of the best people.
They deserve the success they have now! I think there may be a small break now in their publications, since i have the ffeling they now may work on overcoming the next big roadblocks (but now they they have all the backing they could need for it).
I also have to state it will be a long long way to the first QC. While i believe that every step like this will be more than just replicated at the NSA, i believ that they wont be more than 10 years ahead, and i estimate 20y-30y until qc works better than classical qc (although I also hope and believe that breaktroughs are possible).
Re:That's no moon... by Pseudonym · 2012-08-26 14:09 · Score: 3, Informative

That case happens rarely. The case you're actually looking for is values of a where the function has even period.
The reasoning behind it is this:
Suppose that N has at least two distinct prime factors. (If it isn't, then N is either prime or a perfect power of a prime. There are efficient algorithms for detecting the latter case.) Further suppose that the function f(x) = a^x mod N has minimum period 2r for some r. (That is, f(x+2r) = f(x), but f(x+q) f(x) for any q < 2r.)
In this case, a^(2r) is congruent to 1 modulo N, but a^r is NOT congruent to 1 modulo N. That is, a^r is a square root of unity modulo N, but it isn't congruent to 1. If it also isn't congruent to -1 (which is the case that you mentioned), then it's a nontrivial square root of unity.
Now consider the number d = gcd(a^r-1, N). If d=N, then N is a factor of a^r-1, that is, a^r is congruent to 1 modulo N. This is a contradiction (since we eliminated this case above), so it can't happen. Similarly, if d=1, then a^r is congruent to -1 modulo N, which is the other case that we eliminated above. (Exercise: prove this!)
So d is a divisor of N (because it's the gcd of N with some other number), but it isn't 1 or N. Therefore, it's a nontrivial factor of N.
Of course, it's not obvious that there should be an a for which f has even period, but that's where the hardcore analysis comes in.

--
sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});