MIT's New 5-Atom Quantum Computer Could Make Today's Encryption Obsolete

An anonymous reader writes: In traditional computing, numbers are represented by either 0s or 1s, but quantum computing relies on atomic-scale units, or "quibits," that can be simultaneously 0 and 1 -- a state known as a superposition that's far more efficient. It typically takes about 12 qubits to factor the number 15, but researchers at MIT and the University of Innsbruck in Austria have found a way to pare that down to five qubits, each represented by a single atom, they said this week. Using laser pulses to keep the quantum system stable by holding the atoms in an ion trap, the new system promises scalability as well, as more atoms and lasers can be added to build a bigger and faster quantum computer able to factor much larger numbers. That, in turn, presents new risks for factorization-based methods such as RSA, used for protecting credit cards, state secrets and other confidential data. "If you are a nation state, you probably don't want to publicly store your secrets using encryption that relies on factoring as a hard-to-invert problem," said Chuang. "Because when these quantum computers start coming out, [adversaries will] be able to go back and unencrypt all those old secrets."

Improvement to Shor's algorithm, no new technology

If you actually read the scientific article (which is available as a preprint unter [1]), what the authors discuss is how to significantly improve Shor's algorithm, the quantum algorithm for factorizing prime numbers. They show that the number of qubits needed to perform Shor's algorithm is actually quite a bit lower than what previous versions of the algorithm required - and they claim that their version is much more scalable than previously known versions.

They demonstrate their algorithm by factorizing the number 15 using trapped ions. That elementary qubit operations can be performed with trapped ions has already been demonstrated [2], that part is nothing new. Factoring the number 15 with Shor's algorithm is has also been done before. But since their algorithm doesn't need nearly as many qubits as the previous formulation of Shor's algorithm, specifically they only need to have a single ancillary qubit in addition to the qubits required to represent the number to be factorized (in contrast to 3n ancillary qubits), and given the fact that the quantum Fourier transform operation that was previously required to be performed on the ancillary qubits is difficult to pull of in practice while keeping quantum coherence, they argue that their algorithm will be much easier to implement in real quantum systems.

So their research is actually a big step forward when it comes to a potential actual practical realization of Shor's algorithm, and what they did is still very impressive (even the experimental part of their work), but their work doesn't address the problem of actually scaling up the number of qubits: 5 bits have been done before, and while their work means that less qubits are needed, it's not like even a (512+1+error correction) qubit computer with quantum coherences is around the corner (note that to break 512 bit RSA you don't need a quantum computer). Furthermore, there's a huge debate in the community as to what the best design for a scalable qubit architecture is: the authors of this paper seem to follow the school that wants to use ion traps, but there are also other approaches to implementing qubits: superconducting qubits (in various variants), spin qubits (including nuclear spins), semiconducting qubits, adiabatic quantum computation, and a couple more. A lot of people in the community are working on all of these different approaches, and it is not clear to me which of these will be the most effective way to implement a quantum computer in the end. And scaling this up beyond 100 qubits with full quantum coherence and quantum control of qubit operations (from all reports e.g. the D-Wave machine "only" does quantum annealing with ~500 qubits, and doesn't implement a universal quantum computer) is something that's still quite a bit away. How long? I don't think anybody can really predict. Could be 5 years, could be 10, could be 50.

To reiterate: the paper is a breakthrough, because (if we leave out error correction for the moment, which increases the number of qubits required) to factor a 1024 bit RSA key, one would previously have needed 1024 + 3 * 1024 qubits and a very difficult to pull off quantum operation (quantum Fourier transform) on 3 * 1024 qubits simultaneously. This paper reduces that to 1024 + 1 qubits, where the KQFT operation only has to be applied to the 1 additional qubit. We still don't know how to actually manufacture a quantum computer that maintains coherence well enough with that many qubits, so there's no need to start panicking when it comes to this, but these kind of improvements do show that research towards asymmetric cryptography that is safe against quantum computing is required - and that we should really start implementing these kinds of algorithms NOW, so that when somebody actually has breakthrough in this regard, we have the technology in place to switch at that point. A good starting point for people that are interested is the pqcrypto.org site [3] and the excellent talk by Dan Bernstein and Tanja Lange at 32c3. [4]

[1] http://arxiv.org/abs/1507.08852
[2] https://en.wikipedia.org/wiki/Trapped_ion_quantum_computer
[3] http://pqcrypto.org/
[4] https://www.youtube.com/watch?v=6XeBvdm8vao

Re:Totally misleading title

[Jason+Levine]

Much apprciatd. My own storag of 's was gtting dangrously low. I trid to buy thm from an onlin sourc, but that sal fll to pics. Who knw it would b so hard to locat a vndor to purchas xtra 's from?