Quantum Researchers Achieve 10-Fold Boost In Superposition Stability (thestack.com)

← Back to Stories (view on slashdot.org)

Quantum Researchers Achieve 10-Fold Boost In Superposition Stability (thestack.com)

Posted by EditorDavid on Saturday October 22, 2016 @01:34PM from the 0's-or-1's-or-both dept.

An anonymous reader quotes The Stack: A team of Australian researchers has developed a qubit offering ten times the stability of existing technologies. The computer scientists claim that the new innovation could significantly increase the reliability of quantum computing calculations... The new technology, developed at the University of New South Wales, has been named a 'dressed' quantum bit as it combines a single atom with an electromagnetic field. This process allows the qubit to remain in a superposition state for ten times longer than has previously been achieved. The researchers argue that this extra time in superposition could boost the performance stability of quantum computing calculations... Previously fragile and short-lived, retaining a state of superposition has been one of the major barriers to the development of quantum computing. The ability to remain in two states simultaneously is the key to scaling and strengthening the technology further.
Do you ever wonder what the world will look like when everyone has their own personal quantum computer?

89 comments

Min score:

Reason:

Sort:

of course by TheRealMindChild · 2016-10-22 13:46 · Score: 2

Do you ever wonder what the world will look like when everyone has their own personal quantum computer?

It will happen around the same time I can run an economical fusion reactor

--

"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
1. Re:of course by sheramil · 2016-10-22 14:12 · Score: 2
  
  Do you ever wonder what the world will look like when everyone has their own personal quantum computer? It will happen around the same time I can run an economical fusion reactor
  ... mediated by an AI, through virtual reality. i wonder what the world will look like when people stop masturabting to diegetic prototypes like they were the real thing.
2. Re:of course by atherophage · 2016-10-22 14:15 · Score: 2
  
  what will it look look like when everyone has a beowulf cluster of these? FTFY
3. Re:of course by Hylandr · 2016-10-22 15:11 · Score: 1
  
  Well if we don't get a handle on basic Internet security it will be one giant quantum-botnet cluster-fuck.
  
  --
  ~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
4. Re: of course by Anonymous Coward · 2016-10-22 16:42 · Score: 0
  
  Fairly certain the cat memes will blow up. Or will they?
5. Re:of course by ourlovecanlastforeve · 2016-10-22 16:56 · Score: 1
  
  I had to crawl under my desk with the cob webs and the COBOL manuals to get the entire depth of that wisecrack.
6. Re:of course by Anonymous Coward · 2016-10-22 19:48 · Score: 0
  
  Probably before that. Fusion reactors are unsafe. This thingie is much smaller and safer. Try to explain a dvd reader or microwave oven (and fusion reactor) to a guy in the 19th century, they would say the same as you :D Yet, they are mass produced and owned.
7. Re: of course by jtgd · 2016-10-22 21:51 · Score: 2
  
  The web will be full of videos of cats.... being shot inside boxes.... or not.
  
  --
  J
8. Re: of course by Anonymous Coward · 2016-10-23 01:32 · Score: 0
  
  There will be a market for five quantum computers in the whole world and no one will need more than 640KB of memory.
9. Re: of course by rubycodez · 2016-10-23 04:26 · Score: 1
  
  all computers are made of quantum particles, and that fact causes problems for their reliable operation. A totally non-quantum computer would be very useful....
10. Re:of course by thoughtlover · 2016-10-23 04:45 · Score: 1
  
  Do you ever wonder what the world will look like when everyone has their own personal quantum computer?
  What, you mean not everyone has a brain?
  
  --
  No sig for you! Come back one year!
11. Re: of course by Anonymous Coward · 2016-10-23 11:39 · Score: 0
  
  Could there be a cased case where the Schrodinger's cat is not dead, please? Like he's sleeping or awake? Why make it so violent? Think of the children.
Stateful Encryption Solutions by Shane_Optima · 2016-10-22 13:53 · Score: 4, Insightful

Could we please get to work on getting everything on the web compatible with a stateful encryption scheme (out of band preshared keys and signing schemes that aren't entirely reliant on any form[1] of asymmetric cryptography) now ? Instead of waiting 10-20 years and then suddenly finding out, oh crap, some government has finally has built a quantum computer powerful enough to crack RSA/ECC?

No? Oh well. I tried.

1. Yes yes, there are some asymmetric schemes that aren't known to be vulnerable to efficient quantum algorithms, but there will always be a buttload of lingering question marks over any scheme that doesn't involve shared secrets.
1. Re:Stateful Encryption Solutions by Anonymous Coward · 2016-10-22 14:09 · Score: 0
  
  A quantum computer won't harm AES
2. Re:Stateful Encryption Solutions by Shane_Optima · 2016-10-22 14:20 · Score: 2
  
  Preemptive clarification: There are a lot of ways to do this (and I don't claim to be an expert on this sort of thing), but one obvious way to accomplish this in a relatively painless fashion would be through heavy use of purpose-built hashing algorithms combined with symmetric encryption. Each session key would be built using material received over an encrypted connection (utilizing preshared keys abd hashing and challenge-response stuff only; no RSA) from multiple trusted key servers hashed together. In this way, the website you're talking to wouldn't be able to reconstruct any of your master keys and each trusted key server would be ignorant of the preshared key you use to communicate with the others.
  
  There are lots of niggling details here, but I just wanted to make a quick point that a solution based solely on hashing and symmetric cryptography wouldn't imply having to set up a separate preshared key with each and every site or service you use.
3. Re:Stateful Encryption Solutions by Anonymous Coward · 2016-10-22 14:21 · Score: 0
  
  He said asymmetric, meaning the keys to encrypt and decrypt are different. You can't share your AES encryption keys with the world because it's the same key you'll be using to decrypt the data you want to receive.
4. Re:Stateful Encryption Solutions by Shane_Optima · 2016-10-22 14:24 · Score: 1
  
  ...yes, but right now if I want to log into Google or Amazon using a secure authentication method that doesn't involve asymmetric encryption, I don't have that option, do I?
  
  If I'm wrong and I do have that option then I guess I really need to be reading up on the latest TLS specs...
5. Re:Stateful Encryption Solutions by TheRealMindChild · 2016-10-22 14:34 · Score: 1
  
  from multiple trusted key servers hashed together
  
  If you are relying on trust for encryption, then you simply can never trust it
  
  --
  
  "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
6. Re:Stateful Encryption Solutions by Shane_Optima · 2016-10-22 14:35 · Score: 1
  
  You can't share your AES encryption keys with the world because it's the same key you'll be using to decrypt the data you want to receive.
  Yes, but as I briefly explain in my addendum, you would only need to set up a few different preshared symmetric keys with multiple trusted keyservers (this could be done over the phone, using a trusted friends' connection, whatever) to build a robust replacement for our current system that wouldn't need to touch asymmetric encryption for authentication or encryption that should theoretically remain secure as long as at least one of the keyservers involved in a signing or encryption operation remains uncompromised.
  
  This is a back of napkin proof of concept thing; there's an entire article on Wikipedia called "Post-Quantum Computing Cryptography" that I haven't even skimmed yet. I merely mean to illustrate that it's possible and, once the infrastructure was there, shouldn't be a pain in the ass to use once you get used to the idea of copying over a small master keyfile (or arguably you could use a single passphrase, if the hashing were set up properly and you were confident enough in your ability to think up a very strong passphrase.)
  
  It's doable, is my point.
7. Re:Stateful Encryption Solutions by Shane_Optima · 2016-10-22 14:42 · Score: 2
  
  No no, material would be provided from multiple servers and combined together with a well designed hash. You could have one server in the EU, one in the USA, one in Russia, one in Cuba and one in China if you were feeling paranoid. You would have a separate preshared key for each, and your browser settings could specify minimum number of keyservers you require to consider a connection secure. The point is all off the servers would have to be compromised bad things to happen. Such a scheme could be made to be as strong as its strongest link, not as weak as its weakest link.
  
  I'm handwaving away some details here and there might be better ways to do this; I'm merely pointing out that it's feasible and in principle could be made to be quite robust.
8. Re:Stateful Encryption Solutions by Shane_Optima · 2016-10-22 14:43 · Score: 1
  
  Also, it should be obvious, but you're already trusting CAs to prevent MitM attacks.
9. Re:Stateful Encryption Solutions by WaffleMonster · 2016-10-22 15:34 · Score: 1
  
  Could we please get to work on getting everything on the web compatible with a stateful encryption scheme (out of band preshared keys and signing schemes that aren't entirely reliant on any form[1] of asymmetric cryptography) now ?
  Asymmetric schemes are as a practical matter absolutely necessary.
  
  Instead of waiting 10-20 years and then suddenly finding out, oh crap, some government has finally has built a quantum computer powerful enough to crack RSA/ECC?
  Are you sure it isn't 3-4 years or 15-73 years or perhaps 153 to 739 years? If your going to ask others you have no control over to "get to work" on something you kind of have to provide compelling evidence to support your position if you expect anyone to pay attention to you or spend their time on it.
10. Re:Stateful Encryption Solutions by Anonymous Coward · 2016-10-22 15:35 · Score: 0
  
  A quantum computer won't harm AES
  
  Not true. A quantum computer can reduce the search space operations by the square root. So a 128 bit key can be cracked with sqrt(2^128)= 2^64 operations.
  That's not likely to be a practical attack for a quantum computer for a LONG time, but it's not true that a QC has no impact on AES.
11. Re:Stateful Encryption Solutions by Shane_Optima · 2016-10-22 16:04 · Score: 1
  
  Asymmetric schemes are as a practical matter absolutely necessary.
  No they aren't, as I've explained at length in other posts. Web of trust approaches combined with intelligent hashing can be used to automatically generate session keys known only to the two parties without any single point of failure (all of the trusted servers would need to be compromised) and without any need for manual intervention.
  
  The only thing asymmetric buys you, in terms of hassle for the end user, is the ability to not to have to worry about a transferring around a (fairly small) master keyfile or passphrase. But even this initial setup could be easily accomplished using a trusted friend's secure connection, either locally or you call them up on the phone and exchange a shared passphrase that way. An automated system can be set up by phone for people to bootstrap off of.
  
  If your going to ask others you have no control over to "get to work" on something you kind of have to provide compelling evidence to support your position if you expect anyone to pay attention to you or spend their time on it.
  The tone of my post made it fairly clear, I thought, that this was obviously a futile argument. Even if I had highly compelling evidence and thirty years of experience, it still would probably be a lost cause due to the massive amounts of laziness and inertia involved here. I'm lamenting our inability to adhere to the precautionary principle. It would be so easy, in principle, to supplement the current system but in practice it'll never happen.
  
  We know a quantum RSA break is simply a matter of time. We don't know what tech advances will suddenly appear in the future, but we do know that if any country had a breakthrough there would be a very strong incentive to invest billions into it, even if they just got a few years' work out of it. And even it never happens, for whatever reason, asymmetric computing has always had many more question marks hanging over it. We can't be sure there won't be a new class of weak RSA keys discovered tomorrow, but we can be fairly confident that a powerful (i.e. much faster than brute force) zero-known plaintext attack for AES is not going to pop up tomorrow.
12. Re:Stateful Encryption Solutions by WaffleMonster · 2016-10-22 19:24 · Score: 1
  
  No they aren't, as I've explained at length in other posts.
  Yes they are.
  
  The only thing asymmetric buys you, in terms of hassle for the end user, is the ability to not to have to worry about a transferring around a (fairly small) master keyfile or passphrase.
  It allows anyone to encipher messages without any possession of secret information.
  It allows anyone to verify source and integrity of information without any possession of secret information.
  It allows this to occur in a completely untethered, unlimited and untraceable manner.
  Nothing you offer does that when you remove the shell game of punting of responsibility and convenient ignoring of underlying reality.
  
  We know a quantum RSA break is simply a matter of time.
  We know nothing of the sort. There is ZERO evidence in existence to support this assumption. NONE.
  
  We don't know what tech advances will suddenly appear in the future, but we do know that if any country had a breakthrough there would be a very strong incentive to invest billions into it, even if they just got a few years' work out of it
  The problem with this logic is that it doesn't say anything. It doesn't mean anything. It isn't falsifiable. I can say "we don't know" to justify any course of action I damn well please. Support your position with actual objective evidence. Saying "we don't know" is the same as saying nothing at all.
  
  And even it never happens, for whatever reason, asymmetric computing has always had many more question marks hanging over it. We can't be sure there won't be a new class of weak RSA keys discovered tomorrow, but we can be fairly confident that a powerful (i.e. much faster than brute force) zero-known plaintext attack for AES is not going to pop up tomorrow.
  Your opinions are your opinions. Do what you want. I'm not abandoning the devil that has been around longer than I have been alive out of unspecified unsubstantiated non-quantified fears for a provably inferior solution. You are perfectly free to make a different calculation.
13. Re:Stateful Encryption Solutions by gweihir · 2016-10-22 20:15 · Score: 2
  
  There is absolutely no need to do that. Quantum Computing has failed to scale in any way for the last 30 years. It will continue to do so. Now, if we could get everybody to change the damn default passwords, that would be something that would help with very serious problem.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
14. Re:Stateful Encryption Solutions by tlhIngan · 2016-10-22 20:52 · Score: 1
  
  Instead of waiting 10-20 years and then suddenly finding out, oh crap, some government has finally has built a quantum computer powerful enough to crack RSA/ECC? /blockquote
  While vulnerable to a quantum computer, practical quantum computers aren't even close. To break RSA-2048 for example would require a 2048-bit quantum computer. We're currently around... 5.
  The real issue is everything around the quantum computation - the set up and readouts limit number of bits because as we increase bits, the amount of time before they decohere falls dramatically. And once they decohere, your result is meaningless.
  So even if you managed to set up all 2048 qubits to the starting state (superposition), the system falls apart before the algorithm starts as the system is just too unstable.
  D-Wave may have hundreds of bits, but that's for quantum annealing, which is a tiny subset of quantum computing problems available, of which factoring is not one of them.
  And that's RSA-2048. Which I believe is obsolete, and everyone is recommended to go with RSA-4096. And this is because advances in traditional computing have made the time to crack from lifetime of universe to something still absurdly large.
15. Re:Stateful Encryption Solutions by Anonymous Coward · 2016-10-22 22:13 · Score: 0
  
  And that's a large part of why SSL certs and the scheme they use are not secure.
16. Re: Stateful Encryption Solutions by Anonymous Coward · 2016-10-22 23:52 · Score: 0
  
  The prime motive driving the technological breakthrough of quantum computing appears to be Encryption and Decryption pf data. What a fall, my fellow computer scientists and engineers!
17. Re:Stateful Encryption Solutions by Shane_Optima · 2016-10-23 04:29 · Score: 1
  
  Changing the default passwords accomplishes nothing as long as lazy jackasses (like you, as it happens) refuse to transmit, store and verify them properly.
18. Re:Stateful Encryption Solutions by Shane_Optima · 2016-10-23 05:02 · Score: 1
  
  It allows anyone to encipher messages without any possession of secret information.
  Yes, but it's worth noting this doesn't allow you to encipher information without preshared information. You require CAs and such to be pre-loaded and trusted ahead of time.
  
  If you've made that leap of trust, why not make a much easier leap of trust of using a friend's connection get your initial set of symmetric keys? Why not use an automated telephone service, and a little slip of paper that came with your new computer?
  
  The "secret information" is, in fact, very easy to come by and only needs to be done once. All keyservers would need to be compromised for the session to be compromised, and because it's stateful and there's no reason not to immediately generate new keys for each server you talk to, that compromise would have to be retroactive (i.e. based on some logs someone has been stealthily maintaining on ALL keyservers used) for it to be a truly catastrophic breach.
  
  This can be used on top of or alongside asymmetric solutions for the exceptionally lazy, paranoid and/or ignorant. By all means, if you want to put 100% of your trust in your magical "one-way" mathematic functions remaining one-way for your entire lifetime, you should be free to. I am only addressing those readers who would give a damn about pursuing a truly robust system, one that isn't vulnerable to a single RSA weak key class discovery or a single rogue CA to bring down.
  
  Nothing you offer does that when you remove the shell game of punting of responsibility and convenient ignoring of underlying reality.
  The "underlying reality" is we've already needed to increase the size of RSA a few times, and ban various classes of weak keys. That's because with any system where the asymmetric key is the weakest link, you are always playing with fire because you have to assume that no shortcuts in the future will be found.
  
  For a zero known plaintext attack of encryption of random data (as would routinely occur in a WOT symmetric key exchange system), we're as certain as certain can be that symmetric algorithms are secure. Such a scheme is literally the most robust scheme imaginable short of an OTP.
  
  We have no good reason to be nearly so confident about RSA or other asymmetric solutions remaining similarly secure a decade from now, even in the absence of quantum computers.
  
  It allows this to occur in a completely untethered, unlimited and untraceable manner.
  Vague hand-waving nonsense. There is no tethering or limit or tracing involved in my system except for the very first time you need a set of keys. For an organized person, this is literally a once in a lifetime process. For a less organized / knowledgeable person, this would only need to be done every time a new device was purchased.
  
  Please don't tell me you're about to drag out some nonsense about being "limited" to the amount of non-volatile you have at your disposal.
  
  We know nothing of the sort. There is ZERO evidence in existence to support this assumption. NONE.
  Ok, uh, well they have implemented Shor's algorithm. They know for a fact that it works. And they've been using it on progressively larger numbers. Yes yes, those numbers are still very small. But building a proof of concept device, and then watching as the underlying tech improves and the proof of concept devices become a little stronger (if still miles away), does not constitute "zero proof". It means we can be certain it's not impossible in principle, and it also indicates that researchers haven't lost interest yet.
  
  Your opinions are your opinions.
  
  And your "opinions" are liberally seasoned with crumbs of stuff that look suspiciously like lies.
19. Re:Stateful Encryption Solutions by gweihir · 2016-10-23 05:29 · Score: 1
  
  You seem to be on drugs, as your perception of reality has no relation to actual reality.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
20. Re:Stateful Encryption Solutions by Shane_Optima · 2016-10-23 05:53 · Score: 1
  
  The "actual reality" is that companies cannot be trusted to perform the hash properly on their end and several have openly admitted to losing plaintext passwords. The actual reality is hashing is not all that computationally expensive in today's world, and many modern processors have specialized instruction sets that could be exploited for this purpose. The actual reality is that hashing, in the general sense of the term, does not need to significantly decrease entropy (though obviously improperly implemented hashing can.)
  
  The "actual reality" is that client-side hashing is easily auditable, whereas properly implemented server hash (in combination with a finite limit on the password field) prevents a read-only database breech from instantly translating into access to all accounts (although it does enable offline attacks, so everyone with weak passwords will be compromised as soon as the attacker can get around to cracking their hash.) None of this would interfere with a challenge-response scheme or any other additional security measures from being implemented, if one wished.
  
  The actual reality is that measures such as these would have significantly mitigated a lot of the damage and collateral damage from many of the high-profile breaches we've seen in recent years.
  
  These are trivial, basic facts presented as a back-of-the-napkin proof of concept scheme that any halfway bright CS sophomore could easily verify, but for the benefit of readers who may not be aware, these are facts that you have asserted to be untrue. Although you still refuse to provide any details whatsoever.
  
  You are a stubborn and/or ignorant fraud mindlessly apologizing for the incompetents running your industry, people who have screwed over millions of users with their incompetence. Just a little FYI for all readers out there.
21. Re:Stateful Encryption Solutions by Shane_Optima · 2016-10-23 07:38 · Score: 1
  
  Just to preempt the peanut gallery here, I am using "hash" in a very loose sense here to encompass any "one-way" destructive transform that is highly resistant to chosen collision attacks. Note that, for this particular application, the input field can be restricted and the output field expanded to make such attacks infeasible or even impossible (probabilistically impossible, in an asymptotically approaching zero percent chance of a collision even existing sense of the word).
  
  I once had someone try to "prove" me wrong using a single invocation of whatever CLI version of SHA they had lying around. That's not the point at all. I don't care about quibbling over terminology; I care about it being 2016 and simple database breaches of login credentials routinely causing massive direct and indirect damage.
22. Re:Stateful Encryption Solutions by Shane_Optima · 2016-10-23 18:30 · Score: 1
  
  For the record: none of this is offtopic. Gweihir interjected some nonsense to tweak me, and then he played dumb because he's too lazy and beaten down to trot out his old non-arguments. The above mini-rant is relevant to that prior argument we had, and that he brought up.
  
  My thesis statements here: He is a fraud who knows nothing about cryptography, whereas I'm a self-professed layman who knows enough to realize how messed up the status quo is. The biggest easily-solved problem regarding passwords right now is in their hashing, transmission and storage, which is currently being handled in a criminally negligent manner at most places (gweihir disagrees. Incoherently, but strongly.) We absolutely should make some sensible long-term plans for a migration away from crypto that is vulnerable to Shor's algorithm.
  
  (For a more realistic defense against quantum computing, of course I would recommend one of the asymmetric algorithms that apparently do not suffer a catastrophic decrease in security with the availability of quantum computers. This should ideally be implemented on top of RSA/ECC at least until we can be fairly certain that no breaks are forthcoming. Lower-end devices could use a legacy RSA-only option to save cycles if need be until hardware acceleration could be deployed. I wasn't super serious about suggesting a stateful solution, hence my tone, although it would be *great* in principle... the inertia behind having a stateless system is just too strong. But don't be fooled by the obsession with "pre shared" or "out of band". That's a red herring. It's the state vs. stateless that's the real sticking point.)
  
  Just a few notes for posterity.
23. Re:Stateful Encryption Solutions by chrish · 2016-10-24 01:55 · Score: 1
  
  Some people are already working on cryptosystems that won't be vulnerable to attacks by quantum computers; my company is one of them.
  If you're interested, look into hash-based signature schemes, lattice-based cryptography, error-correcting-code-based cryptography, isogenies, and multivariate cryptography.
  
  --
  - chrish
24. Re:Stateful Encryption Solutions by gweihir · 2016-10-24 02:23 · Score: 1
  
  My thesis statements here: He is a fraud who knows nothing about cryptography, whereas I'm a self-professed layman who knows enough to realize how messed up the status quo is.
  
  This amuses me no end. Actually, I have a PhD in the IT security field and about a decade of relevant experience after that. Oh, and I have been following Quantum "Computing" research for about 20 years now. Nice mathematics, does not really work in practice. The latter is unchanged from 20 years back. But keep kidding yourself. At least you are entertaining, which is far better than what most amateur crypto "experts" manage.
  Incidentally, thanks to you, I found a nice reference: https://www.happybearsoftware....
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
25. Re:Stateful Encryption Solutions by Shane_Optima · 2016-10-24 08:33 · Score: 1
  
  This amuses me no end. Actually, I have a PhD in the IT security field and about a decade of relevant experience after that.
  Then you should have no problem succinctly explaining the flaws in my proof of concept, back of napkin scheme, something that you hitherto have failed to even attempt. Quibbling over terminology doesn't count, as I readly and repeatedly admitted that some of my verbiage was probably off.
  
  Or alternatively, you'd have no posting your credentials publicly so you can be verified; however, you seem to think that saying stuff like this aloud constitutes "stalking" you (despite the fact that you're the one who barged in my thread with your nonsense), so I must emphasize that none of this has been intended as any sort of micro-aggressive slight against your poor, paranoid psyche.
  
  Nice mathematics, does not really work in practice.
  Uh sure, except for the part that it has been repeatedly field-tested and works completely as expected "in practice". It is currently infeasible to scale up due to current engineering constraints, not due to any fundamental flaw in the idea. It may be worth noting that 14 nanometer tubes/transistors in 194x were pretty goddamn damn infeasible as well. No doubt that the equivalents of you were alive in 196x, patently explaining that this transistor business had clearly hit its limit.
  
  Funding for tech research isn't an issue, either: the CIA, NRO, NSA or pretty much any of the other three letter organizations and their equivalents in China and Russia would gleefully throw a billion dollars at a project that seemed to offer the promise of catastrophically compromising pretty much every asymmetric crypto system currently in use.
  
  I did clarify that this is strictly a long term thing to be concerned about, but we may not have much advanced warning if/when it does become an issue, because the person who first develops such a machine will be in no hurry to advertise its existence any more than the British were eager to advertise their investment into "bombes" in WWII.
26. Re:Stateful Encryption Solutions by Shane_Optima · 2016-10-24 09:37 · Score: 1
  
  I'm dimly aware of these projects and wasn't trying to pretend I was proposing anything radically new; I just wish we could see preemptive, precautionary widespread adoption (without abandoning the current system as a fallback / legacy option). I really fear that no one will take serious steps (re: adoption, not research) until after someone has a working machine able to crack almost everything currently in widespread use.
27. Re:Stateful Encryption Solutions by Anonymous Coward · 2016-10-24 13:12 · Score: 0
  
  Minor nitpick: some folks aren't trusting CAs to prevent MitM attacks, at least not in the conventional public CA trust roots sense. On the whole, you're of course quite correct that significant algorithmic work remains for PQ preparations, but some people have been studiously avoiding public CA infrastructure wherever possible for a while now. -PCP
28. Re:Stateful Encryption Solutions by Shane_Optima · 2016-10-24 14:24 · Score: 1
  
  By the way, that site is aimed at someone I never claimed to be. I repeatedly, explicitly deferred the details and optimization of my scheme (or more precisely, the properties that I insist any competently designed authentication system must possess) to *actual* experts (i.e. not including yourself.)
  
  For example, I never specify the password hashing algorithm, but I do insist that one needs to not be a complete dumbass about it (e.g. the output must be significantly larger than the input so that the chance of collision is pushed very, very close to zero).
  
  If one stumbles upon a group of "experts" building an above ground tornado shelter out of large styrofoam blocks that are hot-glued together, one does not need to be mason to point out a few flaws in their design or even sketch out an alternative that is obviously and objectively much better.
29. Re:Stateful Encryption Solutions by gweihir · 2016-10-24 20:04 · Score: 1
  
  This amuses me no end. Actually, I have a PhD in the IT security field and about a decade of relevant experience after that.
  Then you should have no problem succinctly explaining the flaws in my proof of concept, back of napkin scheme, something that you hitherto have failed to even attempt.
  Oh, I could. I just do not care enough about yet another flawed crypto idea by an amateur. Amateur crypto universally sucks, no exceptions. After you have explained to the n-th person what they did wrong and why it cannot be fixed (and have dealt with all their denials and claims that only show even more how clueless they are), you realize at that there is absolutely no point. The Dunning-Kruger Effect seems to have a strongly amplified variant for amateurs doing crypto.
  Incidentally, this is a universal experience among crypto experts. I am just one of the few that still occasionally answers to amateurs, because I believe crypto is important enough that the public should have some understanding of it.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
30. Re:Stateful Encryption Solutions by chrish · 2016-10-24 23:26 · Score: 1
  
  Obviously we feel the same way. :-)
  Governments and financial institutions are definitely interested, but it's probably a 5-7 year project for big orgs, similar to the Y2K problem but without a definite goal post. Current best guesses are thinking we'll see a "useful" quantum computer by 2026, but that can't take into account any breakthroughs that might happen.
  
  --
  - chrish
31. Re:Stateful Encryption Solutions by Shane_Optima · 2016-10-25 02:14 · Score: 1
  
  Amateur crypto universally sucks, no exceptions.
  
  Except I'm not trying to or claiming to be inventing anything new. I'm explaining how you're obviously using existing tools wrong. I am almost 100% certain that most of the properties I describe are already present in some existing authentication systems (one person claimed Kerberos had the properties I described, but I don't get paid to research or implement this stuff so I haven't confirmed this). Many local authentication systems have some of the properties I'm looking for, and there's no reason whatsoever that those properties would work just as well over the internet. Or are you arguing that *nix password management is wrong/shitty/broken too, because they don't typically store all of their passwords in plaintext?
  
  The reasons that you have failed to provide me have been provided by other IT professionals I've been in contact with--politics and inertia. One issue apparently with spook jobs in particular is they want to inspect your password to make sure that it's strong enough. It doesn't matter that these rules could be sent over and run client-side--they don't trust you not to modify them (which is the stupidest fucking thing I've ever heard. No one is going to hack the rules just to use a weak password) and/or they want to inspect them randomly after the fact and they don't feel like trying to brute forcing them as a verification method.
  
  I'm sorry, but sloth and cowardice (not telling people that their policies are moronic) are not acceptable reasons for the improper treatment of passwords.
  
  If I had the time or inclination, I'm quite sure could rattle off the names of some Ph. D. holders who have more or less advocated for the same I'm advocating for. As it happens, I am in the process of putting together a project where I will be tackling alleged experts and sacred cows from all sorts of fields, and you'll even get to see my face for this, so if you want to laugh at what you assume is my eventual embarrassment you should have popcorn ready.
  
  But deep down, I strongly suspect you know I'm right. If this were just a matter of stupidity on your part, you would have offered up an attempt at a counterargument by now (other than your nonsensical bit on "iterated hashing" a while back.)
Personal quantum computers for what? by Jeremi · 2016-10-22 14:13 · Score: 1

Do you ever wonder what the world will look like when everyone has their own personal quantum computer?
I rather wonder what everyone would be doing with their own personal quantum computer. Cracking encryption?

--

I don't care if it's 90,000 hectares. That lake was not my doing.
1. Re:Personal quantum computers for what? by ClickOnThis · 2016-10-22 14:55 · Score: 1
  
  Do you ever wonder what the world will look like when everyone has their own personal [insert any revolutionary technology created over the past several hundred years]?
  Sure, the human race has wondered this on many occasions. And we're still here. Let's hope it stays that way.
  
  --
  If it weren't for deadlines, nothing would be late.
2. Re:Personal quantum computers for what? by Anonymous Coward · 2016-10-22 14:56 · Score: 0
  
  This is my question too. To my understanding, quantum computers reduce the time needed for difficult problems like factoring large primes. Why would they make my machine faster at the pedestrian math needed for my video games and emails?
3. Re:Personal quantum computers for what? by gweihir · 2016-10-22 20:13 · Score: 1
  
  They would not at all. Quantum computers would (if they ever scale to relevant sizes) be mostly useless, except for a small set of very specific things.
  The problem here is that some idiots have adopted the belief in technology as a surrogate religion. The result is that they make grand unfounded claims like this one here. These are the same morons that predict human-level AI in the near future. There is no connection to actual facts in what they claim and predict.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Do you ever wonder what the world will look like.. by mcolgin · 2016-10-22 14:14 · Score: 1

So. Much. Porn. All at once.

--
I made this: http://www.bpftpserver.com
Benchmarks by quenda · 2016-10-22 14:25 · Score: 4, Funny

The team ran a benchmark on one of their quantum computers to accurately measure the new increased speed.
Unfortunately, they can no longer find the computer to repeat their test.
1. Re: Benchmarks by Anonymous Coward · 2016-10-22 16:33 · Score: 0
  
  It should be a lot easier to find than my stolen laptop because it's in two places at the same time.
2. Re: Benchmarks by Nehmo · 2016-10-23 04:50 · Score: 1
  
  You mean that it's in *all possible places* - not just two.
  
  --
  (||) Nehmo (||)
Mayhem by Tablizer · 2016-10-22 14:26 · Score: 2

Stop! You are killing cats!

--
Table-ized A.I.
Potential dystopia by Rick+Schumann · 2016-10-22 14:53 · Score: 3, Interesting

Do you ever wonder what the world will look like when everyone has their own personal quantum computer?
At the rate and direction we're going, it'll be a dystopian future world where you can't even take a dump in the privacy of your own home bathroom without some government spook having a terabyte of data collected from the 'event'. Of course, that being said, it's just as possible that while we'll have record amounts of surveillance and spying on everyone all the time, everyone will have access to continually morphing high-end encryption driven by their own quantum computers, creating a 'balance of power' on both sides of the equation.

Or, just maybe, we, as a race, grow out of this anal-retentive, must-watch-everyone-all-the-time, anxiety-driven, infantile stage of our social development, into a New Age of 'Live and Let Live' on all sides of all equations. Yeah, yeah, I know. Let a guy dream, will you?
1. Re:Potential dystopia by Anonymous Coward · 2016-10-22 18:20 · Score: 0
  
  Quantum Computing in general, and Quantum Cryptography specifically, are answers to questions that nobody is asking, except Math Geeks. The same kind of Math Geeks who so spectacularly screwed up "New Math" five decades ago.
  Nobody cares!
  Everybody who is so obsessed with Cryptography should just step back, light up a Camel, inhale, and ask themselves honestly "Why am I bothering with this shit? Why am I not getting involved in something that makes this shit worthless?"
  Open Source is a pretty good first step. Industrial Espionage is another; find everything proprietary, and Publish it. Secrets are hard to keep, and instead of finding better ways of keeping Secrets, let everybody know about them, and that way they won't be Secrets any longer, and very few will care.
  However, one can't be selective on this. Publishing just Clinton's emails does stink of partisanship. What does Trump's Porn Stash look like? (Mine actually is pretty dull, but I do have one fetish- heterochromia iridis.)
  Well over a Century back, the Public were obsessed with hiding Women's Ankles. It got to the point that even Piano Legs had to be modestly covered, and people today make fun of Victorian Modesty, and use modestly clad Piano Legs as an example. Except of course, none of this was true. People just like to think that it was true. Secret Ankles. (The Righties are morbidly obsessed with Clinton's ankles...)
  "...it'll be a dystopian future world where you can't even take a dump in the privacy of your own home bathroom without some government spook ..."
  So what? There are some eight billion people around, and probably on average, once a day, each one takes a dump. That's around three trillion dumps a year. After watching the first million or so, they do tend to get rather dull and repetitive. Taking a dump in private is a very _recent_ phenomenon, and thus the Fetish. (Farley Mowat once made the wry observation that Wolves carefully bury their Scat, whereas the domesticated Dog poops just about anywhere they please. Mowat claims that this was a habit picked up from the original Owners...)
  There are very few things that are intrinsically Private. Dying is one. Most of us would prefer a quiet and private ending, rather that some Public indignity to be posted on YouTube. And that is about it. Eating, drinking, screwing, pissing, and picking noses have historically been rather public affairs. Privacy is a modern illusion, but there is money to be made in it. Quantum Cryptography is just the most recent Snake Oil, and personal Quantum Computers will be just shiny worthless toys.
2. Re:Potential dystopia by Anonymous Coward · 2016-10-23 03:40 · Score: 1
  
  This is why a properly regulated democracy is important. Go out and vote!
3. Re:Potential dystopia by Anonymous Coward · 2016-10-23 07:33 · Score: 0
  
  Privacy is a modern illusion
  Ah, I see. So you're either a millennial, who has been so thoroughly indoctrinated since birth to actually beleive that nonsense, or you're part of the machine, and are shilling shamelessly for it, as you're programmed to do? Please. You're not fooling me, you're not fooling anyone with a three-digit IQ, either. Human beings have a basic right to privacy, no matter what too-nosy corporations and too-nosy governments want us to believe. You can keep repeating the rhetoric they've programmed you with all you want, won't make what I'm saying any less true. Do be sure to go tweet about the clueless old guy you destroyed on Slashdot though, wouldn't want your Masters to be cheated out of a status update from you. Or maybe you can wise up and realize that I'm right and that it's not normal or healthy to have every aspect of your life laid bare to the other 7,999,999,999 people on the planet -- and all the corporate and government databases. Your choice, newfriend, you can continue to live like an animal in a zoo, or you can lift your head, get off your knees, and start living like a human being.
4. Re:Potential dystopia by Rick+Schumann · 2016-10-23 07:37 · Score: 1
  
  Oh, I am, believe me.
  
  I'm voting third-party across the board. I know none of them will win; I'm doing it to mock our broken, near-pointless electoral system. That, and I'm sick and tired of compromising my principles for the mere expedient of 'electing the least bad candidate'. I don't like or trust either one of them, and will not have my name associated with either one of them being elected -- even if she's the foregone conclusion at this point.
5. Re: Potential dystopia by Anonymous Coward · 2016-10-23 11:35 · Score: 0
  
  Good. We don't want your vote to count. People like you. We don't need your vote. Throw it away. You have no right to choose what will happen to you.
6. Re: Potential dystopia by Anonymous Coward · 2016-10-23 13:36 · Score: 0
  
  Hurr durr I'm a dumb cuck who doesn't believe there are more than TWO political parties, so I'll just vote for who I think everyone else is voting for, herp derp
  Or are you this:
  
  Herp derp Trump will make America GREAT again, he said so and I'm too dumb to fact-check him and discover he has no idea what he's doing, build a wall! Make Mexico pay for it! I H8 MUSLIMS, throw them all out! Fuck the rest of the world, we don't need 'em, screw our allies, USA! USA! USA!
  
  Tell you what, jackass: When EITHER ONE of those two untrustworthy idiots who are running fuck everything up even worse than they already are, then YOU get to take part of the blame for it, and people who voted for a 3rd party WON'T, and we'll all LAUGH and LAUGH and LAUGH at you, right before we stone you to death for helping ruin the country. Dumbass.
Am I screwed yet? by Snotnose · 2016-10-22 15:00 · Score: 1

All my "sensitive" stuff is stored rot13 in a directory called "Nothing_to_see_here_move_Along. Am I still good? Hate to go to jail for those pix of my ex sticking her tongue out at me while I went for a downshirt photo.
qubit scalability is still unknown by ad454 · 2016-10-22 15:46 · Score: 2

Although this appears to be a great achievement, pending independent peer-review of course...
The fact is that that it is still a big unanswered question in physics as to how the number of qubits with superposition of their quantum states will scale in terms of time and energy. Many physicists think that this might scale scale exponentially.
So yes, we can expect to make quantum computers with a several (maybe even a few dozen) qubits with superposition of their quantum states; but if we need to double the time and energy as we add more qubits, it becomes impractical. Even if one find 10x or 100x improvements in obtaining superposition, if one does this with the large number of qubits needs to break classical public key crypto, such as RSA (via factoring), or DH/ECDH & DSA/ECDSA (via discrete log), it may take more time than the projected heat death of the universe and/or more energy than in the universe, especially with large key sizes.
Note that quantum computer systems such as those from D-Wave now have 2000 qubits, but these function without quantum superposition of their qubits, and hence cannot be used to break public key crypto. Mind you, even without superposition, D-Wave systems appear be to many times more efficient in computing some things compared to classical computers, such as for some types of simulations, so they are still useful in there own right.
Physicist should would find out how qubits scale, long before anyone is able to build one capable of breaking public key crypto. By then, there are a number of usable but less efficient (bigger & slower) quantum resistant public key alternatives which we can switch to, such as lattice based crypto, long before there is any quantum computer risk to Internet security.
In terms of science fiction risks to crypto, I am much more concerned about super-intelligent AI (or really clever human mathematicians) figuring out some shortcut to undermine trapdoor functions which public key crypto is based on, than I am with quantum computers.
And currently, the biggest risk to worry about are the countless security flaws and backdoors in modern hardware and software, such as Intel VPro/AMT, and organizations such as the NSA undermining crypto standards and protocols.
1. Re:qubit scalability is still unknown by gweihir · 2016-10-22 20:09 · Score: 1
  
  You probably mean "inverse exponentially with effort".
  I fully agree. It does not look like we are even going to ever get linear scaling, and what made digital computers great is that they did indeed get exponential scaling for a while (basically over now).
  Incidentally, the D-Wave performance completely sucks once the comparison is fair. It only outperforms a digital simulation of what it does, and since a simulation of something takes far more effort than the thing itself, that is no accomplishment at all.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Do you ever wonder what the world will look like.. by Anonymous Coward · 2016-10-22 15:56 · Score: 0

Yes and No.
Don't worry by Anonymous Coward · 2016-10-22 16:16 · Score: 1

If "Superimposition" was real Feyman style Superimposition (all possible states simultaneously), then it wouldn't matter how long it was in superimposition, it would pass through the key at some point in that state. You wouldn't need to make it last 10x longer, you could make it last 10x shorter and it would still find the solution.
This is 'fake superimposition', quantum mechanics as marketing angle for analogue computers (D-Wave as example). This computers don't go through every possible state, rather its just an unstable system with each qbit in one value at a time.
The biggest threat to your encryption key doesn't come from the marketing department of a technology company.
1. Re:Don't worry by Shane_Optima · 2016-10-22 16:30 · Score: 1
  
  If "Superimposition" was real Feyman style Superimposition (all possible states simultaneously), then it wouldn't matter how long it was in superimposition, it would pass through the key at some point in that state. You wouldn't need to make it last 10x longer, you could make it last 10x shorter and it would still find the solution.
  Is that true? I never sat down and digested the implications of the algorithm but it's listed in Wikipedia as having O((log N)2(log log N)(log log log N)) complexity, which doesn't quite look like "instantaneous" to me.
2. Re:Don't worry by Zeroko · 2016-10-24 03:23 · Score: 1
  
  The problem is that while quantum superposition can be thought of as "all possible states simultaneously," it is not in general possible to choose properties of the state you get at the end (called "postselection" in the quantum computing literature). All you can do is adjust the probabilities of the different states, & for some problems, we do not know a way to make the desired state likely enough to do any better than a square root improvement in running time over a classical computer. So for that sort of problem, an O(2^n) algorithm would become O(2^(n/2)).
  Apart from quantum suicide (which depends on various unproven assumptions & is technically nontrivial even if theoretically possible), there is no known way to do postselection.
Re:Do you ever wonder what the world will look lik by Anonymous Coward · 2016-10-22 18:30 · Score: 0

The superposition of gay and straight porn is where shemale porn came from.
Five by slazzy · 2016-10-22 19:20 · Score: 0

I see a world market for maybe 5 Quantum computers.

--
Website Just Down For Me? Find out
1. Re:Five by Anonymous Coward · 2016-10-22 23:01 · Score: 0
  
  There is no reason anyone would want a quantum computer in their home.
2. Re: Five by Anonymous Coward · 2016-10-23 00:22 · Score: 0
  
  640 qubits ought to be enough for anyboby.
Setec Astronomy by Thanatiel · 2016-10-22 19:56 · Score: 1

It looks like we are zeroing on making the current standards useless ...

--
Irrelevant news and morons using moderation to mod down what they disagree on. 2018 resolution: so long.
Nothing x 10: Still nothing by gweihir · 2016-10-22 20:03 · Score: 2

The states are still "fragile and short-lived". This is not relevant in any way, form or shape, except as a detail result form a failed research direction. Other directions for alternate computing circuits have been scrapped far before the mountain of failure that "quantum computing" has accumulated by now.

--
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
just crypt it 3 times by cheekyboy · 2016-10-22 21:09 · Score: 1

crypt it 3 times with 3 different ciphers and 3 different keys.

--
Liberty freedom are no1, not dicks in suits.
1. Re:just crypt it 3 times by angel'o'sphere · 2016-10-23 01:27 · Score: 1
  
  Cryptography does not work like that.
  You still only need one key tomdeciepher it: your message is 1, the keys are 2, 3 and 5. You encrypt it to 1 * 2 * 3 * 5 = 30. To decrypt you obly need to stumble over the key 30.
  Migth not work for every combination of encryption methods though.
  
  --
  Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
2. Re:just crypt it 3 times by Shane_Optima · 2016-10-23 08:07 · Score: 1
  
  He said different ciphers with different keys. Separate ciphers (algorithms) with separate keys for each would indeed offer you extra protection. I suppose a reasonable and more realistic compromise/stopgap would be to do this with an asymmetric algorithm that isn't known to be vulnerable to super-efficient quantum algorithm attacks and then use this on top of RSA or ECC (which are known to be vulnerable.)
  
  I still think a stateful solution with would be the best going forward, but I'm not realistically optimistic about getting people to sign up. But if we somehow could get enough people to make that jump, it becomes crazy robust and flexible.
3. Re:just crypt it 3 times by angel'o'sphere · 2016-11-05 06:58 · Score: 1
  
  You can always find one single "function" that transforms a result back to its origin, regardless how many intermediate functions you use to come to that result.
  Hence your idea would not work. It is actually a classic counter example in every book about encryption.
  
  --
  Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
4. Re:just crypt it 3 times by Shane_Optima · 2016-11-05 13:32 · Score: 1
  
  Hence your idea would not work. It is actually a classic counter example in every book about encryption.
  It absolutely would work and has been repeatedly implemented in existing products (most famously the Truecrypt derivatives, though I'm not personally a big fan of theirs.) I'm just not sure you understand the purpose of this approach, or indeed the context of this conversation.
  
  Re-reading your prior post, you said it would "only" add multiplicative security in a brute force situation. Well, uh, that's fine. That's not a "flaw" by any means. No one should expect it to magically guard against pure brute force attacks except to the extent that more keys are (if we assume the algorithms are equally strong) equivalent to a single larger key.
  
  The purpose in having more than one algorithm is to guard against vulnerabilities in one or more of the algorithms, which was and is the entire point of this little subthread. In a symmetric context, Serpent and AES are known to be vulnerable to the XLS attack (this is a very small # known plaintext attack that is not currently a feasible alternative to brute force but further discoveries might change that.) Twofish is not, but it is theoretically vulnerable to some other known plaintext attack (you need something like a petabyte of known plaintext; I forget) that Serpent and AES are not vulnerable to. Thus, if you double encrypt, once using Twofish and then once using AES, with two different keys, you are guarding against both of those vulnerabilities pretty damn effectively.
  
  A very similar approach can be used with asymmetric algorithms, particularly the quantum-computing vulnerable ones (RSA, ECC) combined with one of the asymmetric algorithms that does not appear to be vulnerable to quantum computing (but, as less-reviewed algorithms, might have other unknown weakness.)
5. Re:just crypt it 3 times by angel'o'sphere · 2016-11-06 11:30 · Score: 1
  
  The purpose in having more than one algorithm is to guard against vulnerabilities in one or more of the algorithms
  Ah, that part escaped me.
  
  --
  Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
wonderful by tecogyan · 2016-10-22 23:06 · Score: 0

thank you
Relationship saver! by Anonymous Coward · 2016-10-22 23:24 · Score: 0

Everyone a quantum computer? It might solve a lot of relational issues if you could text your loved one msgs that at the same time keep you engaged and break off the relationship.
But to be honest... I think there is a world market for maybe 5 quantum computers.
Tin foil hats won't be enough anymore ! by superzerg · 2016-10-23 00:38 · Score: 1

Do you ever wonder what the world will look like when everyone has their own personal quantum computer?
The principle of quantum computers are that they use entangle qubits (when one switches state, the entangled qubit switch state too, wherever they are). Knowing that NSA puts backdoor in US fabricated routers ( link to admission by cisco), once the quatum computers are out, how long will it be, before the NSA has few qubit entagled with everyone of them ?
No air gap would ever matter ...
Most probably CIA do research and will be/are early adopter of state of the art quantum computers for obvious crypto-breaking purpose, also the main (and let say the only two relevant) CPU companies are from US, the security and privacy concerns will be overwhelming.
MeowAieeMeowAiee by Hognoxious · 2016-10-23 00:46 · Score: 1

Do you ever wonder what the world will look like when everyone has their own personal quantum computer?

I do. And simultaneously I don't.

--
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
where will it end? by epine · 2016-10-23 03:07 · Score: 1

I won't dream of a single (or multiple) damn quantum thing until I see an equation that describes a real-world superposition scaling limit, species type "immovable object".
I believed in Moore's law because it was on a collision course with the atom, right from day one. Even as a child, I didn't believe in a Laplacian universe, in the sense that the accumulated knowledge required to compute the deterministic outcome could exist in one place—a place smaller than the universe itself—for any value of "smaller" my small mind was capable of entertaining.
I've been reading articles about quantum computing seemingly for decades now, and not a single article has pointed out any practical scaling limit. For all these dunderheads seem to know, we could cajole the entire universe into a state of Laplacian superposition, if only we didn't suck at stacking these tiny little Lego blocks.
No scaling boundary equation widely promulgated = no credibility widely disseminated = very little fantasy action for people who don't believe in giant green men with anger management issues.
Trekkie particles by thoughtlover · 2016-10-23 04:48 · Score: 1

...has been named a 'dressed' quantum bit as it combines a single atom with an electromagnetic field."
Warp fields for particles..

--
No sig for you! Come back one year!
qubits by Anonymous Coward · 2016-10-23 06:04 · Score: 0

640 qubits should be enough for everyone
forget decoherence - think accuracy! by Ignatius · 2016-10-23 21:06 · Score: 1

So they improved the decoherence by a factor of 10. This is nice, but no reason to abandon your RSA keys just yet. The real problem with quantum computing is not decoherence (i.e. the losing of superpositions due to uncontrolled entanglement with the environment) - its quantitative imperfections.
A quantum computer is basically an analog device. As you cannot observe states, there also is no way to "refresh" slightly inaccurate states, as a normal digital computer does. A NOT has to be exactly 180 degrees and not 179 or 181. No problem in toy or laboratory setups, where you only do a handful of gates and keeping your system isolated is the (currently) much bigger problem. 1% error might seem quite good in this setting.
But for any meaningful computation, you will require many millions of gates and your experimental accuracy will have to keep pace with that - in addition to keeping your system from decohering (which - at least in theory - can be mitigated by quantum error correction). Rotation angles would have to be not 1% but 0.0000001% accurate.
The problem is too remote to get much consideration now, but I'm sure that it will prove to be the final (and probably insurmountable) roadblock for any real-world use of quantum computers.
ignatius