Slashdot Mirror
IBM Will Sell 50-Qubit Universal Quantum Computer In the Next Few Years (arstechnica.co.uk)
Months after laying the groundwork for offerings in emerging tech categories such as artificial intelligence and blockchain, IBM sees quantum computers as a big, if nascent, business opportunity. From a report on ArsTechnica: IBM will build and sell commercial 50-qubit universal quantum computers, dubbed IBM Q, "in the next few years." No word on pricing just yet, but I wouldn't expect much change from $15 million -- the cost of a non-universal D-Wave quantum computer. In other news, IBM has also opened up an API (sample code available on Github) that gives developers easier access to the five-qubit quantum computer currently connected to the IBM cloud. Later in the year, IBM will release a full SDK, further simplifying the process of building quantum software. You can't actually do much useful computation with five qubits, mind you, but fortunately IBM also has news there: the company's quantum simulator can now simulate up to 20 qubits. The idea is that developers should start thinking about potential 20-qubit quantum scenarios now, so they're ready to be deployed when IBM builds the actual hardware.
I really want to buy one but at the same time I don't.
Always in any sentence with "Quantum computing".
Please, anyone, care to explain why should we care?
In the next 20-50 years when quantum computing is commonplace, what mundane, regular Joe Schmo life things will this help with?
A 'singular oddity' is an event that cannot be explained and only happens when you are alone.
One of the major issues is the need for actual empirical evidence that quantum computers can do things that classical computers cannot with reasonable time constraints. Right now, the general consensus is that if we understand correctly the laws of physics this should be the case, but there are some people who are very prominent holdouts who are convinced that quantum computing will not scale. Gil Kalai is the most prominent https://gilkalai.wordpress.com/2014/03/18/why-quantum-computers-cannot-work-the-movie/. It is likely that before any 50 bit quantum computer we'll have already answered this question. The most likely answer will be using boson sampling systems https://en.wikipedia.org/wiki/Boson_sampling which in their simplest form give information about the behavior of photons when scattered in a simple way. Scott Aaronson and Alex Arkhipov showed that if a classical computer could efficiently duplicate boson sampling with only a small increase in time then some already existing conjectures in classical computational complexity had to be false. (In particular, the polynomial hierarchy would have to collapse and we're generally confident that isn't the case.) Boson sampling is much easier to implement than a universal quantum computer, although no one has any practical use of boson sampling at present.
All of that said, the "a few years" in the article is critical- it isn't plausible that a 50 qubit universal system will be sold in 5 years. But 10 or 20 years are plausible. It also isn't completely clear how practically useful a 50 qubit system would be. At a few hundred qubits one is clearly in the realm of having direct practical applications, but 50 is sort of in a fuzzy range.
Noah would be happy!
But does it play Crysis?
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
I imagined a Beowulf cluster of these things and it suddenly existed. It then went on to destroy the universe when Windows 10Q failed an update. However, on reboot, it restored the Universe to what is laughably called "its last known working state."
I thought the consensus was still out on when the things were actually working as quantum computers?
At first I misread the headline as "50 Quid Universal Quantum Computer", but thinking about it, based on the speed of advance from Colossus to some of the cheap tablet computers there may be some people reading this who will be alive to see a £50 Universal Quantum Computer!
Some tasks, such as searching unordered datasets...
I have never understood how a device with a handful (50 in this case?) computing elements can do better than, say a 10Mbyte TCAM for a task like this. You can get a TCAM like that for under $100 at the chip level. It seems that Q tech that costs $15M has a long way to go.
A computational problem like reversing a hash key makes a lot more sense.
I was all ready to buy their 5 qubit universal quantum computer. I guess I'll wait for the new model now.
The pitchman stands in front of the thing, spouting off speeds and feeds. Then a few cats enter the picture from the left. Then more cats, until there's a flood of cats until the pitchman turns his head and gets a bit rattled.
Humpty Dumpty would get pissed off though.
I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
So is it accepted now that D-Wave is selling real (if limited) quantum computers now? Last thing I heard there was still some skepticism.
Oh wait...
qasm = "IBMQASM 2.0;\n\ninclude \"qelib1.inc\";\nqreg q[5];\ncreg c[5];\nu2(-4*pi/3,2*pi) q[0];\nu2(-3*pi/2,2*pi) q[0];\nu3(-pi,0,-pi) q[0];\nu3(-pi,0,-pi/2) q[0];\nu2(pi,-pi/2) q[0];\nu3(-pi,0,-pi/2) q[0];\nmeasure q -> c;\n" device = 'simulator' hots = 1 experiment = api.runExperiment(qasm, device, shots)
In a secret box IBM has a quantum computer. It' ready to ship. And it's not. They call it Computer Advanced Technology, or CAT.
What kind of problems can this particular computer solve, within a reasonable time (hours? minutes!) that would take an ordinary PC - or even a massive classic supercomputer - decades, or even millennia, to solve?
Will it run Arch for the nerdiest of all nerds?
A Cat? or 50 Cats?
Yea right and 2017 is the year of a working 100 MW compact fusion reactor prototype from Lockheed Martin.
IBM will not have a 50 qubit quantum computer in the next few years using a definition of the word "few" anyone recognizes.
Shouldn't they focus on making the virtual Q-bits as good as possible, then sell Q-bit computing as a service?
Remember kids, if you're not paying for the service, YOU ARE THE PRODUCT THAT IS BEING SOLD.
Noah's computer, the Ark (TM), was 300 cubits by 50 cubits by 30 cubits. IBM is so far behind.
Contribute to civilization: ari.aynrand.org/donate
A world without APK sounds like utopia!
See my subject: Minus UNIDENTIFIABLE truly cowardly worms w/ NO BALLS like YOU = far better.
* Truer words were NEVER spoken on /.
Vs. trolling/stalking/harassing + sockpuppet downmodding my posts why not create something of value as I have in APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ ?
* It's a thought - but I suspect thought's a FOREIGN CONCEPT to YOU - trolling/stalking/harassing & sockpuppet downmodding MY posts as the "ne'er-do-well" do-nothing you evidence yourself to be!
APK
P.S.=> I understand you: You wasted your time & life in pursuits like bothering others when you're only angry w/ yourself for having been a WASTE of life - due to you doing so you haven't acquired skills that allow you to do what I suggest for you above - it's difficult for me to comprehend "your kind" - I'm not like YOU & yours, @ all... apk
Elliptic curve isn't particularly resistant to quantum attacks. It's actually less resistant than good old RSA, given currently popular key sizes for each. If much larger (and slower) keys were used, ECC might survive the first few years of practical quantum computers.
The category of algorithms you use with Truecrypt isn't vulnerable to quantum attacks, as far as we know. Those are symmetric key algorithms, where the same key is used to encrypt and decrypt. AES is the currently recommended symmetric cipher.
I say "as far as we know" they aren't vulnerable because every few years another algorithm gets cracked. We can't be sure which ones will be cracked in the next five years or ten years. We do know some have been used a long time without ever being cracked in the past. We also know that with classical computers, algorithms are normally half cracked years before they are fully cracked - so we get a warning a a few years ahead of time. A new crack using a new kind of computer in clever way might completely defeat any given encryption in one step, though.
What *is* known to be subject to quantum attacks are public key algorithms, where you have a public key and a private key, a pair. These are used for PGP/GPG, TLS, and other instances in which two people need to communicate securely. Quantum-resistant public key algorithms may include the Stehleâ"Steinfeld variant of NTRU. McEliece signature using random Goppa codes hasn't been broken in 30 years, so it looks like a contender. There are many approaches which are likely quantum-resistant. Over the next few years cryptographers with advanced degrees in mathematics will analyze the options and probably come to a rough consensus about which two algorithms are best to adopt next.
Because there will undoubtedly be some suprises once clever people start actually using quantum computers in unexpected ways, it might be prudent to use some sort of belt-and-suspenders approach rather than assuming that one particular algorithm will survive the next 20 years or so.
> I have never understood how a device with a handful (50 in this case?) computing elements can do better
A thousand cubits can do some really interesting things. If cubits follow Moore's law and double every two years, a thousand cubits is nine years away.
Another nine years would be a million cubits. A million-cubit quantum computer may change our lives much as the classical CPU has done.
Ahh. Thank you!
You jogged my memory... I forgot that only asymmetric algorithms are particularly at risk with quantum computers.
Good news for my TrueCrypt FDE (well, VeraCrypt now). =)
Can you give an example what you mean by belt and suspenders approach?
> Can you give an example what you mean by belt and suspenders approach?
Essentially I mean wrapping one algorithm within another, such that cracking it requires cracking BOTH algorithms.
I don't know which algorithms we'll be using 10 years from now, but for sake of illustration let's pretend it's good old Diffie-Hellman. For the moment, we'll pretend we think DH is quantum resistant. With DH, each party sends their modulus in the clear. Because you can't solve the discrete logarithm problem, knowing the modulus doesn't let you compute the key. Suppose, however, that a clever person might figure out how to use quantum computers to solve the discrete logarithm and therefore crack DH (we're pretending we didn't expect that). What we can do is instead of sending the modulus in the clear, send it via some other algorithm Y() from an unrelated family. In that way, if the attacker cracks DH generally, that does them no good because the essential part of the DH exchange is invisible to them, protected by Y(). Cracking Y(), it does them no good - that only gets them the computed modulus that was originally intended to be sent in the clear anyway.
Another approach that does basically the same thing would be:
1) Use asymmetric algorithm A() to compute symmetric key ka, as normal.
2) Use asymmetric algorithm B() to compute symmetric key ba, as normal.
3) Use ka xor kb as the actual symmetric key.
Once again the attacker can succeed only by cracking both algorithms A() *and* B().
One should be cautious when combining algorithms; in some cases the combination is weaker than either algorithm alone. For example, md5(sha1(plain)) is weaker than either md5(plain) or sha1(plain). One shouldn't combine algorithms willy-nilly without understanding the consequences, but if done carefully you can guarantee that the combination is stronger than either algorithm alone. (For example, concatenating sha1(plain) with md5(plain) is stronger than either sha1 or md5 - but also results in a hash much longer than either algorithm does alone.)
> Can you give an example what you mean by belt and suspenders approach?
Essentially I mean wrapping one algorithm within another, such that cracking it requires cracking BOTH algorithms.
I don't know which algorithms we'll be using 10 years from now, but for sake of illustration let's pretend it's good old Diffie-Hellman. For the moment, we'll pretend we think DH is quantum resistant. With DH, each party sends their modulus in the clear. Because you can't solve the discrete logarithm problem, knowing the modulus doesn't let you compute the key. Suppose, however, that a clever person might figure out how to use quantum computers to solve the discrete logarithm and therefore crack DH (we're pretending we didn't expect that). What we can do is instead of sending the modulus in the clear, send it via some other algorithm Y() from an unrelated family. In that way, if the attacker cracks DH generally, that does them no good because the essential part of the DH exchange is invisible to them, protected by Y(). Cracking Y(), it does them no good - that only gets them the computed modulus that was originally intended to be sent in the clear anyway.
Another approach that does basically the same thing would be:
1) Use asymmetric algorithm A() to compute symmetric key ka, as normal.
2) Use asymmetric algorithm B() to compute symmetric key ba, as normal.
3) Use ka xor kb as the actual symmetric key.
Once again the attacker can succeed only by cracking both algorithms A() *and* B().
One should be cautious when combining algorithms; in some cases the combination is weaker than either algorithm alone. For example, md5(sha1(plain)) is weaker than either md5(plain) or sha1(plain). One shouldn't combine algorithms willy-nilly without understanding the consequences, but if done carefully you can guarantee that the combination is stronger than either algorithm alone. (For example, concatenating sha1(plain) with md5(plain) is stronger than either sha1 or md5 - but also results in a hash much longer than either algorithm does alone.)
Of course, it would also be a mistake to combine two *related* algorithms. XORing keys exchanged by two algorithms which both provably depend on discrete logarithm doesn't make it much stronger - if they can solve discrete log, they can crack both algorithms. One would need to combine two unrelated algorithms which depend on different hard peoblems as their primitives.
In case you're wondering, yes, I do security for a living. :)