[Cryptography] Looks like Poe's Law will need an update
Henry Baker
hbaker1 at pipeline.com
Thu Jun 6 18:30:57 EDT 2024
-----Original Message-----
From: Phillip Hallam-Baker <phill at hallambaker.com>
Sent: Jun 6, 2024 2:29 PM
To: Peter Gutmann <pgut001 at cs.auckland.ac.nz>
Cc: cryptography at metzdowd.com <cryptography at metzdowd.com>
Subject: Re: [Cryptography] Looks like Poe's Law will need an update
On Sat, May 4, 2024 at 4:04 PM Peter Gutmann <pgut001 at cs.auckland.ac.nz (mailto:pgut001 at cs.auckland.ac.nz)> wrote:
Without using a search engine, is the headline "Google launches $5m prize to
find actual uses for quantum computers" (a) clever satire from The Onion or
(b) real news from New Scientist?
(Posted here because it's at least somewhat relevant to the cryptography
field, given the obsession with post-magic cryptography).
Peter.
There is no shortage of applications for a real quantum computer.
Finding an application for the devices IBM and Google have managed to make is a different matter entirely. Adding QBits is easy, keeping coherence long enough to make actual use of them is hard.
As far as I am aware, every 'quantum supremacy' claim so far has been demolished within 24 months by someone developing a better conventional algorithm.
OK, so writing standards is an exercise in pedantry and so is the interpretation of quantum mechanics at this level. Just like the economists, the physicists tend to believe that their models are reality rather than an approximation of reality. I was an experimentalist and what made our day was proving the theory bods wrong...
I remain skeptical as to large scale quantum computing even being possible. The standard model describes all the observed behaviors of the known particles on a small scale. But remains incompatible with relativity. Recently someone was asking *WHY* light slows down in a dense medium. Had a dozen physicists trying to answer that and nobody managed it, every 'explanation' turned out to merely be a restatement of 'WHAT'.
The untested hypothesis here is that quantum systems are capable of infinite entanglement. Well, what if there is a limit? What if the Heizenberg interpretation is merely a consequence of that limit?
The issues are even more murky when we are dealing with superconducting supercomputers which are not even quantum systems. No, sorry, what you have there is a macro system that exhibits similar properties to a quantum system. You are not demonstrating an ability to superscale beyond what conventional VLSI can do because you have far more atoms than you have possible system states.
Of course we should investigate quantum computing. But don't mistake it for an engineering exercise, it is not, it is basic research.
>From the point of view of cryptography there are only three questions that we need to ask.
1) What would the consequences of a CRQC being built without transitioning to PQC?
This is an eschaton level threat, basically the whole global financial system is under threat. Consequences are in the 'too bad to estimate'
2) What is the probability of that risk being realized within the next X years?
The supercold machines don't scale, each doubling in capability is costing a lot more than double. But trapped ion machines are capable of superscaling in principle. If someone ever builds one, we are in trouble. That is still at least ten years out and might well remain ten years out indefinitely. But there is always that 1% chance of a CRQC.
3) How much does it cost to deploy PQC algorithms in critical systems in the next ten years?
At this point, the cost is pretty minimal. None of the really critical systems are constrained performance devices. For the few applications that are, we can employ techniques that employ hybrid symmetric/asymmetric schemes like the ones I developed when I was at VeriSign, the patents should be running out on those.
The bigger problem is actually the systems that have never had cryptographic security but desperately need it, systems like CANBUS.
Don't forget the Aharov-Bohm Effect:
https://en.wikipedia.org/wiki/Aharonov%E2%80%93Bohm_effect
It basically says that -- unlike with other forces -- there is
no way to "shield" a qubit from its environment.
We're also back to days of *analog* computers, where there is
no way to 'square up'/'standardize' data and squeeze out
'noise'.
If error-correcting quantum codes are truly practical, then
perhaps they can do the 'squaring up'/'standardizing'.
For those of you who know something about fiber optics, there
may be a way of "patterning" an error-correcting code into
the fiber itself, so that only "correct" codes can propagate
down the fiber.
If something like this fiber optic scheme could work, it might
become a *room temperature* quantum computer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20240606/838d26a4/attachment.htm>
More information about the cryptography
mailing list