[Cryptography] Quantum computers are thirty years away and will remain thirty years away forever

[Nicko van Someren]

On Feb 15, 2026, at 14:22, jrzx via cryptography <cryptography at metzdowd.com> wrote:

> All existing quantum computers have not been quantum computers.  They have been demonstrations of the quantum effects that are the physical basis for an actual quantum computer.

I'm going to have to disagree with you there. Several companies have demonstrated not just a series of gates, but the ability to pass information through those gates in a sequence that is configurable at runtime. These machines are limited in size and reliability, but so were the very first stored program computers made of vacuum tubes.

> A quantum computer is composed of Tofoli gates. 

I'm going to have to disagree with you there too. A quantum computer is composed of any set of gates that let you implement useful quantum algorithms. Toffoli (two effs) gates are universal in the same way that a NAND gate is, in that you con construct any function *only* using that gate, but there are other *sets of gates* that also provide universality. 

> A useful quantum computer will need of millions of Tofoli gates.

IGTHTDWY again. A useful quantum computer is going to need a lot of gates, and those gates are going to need to be able to be connected to each other, but they can be a mixture of all sorts of gates.

> For classical logic, nand is the universe gate, from which every logical relationship can be constructed.  For quantum, you need unitary gates, the simplest of which is the Tofoli gate, from which every logical relationship can be constructed.   No Tofoli gates, no quantum computer.
> 
> A  Tofoli gate iperforms a unitary transformation on three qbits.  No unitary transformation, no quantum computer.

All quantum gates perform unitary transformations; the Toffoli gate is one of the simplest *three-input* unitary gate. Any gate that isn't unitary is essentially performing measurement.

> So far no one has built a quantum Tofoli gate.  They have built quantum CNot gates, but if no unitary transformation of qbits, no quantum computer.

That's not true. Monz et al demonstrated an implementation back in 2009 (https://journals.aps.org/prl/abstract/10.1103/PhysRevLett.102.040501) and they've been getting better since. Importantly, in 2021 Ru et al showed a single photo version that didn't require any probabilistic selection (https://journals.aps.org/pra/abstract/10.1103/PhysRevA.103.022606). 

> It is claimed that you can build a Tofoli gate out of CNOT gates.  This not true, though it has an element of truth..  Not one Tofoli gate has actually been realized.  You cannot  build a unitary gate out of non unitary gates -- what a quantum CNOT gate does do is demonstrate in principle the quantum physics that you are going to need to build an actual Tofoli gate, which is not in quite the same thing as building it out of CNOT gates.

Yes you can implement a Toffoli gate using other gates. The flaw here seems to be your belief that the CNOT is not a unitary transformation. A CNOT gate's transformation matrix is ((1, 0, 0, 0), (0, 1, 0, 0), (0, 0, 0, 1), (0, 0, 1, 0)), and that's unitary.

> A Tofoli can be thought of as a collection of CNOT gates, but a collection of separate CNOT gates cannot be a Tofoli gate.
> 
> It is not just a matter of feeding the outputs of some CNOT gates into the inputs of others.  You have to physically merge them into one gate.

You can't build a Toffoli gate out of only CNOT gates, but you can build them out of CNOTs, single bit rotations, and T and S phase gates. One of the more reliable constructs is a CCZ gate in between two Hadamards, but there any several others.

> And so far, not one actual Tofoli gate.

Actually, there have. Go read the literature. There have even been some single gate implementations, but their fidelity is less good than building them out of several simpler gates.

There are many, many issues that need to be addressed before we get large quantum computers that can attack classical cryptographic algorithms. As a fellow from IBM once said in response to the assertion that the science was already solved and that scaling up quantum computers was "only an engineering problem", "Utility-scale nuclear fusion is only and engineering problem. Building a colony on Mars is only an engineering problem." I don't expect to see cryptographically relevant QCs for a long time, but that's very different to there being QCs that are useful for important problems.

Quantum computing is still at the very early stages, probably somewhere between Babbage's analytical engine and the Manchester "Baby" SSEM, but it's just wrong to say that nobody has demonstrated a quantum computer.

Nicko