The US National Academies of Sciences, Engineering, and Medicine issued a report this week on the state of quantum computing. It's a subject of some concern given speculation that such devices could render current encryption schemes worthless.
The good news is your secrets should be safe from quantum prying for at least
n years, where
n is undefined but somehow doesn't trigger any error handling. Perhaps more importantly, quantum computing researchers can look forward to
n years of funding because it's anyone guess how long it will take to create a commercially useful quantum computer.
The first of ten key findings in the report, Quantum Computing: Progress and Prospects, frames the situation thus:
Given the current state of quantum computing and recent rates of progress, it is highly unexpected that a quantum computer that can compromise RSA 2048 or comparable discrete logarithm-based public key cryptosystems will be built within the next decade.
The report makes passing reference to a few researchers who have argued such systems are impossible, siding with more widely held view that there's no obvious reason such a system couldn't be built, if our current understanding of quantum physics is accurate.
But for the panel of experts involved in the report, moving from there's no theoretical barrier to an actual delivery date is too much to ask. Given how long it could take to create a scalable quantum computer, they instead propose a framework for assessing progress which involves monitoring the error rate.
Current quantum systems, which rely on quantum bits or qubits, make too many errors to be very useful at scale.
Qubits can represent 0 and 1 simultaneously though the phenomenon known as superposition. They enable more powerful computation than traditional computers - in the lab at least - which is why people worry that encryption keys could be more easily identified. But building a machine cable of handling enough qubits poses numerous unsolved challenges.
According to the report, "The average error rate of qubits in today's larger devices would need to be reduced by a factor of 10 to 100 before a computation could be robust enough to support error correction at scale, and at this error rate, the number of physical qubits that these devices hold would need to increase at least by a factor of 10^5 in order to create a useful number of effective logical qubits."
And the report says it's too difficult to predict when that might happen.
Surprise surprise, Intel is happy
The Register asked D-Wave, which sells quantum computing hardware, if anyone there cared to comment on the report. A company spokesperson said no one had anything to add.
Quantum cryptography demo shows no need for ritzy new infrastructureREAD MORE
Jim Clarke, director of quantum hardware at Intel, framed the findings as a validation the chip maker's current efforts.
"The NAS report's time frame for a quantum computer that can compromise cryptographic codes fits well with Intel's position that a commercially relevant system is about 10 years away," he said via email. "Cryptographic code-breaking is one of the most demanding applications in terms of number of qubits and error correction needed."
Clarke however said less advanced quantum computers may be able to help sooner than that in other applications, like simulations of chemistry and materials systems.
Intel in January talked up "Tangle Lake," a 49-qubit superconducting quantum test chip. At the time, Mike Mayberry, corporate veep and managing director of Intel Labs, said "We expect it will be five to seven years before the industry gets to tackling engineering-scale problems, and it will likely require 1 million or more qubits to achieve commercial relevance."
It's perhaps worth noting that University of Chicago professor Diana Franklin, at a US congressional hearing on quantum computing in May, said quantum computers of this size "do not yet perform useful computation," being no more powerful than a 1980s desktop PC.
How you reconcile predicting a functional product in ten years with "nothing is expected over the next ten years" depends on whether you see the glass as half-full or you're not sure that the glass will hold water, if you can even get ahold of one.
The report points out that quantum computing has been on Gartner's hype list 11 times between 2000 and 2017, each time listed in the earliest stage of the hype cycle and each time said to be more than a decade away.
To put it more bluntly, there's key finding number four:
Given the information available to the committee, it's still too early to be able to predict the time horizon for a scalable quantum computer.
But it's not too early to solicit funds. That was the message delivered Franklin during her congressional testimony, who cited rival investments made by China, Europe and the UK: The federal government needs to open its wallet, for who knows how long. ®