System Method Back when I was the field CTO for VMware in Asia-Pacific and Japan, many of my colleagues expected me to know everything about tech, and sometimes it was hard to bring myself to say “I don’t know. “

And so in 2018 when someone asked me to explain quantum computing I gave it a shot and made a complete mess of explaining. In fact, I made the most common mistake of a dabbling generalist (usually made in the popular scientific press) talking about trying multiple solutions equally, using the quantum property that is in a superposition of many states. If you know only one thing about quantum mechanics, it’s probably Schrödinger’s cat mind experiment, in which the cat is said to be in two states (alive and dead) at the same time. Well, that’s enough to make a bad definition of quantum computing.

Much of what I understand about quantum computing comes from Scott Aaronson through his blog and lecture notes. Right at the top of his blog is the line that has burned in my memory since I first read it: “Quantum computers can’t solve difficult problems right away just by trying all the solutions together.” This comic does a good job of debunking this line of thinking as well.

Quantum supremacy may or may not be a big deal

However, after failing my first attempt to explain it, I decided to move on a bit with quantum computing, which ended just in time. The first claim to “quantum supremacy” came out next year and I wanted to immediately understand if it was the big deal it seemed. (Like much of this space, it may or may not be a big deal.) One thing led to another and I was already knowledgeable enough (or crazy enough) to try a couple of lectures. in quantum computing and its practicality. effect. Although it’s hard to get an intuitive feel for quantum computing, this talk represents my best effort to provide that intuition.

Last week I saw a post by Aaronson about his experience at the Solvay Conference on Physics, this year’s topic is: “The Physics of Quantum Information.” Perhaps the most famous Solvay conference was the fifth, held in 1927, where quantum theory was put forward to an astonishing list of attendees including Einstein, Marie Curie, Bohr, Schrödinger and a dozen others. other Nobel prize winners.

The Solvay conference will be the biggest children’s poster for the importance of interdisciplinary research – in this year’s case, computer scientists are exchanging ideas with particle physicists. There is still a huge amount of work to be done to make quantum computers practical and to figure out what is really good about them, and a wide range of expertise is required to thrive.

But I was inspired to write this post by Aaronson’s suggestion that there be a “Law of Conservation of Weirdness.” This is more of a hypothesis than a law, but it is at the heart of what many researchers are trying to understand about quantum computing: when does quantum computing provide significant (i.e., super-polynomial) speedup in classical algorithms? Scott’s hypothesis is: there must be something “strange” about the problem for a quantum algorithm to be effective. What remains unresolved so far is the exact nature of that strangeness. But there is usually some kind of problem structure that makes it suitable for quantum speedup.

For us non-physicists, the most well-known (and probably most practically important) problem that presents an appropriate level of “strangeness” to benefit from quantum algorithms is factorization. Finding the root causes of an integer is not just a matter of randomly trying different answers until you stumble upon one that moves; there are many problem structures that allow an efficient quantum algorithm to be found. This is what Shor’s algorithm does, and there is a part of Shor’s algorithm that happens to be really efficient for quantum computers while not efficient for classical computers.

(It’s called quantum fourier transformation, and if you want a little intuition on how it works, Aaronson has you covered too.)

There is no reason to panic because we will have a time to wait before quantum computers are large enough and reliable enough to crack these algorithms, but the consensus is that we need to new algorithms in the end.

Why is this problem, and Shor’s algorithm, important? Well, much of cryptography depends on the perceived difficulty of finding the root causes of a large number, and a variety of equally difficult computational tasks. RSA and related public key algorithms are believed to be at risk for a decade or two of becoming ineffective.

This is because the supposedly difficult task of determining a private key assigned to a public key depends on the hardness of factoring a large number (or some equally expensive calculation). . If quantum computers continue to improve in terms of their number of quantum bits (qubits) and are as reliable as they have been in recent years, it seems like only an hour before these algorithm is no longer safe.

I would argue that there is no reason to panic because we have a waiting period before quantum computers are big enough and reliable enough to crack these algorithms, but the consensus is that we need to be new algorithms in the end, and that in time we will know. that old algorithms are broken, too late. Therefore, the wise choice is to plan ahead for “cryptographic agility”, i.e., the ability to change algorithms in favor of new non-volatile quantum solutions.

NIST has been running a process for many years to identify suitable candidates for post-quantum cryptography (PQC).

What I find even more interesting about this situation is that experts in this field are still thinking about what types of problems quantum solutions will accept. This is the point of the “Law of Conservation of Weirdness.” Only a narrow subset of problems that are difficult to solve classically can be easily solved using quantum algorithms. What we need for PQC are algorithms without efficient quantum (or classical) solutions. And while we can say “we haven’t found an efficient quantum solution” to a problem, it’s harder to say that no such solution exists. If nothing else, it highlights the need to be proactive in our choices of cryptographic algorithms going forward.

Finally, there seems to be little “unreasonable excitement” about the ability of quantum computers to solve all sorts of problems, in areas such as machine learning and financial markets. Although there is indeed a strangeness in both areas, I don’t think that’s what Aaronson meant. What I took from his presentation on Solvay [PPT] so the set of problems with efficient quantum solutions remains small, even if the most recent research seeks to determine what makes a problem suitable for quantum computing. ®