Google Reportedly Attains 'Quantum Supremacy' (cnet.com) 93
New submitter Bioblaze shares a report from CNET: Google has reportedly built a quantum computer more powerful than the world's top supercomputers. A Google research paper was temporarily posted online this week, the Financial Times reported Friday, and said the quantum computer's processor allowed a calculation to be performed in just over 3 minutes. That calculation would take 10,000 years on IBM's Summit, the world's most powerful commercial computer, Google reportedly said. Google researchers are throwing around the term "quantum supremacy" as a result, the FT said, because their computer can solve tasks that can't otherwise be solved. "To our knowledge, this experiment marks the first computation that can only be performed on a quantum processor," the research paper reportedly said.
I'll show you quantum supremacy (Score:3, Funny)
Re: (Score:2)
A super computer never would have wasted it's teraflops with a /. firstpost, but a supreme quantum computer has time to screw around with the banal.
Re: (Score:2)
"A super computer never would have wasted it's teraflops "
Oh look, a quantum apostrophe! it's means it is
Re: (Score:2)
A quantum "is the minimum amount of any physical entity", much like your penis.
Re: (Score:2)
Oh look, a quantum apostrophe! it's means it is
Sure, a classical apostrophe means "it is", but all we can say with a quantum apostrophe is a probability.
Re: (Score:3)
We are all first posters and not until the quantum superposition collapses.
Re: (Score:1)
There was an article in the March 2019 IEEE Spectrum "The case against quantum computing" which made a case that the effort was going nowhere. Wonder what the author thinks of this development?
Someone call Scott Bakula! (Score:2)
Because this is, after all, quite the Quantum Leap.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Pffft! Volkswagen achieved Quantum supremacy in the 80s.
. . . but they cheated on their numbers, of course.
Re: (Score:2)
Pffft! Volkswagen achieved Quantum supremacy in the 80s.
. . . but they cheated on their numbers, of course.
well played
Re: (Score:2)
That would be a quantum leap into your privacy, doing windows anal probe 10, Google via quantum technology, know what is going on in your rectum before you do, all hail evil, blah, blah, blah.
Re: (Score:1)
Breaking encryption? (Score:3, Interesting)
Encryption is useless [12bytes.org]:
Re: (Score:2)
What is the state of quantum-difficult algorithms?
Re:Breaking encryption? (Score:5, Interesting)
For public key cryptography, I don't trust any claims about quantum-proof. Generally, just keep making the key size bigger and avoid anything based on something that has already been solved, but you know that at some point all of these integer tricks are going to be reducible to just one essential thing, which will be solved in some fashion we can't yet imagine.
For symmetric key stuff, things are way rosier. There's a quantum algorithm that basically lets you halve the key size (but that's still a pretty theoretical attack, especially given the drama needed to perform those types of multistep operations), so if something has a good block size and key length, you should be ok. AES-256 is maybe ok because the key length of 256 is pretty long, and halved to 128 would be ok. By contrast, 128-bit shrinking to 64 bit is not great at all. Serpent has more raw steps, and if you want to put your money on that being the thing that cockblocks quantum computers (and it seems maybe an ok bet?), then consider that one. Regardless, anything with 256 bit keys and a pile of substitutions should be substantially superior to anything based on some one way function, with the obvious downside of all the extra drama of sharing a key (which makes it a non starter for many applications).
This is all just my take on it, and I'm just some guy.
Re: (Score:1)
Except for the part where a lot of the symmetric keys are distributed using public key cryptography. A chain is only a strong as its weakest link.
Re: Breaking encryption? (Score:2)
There are many candidates for PQ key exchange management algs. KYBER, NEWHOPE, FRODO, ... none of which depend on primes, rather using some Lattice voodoo. Hopefully they pan out.
Re: (Score:2)
That can easily be changed. Think of your bank issuing a 32 Octet symmetric key for banking. That is way more secure than the TLS crapola. No MITM, for starters.
http://altwissenschaft.ddnss.d... [ddnss.de]
Re: (Score:1)
Re: (Score:3)
Very good, "Just some guy"
This entire discussion revolves around
Convenience vs Security
Mathematical One Way or Trap Door functions moved the boundaries around a lot, but boundaries persists. Symmetrical encryption can be made unbreakable or very nearly unbreakable but the key exchange is a problem. One way functions rely on some version of "I can multiply faster than you can factor". Quantum machines will move the boundary between "factor" and "multiply" way over into Multiply's territory.
The new Ellipti
Re:Breaking encryption? (Score:4, Interesting)
For public key cryptography, I don't trust any claims about quantum-proof. Generally, just keep making the key size bigger and avoid anything based on something that has already been solved, but you know that at some point all of these integer tricks are going to be reducible to just one essential thing, which will be solved in some fashion we can't yet imagine.
Most of the asymmetric post-quantum schemes don't depend on "integer tricks". The oldest example is the Merkle signature scheme, which relies only on the existence of secure hash functions. While Grover's algorithm [wikipedia.org] (the one you referred to that halves the security of symmetric key lengths) does the same length-halving trick on hash functions, that's as easy to address with hash functions as it is with symmetric key sizes.
Many of the other post-quantum schemes are based not on integers, but on complex lattices [wolfram.com]. I'd love to explain why quantum computers don't have an advantage in solving these sorts of problems, but I frankly haven't put in the time to understand either the problems or the reasons they resist solution by quantum computers... but the consensus of the people who do understand both of those things is that there are no quantum algorithms that can significantly reduce their difficulty.
There's still significant work to be done in this space, but I don't think your dismissive attitude is warranted.
Re: (Score:2)
>For public key cryptography, I don't trust any claims about quantum-proof.
The proofs of resistance from quantum computer algorithms see pretty sound.
Where the quantum resistant public key algorithms fall down is either on resistance to conventional cryptanalysis or stupidly large bitwidths (Just transfer this 4 MiByte parameter and do some math - per packet).
I know of no algorithm that is simultaneously quantum secure, efficient and trustable for the long haul.
Re: (Score:2)
KERBEROS (Score:1)
OR (Score:1)
Re: (Score:2)
All Except OTP (Score:1)
Re: (Score:2)
It depends (Score:1)
But of course you can mess up everything or have a problem of corrupted people. But that is an aspect which pertains all cryptosystems. Secure keymaterial transfer is possible. It's called diplomatic poach which three guys who watch each other. Or several other options.
Re: (Score:3)
The author clearly doesn't understand how encryption actually works. If something takes 10.000 years to break, and you don't think it's enough, add 1 bit to the key space and it will take 20.000 years to break. Add sufficient more bits (like 100 orso) and it can't be broken without using up all energy in the entire universe.
Perhaps quantum computers will break some algorithms, but I doubt it will break them all.
Re:Breaking encryption? (Score:5, Informative)
> If something takes 10.000 years to break, and you don't think it's enough, add 1 bit to the key space and it will take 20.000 years to break
This depends entirely on what you are talking about. The entire reason quantum stuff gets discussed in the same breath as crypto is because there are quantum algorithms that solve certain functions in times that are no longer O(n), but instead O(log(n)) - that is, they no longer scale up with the total number of possibilities, but instead they scale with the total number of glyphs used to express them, in the same way that factoring a 2048 bit integer is really hard but adding two 2048 bit integers together is really easy. If you're relying on factoring to keep your data safe, and someone has a physical implementation of Shor's algorithm, then adding 1 bit to the keyspace doesn't double the time it takes, in the same fashion that adding two 9 bit numbers together doesn't take twice the time of adding two 8 bit numbers together.
Re: (Score:2)
Quantum computers are different, they work differently than the computer your are basing your assumption on. That heat death of the universe with a regular computer becomes a 64+ qubit computer and 10 minutes. Quantum computer power increases exponentially with additional qubits. A 32 qubit computer is theoretically as powerful as the best exascale supercomputer that isn't even built yet, but you add 2 more qubits and it's suddenly twice as powerful.
See that's the problem, you've got this assumption about
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Bullshit. This thing is nowhere near of doing even the calculations to break current crypto, let alone the key-sizes. What they likely have is probably some very specific approximation of some function that is not computable in closed form digitally, but requires very few steps on a QC. The speed claim them comes from the precision of the approximation, nothing else.
This is a bit like measuring weather vs. simulating weather. The measurements are of course far faster, but you cannot actually do anything els
Re: Breaking encryption? (Score:2)
No, encryption is not useless. You're thinking about secrecy wrong if your only plan is "forever". That's nearly impossible and you need a whole lot more than good encryption going for you. So, back in reality-land, encryption is very useful for more realistic goals with contingency plans.
Re: (Score:2)
Maybe true (will not look at the link) but a quantum computer isn't 100k times more powerful "than average"* and that's not how it works. This is someone that obviously don't know much about encryption and even less about quantum computers, for example it's not possible** to chain together 100 quantum computers to speed up cracking a public key. Even if we had quantum computers that were capable of cracking the keys used today (we are far far away from that) the extreme difficulty in scaling the number of q
Bullshit (Score:1)
2.) Symmetric Ciphers with keys of 256 bit or more are mostly not affected
3.) We can easily live without Public Key Ciphers, all a matter of organization. In fact, symmetric ciphers don't have the MITM and Cert Authority Hacking problem.
http://altwissenschaft.ddnss.d... [ddnss.de]
http://altwissenschaft.ddnss.d... [ddnss.de]
Re: (Score:1)
Re: (Score:3)
and let's further assume that it would take roughly 10,000 years for the average computer to break it.
For modern crypto techniques, the average computer would take about
10 trillion years to brute-force break the encryption on a 1024 bit key.
Most implementations use at least a 2048 bit key, which would take
around a trillion trillion years to break. If you could turn every
molecule in the Milky Way into a PC, it would still take
longer than the expected life of the galaxy to break just one key.
Schrödinger's ads. (Score:3)
Ads at the speed of uncertainty.
Re: (Score:1)
Breaking Bitcoin. (Score:2)
Re: (Score:3)
The value of bitcoin has always been just above $0. Eventually the price will catch up with this value.
Just Like the Dollar (Score:1)
Re: (Score:3)
Bitcoin isn't as vulnerable to quantum attack as you may think.
There is a general purpose solver algorithm that can solve hashing quickly, but it operates on quantum circuits. We can't even build a classical circuit for hashing, which strongly suggests that we have at least several decades before we need to worry about anyone making a quantum version.
The keys used to sign transactions could be recovered, but only after the transaction has been completed. One mitigation would be to only transmit your trans
Re: (Score:2)
There is a general purpose solver algorithm that can solve hashing quickly
What algorithm are you referring to? The best I'm aware of is Grover's algorithm, but it's easily defended against just by using larger hash inputs and outputs.
BS (Score:1)
Re: (Score:3)
Early on, Bitcoin used P2PK transactions, where the public key was included in the blockchain. Rather quickly, this was refined to P2SH transactions, which do not include the public key in the blockchain.
Those early ones, including Satoshi's, could be reversed using Shor's Algorithm, in theory, on a computer that could run it.
So far nobody thinks quantum computers can reverse hashes. Yay, entropy.
Anybody who's moved their coins in the past, oh, six or seven years, is fine for now.
Strangely enough (Score:3)
I'm impressed, but I don't feel warm and fuzzy as I would knowing this came from academia.
Re: (Score:1)
So ? (Score:1)
http://altwissenschaft.ddnss.d... [ddnss.de]
http://altwissenschaft.ddnss.d... [ddnss.de]
Google and supremacy (Score:1)
...sounds like a bad combination.
Plus a development in quantum computing would be super-cool, but I don't think anything Google says can be trusted.
Re:Google and supremacy (Score:5, Funny)
Re: (Score:1)
I've looked. It's evil.
When no one can count on their encryption, (Score:2)
What's the internet look like when no one can count on encryption anymore? Does business have to shuffle off to some other method?
Re: (Score:1)
Usenet as a system of posting one time pad messages.
A series of BBS and IRC networks using one time pads?
How many pages in a random book to encrypt one jpeg?
Re: (Score:1)
So it may end up more like the real world? Rather then being impossible to commit crimes we'd have to discourage people doing it, and catch them when they do.
Still plenty of differences, encryption will still make things harder, online services can be attacked from a distance, etc.
Re: (Score:2)
Staying anonymous isn't a problem. Staying pseudonymous, all instances of your handle pointing back at you, is a problem when your signature can't be trusted.
Re: (Score:1)
Re: (Score:2)
Absolute worst case, we go back to physical distribution of one-time pads.
You get a small card with a terrabyte or so of random data, and some trusted central authority (like we use now for public key authentication) holds a copy.
All your data will need to go via that middle-man, who will decode it, and re-encode using a one-time pad shared with the other end-point.
When you've nearly used up your pad, you take it to, say the Post Office, where it will serve as ID to exchange for a new pad.
Very inconvenient
How Does Misinformation Look Like ? (Score:1)
http://altwissenschaft.ddnss.d... [ddnss.de]
Google had no comment ... (Score:3)
... and:
"To our knowledge, this experiment marks the first computation that can only be performed on a quantum processor," the research paper reportedly said.
I call bullshit.
It's weasel all the way down.
The leading academia do not support this level of technology.
Re: (Score:2)
Actually what you call "weasel" is what an intelligent person speaking generally sounds like. Intelligent people trying to honest generally try to avoid absolutes because they are rarely technically correct. You'll learn why this matters pretty quickly if you step into the technical or scientific world where you work with highly complex matters and billions or more possibilities.
Re: (Score:2)
So you say. I'm not making this call because I am intelligent. I'm making it because I'm experienced. Quantum computer scientists communicate very well among each other, and working in isolation to the point that our knowledge of advances in our own field leaves us clueless is not the way it works.
Additionally, why, "reportedly said?" Did the goddam research paper say that or not? That absolute is unavoidable.
Re: (Score:2)
"working in isolation to the point that our knowledge of advances in our own field leaves us clueless"
There you go. An assumption that only someone who is clueless could be unaware of something in the field. You assert a false premise that there can't be an expert who does not know something. Yet, you've made the blanket assumption that progress is only happening in Academia (where everyone obviously wants to publish) and not in the private and classified military sector.
"Additionally, why, "reportedly said
Re: (Score:2)
As there is no such computation, this is likely just more bad research from Google. And that is likely why it was pulled.
Re: (Score:2)
I agree. They turtled the whole goddam thing after those of us in the field chimed in.
Abstract (Score:2)
Re: (Score:3)
The catch is that this is not a general computation, but something exceptionally specific. There is no "supremacy" here.
But does the software exist (Score:2)
Can this speed actually be realized to solve a real world task ?
Re: (Score:2)
nm ...
https://www.technologyreview.c... [technologyreview.com]
Re: (Score:2)
Nope.
Re: (Score:2)
If the task is "calibrate the probability distribution of the quantum network" then yes. If not, then no.
What this means is that Google's quantum computer, once it can do stuff, will support a POST at boot.
triggered (Score:3)
as applied to ads (Score:2)
Re: (Score:2)
You buy whenever they collapse the waveform, you don't have to wait to see the ad first anymore.
Could they work together? (Score:2)
From this article https://www.technologyreview.c... [technologyreview.com]
"It’s easy to imagine that at this rate of progress, quantum computers should soon be able to outperform the best classical ones.
Not so. It turns out that quantum factoring is much harder in practice than might otherwise be expected. The reason is that noise becomes a significant problem for large quantum computers. And the best way currently to tackle noise is to use error-correcting codes that require significant extra qubits themselves."
"And the be
Re: (Score:2)
err meant to say what about two quantum computers working in tandem.
And what is meant by "noise"?
Don't Worry (Score:1)
Didn't tell us what the problem was (Score:1)
Maybe all it did was figure out what a woman would have decided. After all sometimes they say you'll never guess in 10,000 years.
Seriously, I'd like to know what the problem was.
Never the less, this is a big achievement IF (and this is a really big if) they pulled it off.
Verification of the result? (Score:2)
If Summit supercomputer takes 10,000 years to do the calculation, how exactly do they verify the result of the quantum computer is indeed correct?
Newsworthy but not such a big deal... yet... (Score:1)
This goal of quantum supremacy was just a milestone, measurable but mostly of marketing value. It is newsworthy for sure.
But testing a quantum computer against a conventional computer on a problem that is essentially simulating a quantum computer, well, that is a bit of an impractical milestone. Yes, it can be helpful for bootstrapping progress, but it qualifies as mostly marketing because it sounds like far more progress than it is.
I am a long time fan of unconventional computing architectures (I first bro
technical lecture background (Score:1)