Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Google Hardware Technology

Google Reportedly Attains 'Quantum Supremacy' (cnet.com) 93

New submitter Bioblaze shares a report from CNET: Google has reportedly built a quantum computer more powerful than the world's top supercomputers. A Google research paper was temporarily posted online this week, the Financial Times reported Friday, and said the quantum computer's processor allowed a calculation to be performed in just over 3 minutes. That calculation would take 10,000 years on IBM's Summit, the world's most powerful commercial computer, Google reportedly said. Google researchers are throwing around the term "quantum supremacy" as a result, the FT said, because their computer can solve tasks that can't otherwise be solved. "To our knowledge, this experiment marks the first computation that can only be performed on a quantum processor," the research paper reportedly said.
This discussion has been archived. No new comments can be posted.

Google Reportedly Attains 'Quantum Supremacy'

Comments Filter:
  • by OutOnARock ( 935713 ) on Friday September 20, 2019 @06:31PM (#59218442)
    First post!
    • A super computer never would have wasted it's teraflops with a /. firstpost, but a supreme quantum computer has time to screw around with the banal.

      • by Anonymous Coward

        "A super computer never would have wasted it's teraflops "

        Oh look, a quantum apostrophe! it's means it is

        • A quantum "is the minimum amount of any physical entity", much like your penis.

        • by Livius ( 318358 )

          Oh look, a quantum apostrophe! it's means it is

          Sure, a classical apostrophe means "it is", but all we can say with a quantum apostrophe is a probability.

    • We are all first posters and not until the quantum superposition collapses.

    • There was an article in the March 2019 IEEE Spectrum "The case against quantum computing" which made a case that the effort was going nowhere. Wonder what the author thinks of this development?

  • Because this is, after all, quite the Quantum Leap.

  • Breaking encryption? (Score:3, Interesting)

    by thereitis ( 2355426 ) on Friday September 20, 2019 @06:44PM (#59218484) Journal

    Encryption is useless [12bytes.org]:

    Let's assume that you're encrypting an email using some supposedly highly secure encryption algorithm along with a very long and secure passphrase, and let's further assume that it would take roughly 10,000 years for the average computer to break it. Would you feel confidant using such encryption? Well, what happens if that code breaking computer is 100,000 times more powerful than average? And what if you chain together 100 of those computers? Breaking that encryption may now be possible in a few hours or seconds.

    • What is the state of quantum-difficult algorithms?

      • by cfalcon ( 779563 ) on Friday September 20, 2019 @07:47PM (#59218630)

        For public key cryptography, I don't trust any claims about quantum-proof. Generally, just keep making the key size bigger and avoid anything based on something that has already been solved, but you know that at some point all of these integer tricks are going to be reducible to just one essential thing, which will be solved in some fashion we can't yet imagine.

        For symmetric key stuff, things are way rosier. There's a quantum algorithm that basically lets you halve the key size (but that's still a pretty theoretical attack, especially given the drama needed to perform those types of multistep operations), so if something has a good block size and key length, you should be ok. AES-256 is maybe ok because the key length of 256 is pretty long, and halved to 128 would be ok. By contrast, 128-bit shrinking to 64 bit is not great at all. Serpent has more raw steps, and if you want to put your money on that being the thing that cockblocks quantum computers (and it seems maybe an ok bet?), then consider that one. Regardless, anything with 256 bit keys and a pile of substitutions should be substantially superior to anything based on some one way function, with the obvious downside of all the extra drama of sharing a key (which makes it a non starter for many applications).

        This is all just my take on it, and I'm just some guy.

        • by rgmoore ( 133276 )

          For symmetric key stuff, things are way rosier.

          Except for the part where a lot of the symmetric keys are distributed using public key cryptography. A chain is only a strong as its weakest link.

          • There are many candidates for PQ key exchange management algs. KYBER, NEWHOPE, FRODO, ... none of which depend on primes, rather using some Lattice voodoo. Hopefully they pan out.

          • "Except for the part where a lot of the symmetric keys are distributed using public key cryptography"
            That can easily be changed. Think of your bank issuing a 32 Octet symmetric key for banking. That is way more secure than the TLS crapola. No MITM, for starters.
            http://altwissenschaft.ddnss.d... [ddnss.de]
        • by AHuxley ( 892839 )
          Back to one time pads?
        • Very good, "Just some guy"
          This entire discussion revolves around
          Convenience vs Security

          Mathematical One Way or Trap Door functions moved the boundaries around a lot, but boundaries persists. Symmetrical encryption can be made unbreakable or very nearly unbreakable but the key exchange is a problem. One way functions rely on some version of "I can multiply faster than you can factor". Quantum machines will move the boundary between "factor" and "multiply" way over into Multiply's territory.
          The new Ellipti

        • by swillden ( 191260 ) <shawn-ds@willden.org> on Saturday September 21, 2019 @07:18AM (#59219634) Journal

          For public key cryptography, I don't trust any claims about quantum-proof. Generally, just keep making the key size bigger and avoid anything based on something that has already been solved, but you know that at some point all of these integer tricks are going to be reducible to just one essential thing, which will be solved in some fashion we can't yet imagine.

          Most of the asymmetric post-quantum schemes don't depend on "integer tricks". The oldest example is the Merkle signature scheme, which relies only on the existence of secure hash functions. While Grover's algorithm [wikipedia.org] (the one you referred to that halves the security of symmetric key lengths) does the same length-halving trick on hash functions, that's as easy to address with hash functions as it is with symmetric key sizes.

          Many of the other post-quantum schemes are based not on integers, but on complex lattices [wolfram.com]. I'd love to explain why quantum computers don't have an advantage in solving these sorts of problems, but I frankly haven't put in the time to understand either the problems or the reasons they resist solution by quantum computers... but the consensus of the people who do understand both of those things is that there are no quantum algorithms that can significantly reduce their difficulty.

          There's still significant work to be done in this space, but I don't think your dismissive attitude is warranted.

        • >For public key cryptography, I don't trust any claims about quantum-proof.

          The proofs of resistance from quantum computer algorithms see pretty sound.

          Where the quantum resistant public key algorithms fall down is either on resistance to conventional cryptanalysis or stupidly large bitwidths (Just transfer this 4 MiByte parameter and do some math - per packet).

          I know of no algorithm that is simultaneously quantum secure, efficient and trustable for the long haul.

      • by Cyberax ( 705495 )
        For symmetric crypto we basically don't need to worry. A 256-bit key is more than secure enough. There are several proven quantum-difficult public key algorithms (in particular, hash-based keys). Unfortunately, they are all unwieldy with large key sizes.
        • Instead of trusting CAs, we could equally trust Banks, post office or telcos to be KERBEROS providers. Then you do not need public key ciphers for anything: http://altwissenschaft.ddnss.d... [ddnss.de]
          • Even more secure and in many cases feasible is to transfer symmetric keys by means of paper mail, courier or user-personal key issuing. Walk into your bank, identify by ID+account number, receive a printout of a 32 Octet symmetric key. Hard to get more security, as one does not need the certificate mumbo-jumbo+CAs.
      • There are a lot of options [wikipedia.org]. None of them have been proven unbreakable, but there are some that no one knows how to break. The same is true of our current algorithms, though, they haven't been proven unbreakable.
        • All ciphers except OTP-based will eventually be broken. Not a single cipher of the 1800s is still considered secure. Forward to 2200 and they will consider AES broken, because they have better math and better math software.
          • OTP is only secure if you ignore key-transfer, which in the real-world, you can't.
            • There have been successful uses of OTP ciphers by the Russian, NZ, Canada governments and possibly others. Overall, this was highly successful for all of them.
              But of course you can mess up everything or have a problem of corrupted people. But that is an aspect which pertains all cryptosystems. Secure keymaterial transfer is possible. It's called diplomatic poach which three guys who watch each other. Or several other options.
    • by swilver ( 617741 )

      The author clearly doesn't understand how encryption actually works. If something takes 10.000 years to break, and you don't think it's enough, add 1 bit to the key space and it will take 20.000 years to break. Add sufficient more bits (like 100 orso) and it can't be broken without using up all energy in the entire universe.

      Perhaps quantum computers will break some algorithms, but I doubt it will break them all.

      • by cfalcon ( 779563 ) on Friday September 20, 2019 @08:12PM (#59218686)

        > If something takes 10.000 years to break, and you don't think it's enough, add 1 bit to the key space and it will take 20.000 years to break

        This depends entirely on what you are talking about. The entire reason quantum stuff gets discussed in the same breath as crypto is because there are quantum algorithms that solve certain functions in times that are no longer O(n), but instead O(log(n)) - that is, they no longer scale up with the total number of possibilities, but instead they scale with the total number of glyphs used to express them, in the same way that factoring a 2048 bit integer is really hard but adding two 2048 bit integers together is really easy. If you're relying on factoring to keep your data safe, and someone has a physical implementation of Shor's algorithm, then adding 1 bit to the keyspace doesn't double the time it takes, in the same fashion that adding two 9 bit numbers together doesn't take twice the time of adding two 8 bit numbers together.

      • Quantum computers are different, they work differently than the computer your are basing your assumption on. That heat death of the universe with a regular computer becomes a 64+ qubit computer and 10 minutes. Quantum computer power increases exponentially with additional qubits. A 32 qubit computer is theoretically as powerful as the best exascale supercomputer that isn't even built yet, but you add 2 more qubits and it's suddenly twice as powerful.

        See that's the problem, you've got this assumption about

    • by AHuxley ( 892839 )
      Try it on any VPN product in use :)
    • What if you built a type writer type encryption device that you could send encoded messages to your armed forces, and what if some gay dude in England found out a way to break that code and make your encryption device useless? In case you didn't get the reference [bletchleypark.org.uk]. Encryption's have been broken, it's happened before, it will happen again. So now they use quantum computers to break regular computers encryption. It won't be long before we just start encrypting things with quantum computers. There will be
    • by gweihir ( 88907 )

      Bullshit. This thing is nowhere near of doing even the calculations to break current crypto, let alone the key-sizes. What they likely have is probably some very specific approximation of some function that is not computable in closed form digitally, but requires very few steps on a QC. The speed claim them comes from the precision of the approximation, nothing else.

      This is a bit like measuring weather vs. simulating weather. The measurements are of course far faster, but you cannot actually do anything els

    • No, encryption is not useless. You're thinking about secrecy wrong if your only plan is "forever". That's nearly impossible and you need a whole lot more than good encryption going for you. So, back in reality-land, encryption is very useful for more realistic goals with contingency plans.

    • by Megol ( 3135005 )

      Maybe true (will not look at the link) but a quantum computer isn't 100k times more powerful "than average"* and that's not how it works. This is someone that obviously don't know much about encryption and even less about quantum computers, for example it's not possible** to chain together 100 quantum computers to speed up cracking a public key. Even if we had quantum computers that were capable of cracking the keys used today (we are far far away from that) the extreme difficulty in scaling the number of q

    • 1.) We still have OTP, if you like that.
      2.) Symmetric Ciphers with keys of 256 bit or more are mostly not affected
      3.) We can easily live without Public Key Ciphers, all a matter of organization. In fact, symmetric ciphers don't have the MITM and Cert Authority Hacking problem.
      http://altwissenschaft.ddnss.d... [ddnss.de]
      http://altwissenschaft.ddnss.d... [ddnss.de]
    • However the ... lets call it quantum myth does not take into account the bottleneck it can't beat : network data transfer speed ... unless it can get the hashes locally , in which case it might take only a quantum to break it needs to go through the cables to get there, plenty of delays possible to install failsafes, what is the max data transfer speed anyway ? light ? is that even reliable by now, but in that case even the biggest calculations would bottleneck there, no? Or does that thing just suddenly fl
    • and let's further assume that it would take roughly 10,000 years for the average computer to break it.

      For modern crypto techniques, the average computer would take about
      10 trillion years to brute-force break the encryption on a 1024 bit key.
      Most implementations use at least a 2048 bit key, which would take
      around a trillion trillion years to break. If you could turn every
      molecule in the Milky Way into a PC, it would still take
      longer than the expected life of the galaxy to break just one key.

  • by Ostracus ( 1354233 ) on Friday September 20, 2019 @06:45PM (#59218490) Journal

    Ads at the speed of uncertainty.

  • What's a coin worth when you can compute it in no time?
    • The value of bitcoin has always been just above $0. Eventually the price will catch up with this value.

    • Bitcoin isn't as vulnerable to quantum attack as you may think.

      There is a general purpose solver algorithm that can solve hashing quickly, but it operates on quantum circuits. We can't even build a classical circuit for hashing, which strongly suggests that we have at least several decades before we need to worry about anyone making a quantum version.

      The keys used to sign transactions could be recovered, but only after the transaction has been completed. One mitigation would be to only transmit your trans

      • There is a general purpose solver algorithm that can solve hashing quickly

        What algorithm are you referring to? The best I'm aware of is Grover's algorithm, but it's easily defended against just by using larger hash inputs and outputs.

      • Symmetric Ciphers are generally immune to quantum attacks, if you increase key size to 256 bits. You can construct Hashing Algorithms from symmetric ciphers using the Davies-Meyer method. Which tells me it is easy to harden Hashing algorithms against quantum computer attacks. http://altwissenschaft.ddnss.d... [ddnss.de]
    • Early on, Bitcoin used P2PK transactions, where the public key was included in the blockchain. Rather quickly, this was refined to P2SH transactions, which do not include the public key in the blockchain.

      Those early ones, including Satoshi's, could be reversed using Shor's Algorithm, in theory, on a computer that could run it.

      So far nobody thinks quantum computers can reverse hashes. Yay, entropy.

      Anybody who's moved their coins in the past, oh, six or seven years, is fine for now.

  • by Rosco P. Coltrane ( 209368 ) on Friday September 20, 2019 @06:52PM (#59218512)

    I'm impressed, but I don't feel warm and fuzzy as I would knowing this came from academia.

  • ...sounds like a bad combination.

    Plus a development in quantum computing would be super-cool, but I don't think anything Google says can be trusted.

  • What's the internet look like when no one can count on encryption anymore? Does business have to shuffle off to some other method?

    • by AHuxley ( 892839 )
      Re "What's the internet look like when no one can count on encryption anymore?"
      Usenet as a system of posting one time pad messages.
      A series of BBS and IRC networks using one time pads?
      How many pages in a random book to encrypt one jpeg?
    • by Chozabu ( 974192 )
      If legit business can't do encryption - I'd expect criminals would also have a hard time staying anonymous.

      So it may end up more like the real world? Rather then being impossible to commit crimes we'd have to discourage people doing it, and catch them when they do.

      Still plenty of differences, encryption will still make things harder, online services can be attacked from a distance, etc.
      • by Mal-2 ( 675116 )

        Staying anonymous isn't a problem. Staying pseudonymous, all instances of your handle pointing back at you, is a problem when your signature can't be trusted.

    • by quenda ( 644621 )

      Absolute worst case, we go back to physical distribution of one-time pads.

      You get a small card with a terrabyte or so of random data, and some trusted central authority (like we use now for public key authentication) holds a copy.
      All your data will need to go via that middle-man, who will decode it, and re-encode using a one-time pad shared with the other end-point.
      When you've nearly used up your pad, you take it to, say the Post Office, where it will serve as ID to exchange for a new pad.

      Very inconvenient

    • QC does only affect the popular public key ciphers. Not all ciphers. Don't play the headless chicken. Thanks.
      http://altwissenschaft.ddnss.d... [ddnss.de]
  • by CaptainDork ( 3678879 ) on Friday September 20, 2019 @08:58PM (#59218754)

    ... and:

    "To our knowledge, this experiment marks the first computation that can only be performed on a quantum processor," the research paper reportedly said.

    I call bullshit.

    It's weasel all the way down.

    The leading academia do not support this level of technology.

    • by Shaitan ( 22585 )

      Actually what you call "weasel" is what an intelligent person speaking generally sounds like. Intelligent people trying to honest generally try to avoid absolutes because they are rarely technically correct. You'll learn why this matters pretty quickly if you step into the technical or scientific world where you work with highly complex matters and billions or more possibilities.

      • So you say. I'm not making this call because I am intelligent. I'm making it because I'm experienced. Quantum computer scientists communicate very well among each other, and working in isolation to the point that our knowledge of advances in our own field leaves us clueless is not the way it works.

        Additionally, why, "reportedly said?" Did the goddam research paper say that or not? That absolute is unavoidable.

        • by Shaitan ( 22585 )

          "working in isolation to the point that our knowledge of advances in our own field leaves us clueless"

          There you go. An assumption that only someone who is clueless could be unaware of something in the field. You assert a false premise that there can't be an expert who does not know something. Yet, you've made the blanket assumption that progress is only happening in Academia (where everyone obviously wants to publish) and not in the private and classified military sector.

          "Additionally, why, "reportedly said

    • by gweihir ( 88907 )

      As there is no such computation, this is likely just more bad research from Google. And that is likely why it was pulled.

  • Document ID: 20190030475

    Quantum Supremacy Using a Programmable Superconducting Processor

    The tantalizing promise of quantum computers is that certain computational tasks might be executed exponentially faster on a quantum processor than on a classical processor. A fundamental challenge is to build a high-fidelity processor capable of running quantum algorithms in an exponentially large computational space. Here, we report using a processor with programmable superconducting qubits to create quantum states on

    • by gweihir ( 88907 )

      The catch is that this is not a general computation, but something exceptionally specific. There is no "supremacy" here.

  • Can this speed actually be realized to solve a real world task ?

  • by Danzigism ( 881294 ) on Friday September 20, 2019 @11:25PM (#59218994)
    Quantums and their supremacy. What a bunch of qubigots.
  • They will figure out a way to test all possible ads and show you the best performing one.
  • From this article https://www.technologyreview.c... [technologyreview.com]

    "It’s easy to imagine that at this rate of progress, quantum computers should soon be able to outperform the best classical ones.

    Not so. It turns out that quantum factoring is much harder in practice than might otherwise be expected. The reason is that noise becomes a significant problem for large quantum computers. And the best way currently to tackle noise is to use error-correcting codes that require significant extra qubits themselves."

    "And the be

    • err meant to say what about two quantum computers working in tandem.

      And what is meant by "noise"?

  • 1.) 256-bit key symmetric Ciphers are not affected 2.) Public-Key Algorithms can be replaced by all sorts of mechanisms, including manual pre-shared-key and Kerberos or similar schemes. http://altwissenschaft.ddnss.d... [ddnss.de] http://altwissenschaft.ddnss.d... [ddnss.de]
  • Maybe all it did was figure out what a woman would have decided. After all sometimes they say you'll never guess in 10,000 years.
    Seriously, I'd like to know what the problem was.

    Never the less, this is a big achievement IF (and this is a really big if) they pulled it off.

  • If Summit supercomputer takes 10,000 years to do the calculation, how exactly do they verify the result of the quantum computer is indeed correct?

  • This goal of quantum supremacy was just a milestone, measurable but mostly of marketing value. It is newsworthy for sure.

    But testing a quantum computer against a conventional computer on a problem that is essentially simulating a quantum computer, well, that is a bit of an impractical milestone. Yes, it can be helpful for bootstrapping progress, but it qualifies as mostly marketing because it sounds like far more progress than it is.

    I am a long time fan of unconventional computing architectures (I first bro

  • Scott Aaronson's recent Bernay's lectures provides some useful background on the Church-Turing thesis, p=np, and, of course, quantum supremacy. https://video.ethz.ch/speakers... [video.ethz.ch]

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...