When physicists first invented quantum computers in the 1980s, they sounded like a good, theoretical idea, but perhaps one was probably just on paper. Then, in 1995, 25 years ago this month, applied mathematician Peter Shor published a paperfirst changed that perception.
Shor’s paper has shown how quantum computers can overcome an important problem. Machines will process the information in the form of qubits – quantum versions of the common bits that can be ‘0’ and ‘1’ simultaneously. But quantum states are notoriously susceptible to noise, resulting in loss of information. His error correction technique – detecting errors due to noise – has shown how to make quantum information more robust.
Shor, currently at the Massachusetts Institute of Technology in Cambridge and also a published poet, shook the world of physics and computer science the year before, when he found2 The first can be useful – but ominous – to use a hypothetical quantum computer. He wrote an algorithm that allows a quantum computer to divide whole numbers into prime factors at lightning speed. The vast majority of Internet traffic today is secured with encryption based on large prime numbers. Cracking those codes is difficult because classical computers are slow to factoring in large products.
Quantum computers are a reality now, although they are still too rudimentary with numbers more than two digits. But it is only a matter of time until the quantum computer threatens to encrypt the Internet.
nature have caught up with Shor to ask him about the impact of his job – and where Internet security is headed.
Prior to your factoring algorithm, was quantum computing mostly theoretical?
My article definitely gave everyone an idea that these machines could do something useful. Computer scientist Daniel Simon, in front of my results, solved a problem he came up with showing that quantum computers are exponentially faster. [than ordinary computers]. But even after Simon’s algorithm, it was not clear that they could do something useful.
What is your response to your notice of the factoring algorithm?
At first I had only one intermediate result. I talked about it at Bell Labs [in New Providence, New Jersey, where I was working at the time] on a Tuesday in April 1994. News spread surprisingly fast, and that weekend, computer scientist Umesh Vazirani called me. He said, “I heard you can do some computation on a quantum computer, let me know how it works.” At that time, I didn’t really solve the factoring problem. I don’t know if you know the ‘phone’ kids game, but somehow in five days my result became factoring when people talked to each other about it. And during those five days, I also solved the fact of fact, so I can tell Umesh how to do it.
All kinds of people ask me for my article before I finish writing, so I have to send them an incomplete draft.
But many experts still think that the quantum computer will lose information before you can really finish your calculations?
One of the most objectionable is that in quantum mechanics, if you were to measure a system, you would certainly tamper with it. I have shown how to measure the error without measuring the calculation – and then you can correct the error and not destroy the calculation.
After my 1995 article on error correction, some skeptics believe that it is possible to do quantum computing.
Error correction is based on ‘physical’ and ‘logic’ qubits. What is the difference?
When you write an algorithm for a quantum computer, you assume that qubits [the quantum version of a classical bit of information] Be quiet; These quiet qubits are described by the algorithm as logical qubits. We really don’t have a fuss-free qubit in our quantum computer, and in fact, if we try to run our algorithm without any kind of noise reduction, the error is almost certain to happen. out.
The physical qubit is one of the noisy qubits in our quantum computers. In order to run our algorithm without any errors, we need to use physical qubits to encode logic qubits, using quantum error correction code. The best way we know how to do this is pretty expensive, requiring lots of physical qubits per logic qubit.
It is quite complicated to figure out how many more qubits are needed for this technique. If you want to build a quantum computer using surface code – today’s best candidate – for each logical qubit, you need about 100 physical qubits, maybe more.
In 2019, Google showed that their 54 qubit quantum computer could solve a problem that would take a long time not possible on a classical computer – The first proof of ‘quantum advantage’. What’s your reaction?
That is certainly a milestone. It shows that quantum computers can do anything better than classical computers – at least for a very complex problem. Certainly some publicity has joined Google’s part. But they also have a very impressive quantum computer. It still needs a lot better before it can do anything interesting. There’s also IonQ boot. It looks like they can build a quantum computer that is in a sense better than Google or IBM.
When quantum computers can compute large primes, that will allow them to break the ‘RSA’ – the ubiquitous Internet encryption system.
Yes, but the first ones to break the RSA will be the NSA [the US National Security Agency] or some other large organization. At first these computers will be slow. If you have a computer that can only break, such as one RSA key per hour, anything that is not a high priority or a national security risk will not be broken. The NSA has a lot more important to using their quantum computer than reading your e-mail – they will read the e-mail of the Chinese ambassador.
Is there a cryptosystem that can replace RSA and that will be secure even in the age of quantum computing – ‘post-quantum encryption’?
I think we have post-quantum cryptosystems on which you can replace RSA. The RSA is not a big deal right now. The big problem is that there are other ways to circumvent Internet security, such as badly programmed software, viruses, that send information to some not completely honest players. I think the only obstacle to replacing RSA with a secure post-quantum cryptosystem would be will power and programming time. I think that’s what we know how to do; It’s just not clear that we’ll do that in time.
Is there any risk we will get caught if we don’t prepare?
It’s correct. A lot of effort has been made to fix the Year 2000 error. You will need a lot of effort to move to post-quantum. If we wait too long, it will be too late.
This interview has been edited for length and clarity.