←back to thread

Why haven't quantum computers factored 21 yet?

(algassert.com)
335 points ingve | 1 comments | 31 Aug 25 12:14 UTC | HN request time: 0s | source
Show context
api ◴[31 Aug 25 15:35 UTC] No.45083990[source]
It’s worth noting that the reason we are deploying PQ crypto is not that we are 100% convinced QC is coming soon. It may or may not depending on how development goes.

The goal of cryptography is to make something as close to theoretically unbreakable as possible. That means even theoretical vulnerabilities are taken seriously.

For ECC and RSA and related algorithms we have a theoretical and physically plausible pathway toward a practical machine that could break them. That means many cryptographers consider them theoretically broken even if such a machine does not exist and may not exist for a long time. The math works even if we can’t build it yet.

So it’s considered prudent to go ahead and upgrade now while no QC exists. That way if some major advance does arrive we are ready.

Nobody’s talking seriously about replacing SHA2, AES, ChaCha, etc because there is no physically plausible theoretically valid path to a machine that can break these in, say, less than many millions of years. AFAIK there is no proof that such a path does not exist but nobody has found one, hence they are considered unbroken.

Note that cryptography is not the only or even the most useful application of QC. Things like physical stimulation of quantum systems, protein folding, machine learning, etc. could be more useful. Like digital computers there’s probably a ton of uses we don’t know about because we need to tinker with the machine to figure them out.

replies(2): >>45084216 #>>45084454 #
leeoniya ◴[31 Aug 25 16:06 UTC] No.45084216[source]
> Things like physical stimulation of quantum systems, protein folding, machine learning, etc. could be more useful

is there still more to do in protein folding after AlphaFold?

https://www.isomorphiclabs.com/articles/alphafold-3-predicts...

replies(2): >>45084253 #>>45085141 #
api ◴[31 Aug 25 16:09 UTC] No.45084253[source]
There’s a difference between good AI predictions and theoretically perfect QC computations. The AI estimates while the QC will give you the answer, full stop. The latter could be relied upon more strongly. It could also generate infinite training data to make much better models.

QC might be directly applicable to AI training too. It may be possible to compute the optimal model over a data set in linear time. It could allow training that is faster and consumes a tiny fraction of the energy current brute force methods need.

replies(2): >>45085134 #>>45085192 #
1. _delirium ◴[31 Aug 25 17:46 UTC] No.45085192{3}[source]
There have in fact been some results on quantum speedups for machine learning: https://www.quantamagazine.org/ai-gets-a-quantum-computing-s...

I would expect this to become relevant later than crypto, though, because you need larger data sizes for things to get interesting.