Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Encryption Privacy Security News Technology Your Rights Online

MIT's New 5-Atom Quantum Computer Could Make Today's Encryption Obsolete ( 179

An anonymous reader writes: In traditional computing, numbers are represented by either 0s or 1s, but quantum computing relies on atomic-scale units, or "quibits," that can be simultaneously 0 and 1 -- a state known as a superposition that's far more efficient. It typically takes about 12 qubits to factor the number 15, but researchers at MIT and the University of Innsbruck in Austria have found a way to pare that down to five qubits, each represented by a single atom, they said this week. Using laser pulses to keep the quantum system stable by holding the atoms in an ion trap, the new system promises scalability as well, as more atoms and lasers can be added to build a bigger and faster quantum computer able to factor much larger numbers. That, in turn, presents new risks for factorization-based methods such as RSA, used for protecting credit cards, state secrets and other confidential data. "If you are a nation state, you probably don't want to publicly store your secrets using encryption that relies on factoring as a hard-to-invert problem," said Chuang. "Because when these quantum computers start coming out, [adversaries will] be able to go back and unencrypt all those old secrets."
This discussion has been archived. No new comments can be posted.

MIT's New 5-Atom Quantum Computer Could Make Today's Encryption Obsolete

Comments Filter:
  • by Anonymous Coward

    Way back in 1972, before many Slashdotters were even born, I remember hearing about how quantum computers were just "5 years away".

    Then in 1977, I remember hearing about how quantum computers were just "5 years away".

    Then in 1982, I remember hearing about how quantum computers were just "5 years away".

    Then in 1987, I remember hearing about how quantum computers were just "5 years away".

    Then in 1992, I remember hearing about how quantum computers were just "5 years away".

    Then in 1997, I remember hearing abou

    • Now they're just 5 atoms away.

      • by Anonymous Coward

        Issac Chuang is a Chinese

        Having a Chinese in a leading role developing cutting edge quantum computer only means China will be one of the first nation to deploy quantum computers

        • by Anonymous Coward

          Issac Chuang is a Chinese

          Having a Chinese in a leading role developing cutting edge quantum computer only means China will be one of the first nation to deploy quantum computers

          That's odd. I'm pretty sure he is an American.

    • by Hylandr ( 813770 )

      Quantum is the new Alchemy []

    • Meanwhile, in my Universe they've existed since the 90s and now even my local University has a few qubits. When I was a kid, all we had was a few q*berts.

    • by KGIII ( 973947 )

      I was alive in 1972, albeit just 15. I attended a fairly well-to-do preparatory school. At that school we actually had a connection with a distant university, a forerunner of the Internet. I was not nearly as interested in computers then as I am today, but that's okay because I'm not professing to be an expert on the subject.

      What I am saying is that if there were any serious talk about quantum computers in 1972 then there's a good chance I'd have heard about it. I was (and still am) an avid fan of science f

    • Fusion has been 40 years away for longer than that.

    • Elementary failure of physics (or history) knowledge : Quantum computers were only seriously proposed in the early 1980s. Fiction authors may have used the term earlier, but without meaning.
  • by Anonymous Coward

    You first have to get a copy of the encrypted data before you can start trying to hack it. Are there any governments that actually store their state secrets in a fashion where they rely purely on encryption? Encryption tends to be an extra layer.

    • by dohzer ( 867770 )

      Which is exactly what the summary says: "you probably don't want to publicly store your secrets".

      • by Hylandr ( 813770 )

        "Don't publicly store your secrets".


        • by currently_awake ( 1248758 ) on Monday March 07, 2016 @12:40AM (#51651309)
          Governments, corporations, and groups of people need to communicate securely. Quantum crypto breaking destroys the one way math based crypto systems but other systems still exist and will still be secure. Given the low cost of bulk data storage we might consider moving to one time pads.
          • by Hylandr ( 813770 )

            Assuming of course the concept of "Quantum Computing" proves it's legitimacy and this hypothetical scenario could be implemented with a suitable number of bits to work with.

            Until proven otherwise I am lumping all near-magical claims of quantum-super-computing the same status of Alchemy in the medieval era of bilking governments for money and jobs.

          • by KGIII ( 973947 )

            Hmm... As I mentioned in an above post, one of the things that I've read was a paper that did indicate some value. In theory, at least, one can use quantum computing to ensure there's no MitM attack/interception. So, the communication (as a process) might be secured.

            • by Hylandr ( 813770 )

              I would be more interested in using something like that to communicate from one side of the solar system to the other or further yet without the restriction of the speed of light on the propagation of radio waves.

        • Or let Hillary anywhere near it.
  • by AchilleTalon ( 540925 ) on Sunday March 06, 2016 @08:21PM (#51650465) Homepage
    Factorization of the number 15 won't render modern encryption obsolete at all. To rendre encryption obsolete, they will need much more than 5 atoms and be able to factorize much more larger numbers.

    Seriously /., you are insulting to the community.

    • by PPH ( 736903 )

      the number 15

      You managed to crack my luggage combo, insensitive clod!

    • Luckily, this univers is chock FULL of atoms. All we could possibly need!

    • by HiThere ( 15173 )

      They explicitly talked about it being scalable. But I do wonder what amount of error correction will be needed as they increase the length, and, of course, about the speed and the cost.

      I have my doubts about this particular approach ever being practical (as in a reasonable degree of accuracy on a reasonable problem at a reasonable cost). Of course, but different applications reasonable will have a different value, but still...

      This looks to me like another laboratory benchtop quantum computer, slightly mor

    • 1.) It says could, not will.

      2.) Says right in the article that this particular design holds some promise on scalability.

      3.) Poor reading comprehension skills is just insulting to our entire species at this point.

  • by ffkom ( 3519199 ) on Sunday March 06, 2016 @08:25PM (#51650487)

    I am still pretty convinced that the "quantum computer"-hype is based on fundamentally flawed assumptions, and that they won't break RSA (or other practical problems) of any reasonable size, that are not also easily solved with conventional computers.

    Just because a model works with probabilities of "uncertain states" does not mean reality will reveal a "solution" based on all possible combinations of such states in no time. There is no compelling evidence yet that a quantum computer will find solutions quicker than it takes the real, physical hardware of that computer to take on all relevant input state combinations.

    I'm prepared to bet the safety of my encrypted data on that, and I am convinced that 40 years from now, we'll look back at the hype around quantum computers the same way we today look back on the era of analog computers in the 1960s/1970s, when it was a plausible approach to solve some (back then hard-to-compute-digitally) equations, like for numerical calculus, by building physical systems (electronic circuits) that were known to behave in a way that equations could be solved by carefully adjusting some input voltages, then measuring some output voltage. We know that the precision achievable by such analog computers is very limited, and see the same problem preventing "quantum computers" from ever providing solutions that need to process a significant amount of information.

    • by ortholattice ( 175065 ) on Sunday March 06, 2016 @09:38PM (#51650745)

      While you could be right that the necessary technology still won't be available in 40 years, the quantum world is fundamentally different from the analog world. In the analog world, noise and other errors determine an absolute limit as to how much precision you can achieve. In the quantum world, there is the miracle of quantum error correction that can compensate for errors. It is quite amazing mathematically that linear transformations performed by quantum gates can correct errors, but the mathematics works (I have worked through it myself, it's not terribly hard, requiring only linear algebra) and small error-correcting qubit circuits have been demonstrated.

      Most important is the threshold theorem [] that says if we can reduce the noise in a qubit below about 1 part in 10^5 (IIRC), error correction can allow a quantum computer to grow to an unlimited number of qubits. That's when the revolution will start.

      • by gweihir ( 88907 ) on Sunday March 06, 2016 @10:16PM (#51650921)

        That is naive. You assume maintaining entanglement gets less than linearly more difficult and that noise is independent of the number of qbits. Both are not reasonable assumptions.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Quantum computing is dependent on exactly one dubious assumption: That there is no [hard] limit to the complexity of a physical interaction.

      If we can have unlimited complexity, then we can have quantum circuits which are as good as [credibly] advertised; if we can not, then, at best, all we get out of it is a means to optimize a few computations.

    • by gweihir ( 88907 )

      I agree. At this time, we cannot even know whether the physics itself holds up. Factoring 15 is something that can be done with a conventional analog computer, no actual quantum effects needed. So there are two hard road-blocks to this ever threatening RSA of real sizes: a) it may not actually be possible to use quantum effects for computations and what we currently observe may be something different and b) quantum computers may not scale to the required bit-sizes, ever. We see these hard scalability limits

    • Also, this only breaks RSA style encryption. Good old fashioned shared key systems are immune to this, and many modern systems only use RSA-type encryption for the initial sharing of a secret key to both parties.

      • As with most things, the devil is in the details. With a TLS/SSL connection handshake, if you can break the RSA key exchange portion you can recover the symmetric encryption key that is used for the remainder of the connection. A man-in-the-middle attacker can easily record all packets in a connection without alerting either party. If they later break the RSA encryption, they can easily and efficiently decode the rest of the data stream.

        Enter the DH (Diffie-Hellman) and ECDH (Elliptical Curve DH) key exc

  • by Anonymous Coward

    The link points to a science article which is closed.

    Why are we advertizing an article that can't be read?

  • by JoshuaZ ( 1134087 ) on Sunday March 06, 2016 @08:40PM (#51650545) Homepage
    For an actual summary of this research see [] by Scott Aaronson who is a quantum computing expert. The key thing here is that they factored 15 with high probability without having to sort of cheat by making a circuit that was more likely to work if one suspected that 15 had factorization resembling 3*5. As usual, this is getting completely overblown by the popular press. It is an important step towards actually making quantum computers that can factor big numbers, but it is nowhere near anything that would make RSA or other factoring based crypto obsolete.
  • by Anonymous Coward on Sunday March 06, 2016 @09:11PM (#51650645)

    If you actually read the scientific article (which is available as a preprint unter [1]), what the authors discuss is how to significantly improve Shor's algorithm, the quantum algorithm for factorizing prime numbers. They show that the number of qubits needed to perform Shor's algorithm is actually quite a bit lower than what previous versions of the algorithm required - and they claim that their version is much more scalable than previously known versions.

    They demonstrate their algorithm by factorizing the number 15 using trapped ions. That elementary qubit operations can be performed with trapped ions has already been demonstrated [2], that part is nothing new. Factoring the number 15 with Shor's algorithm is has also been done before. But since their algorithm doesn't need nearly as many qubits as the previous formulation of Shor's algorithm, specifically they only need to have a single ancillary qubit in addition to the qubits required to represent the number to be factorized (in contrast to 3n ancillary qubits), and given the fact that the quantum Fourier transform operation that was previously required to be performed on the ancillary qubits is difficult to pull of in practice while keeping quantum coherence, they argue that their algorithm will be much easier to implement in real quantum systems.

    So their research is actually a big step forward when it comes to a potential actual practical realization of Shor's algorithm, and what they did is still very impressive (even the experimental part of their work), but their work doesn't address the problem of actually scaling up the number of qubits: 5 bits have been done before, and while their work means that less qubits are needed, it's not like even a (512+1+error correction) qubit computer with quantum coherences is around the corner (note that to break 512 bit RSA you don't need a quantum computer). Furthermore, there's a huge debate in the community as to what the best design for a scalable qubit architecture is: the authors of this paper seem to follow the school that wants to use ion traps, but there are also other approaches to implementing qubits: superconducting qubits (in various variants), spin qubits (including nuclear spins), semiconducting qubits, adiabatic quantum computation, and a couple more. A lot of people in the community are working on all of these different approaches, and it is not clear to me which of these will be the most effective way to implement a quantum computer in the end. And scaling this up beyond 100 qubits with full quantum coherence and quantum control of qubit operations (from all reports e.g. the D-Wave machine "only" does quantum annealing with ~500 qubits, and doesn't implement a universal quantum computer) is something that's still quite a bit away. How long? I don't think anybody can really predict. Could be 5 years, could be 10, could be 50.

    To reiterate: the paper is a breakthrough, because (if we leave out error correction for the moment, which increases the number of qubits required) to factor a 1024 bit RSA key, one would previously have needed 1024 + 3 * 1024 qubits and a very difficult to pull off quantum operation (quantum Fourier transform) on 3 * 1024 qubits simultaneously. This paper reduces that to 1024 + 1 qubits, where the KQFT operation only has to be applied to the 1 additional qubit. We still don't know how to actually manufacture a quantum computer that maintains coherence well enough with that many qubits, so there's no need to start panicking when it comes to this, but these kind of improvements do show that research towards asymmetric cryptography that is safe against quantum computing is required - and that we should really start implementing these kinds of algorithms NOW, so that when somebody actually has breakthrough in this regard, we have the technology in place to switch at that point. A good starting point for people that are interested is the site [3] and the excellent talk by Dan Bernstein and Tanja Lange at 32c3. [4]


    • by gweihir ( 88907 )

      And scaling this up beyond 100 qubits with full quantum coherence and quantum control of qubit operations (from all reports e.g. the D-Wave machine "only" does quantum annealing with ~500 qubits, and doesn't implement a universal quantum computer) is something that's still quite a bit away. How long? I don't think anybody can really predict. Could be 5 years, could be 10, could be 50.

      Could also very well be "never". Just look at the lengths CPU manufacturers have to go to get to 5GHz. A bit more is likely feasible, but, say, 100GHz is likely completely infeasible unless a mythical new technology presents itself. It has not, despite now 50 years of intense research, so what we currently have in CPUs may very well be close to the end of the line in this universe. It is quite likely that quantum computing (if it even works at all, factoring 15 could well be some other effect), runs into pr

    • the quantum algorithm for factorizing prime numbers.

      That problem may be simpler than you think.

    • Probably one of the best comments I have ever read on /.

    • Well done abstract.

      Large number factorization is one of integral-nature's greatest frontiers. I find it amazing that within my lifetime a curiosity of mathematics of interest to theorists and puzzle-makers has become the keystone of privacy in the world. For me there was a single 'Eureka' moment. Along with many others I caught a glimpse of today's world back in August 1977 thanks to a column by Martin Gardener in Scientific American: "A new kind of cipher that would take millions of years to break" Read i []

  • scalability (Score:5, Insightful)

    by e**(i pi)-1 ( 462311 ) on Sunday March 06, 2016 @09:18PM (#51650667) Homepage Journal
    The key will be scalability. Its an interesting experiment as it taps into the fundamentals of computing. It could however well be that the effort of keeping things disentangled grows exponentially (something which Shor's algorithm does not address). Like in dynamical systems theory, where computing the 10th iterate of f(x)=4x(1-x) with some initial condition like x=0.4 is no problem. It gives 0.297... already for a a hundred iterations the result become ambiguous and the answer becomes hardware and software dependent. No error correction can bypass these fundamental sensitive dependence of initial condition difficulty. So, it could well be that it is possible to factor a 10^10 digit number nicely but that things become more and more difficult larger numbers like integers with 100reds of digits and that RSA will remain save from quantum computer attacks. But who knows? The nice thing is that if it will be faster, one will be able to demonstrate it by factoring otherwise not yet factored numbers.
    • Re:scalability (Score:5, Informative)

      by gweihir ( 88907 ) on Sunday March 06, 2016 @09:57PM (#51650841)

      That key has eluded researchers for a few decades now. It looks very much like there is an upper limit on the number of qbits that can be entangled in practice if computations are to be performed and as if that upper limit is somewhere around 100. With that, not even very old and outdated RSA-768 is threatened.

      That is why these stories are so utterly demented. They are akin to claiming the invention of the logic gate will make 2048-bit computers possible that run at 1000GHz. As we now see in practice, 64 bit at 5GHz is pretty much the viable limit for low-cost and it does not go much further with extreme hardware. In reality, things do not scale after a certain limit and for quantum computing, that limit will be very low.

  • by gweihir ( 88907 ) on Sunday March 06, 2016 @09:51PM (#51650809)

    First, most encryption is not even really affected. For block-ciphers a working and large enough QC halves the key-length. AES-256 would still be perfectly secure and AES-128 would still be hard (but maybe possible) to break. And second, factoring RSA-2048 (which is regarded as too short today) would need around 2200 qbits to factor with this "breakthrough". They are at 5 qbits now. Where where they 10 years ago? Oh, right, at the same low number. If progress is made at this rate, they will be able to break RAS-2048 in x years, where x goes towards infinity, i.e. _never_.

    This is about as valid as claiming the invention of paper threatens RSA, after all you can do attacks far faster with paper than with stone tablets.

    Can we please stop the moronic and false "success" stories about quantum computing?

  • by skaag ( 206358 ) on Sunday March 06, 2016 @11:07PM (#51651107) Homepage Journal

    With such monstrous computing power, they could mine bitcoins and fund their R&D entirely through Bitcoin mining.

  • Okay, this may be a foolish question, but if you encrypted something and then encrypted it again (with a different key) how would you know when you had gotten through the first layer of encryption? How would you know that you'd successfully decrypted the first layer?

    The first set of decrypted info would still presumably look like encrypted data (or random shit), so how would you know that it had actually been decrypted?

  • by Dutchmaan ( 442553 ) on Monday March 07, 2016 @12:19AM (#51651231) Homepage
    I used my quantum computer to solve the problem of cold fusion, which allowed me to finish my flying car design!..
  • the encryption world will just start using 16.

  • News Flash! (Score:5, Insightful)

    by eepok ( 545733 ) on Monday March 07, 2016 @12:44AM (#51651323) Homepage
    Things that don't yet exist may make things that currently exist obsolete.
  • I think I need to hack the Drumphinator to also replace all instances of the word "could" in headline font with "kud", as in "I kud you not".

  • Careful, make sure you don't lose it.

No problem is so large it can't be fit in somewhere.