Quantum computing is harder than herding kittens


Quantum physicists embrace uncertainty. After all, one of the field’s foundational tenets is Werner Heisenberg’s uncertainty principle stating that we cannot accurately know both the position and speed of a particle. By contrast, governments, companies and investors tend to hate things they do not understand. And huge uncertainty swirls around the latest attempts to build powerful quantum computers.

Is quantum computing going to rewrite the rules of computation, cryptography, logistics and materials science, as enthusiastic supporters claim? Or are we heading into a “quantum winter”, where the diabolical difficulties of building a functional quantum computer lead to a collapse of confidence?

That first question has re-emerged following the recent publication of a Chinese research paper outlining a theoretical way to crack the most common form of online encryption by combining existing quantum and classical computing techniques. If proved, this would be the stuff of security nightmares, hastening the arrival of the so-called Q-day, when users could “break the internet”. 

Cryptographers have long understood the risk but assumed it would take a massive leap in quantum computing capability before it materialised. The standard RSA encryption method, used by most banks, governments and internet companies, relies on the fact that while it is easy to multiply two large prime numbers it is hard to reverse the process and deduce the original numbers. However, in 1994 the mathematician Peter Shor wrote an algorithm showing how this could theoretically be done on a quantum computer, even though one did not then exist.

The assumption has been that a quantum computer would need millions of quantum bits, or qubits, to be reliable enough to crack RSA encryption. Even in the most optimistic scenario, that appears a decade away. The most powerful quantum computer to have been publicly unveiled — IBM’s Osprey — has only 433 qubits. And the difficulties of scaling up remain daunting. One Chinese researcher has likened the challenge to lining up kittens; no sooner have you put one in place than the rest wander off.

What is novel about the Chinese approach is that it combines nascent quantum computing capabilities with a factoring algorithm, written by another mathematician, Claus Schnorr, for a classical computer. The researchers calculated this could work on a quantum computer with only 372 qubits.

Western experts say this approach might pull Q-day closer. But even the paper’s authors do not know if the methodology could scale up, nor how long it would take. “It is quite possible that this algo might work on paper but would take so long to work in practice that it might not be a very useful speedup,” says Tim Spiller, director of Britain’s Quantum Communications Hub.

Even so, the Chinese paper will act as a spur to the US National Institute of Standards and Technology, which since 2016 has been soliciting and reviewing multiple techniques for ensuring post-quantum encryption. There have been parallel attempts to build secure quantum information networks, which are already running in experimental form. Experts’ advice to companies is: don’t panic, move to NIST-approved encryption standards whenever they are adopted and avoid the snake oil merchants offering quick-fix solutions.

The latest development comes as doubts mount over whether researchers can ever develop sufficiently robust quantum computers to deliver on their more extravagant promises. One eloquent sceptic is Sabine Hossenfelder, the German theoretical physicist and deadpan YouTuber, who argues that quantum computing has been oversold and a “quantum winter” is coming. “It’s not going to change the world, it will have some niche applications at best, and it’s going to take much longer than many start-ups want you to believe,” she says in her latest video.

Yet hybrid approaches might accelerate the practical uses of quantum computing. Even rudimentary quantum computers can help do things that classical computers cannot do alone, such as optimising logistics operations and enriching machine learning tools. “People are already using near-term quantum devices for such commercial purposes,” says Josh Nunn, chief scientific officer at start-up Orca Computing.

The one certainty is that the quantum computing industry’s future will remain uncertain, both useful and useless at the same time, as one FT reader commented. It remains a highly asymmetric investment bet. As venture capitalists say, you can only ever lose 100 per cent of your money, but sometimes when you win, you can win 100-fold.