Quantum computing concerns?

Hi all,

I have re­cently been won­der­ing if quan­tum com­put­ing should be re­garded as a ma­jor con­cern for mankind’s safety. Per­haps not as an ex­is­ten­tial risk. But per­haps as a ma­jor catas­trophic risk.

In par­tic­u­lar, there might be a non-neg­ligible risk that, within a few years, quan­tum com­put­ing might lead to an es­ca­la­tion that might turn into civil or global war. Since I have never read any ma­jor con­cern re­gard­ing this risk, I am quite skep­ti­cal of my own con­cerns. Thus I’d be very cu­ri­ous to have feed­back from you.

Pro­jec­tions for Quan­tum Computing

It all started a few weeks ago, as I pre­pared a sci­ence pop­u­lariza­tion video (in French) on quan­tum com­put­ing, and in par­tic­u­lar on Shor’s al­gorithm. In brief, this is a quan­tum al­gorithm that effi­ciently breaks cur­rent asym­met­ric cryp­tog­ra­phy pro­to­cols, which are widely used through­out In­ter­net, in­dus­tries and gov­ern­ments. In par­tic­u­lar, it seems that the se­cu­rity of bank­ing sys­tems heav­ily re­lies on asym­met­ric cryp­tog­ra­phy. They would be break­able by Shor’s quan­tum al­gorithm.

As of­ten in pop­u­lariza­tion of this topic, I first wrote a re­as­sur­ing con­clu­sion that ba­si­cally said that quan­tum com­put­ers were not yet pow­er­ful enough to run Shor’s quan­tum al­gorithm. And thus that view­ers could sleep in peace.

But I wanted to be quan­ti­ta­tive, so I looked up the num­ber of qubits of lat­est quan­tum com­put­ers. I got shocked. While I was ex­pect­ing this num­ber to be of ~50 qubits, it turns out that “in De­cem­ber 2018, IonQ re­ported that its ma­chine could be built as large as 160 qubits”. While I ac­tu­ally am skep­ti­cal of this claim, it nev­er­the­less seems wor­ry­ing.

This num­ber of (en­tan­gled) qubits is crit­i­cal to the ca­pa­bil­ities of quan­tum com­put­ers. In par­tic­u­lar, a n-bit cryp­to­graphic asym­met­ric key could roughly be bro­ken by a n-qubit quan­tum com­puter. To­day’s (RSA) keys of­ten are kilo­bytes long. This means that they might be bro­ken by, say, a quan­tum com­puter with 4,000 qubits.

(Note that even sym­met­ric cryp­tog­ra­phy of­ten re­lies on Diffie-Hel­l­man se­cret shar­ing pro­to­col, which is vuln­er­a­ble to quan­tum at­tacks. In par­tic­u­lar, all sys­tems cur­rently pro­tected by such a cryp­tog­ra­phy can be bro­ken by quan­tum al­gorithms. It thus seems that any pri­vate con­tent you share can po­ten­tially be made pub­lic by 4,000-qubit com­put­ers.)

So, ac­cord­ing to Wikipe­dia, it seems that the num­ber of qubits might have tripled within the last year. At this rate, it would take three years for quan­tum com­put­ing to be pow­er­ful enough to up­set most of our cur­rent cryp­to­graphic sys­tems.

Ev­i­dently, I may be over­es­ti­mat­ing this rate. At Moore’s law rate (dou­bling ev­ery 18 months), it would take 7.5 years. And it’s not un­likely that quan­tum en­tan­gle­ment of thou­sands of qubits will never be doable.

But it seems that there is also a lot of se­crecy in this in­dus­try. Thus we may not be aware of what is re­ally go­ing on in in­dus­try’s labs. Also, it seems that we should not dis­card the pos­si­bil­ity of a ma­jor break­through. Thus, though I may be com­pletely wrong, it seems to me that we should re­gard 4,000-qubit quan­tum com­put­ing as a plau­si­ble sce­nario within the next few years.

Con­se­quences of 4,000-qubit Computing

While there are pro­pos­als for se­cure cryp­tog­ra­phy in a quan­tum world, like quan­tum cryp­tog­ra­phy or post-quan­tum cryp­tog­ra­phy, such quan­tum-re­silient sys­tems have not been de­ployed so far. They might not have been de­ployed by the time a 4,000-qubit quan­tum com­puter will have been built. Thus, it seems that we can­not ex­clude the pos­si­bil­ity that quan­tum com­put­ers will be­come effi­cient in a world where clas­si­cal asym­met­ric cryp­tog­ra­phy is still very widely used.

Yet it seems to me that if this oc­curs, then there is a huge risk of ma­jor eco­nom­i­cal dis­tur­bance, ac­com­panied with fears and pos­si­ble sup­ply short­ages, which might then lead to a civil or global wars. In fact, a mere fear of quan­tum hack­ing may suffice to trig­ger such dis­asters.

In­deed, as I said, bank­ing sys­tems (among many other in­dus­tries) heav­ily rely on asym­met­ric cryp­tog­ra­phy. Thus, any sus­pi­cion of pos­si­ble quan­tum hack might mo­ti­vate banks to freeze all ac­counts. This may cause pay­ment failures, which would break trusts be­tween differ­ent par­ties. Sup­ply chains might be in­ter­rupted. And there might be no fore­see­able solu­tions in short to medium term, while huge in­for­ma­tion sys­tems are be­ing up­dated and ver­ified to be se­cure.

If this situ­a­tion lasts for a day, we prob­a­bly would be fine. But given how hard it is to safely up­date in­for­ma­tion sys­tems, the chaos caused by the in­ter­rup­tion of in­for­ma­tion sys­tems might last for days, weeks, and per­haps months. And given how re­li­ant we are on in­for­ma­tion sys­tems, this might cause dis­rup­tions in elec­tric­ity or food sup­ply, which might lead to panic and con­flicts.

Conclusion

Our mod­ern world strongly re­lies on in­for­ma­tion sys­tems, whose se­cu­rity too of­ten re­lies on asym­met­ric cryp­tog­ra­phy. This cryp­tog­ra­phy is well-known to be vuln­er­a­ble to quan­tum al­gorithms like Shor’s. So far, no quan­tum com­puter is pow­er­ful enough to im­ple­ment Shor’s al­gorithm to break ac­tual asym­met­ric cryp­to­graphic keys. How­ever, given the cur­rent rate of progress, per­haps we should con­sider the pos­si­bil­ity that they will be pow­er­ful enough within a few years.

What do you think? Are these con­cerns jus­tified? If not, what am I miss­ing? And if they are, what can be done to an­ti­ci­pate the ad­vent of quan­tum com­put­ing?