I worked at a quantum computing company that builds superconducting QC chips (so, not really applicable to one of the “bombshells” from the article). My team was designing the software stack which allows to control the QC, run quantum jobs/algorithms, and calibrate the parameters.
I’ve made two attempts to explain the work we’ve been doing and to explain the current realistic state of the industry:
The company I left a few months ago is planning its IPO this year. Like almost all other quantum companies, it’s gonna be a SPAC merger, not a pure IPO. Those traded companies mentioned in the other comments are mostly SPACs as well.
Here's hoping that my stock for D-Wave ends up being worth something.
Quantum computing seems super cool, but I've been a little skeptical of it actually ever yielding anything useful. I would love to be wrong, it seems neat, and I have read through a few books on the subject and played with simulators, so I'm not completely talking out of my ass here, but quantum as a whole has kind of felt like vaporware to me.
As I said, I have stock in D-Wave, obviously it would be in my best interest for quantum to end up as cool as it seems.
I got some too. Obviously the principles behind quantum computing are perfectly sound. It's just those pesky engineering obstacles.
One of the companies around today or in the near future will be the one who makes it work at a practical scale. It will have enormous impact, but I think it will be a slow-burn kind of thing as making effective use of quantum computers will take a long time to evolve, IMHO.
Unfortunately, Google and IBM are also working on this stuff and they have deep pockets. They might do it, but even if they don't they may very well decide to acquire whoever does.
These stocks (IONQ, RGTI, QBTS, XNDU) are a sort of thinking-man's LOTTO ticket which will have its numbers called anytime within the next 5 to 20 years (probably closer to 20). I think they're worthwhile to hold in affordable quantities to see what happens. It might hit big, or it might fizzle out for a variety of reasons. There will also be some hype-driven market sugar-rushes along the way that are an opportunity to rake in a modest profit. This has happened already with IONQ, RGTI and QBTS earlier this year. It will certainly happen again when the patagonia-vest people get jazzed about something.
One thing I find rather amazing about all of this is the degree to which the Bitcoin community has tried, for years, to claim that quantum computers will be another other than a complete break.
Sure, it takes a pretty nice quantum computer or a pretty good algorithm or a degree of malice on the part of miners to break pay-to-script-hash if your wallet has the right properties, but that seems like a pretty weak excuse for the fact that the entire scheme is broken, completely, by QC.
Does there even exist a credible post-quantum proof protocol that could be used to “rescue” P2SH wallets?
The best proposal I have heard for rescuing P2SH wallets after cryptographically relevant quantum computers exist is to require vulnerable wallets to precommit to transactions a day ahead of time. The precommitment doesn't reveal the public key. When the public key must be exposed as part of the actual transaction, an attacker cannot redirect the transaction for at least one day because they don't have a valid precommitment to point to yet.
You are assuming that progress on factoring will be smooth, but this is unlikely to be true. The scaling challenges of quantum computers are very front-loaded. I know this sounds crazy, but there is a sense in which the step from 15 to 21 is larger than the step from 21 to 1522605027922533360535618378132637429718068114961380688657908494580122963258952897654000350692006139 (the RSA100 challenge number).
Consider the neutral atom proposal from TFA. They say they need tens of thousands of qubits to attack 256 bit keys. Existing machines have demonstrated six thousand atom qubits [1]. Since the size is ~halfway there, why haven't the existing machines broken 128 bit keys yet? Basically: because they need to improve gate fidelity and do system integration to combine together various pieces that have so far only been demonstrated separately and solve some other problems. These dense block codes have minimum sizes and minimum qubit qualities you must satisfy in order for the code to function. In that kind of situation, gradual improvement can take you surprisingly suddenly from "the dense code isn't working yet so I can't factor 21" to "the dense code is working great now, so I can factor RSA100". Probably things won't play out quite like that... but if your job is to be prepared for quantum attacks then you really need to worry about those kinds of scenarios.
If QC gets to the point where breaking RSA and ECC in the real world is actually going to happen, I'd imagine you will find a consensus rather quickly.
This is a good question, and currently the answer is no. Quantum computers can only run very short, simple algorithms right now, because the qubits they're built out of are noisy. You need a lot of error correction, which the community is working on.
The thing is, unlike ordinary computers, quantum computers can factor numbers about as easily as they can multiply them. So as soon as they can multiply two large integers, they'll also be able to factor the result and break RSA encryption based on keys of that size.
This blog post gives a good sense of the state of the art and what progress might look like:
Maybe it's a good time to start promoting my 5 year old, lightweight, hand-crafted, battle-tested, quantum-resistant blockchain: https://capitalisk.com/
It's about 5000 lines of custom code. Crypto signature library written from scratch.
It's a very simple signature algorithm. They're welcome to try and crack it. If there is an issue with it, it shouldn't be hard to identify within those few hundred lines. Nobody found any issues in the last 5 years though.
Isn't it a good thing that there exists at least one blockchain in the world which isn't based on the same crypto library used by tens of thousands of projects? What if those handful of libraries have a backdoor?
Strange how finance people always talk about hedging but in tech, nobody is hedging tech.
To be (an actual) hedge, something needs to be very solidly understood (by the purchaser), a very solid investment in its own right, and either reverse correlated or independently correlated specifically with a particular asset being hedged.
Probably the worst indicator of something being actually credible, is a promoter who has to stoop to asking "What's wrong with hedging?", as if that was ever in question, or was the relevant question.
I worked at a quantum computing company that builds superconducting QC chips (so, not really applicable to one of the “bombshells” from the article). My team was designing the software stack which allows to control the QC, run quantum jobs/algorithms, and calibrate the parameters.
I’ve made two attempts to explain the work we’ve been doing and to explain the current realistic state of the industry:
1. A talk at PyCon: https://youtu.be/tT1YLP5T71Y
2. A free ebook “ Quantum Computing For Software Engineers” https://leanpub.com/quantum-computing-for-software-engineers
The company I left a few months ago is planning its IPO this year. Like almost all other quantum companies, it’s gonna be a SPAC merger, not a pure IPO. Those traded companies mentioned in the other comments are mostly SPACs as well.
Here's hoping that my stock for D-Wave ends up being worth something.
Quantum computing seems super cool, but I've been a little skeptical of it actually ever yielding anything useful. I would love to be wrong, it seems neat, and I have read through a few books on the subject and played with simulators, so I'm not completely talking out of my ass here, but quantum as a whole has kind of felt like vaporware to me.
As I said, I have stock in D-Wave, obviously it would be in my best interest for quantum to end up as cool as it seems.
D-Wave is not making the type of quantum computers these breakthroughs would apply to, even if scaled up, as far as i know.
I got some too. Obviously the principles behind quantum computing are perfectly sound. It's just those pesky engineering obstacles.
One of the companies around today or in the near future will be the one who makes it work at a practical scale. It will have enormous impact, but I think it will be a slow-burn kind of thing as making effective use of quantum computers will take a long time to evolve, IMHO.
Unfortunately, Google and IBM are also working on this stuff and they have deep pockets. They might do it, but even if they don't they may very well decide to acquire whoever does.
These stocks (IONQ, RGTI, QBTS, XNDU) are a sort of thinking-man's LOTTO ticket which will have its numbers called anytime within the next 5 to 20 years (probably closer to 20). I think they're worthwhile to hold in affordable quantities to see what happens. It might hit big, or it might fizzle out for a variety of reasons. There will also be some hype-driven market sugar-rushes along the way that are an opportunity to rake in a modest profit. This has happened already with IONQ, RGTI and QBTS earlier this year. It will certainly happen again when the patagonia-vest people get jazzed about something.
You can rent Quantum computing time from IBM cloud today:
https://www.ibm.com/quantum/products
https://quantum.cloud.ibm.com/docs/en/guides/plans-overview
I have NOT used it, but the idea is interesting.
You can rent it, but it's basically worthless at this stage.
One thing I find rather amazing about all of this is the degree to which the Bitcoin community has tried, for years, to claim that quantum computers will be another other than a complete break.
Sure, it takes a pretty nice quantum computer or a pretty good algorithm or a degree of malice on the part of miners to break pay-to-script-hash if your wallet has the right properties, but that seems like a pretty weak excuse for the fact that the entire scheme is broken, completely, by QC.
Does there even exist a credible post-quantum proof protocol that could be used to “rescue” P2SH wallets?
> the Bitcoin community has tried, for years, to claim that quantum computers will be another other than a complete break.
Who specifically is claiming this? Satoshi literally mentioned the need to upgrade if QC is viable on bitcointalk in 2010.
The best proposal I have heard for rescuing P2SH wallets after cryptographically relevant quantum computers exist is to require vulnerable wallets to precommit to transactions a day ahead of time. The precommitment doesn't reveal the public key. When the public key must be exposed as part of the actual transaction, an attacker cannot redirect the transaction for at least one day because they don't have a valid precommitment to point to yet.
24-hour latency to make a payment? What is this, the 20th century?
This is for rescue, not for payment. Once you've moved the coins to quantum-secure wallet, the delay would no longer be needed.
...probably some people would be very inconvenienced by this. But not as inconvenienced as having the coins stolen or declared forever inaccessible.
On the brightside at least we'll have a clear indicator for when quantum computers actually arrive.
If Bitcoin is broken then your bank encryption and everything else is broken also.
As far as I know quantum computers still can't even honestly factor 7x3=21, so you are good. And the 5x3=15 is iffy about how honest that was either.
https://news.ycombinator.com/item?id=45082587
Bitcoin uses 256-bit encryption, it's a universe away from 5x3=15.
You are assuming that progress on factoring will be smooth, but this is unlikely to be true. The scaling challenges of quantum computers are very front-loaded. I know this sounds crazy, but there is a sense in which the step from 15 to 21 is larger than the step from 21 to 1522605027922533360535618378132637429718068114961380688657908494580122963258952897654000350692006139 (the RSA100 challenge number).
Consider the neutral atom proposal from TFA. They say they need tens of thousands of qubits to attack 256 bit keys. Existing machines have demonstrated six thousand atom qubits [1]. Since the size is ~halfway there, why haven't the existing machines broken 128 bit keys yet? Basically: because they need to improve gate fidelity and do system integration to combine together various pieces that have so far only been demonstrated separately and solve some other problems. These dense block codes have minimum sizes and minimum qubit qualities you must satisfy in order for the code to function. In that kind of situation, gradual improvement can take you surprisingly suddenly from "the dense code isn't working yet so I can't factor 21" to "the dense code is working great now, so I can factor RSA100". Probably things won't play out quite like that... but if your job is to be prepared for quantum attacks then you really need to worry about those kinds of scenarios.
[1]: https://www.nature.com/articles/s41586-025-09641-4
Related:
Discussion on the Google one,
Safeguarding cryptocurrency by disclosing quantum vulnerabilities responsibly
https://news.ycombinator.com/item?id=47582418
So does BTC need to hard fork? Good luck getting to a consensus again ...
If QC gets to the point where breaking RSA and ECC in the real world is actually going to happen, I'd imagine you will find a consensus rather quickly.
Can quantum computing do even basic math yet? I think this was the holdup. Or perhaps I'm missing the point.
This is a good question, and currently the answer is no. Quantum computers can only run very short, simple algorithms right now, because the qubits they're built out of are noisy. You need a lot of error correction, which the community is working on.
The thing is, unlike ordinary computers, quantum computers can factor numbers about as easily as they can multiply them. So as soon as they can multiply two large integers, they'll also be able to factor the result and break RSA encryption based on keys of that size.
This blog post gives a good sense of the state of the art and what progress might look like:
Why haven't quantum computers factored 21 yet? https://algassert.com/post/2500
And isn't the response already known in the validation process?
I don't understand your question. Can you elaborate?
> I think this was the holdup
It isn't...
It doesn't do basic math ... just the hard one :)
You are. It’s like trying to take the train to your farm job
This comment is wildly inappropriate and violates the community guidelines here. I suggest you delete it.
Maybe it's a good time to start promoting my 5 year old, lightweight, hand-crafted, battle-tested, quantum-resistant blockchain: https://capitalisk.com/
It's about 5000 lines of custom code. Crypto signature library written from scratch.
> Crypto signature library written from scratch.
That's a sentence every white hat cryptography enthusiast loves to hear lol.
It's a very simple signature algorithm. They're welcome to try and crack it. If there is an issue with it, it shouldn't be hard to identify within those few hundred lines. Nobody found any issues in the last 5 years though.
Isn't it a good thing that there exists at least one blockchain in the world which isn't based on the same crypto library used by tens of thousands of projects? What if those handful of libraries have a backdoor?
Strange how finance people always talk about hedging but in tech, nobody is hedging tech.
> What's wrong with hedging?
To be (an actual) hedge, something needs to be very solidly understood (by the purchaser), a very solid investment in its own right, and either reverse correlated or independently correlated specifically with a particular asset being hedged.
Probably the worst indicator of something being actually credible, is a promoter who has to stoop to asking "What's wrong with hedging?", as if that was ever in question, or was the relevant question.