http://www.hpcwire.com/hpcwire/2011-05-26/d-wave_sells_first_quantum_computer.html
I did not expect to read this so soon...
John Savard
This does not appear to be a scalable or general purpose quantum
computer; rather, it appears to apply quantum techniques to solve
specific problems. Interesting news, but not the end of RSA or ECC, at
least not as far as I understand the system.
-- B
> This does not appear to be a scalable or general purpose quantum
> computer; rather, it appears to apply quantum techniques to solve
> specific problems. Interesting news, but not the end of RSA or ECC, at
> least not as far as I understand the system.
Yes, you're quite right, as far as I can tell. But it's still a
momentous first step.
John Savard
My best understanding is that these "quantum annealing computers"
are good at quickly finding a first estimate of an often-enough
near-optimal solution to some highly-multidimensional optimization
problems (any imprecision in the output can then be compensated by
classical techniques).
However I never succeeded to find a precise and readable description
of the kind of problem submitted to the quantum hardware, much
less benchmark data on rate, precision, reliability, which would
allow comparison to what classic simulated annealing techniques on
traditional CPUs can do. Any pointer to something I should try to read?
So far, I never saw any *serious* claim that quantum annealing
computers can be of any use in cryptography. The concepts of diffusion
or avalanche can be seen as preventing reduction of a crypto problem
to an optimization problem; but I have never seen more than handwaving
discussions on that.
Francois Grieu
>So far, I never saw any *serious* claim that quantum annealing
>computers can be of any use in cryptography.
I would not expect them to be useful. Annealing seems to me to
require a "reasonably smooth" solution landscape - a small change to
the input gives a small change to the output most of the time.
Crypto systems are designed to give large changes to the output for
small changes to the input all of the time. That gives very 'spiky'
unsmooth solution landscapes where annealing techniques are unlikely
to work well.
$0.02
rossum
> This does not appear to be a scalable or general purpose quantum
> computer; rather, it appears to apply quantum techniques to solve
> specific problems. Interesting news, but not the end of RSA or ECC, at
> least not as far as I understand the system.
Presumably very dumb question: Isn't it that in complexity theory one
could classify certain problems as equivalent to one another? So, if
the type of problems that machine could well solve is in the same class
as certain crypto problems, what is then the implication for the latter?
Thanks.
M. K. Shen
I still wonder if there are useful *at all*. I have no access to the Nature article and the abstract says about nothing. I've only found some usage examples, which are all but convincing, e.g. solving the TSP for the 15 largest cities in Germany, which is quite trivial (the 43e9 possibilities are even tractable by brute-force and in spite of TSP being NP-hard, there are fairly efficient methods for it; especially in the Euclidean case).
This 15 kW beast is 100 square feet (9 m**2) large and looks like a cube (amounting to maybe 27 m**3). The technology is surely not the cheapest, so 1000 modern multicore CPUs would be probably much cheaper. I wonder how it would compare using some standard benchmarks (there are standardized many CSPs available).
The pseudo-interview linked in the OP seems to hint at applications
*NOT* in image recognition, but in optimizing software that performs
image recognition; the founder/CTO is quoted as saying "We have used
the D-Wave One to run numerous applications. For example, we used the
system to solve optimization problems arising from building software
that could detect cars in images. This process outputs software that
can be deployed anywhere – mobile phones, for example. The software
the D-Wave One system wrote, with collaborators from Google and D-Wave,
was *AMONG* the best detectors of cars in images ever built" (emphasis
mine).
From where I stand, this is no huge technical wonder, and says almost
nothing (positive, at least) on the usefulness of the D-Wave One.
But they make plausible claims, and don't claim a general purpose
quantum computer, or that it is useful in crypto.
The real wonder would be that Lockheed Martin Corporation spent lots
of hard cash to get this.
Francois Grieu
> The real wonder would be that Lockheed Martin Corporation spent lots
> of hard cash to get this.
This was my question as well. My first guess was that D-Wave Systems was
largely owned by Lockheed. But that doesn't appear to be the case.
Cheers,
-j
--
Jeffrey Goldberg http://goldmark.org/jeff/
I rarely read HTML or poorly quoting posts
Reply-To address is valid
> This 15 kW beast is 100 square feet (9 m**2) large and looks like a cube (amounting to maybe 27 m**3). The technology is surely not the cheapest, so 1000 modern multicore CPUs would be probably much cheaper. I wonder how it would compare using some standard benchmarks (there are standardized many CSPs available).
True. But this is a quantum computer with 128 qubits. How much would
2^128 CPU cores cost?
Of course, that's far from a fair comparison. Perhaps a chip with 128
qubits, split into four registers in effect, could start off in 2^32
superposed states, and perform a very, very simple computation in all
those states at once. And then take a time on the order of 2^16 to go
from a superposed state to a single state in which to output an
answer.
But the wonder isn't that it's doing quantum computation *well*. It is
that it is doing it, in a form useful enough for commercial sale, *at
all*.
Remember the short span of years it took to get from the 4004 to the
Pentium? Is it realistic to assume that this is going to be the last
quantum computer ever made, the ultimate limit of progress in that
field? Even ten years from now, quantum computers may not be all that
useful in cryptanalysis, but it's time to start looking over your
shoulders if you're concerned about protecting things like census data
or patient information, for which long-term security is required.
John Savard
There may be different reasons than efficiency for this sale. Maybe prestige/PR (everybody buys our products since it's the best since we're using a QC, isn't it?), maybe a sort of sponsorship for promising (although not yet practical) research? I can't tell, I am just a bit skeptical. Solving a really hard problem would make the feeling go away.
> Remember the short span of years it took to get from the 4004 to the
> Pentium? Is it realistic to assume that this is going to be the last
> quantum computer ever made, the ultimate limit of progress in that
> field?
No, it's not realistic. Sure, there will be some progress. Some day. In some year. In some century. Remember the first hopes about nuclear fusion plants a long long time ago?
Their model is adiabatic quantum computing-- you start of in a simple
state which you can drive the system into. You then switch on
interactions slowly until the ground state is the state you want the
computer to end up in (Ie you end up with a Hamiltonian such that the
desired state is the ground state of that Hamiltonian). This requires
a)to make sure you can drive the system into the simply ground state,
and b) that on adiabatically changing the Hamiltonian you do not drive
the system into a non-ground state.
Trade secrets, I predict, will be the protection for their quantum
computer, without patent disclosures for some key inventions here. Any
computer has Input and Output. The Input trade secret is the subject
of this comment. D-Wave is going for the low hanging fruit by trying
to recognize cars. That goal allows the simple Input apparatus to be
light in a 2 dimensional image. It is well known that photon quanta
interact with electron quantum states. Electron spin and polarization
of light are known to be related http://prl.aps.org/abstract/PRL/v102/i20/e206604
http://pubs.acs.org/doi/full/10.1021/jp061218w
D-Wave has created a straight line of Q-bits to process information
that is Input. I expect that the trade secrets include the customized
Input hardware of light shining through a lens onto the line of Q-
bits. A scanning of the line will produce the image plane to be
processed. We might not find any publication of their Input apparatus
for years, so speculations are needed.
Francois G. wrote, 'The pseudo-interview linked in the OP seems to
hint at applications
*NOT* in image recognition, but in optimizing software that performs
image recognition; the founder/CTO is quoted as saying "We have used
the D-Wave One to run numerous applications. For example, we used the
system to solve optimization problems arising from building
software...'
This is a specialized capability in search of an application that can
have useful results. Cryptography is a specialized application that
cannot be handled by this "fidget module". The processor that they
sell guesses at answers which need to be evaluated by deterministic,
room temperature computers. The quantum results are often wrong but a
few right answers give hope to investors that their purchase will pay
for future improvements where enough fidgeting will cause an evolution
into better configurations of hardware.
> Remember the short span of years it took to get from the 4004 to the
> Pentium?[snip]
Yes, the machine will anyway encourage/favour developments elsewhere.
For computers as such even the very start (not very well known is the
work of K. Zuse in Germany) was actually very recent.
M. K. Shen
The least far from that could be
The Ising model: teaching an old problem new tricks
Z. Bian et al.
linked (with other articles) here:
<http://www.dwavesys.com/en/publications.html>
Bug again, I fail to find data that would make the claim that
D-Wave One does anything useful falsifiable, at least by me.
Francois Grieu
Q computers tend not to be scalable-- ie decoherence bites far faster
the larger it is. Thus error correction becomes important, but expensive
( at least a factor of in size needed just to keep up.)
>
> M. K. Shen
> Presumably very dumb question: Isn't it that in complexity theory one
> could classify certain problems as equivalent to one another?
But this equivalency still allows for certain inefficiencies in the
representation of one problem as a problem of another type. With only
128 qubits, there isn't much room for anything extra.
John Savard
Well, some companies that might _appear_ to be buying such a machine
for prestige reasons might actually be buying it because they feel
it's vitally important to gain experience with this new technology, so
as to be prepared right away when it improves.
John Savard
I suppose some groups researching in quantum computing may also be
interested to know how that machine actually performs. Very possibly
the machine is subject to export regulations.
M. K. Shen
I guess it's time for 'Type 3' encryption:
Type 1: unbreakable for the immediate future (1-10 years)
- RSA-1024
- AES-128
- SHA-256 HMAC
Type 2: unbreakable for the intermediate future (10-30 years, i.e. pre-
quantum computers)
- RSA-4096
- AES-256
- Whirlpool HMAC
Type 3: unbreakable for the long-term future (30-100+ years, i.e. post-
quantum computers)
- McEliece-512K
- AES-256 cascaded with Serpent-256 (512-bit effective, independent
keys)
- SHA-3 HMAC
Do you know that you do not know what you are talking about?
--
kg
> "Quadibloc" <jsa...@ecn.ab.ca> wrote in message news:a62157d6-dad1-
> 44de-a045-3...@c1g2000yqe.googlegroups.com...
> > With 128 qubits.
> >
> > http://www.hpcwire.com/hpcwire/2011-05-26/d-wave_sells_first_quantum_computer.html
> >
> > I did not expect to read this so soon...
> >
>
> I guess it's time for 'Type 3' encryption:
>
> Type 1: unbreakable for the immediate future (1-10 years)
>
> - RSA-1024
Should be considered (depending on threat model perhaps dangerously) unsafe
right now.