Commercial Quantum Computer for sale
Quadibloc
http://www.hpcwire.com/hpcwire/2011-05-26/d-wave_sells_first_quantum_computer.html
I did not expect to read this so soon...
John Savard
Mr. B
This does not appear to be a scalable or general purpose quantum
computer; rather, it appears to apply quantum techniques to solve
specific problems. Interesting news, but not the end of RSA or ECC, at
least not as far as I understand the system.
-- B
Quadibloc
> This does not appear to be a scalable or general purpose quantum
> computer; rather, it appears to apply quantum techniques to solve
> specific problems. Interesting news, but not the end of RSA or ECC, at
> least not as far as I understand the system.
Yes, you're quite right, as far as I can tell. But it's still a
momentous first step.
John Savard
Francois Grieu
My best understanding is that these "quantum annealing computers"
are good at quickly finding a first estimate of an often-enough
near-optimal solution to some highly-multidimensional optimization
problems (any imprecision in the output can then be compensated by
classical techniques).
However I never succeeded to find a precise and readable description
of the kind of problem submitted to the quantum hardware, much
less benchmark data on rate, precision, reliability, which would
allow comparison to what classic simulated annealing techniques on
traditional CPUs can do. Any pointer to something I should try to read?
So far, I never saw any *serious* claim that quantum annealing
computers can be of any use in cryptography. The concepts of diffusion
or avalanche can be seen as preventing reduction of a crypto problem
to an optimization problem; but I have never seen more than handwaving
discussions on that.
Francois Grieu
Globemaker
from one state of information to a more useful state, I speculate. In
quantum annealing, the materials have discrete statistics, meaning two
energy levels being definable. That is different from thermal
annealing where broad distributions of energy levels result from
Maxwell-Boltman statistics. The quantized energy states of electons
can be used by changing a magnetic field gradually to harvest a state
as a discrete result. This is in contrast to broad distributions of
molecular bonds harvested in thermal annealing where a temperature is
gradually changed to change powder into a solid block. I speculate
that the value of the technology of quantized annealing, shown in
their blurry Figures, is harvested by detecting electron spins for
electrons caught in magnetic traps that are separated by energy
barriers that are manipulated by slowly changing magnetic fields.
Those spins are interpretted to create program data tables that
correspond to images in photographs so that pattern recognitionis
optimized in 2d fourier filters. Light, I speculate, is projected onto
the electrons in cold traps so the optical fourier transform provided
by lenses affects the states of electrons, which then is set into a
permanent configuration as the magnetic field varies past some shutter
point. The resulting optimized matched filter is superior in spacial
resolution to that matched filter created by film or arrays of
photodetectors. The military customer will use that improved pattern
recognition in the field, not with cold apparatus, but with data
tables in RAM, I surmise. This annealing is not useful for crypto, it
is for less precise functions.
rossum
wrote:
>So far, I never saw any *serious* claim that quantum annealing
>computers can be of any use in cryptography.
I would not expect them to be useful. Annealing seems to me to
require a "reasonably smooth" solution landscape - a small change to
the input gives a small change to the output most of the time.
Crypto systems are designed to give large changes to the output for
small changes to the input all of the time. That gives very 'spiky'
unsmooth solution landscapes where annealing techniques are unlikely
to work well.
$0.02
rossum
Mok-Kong Shen
> This does not appear to be a scalable or general purpose quantum
> computer; rather, it appears to apply quantum techniques to solve
> specific problems. Interesting news, but not the end of RSA or ECC, at
> least not as far as I understand the system.
Presumably very dumb question: Isn't it that in complexity theory one
could classify certain problems as equivalent to one another? So, if
the type of problems that machine could well solve is in the same class
as certain crypto problems, what is then the implication for the latter?
Thanks.
M. K. Shen
Maaartin G
> On Fri, 27 May 2011 07:58:37 +0200, Francois Grieu <fgr...@gmail.com>
> wrote:
>
> >So far, I never saw any *serious* claim that quantum annealing
> >computers can be of any use in cryptography.
> I would not expect them to be useful. Annealing seems to me to
> require a "reasonably smooth" solution landscape - a small change to
> the input gives a small change to the output most of the time.
I still wonder if there are useful *at all*. I have no access to the Nature article and the abstract says about nothing. I've only found some usage examples, which are all but convincing, e.g. solving the TSP for the 15 largest cities in Germany, which is quite trivial (the 43e9 possibilities are even tractable by brute-force and in spite of TSP being NP-hard, there are fairly efficient methods for it; especially in the Euclidean case).
This 15 kW beast is 100 square feet (9 m**2) large and looks like a cube (amounting to maybe 27 m**3). The technology is surely not the cheapest, so 1000 modern multicore CPUs would be probably much cheaper. I wonder how it would compare using some standard benchmarks (there are standardized many CSPs available).
Francois Grieu
> (..) Light, I speculate, is projected onto
> the electrons in cold traps so the optical fourier transform provided
> by lenses affects the states of electrons, which then is set into a
> permanent configuration as the magnetic field varies past some shutter
> point. The resulting optimized matched filter is superior in spacial
> resolution to that matched filter created by film or arrays of
> photodetectors. The military customer will use that improved pattern
> recognition in the field, not with cold apparatus, but with data
The pseudo-interview linked in the OP seems to hint at applications
*NOT* in image recognition, but in optimizing software that performs
image recognition; the founder/CTO is quoted as saying "We have used
the D-Wave One to run numerous applications. For example, we used the
system to solve optimization problems arising from building software
that could detect cars in images. This process outputs software that
can be deployed anywhere – mobile phones, for example. The software
the D-Wave One system wrote, with collaborators from Google and D-Wave,
was *AMONG* the best detectors of cars in images ever built" (emphasis
mine).
From where I stand, this is no huge technical wonder, and says almost
nothing (positive, at least) on the usefulness of the D-Wave One.
But they make plausible claims, and don't claim a general purpose
quantum computer, or that it is useful in crypto.
The real wonder would be that Lockheed Martin Corporation spent lots
of hard cash to get this.
Francois Grieu
Jeffrey Goldberg
> The real wonder would be that Lockheed Martin Corporation spent lots
> of hard cash to get this.
This was my question as well. My first guess was that D-Wave Systems was
largely owned by Lockheed. But that doesn't appear to be the case.
Cheers,
-j
--
Jeffrey Goldberg http://goldmark.org/jeff/
I rarely read HTML or poorly quoting posts
Reply-To address is valid
Quadibloc
> This 15 kW beast is 100 square feet (9 m**2) large and looks like a cube (amounting to maybe 27 m**3). The technology is surely not the cheapest, so 1000 modern multicore CPUs would be probably much cheaper. I wonder how it would compare using some standard benchmarks (there are standardized many CSPs available).
True. But this is a quantum computer with 128 qubits. How much would
2^128 CPU cores cost?
Of course, that's far from a fair comparison. Perhaps a chip with 128
qubits, split into four registers in effect, could start off in 2^32
superposed states, and perform a very, very simple computation in all
those states at once. And then take a time on the order of 2^16 to go
from a superposed state to a single state in which to output an
answer.
But the wonder isn't that it's doing quantum computation *well*. It is
that it is doing it, in a form useful enough for commercial sale, *at
all*.
Remember the short span of years it took to get from the 4004 to the
Pentium? Is it realistic to assume that this is going to be the last
quantum computer ever made, the ultimate limit of progress in that
field? Even ten years from now, quantum computers may not be all that
useful in cryptanalysis, but it's time to start looking over your
shoulders if you're concerned about protecting things like census data
or patient information, for which long-term security is required.
John Savard
Maaartin G
> But the wonder isn't that it's doing quantum computation *well*. It is
> that it is doing it, in a form useful enough for commercial sale, *at
> all*.
There may be different reasons than efficiency for this sale. Maybe prestige/PR (everybody buys our products since it's the best since we're using a QC, isn't it?), maybe a sort of sponsorship for promising (although not yet practical) research? I can't tell, I am just a bit skeptical. Solving a really hard problem would make the feeling go away.
> Remember the short span of years it took to get from the 4004 to the
> Pentium? Is it realistic to assume that this is going to be the last
> quantum computer ever made, the ultimate limit of progress in that
> field?
No, it's not realistic. Sure, there will be some progress. Some day. In some year. In some century. Remember the first hopes about nuclear fusion plants a long long time ago?
unruh
> On May 27, 5:48?am, Maaartin G <grajc...@seznam.cz> wrote:
>
>> This 15 kW beast is 100 square feet (9 m**2) large and looks like a cube (amounting to maybe 27 m**3). The technology is surely not the cheapest, so 1000 modern multicore CPUs would be probably much cheaper. I wonder how it would compare using some standard benchmarks (there are standardized many CSPs available).
>
> True. But this is a quantum computer with 128 qubits. How much would
> 2^128 CPU cores cost?
>
> Of course, that's far from a fair comparison. Perhaps a chip with 128
> qubits, split into four registers in effect, could start off in 2^32
> superposed states, and perform a very, very simple computation in all
> those states at once. And then take a time on the order of 2^16 to go
> from a superposed state to a single state in which to output an
> answer.
Their model is adiabatic quantum computing-- you start of in a simple
state which you can drive the system into. You then switch on
interactions slowly until the ground state is the state you want the
computer to end up in (Ie you end up with a Hamiltonian such that the
desired state is the ground state of that Hamiltonian). This requires
a)to make sure you can drive the system into the simply ground state,
and b) that on adiabatically changing the Hamiltonian you do not drive
the system into a non-ground state.
Globemaker
Trade secrets, I predict, will be the protection for their quantum
computer, without patent disclosures for some key inventions here. Any
computer has Input and Output. The Input trade secret is the subject
of this comment. D-Wave is going for the low hanging fruit by trying
to recognize cars. That goal allows the simple Input apparatus to be
light in a 2 dimensional image. It is well known that photon quanta
interact with electron quantum states. Electron spin and polarization
of light are known to be related http://prl.aps.org/abstract/PRL/v102/i20/e206604
http://pubs.acs.org/doi/full/10.1021/jp061218w
D-Wave has created a straight line of Q-bits to process information
that is Input. I expect that the trade secrets include the customized
Input hardware of light shining through a lens onto the line of Q-
bits. A scanning of the line will produce the image plane to be
processed. We might not find any publication of their Input apparatus
for years, so speculations are needed.
Francois G. wrote, 'The pseudo-interview linked in the OP seems to
hint at applications
*NOT* in image recognition, but in optimizing software that performs
image recognition; the founder/CTO is quoted as saying "We have used
the D-Wave One to run numerous applications. For example, we used the
system to solve optimization problems arising from building
software...'
This is a specialized capability in search of an application that can
have useful results. Cryptography is a specialized application that
cannot be handled by this "fidget module". The processor that they
sell guesses at answers which need to be evaluated by deterministic,
room temperature computers. The quantum results are often wrong but a
few right answers give hope to investors that their purchase will pay
for future improvements where enough fidgeting will cause an evolution
into better configurations of hardware.
Mok-Kong Shen
> Remember the short span of years it took to get from the 4004 to the
> Pentium?[snip]
Yes, the machine will anyway encourage/favour developments elsewhere.
For computers as such even the very start (not very well known is the
work of K. Zuse in Germany) was actually very recent.
M. K. Shen
Francois Grieu
> I never succeeded to find a precise and readable description
> of the kind of problem submitted to the quantum hardware, much
> less benchmark data on rate, precision, reliability, which would
> allow comparison to what classic simulated annealing techniques on
> traditional CPUs can do.
The least far from that could be
The Ising model: teaching an old problem new tricks
Z. Bian et al.
linked (with other articles) here:
<http://www.dwavesys.com/en/publications.html>
Bug again, I fail to find data that would make the claim that
D-Wave One does anything useful falsifiable, at least by me.
Francois Grieu
unruh
Q computers tend not to be scalable-- ie decoherence bites far faster
the larger it is. Thus error correction becomes important, but expensive
( at least a factor of in size needed just to keep up.)
>
> M. K. Shen
Quadibloc
> Presumably very dumb question: Isn't it that in complexity theory one
> could classify certain problems as equivalent to one another?
But this equivalency still allows for certain inefficiencies in the
representation of one problem as a problem of another type. With only
128 qubits, there isn't much room for anything extra.
John Savard
Quadibloc
> Maybe prestige/PR (everybody buys our products since it's the best since we're using a QC,
> isn't it?),
Well, some companies that might _appear_ to be buying such a machine
for prestige reasons might actually be buying it because they feel
it's vitally important to gain experience with this new technology, so
as to be prepared right away when it improves.
John Savard
Mok-Kong Shen
I suppose some groups researching in quantum computing may also be
interested to know how that machine actually performs. Very possibly
the machine is subject to export regulations.
M. K. Shen
Nomen Nescio
44de-a045-3...@c1g2000yqe.googlegroups.com...
> With 128 qubits.
>
> http://www.hpcwire.com/hpcwire/2011-05-26/d-wave_sells_first_quantum_computer.html
>
> I did not expect to read this so soon...
>
I guess it's time for 'Type 3' encryption:
Type 1: unbreakable for the immediate future (1-10 years)
- RSA-1024
- AES-128
- SHA-256 HMAC
Type 2: unbreakable for the intermediate future (10-30 years, i.e. pre-
quantum computers)
- RSA-4096
- AES-256
- Whirlpool HMAC
Type 3: unbreakable for the long-term future (30-100+ years, i.e. post-
quantum computers)
- McEliece-512K
- AES-256 cascaded with Serpent-256 (512-bit effective, independent
keys)
- SHA-3 HMAC
kg
>"Quadibloc" <jsa...@ecn.ab.ca> wrote in message news:a62157d6-dad1-
>44de-a045-3...@c1g2000yqe.googlegroups.com...
>> With 128 qubits.
>>
>> http://www.hpcwire.com/hpcwire/2011-05-26/d-wave_sells_first_quantum_computer.html
>>
>> I did not expect to read this so soon...
>>
>
>I guess it's time for 'Type 3' encryption:
Do you know that you do not know what you are talking about?
--
kg
Anonymous
> "Quadibloc" <jsa...@ecn.ab.ca> wrote in message news:a62157d6-dad1-
> 44de-a045-3...@c1g2000yqe.googlegroups.com...
> > With 128 qubits.
> >
> > http://www.hpcwire.com/hpcwire/2011-05-26/d-wave_sells_first_quantum_computer.html
> >
> > I did not expect to read this so soon...
> >
>
> I guess it's time for 'Type 3' encryption:
>
> Type 1: unbreakable for the immediate future (1-10 years)
>
> - RSA-1024
Should be considered (depending on threat model perhaps dangerously) unsafe
right now.
