Shtetl-Optimized » Blog Archive » Cargo Cult Quantum Factoring
source link: https://scottaaronson.blog/?p=6957
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Cargo Cult Quantum Factoring
Just days after we celebrated my wife’s 40th birthday, she came down with COVID, meaning she’s been isolating and I’ve been spending almost all my time dealing with our kids.
But if experience has taught me anything, it’s that the quantum hype train never slows down. In the past 24 hours, at least four people have emailed to ask me about a new paper entitled “Factoring integers with sublinear resources on a superconducting quantum processor.” Even the security expert Bruce Schneier, while skeptical, took the paper surprisingly seriously.
The paper claims … well, it’s hard to pin down what it claims, but it’s certainly given many people the impression that there’s been a decisive advance on how to factor huge integers, and thereby break the RSA cryptosystem, using a near-term quantum computer. Not by using Shor’s Algorithm, mind you, but by using the deceptively similarly named Schnorr’s Algorithm. The latter is a classical algorithm based on lattices, which the authors then “enhance” using the heuristic quantum optimization method called QAOA.
For those who don’t care to read further, here is my 3-word review:
No. Just No.
And here’s my slightly longer review:
Schnorr ≠ Shor. Yes, even when Schnorr’s algorithm is dubiously “enhanced” using QAOA—a quantum algorithm that, incredibly, for all the hundreds of papers written about it, has not yet been convincingly argued to yield any speedup for any problem whatsoever (besides, as it were, the problem of reproducing its own pattern of errors) (one possible recent exception from Sami Boulebnane and Ashley Montanaro).
In the new paper, the authors spend page after page saying-without-saying that it might soon become possible to break RSA-2048, using a NISQ (i.e., non-fault-tolerant) quantum computer. They do so via two time-tested strategems:
- the detailed exploration of irrelevancies (mostly, optimization of the number of qubits, while ignoring the number of gates), and
- complete silence about the one crucial point.
Then, finally, they come clean about the one crucial point in a single sentence of the Conclusion section:
It should be pointed out that the quantum speedup of the algorithm is unclear due to the ambiguous convergence of QAOA.
“Unclear” is an understatement here. It seems to me that a miracle would be required for the approach here to yield any benefit at all, compared to just running the classical Schnorr’s algorithm on your laptop. And if the latter were able to break RSA, it would’ve already done so.
All told, this is one of the most actively misleading quantum computing papers I’ve seen in 25 years, and I’ve seen … many. Having said that, this actually isn’t the first time I’ve encountered the strange idea that the exponential quantum speedup for factoring integers, which we know about from Shor’s algorithm, should somehow “rub off” onto quantum optimization heuristics that embody none of the actual insights of Shor’s algorithm, as if by sympathetic magic. Since this idea needs a name, I’d hereby like to propose Cargo Cult Quantum Factoring.
And with that, I feel I’ve adequately discharged my duties here to sanity and truth. If I’m slow to answer comments, it’ll be because I’m dealing with two screaming kids.
This entry was posted on Wednesday, January 4th, 2023 at 11:06 pm and is filed under Complexity, Quantum, Rage Against Doofosity, Speaking Truth to Parallelism. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Recommend
-
58
The phenomenal success of our integrated circuits managed to obscure an awkward fact: they're not always the best way to solve problems. The features of modern computers—binary operations, separated processing and memory,...
-
41
This theoretical paper shows how to factor 2048-bit RSA moduli with a 20-million qubit quantum computer in eight hours. It's interesting work, but I don't want overstate the risk...
-
15
Ever since Shor's great discovery, quantum computers have been factoring larger and larger numbers. In 2001, the number 15 was factored using 8 qubits. This record was tied, but not beaten, until 2012 when the number 21 wa...
-
9
Shor's Quantum Factoring Algorithm 28 Aug 2017 A few years ago, I wrote a post on how Grover's quantum search algorit...
-
7
[Submitted on 23 Jun 2017 (v1), last revised 19 Jan 2018 (this version, v2)] Factoring with n+2 clean qubits and n-1 dirty qubits
-
17
December 21, 2020
-
7
India Factoring goes live on MonetaGo’s blockchain-based solution to prevent invoice fraud Blockchain ...
-
4
[Talk at DEF CON Crypto and Privacy Village] How expensive is quantum factoring, really?
-
4
I had a dream As I slept fitfully, still recovering from COVID, I had one of the more interesting dreams of my life:
-
10
Should GPT exist? I still remember the 90s, when philosophical conversation about AI went around in endless circles—the T...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK