1152 qubits sounds like the D-Wave chips. So does that mean 6000 D-wave chips ?
Even if you reverse the calculation, that would be 60000 minutes on 1 chip, which is about 42 days only, so. Quantum Too Good
Hype aside - the largest number factored using Shor on a physical device is 21 (unclear if they actually used the result of the factoring to design the circuits like they did with 15).
Back then I modelled the quantum circuit as a set of unitaries (by parametrizing them through their generator), that operate on one or two qubits, set a limit to the amount of steps and the amount of controlled gates and then threw different optimization algorithms at it. I got the best performance using simple dense neural networks. What's cool is that I could generate a training set really quickly since I could just randomly build tensor products of unitary matricies to create billions of unitaries of up to 7 qubits in minimal time and then just see how close I can get given a fixed length for the quantum circuit and a fixed number of control gates.
I really liked this approach and it was fun to work on. However it was ultimately limited as the size of the matrices scales exponentially with the number of qubits.
https://arxiv.org/abs/1905.09749 | How to factor 2048 bit RSA integers in 8 hours using 20 million noisy qubits
They like to make larger and larger quantum computers that don't do anything useful. A sort of progress I suppose...
Crypto does not, for a lot of reasons, but biggest I can think of is that hashing is still one-way, public keys are hidden (until used, which is why it is important to expose your public key only when using funds).
When there is a viable ECC attack vector, it will not be much effort to migrate to a more mature PQC. Better to wait as long as possible, maybe even have a crypto built on PQC to field test it with money on the line -- a few billion in market cap goes a long way to incentivizing breaking the crypto involved.
No quantum computer has ever been used for that purpose in real life, however.
Or most 2-digit numbers, for that matter. After more than a decade, the record still stands at 21=3x7 [1].
[1] https://en.wikipedia.org/wiki/Integer_factorization_records#...
It isn't cryptographically relevant yet, but quantum supremacy was achieved in 2020: https://arxiv.org/abs/2012.01625
Compromising the main keys isn't enough, need to compromise each session key as well in turn, a massive increase.
Forward secrecy addresses this specific attack:
* Someone builds a archive of your encrypted messages, possibly without your knowledge or consent.
* That someone then gets access to your secret key material.
* They can then decrypt their archive.
The session keys are exchanged by the asymmetrical systems that the imagined quantum computer would be able to break. So the attacker gets the session keys directly. So for, say, signal, they only have to break a new key exchange which doesn't happen all that often. They can just run the hash ratchet after that. Even for TLS that does a new session key per connection, that connection might last a fair time. The 10 min can be spread over multiple connections for this proposal. We are hardly talking about a massive increase of difficulty.
However I was also unaware of PQC, which has been an interesting rabbit hole for the day
This is kinda like how matrix diagonalization can be used to solve any problem which is expressible as a linear system of equations, and to some degree any continuous function can be approximated by a linear system, so a BLAS + LAPACK accelerator is a "universal simulation engine."
You could probably build a generic Shor's algorithm quantum computer that is able to both factor integers and break elliptic curve keys. But the same quantum computer wouldn't be usable for Grover's algorithm to find the presage of a cryptographic hash. This is what I mean by there not being a "universal quantum computer" in the same way a Turing machine is a universal classical computer. Quantum computers by their very nature are ASIC implementations of specific algorithms, even though those algorithms might have some multi-domain applicability.
This computer would be able to do Shor, Grover, QAOA, as well as any classical algorithm of course. If you're interested, I can try to describe the proof of universality, it's just a bit of linear algebra. Otherwise, you can look up "Solovay-Kitaev theorem".
I happen to be working on a commercial product for which manufacturing quantum computers is a real use case, so I should understand this.