@shawmakesmagic

Quantum computing is much farther away than the media will ever tell you. I’ve had a lot of conversations with very, very smart people about quantum computing. It is an exciting field, and real work is happening. But the gap between what quantum computers can actually do and what people claim they could do in the next 40-50 years is massive, and it leads even smart people to say wildly dumb things. There is a narrow class of cryptographic problems where quantum computers can theoretically outperform classical ones. For hash functions like SHA-256, the best case is Grover’s algorithm, which cuts the search space from 2²⁵⁶ to 2¹²⁸. 2¹²⁸ is still an impossible number. Not “hard.” Impossible. Like even with absurd, fantasy-level hardware, you’re talking about timescales longer than civilization, longer than biology, longer than anything relevant. Often referenced is Shor’s algorithm, which can be used to crack RSA/ECDSA by factoring very large numbers into primes. In practice, today’s best quantum computers can't even factor the number 21 into 3 and 7 without knowing what the result should be ahead of time. So even if quantum computers were millions of times faster, the absolute best you get is 2¹²⁸ attempts instead of 2²⁵⁶. To crack Bitcoin, you would have to do this in minutes, repeatedly, against a live network-- and if that were remotely possible then bitcoin would be the least of our problems, since all private encrypted data would be up for grabs. There is no serious path to that. It's impossible to even imagine a timeline, but the jump in capability would be greater than the jump from a computer in the 1950s to a server farm today. Modern cryptography assumed future compute growth from the start. Quadratic speedups were anticipated decades ago. It was priced in. Any time you see fear or hype around quantum computing, remember: These people have no fucking idea what they are talking about.

8 replies

4 recasts

46 reactions