Comment by halosghost

2 days ago

No. If their claim is true, they have a new prototype of a single qubit that they say could enable faster scaling up of qubit arrays (which means asymmetric/public-key cryptosystems like RSA will be in trouble sooner than we thought they might be). However, this work does not demonstrate that scaling potential at all. In the spirit of Betteridge's Law of headlines, if such a thing were easy for them to demonstrate, why would they announce this now, with a single logical qubit, rather than when they've demonstrated at least some scaling potential?

This understanding of QC is common, but isn't quite right. Quantum computation is actually really hard to parallelize (which is why Grover, though a bit frightening since it halves the security of symmetric primitives, is actually kind of damning for QC—because you can't parallelize that search really at all, so halving is the best a quantum adversary can get against things like AES-256).

I stand by my assertion that, until a QC announcement includes replicable benchmarks on actual use-cases, such things can be safely dismissed.

If you continue to be concerned (not necessarily unhealthy), engage cryptographers and security engineers to help your projects build know-how on hybrid (in this case, classical/PQ) cryptosystems, and get them deployed sooner rather than later.