I’ve written several times about the profound implications of the coming of Quantum Computing, especially Quantum Cryptography. In these comments, I have taken QC to be a done deal (e.g., here, here)
Mikhail Dyakonov writes this fall to remind us (including me) that practical QC has never been demonstrated, and doesn’t seem to be just around the corner either .
Reading this, I have to realize that my own analyses have been based on a shallow understanding of both the theory and technology, and relying on perhaps over enthusiastic reports. Be careful, Bob!
Dyakonov makes the interesting point that QC seems to be understood quite well theoretically, but practical implementations are a huge, huge leap. He estimates that a practical quantum computer would need 1,000 to 100,000 qbits. This means that the computation amounts to managing 21000 or more (continuously variable) parameters, which is a lot. More that the number of atoms in the universe. Equivalent to a significant chunk of the current Internet connected infospace.
Even if today’s 10, 30, or 50 qbit systems work (which is not well established, at least in the open literature), the exponential factor means that scaling up to 1,000 or more is far from given. As he says,
“Could we ever learn to control the more than 10300 continuously variable parameters defining the quantum state of such a system?
“My answer is simple. No, never.”
So my own confident pronouncements about QC, including the obsolescence of current blockchain systems (e.g., here, here) may be premature and/or uninformed.
Point taken, and I really need to be careful.
However, I think there is still reason to think that QC is coming and will make many current systems obsolete.
For one thing, this is a classic case of Clarke’s First Law:
“When a distinguished but elderly scientist states that something is possible, he is almost certainly right. When he states that something is impossible, he is very probably wrong.” 
In fact, even Dyakonov says that it is theoretically possible. He’s arguing that it is so difficult and impractical that it will never be made to work. And that’s a whole different kind of “no, never” than, say, faster than light or time travel.
So here are some things that might make interesting things happen, even in the face of seemingly intractable difficulty.
One thing to consider is that the small scale systems already demoed might be made useful, perhaps in swarms. Maybe you don’t need one system with 10,000 qbits. Maybe 1,000 QCs each with a few tens of qbits can be architected into a powerful system. (Stranger architectures are done all the time. See Intel’s chip set.)
It also seems to me that, it looks like QC, or school of, will be very useful for things like secure networks and key exchange. This kind of use case needs the quantum weirdness, but not gigantic amounts of logic. The point being, there may be niche uses that work log before general purpose quantum supercomputers are available.
Finally, it’s hard to say what is or isn’t possible if cost is no objects. Given the theoretical possibility, it is safe to say that the big code breakers would pay pretty much any price for a working QC. With the resources of a major nation state, and national survival at risk, ordinary intuitions of what is reasonable do not apply.
For that matter, Sensei Clarke was completely right about this kind of prediction. It’s hard to guess what will be reasonable.
For example, if you told me in 1969 we would replace all the copper and microwave links of the (proprietary telephone and telex) network with glass and lasers, link billions of computers all over the world, and also replace all the land lines with pocket radios (which are also supercomputers)—I would have said “No, never”. But we did.
(On the other hand, we have not gone to Mars, which everyone would have bet we would. But that’s because there is no real good reason to travel to Mars. There are many very, very good reasons to build QC.)
As my late father used to say, “never is a long time”, So, who knows?
At this point, I guess I don’t really know that QC is coming or how soon, but I would bet that it is coming and coming soon. If nothing else, it would be disastrous to assume QC won’t happen, if it does happen. On the other hand, expecting QC an being disappointed is relatively harmless.
Worrying about “quantum proof” cryptography is a good thing to do, even if QC never materializes. After all, the cryptography that the Internet and national security depend on are all based on an argument that factoring primes is impractically hard for conceivable, real life computers. QC is conceivable, so it is well worth worrying about.
- Arthur C. Clarke, Profiles Of The Future: An Inquiry Into The Limits Of The Possible, New York, Harper & Row, 1962.
- Mikhail Dyakonov, The Case Against Quantum Computing, in IEEE Spectrum – Computing. 2018. https://spectrum.ieee.org/computing/hardware/the-case-against-quantum-computing