#Microsoft publishes an estimator of physical qubits needed for commercially attractive problems - many hardware upgrades should be made to get closer to the sweet spot, but the #cyber community should not get relaxed.

For the #Quantum #Computing industry, the challenge is finding use cases for today's quantum hardware. Until hardware grows multifold, those use cases could be unreachable. Occasionally advertisement goes beyond reasonable promises and makes it feel like we are "already there", but we are not.

Microsoft did great work taking a structural approach to this hardship. It developed the framework and a tool to assess the scale of quantum computers needed to solve commercially valuable problems. Though quantum computers give high promises, a fair estimation of the resources required to solve real-world problems is crucial for smooth and predictable industry development and business planning.

Let's have a look at the #factoring problem, the one that keeps modern cryptography secure. According to the estimator, this application needs ~25k logical qubits and 10 billion logical steps. Today hardware provides only physical qubits, not logical ones. Depending on the underlying architecture (cold atoms, superconducting qubits etc.) and quantum error correction code, one logical qubit might need from 1k to 10k physical qubits. The most powerful quantum machine today has ~400 physical qubits. From the run time perspective, 10 billion steps are a blink of an eye on a classical computer but not on a quantum one. Again, depending on the underlying hardware, this number of steps could take a day or so to complete. The bottom line is that much more mature hardware is needed to approach prime numbers used in production now.

Does it all mean that the #cyber community could be relaxed? Unfortunately, no.

#Cryptography algorithms are used to protect data not only now but over its shelf life. Sessions keys, for example, that are valuable for seconds or days are not a concern, but data that keeps value over the long term is threatened, like medical records. Each organisation has its own data retention requirements that must be aligned with government-prescribed terms. It is not rare to see a requirement to keep specific data for a decade. "Just keep" automatically translates into the "need to keep it secure".

Another aspect to consider is a massive shift in motivation to run a "harvest now decrypt later" attack. That is when an adversary captures everything and stores it until a future date when messages can be decrypted. Not only is storage cheap today, but the prospect of getting a jackpot from this attack is looming because of quantum computing. If data is not protected over its entire shelf life, even if it is ten years from now, it is not well protected today.

Arxiv paper: https://arxiv.org/abs/2211.07629