Do you believe there is now a quantum Moore's Law in place? I've seen graphs showing quantum chips from Google, IBM, and Intel plotted on a log scale that are suggestive. (These exclude adiabatic quantum computers which are different beasts.)
If there is do you think we're perhaps less than 10 years from QC capable of breaking common number theory based asymmetric cryptographic algorithms like RSA or elliptic curve for at least lower key strengths? That's what these graphs suggest.
(I know breaking crypto is not by any stretch the only or the most valuable thing you can do with QC but it's the one that gets the most press and it's relevant to my current work.)
I think it's too early in the field, and there's too much basic research still to be done, to talk usefully about a "Moore's Law." For godsakes, we're not even sure yet whether superconducting qubits or trapped ions or something else (or a hybrid) will be the way forward!
Yes, you can make plots of the number of qubits, coherence times, etc. as a function of year -- and if you listen to talks by John Martinis, Chris Monroe, or the other leading experimentalists, you'll often see such plots. But at the very least, you need to look at both dimensions (qubits and coherence time) -- not just at "number of qubits," which will be severely misleading! And even if you do, there are very few data points to use for extrapolation, since it's really only within the last ~6-7 years that people have even gotten qubits to work well in isolation, let alone scaling them up. So it's really hard to extrapolate.
Like, I'm hopeful that within the next decade, we'll have systems with a few hundred qubits that will be good enough to do some useful tasks that are classically intractable (such as quantum simulation), though they certainly won't be threatening public-key crypto yet. But I'm not sure even about that. And I'd prefer to see what happens with this before speculating about the timescale for the next step, of building a full universal QC (the kind that would break our existing public-key cryptosystems)!
Even if the number of qubits doubled every year from here on out, it would be 15+ years until we had enough working space to run Shor's algorithm on modern cryptographic key sizes.
Back of the envelope:
- It takes 9n error-corrected qubits to break an n-bit ECDH key [1]
- Each error-corrected qubit requires ~2500 physical qubits [2][3]
- Typical ECDH key size is 256 bits [4]
- This year would be the year of ~64 physical qubit machines. [5][6][7]
- log_2(256 * 9 * 2500 / 64) ~= 16.4 years
Note that every one of the quantities in the estimate is subject to future research. E.g. the error corrected qubit size is smaller when using lattice surgery, but not enough to really move the needle on the time estimate.
If there is do you think we're perhaps less than 10 years from QC capable of breaking common number theory based asymmetric cryptographic algorithms like RSA or elliptic curve for at least lower key strengths? That's what these graphs suggest.
(I know breaking crypto is not by any stretch the only or the most valuable thing you can do with QC but it's the one that gets the most press and it's relevant to my current work.)