Quantum Computers do work in principle
Quantum Computers do work in principle
Posted Mar 12, 2026 12:12 UTC (Thu) by chris_se (subscriber, #99706)In reply to: Premature by PeeWee
Parent article: HTTPS certificates in the age of quantum computing
As someone with a background in theoretical condensed matter physics I disagree here.
If your claim is just "the commercial quantum computing companies are vastly overselling what they can achieve" - sure, I think that's trivially true. If you say "we're at least 10, more likely at least 20 years away from a quantum computer that'll be even remotely useful" - I'd tend to agree. But I do think that people working on this genuinely believe that this will be possible eventually.
There _are_ macroscopic quantum states (e.g. Bose-Einstein-Condensates). There _are_ experiments that show that quantum coherence can survive in really weird conditions (back in 1999 people have demonstrated double-slit interference with C60 molecules, that was quite a famous paper in Nature back then). These things, while not intrinsically useful for quantum computers, indicate that if you can manage the corresponding interactions well enough you can keep a quite large quantum state around.
The main issues with current quantum computer designs are 1) scaling, 2) coherence times, and 3) control. While it is easily possible to optimize for one of these quantities, nobody has managed to optimize for all 3 of these quantities at the same time as of yet. But there's no intrinsic limit given by the known laws of physics why that should be impossible - it's just a _really_, _really_ hard problem to solve.
There have been improvements over the last years though. And in contrast to Schrödinger's cat, we're talking about the coherence of a couple of million of qubits that's needed for useful computations, i.e. 10^6 - 10^7, and at very low temperatures near absolute zero, not the coherence of all ~10^26 atoms in a cat at room temperature. We're still ways off from that, but the comparison to Schrödinger's cat is really misleading in my eyes.
As for post-quantum cryptography: I'm very sympathetic to the argument that we don't need to deploy signatures as of right now, because key exchange is the only thing we need to worry about _at this moment_, since signatures will only be needed once a quantum computer exists. But I do think that implementing a hybrid EC + PQC scheme for key exchange is a sensible precaution to take right now. Sure, most of my traffic is probably completely irrelevant when we look at the time in 20 years or so. But I can easily imagine a changed political landscape by then where something I do right now might get me in trouble in 20 years.