2025-03-08T16:22:55 Status: #blog Tags: #quantum #computer-science #crypto #physics Links: [[Quantum Computing]] | [[Quantum-Resistant Cryptography in Blockchain Wallets]] | [[Technology]] | [[Cryptography]] # A conversation about quantum computing and implications for cryptography and cryptocurrencies I had the opportunity this past week to catch up with my friend [Matthias Troyer](https://www.linkedin.com/in/troyer/), who spent two decades as professor for computational physics at ETH Zürich and currently is a Technical Fellow and Corporate Vice President of [Quantum Computing at Microsoft](https://quantum.microsoft.com/): ![[MatthiasTroyer.jpg]] Matthias and I go back a long way, having both gone to the same high school and college in Linz, Austria. And we've both been *computer wizards* since the early 80s, as is evidenced by this newspaper article from 1985 detailing how our very clever algorithm in BASIC earned us both the top award in a local programming competition, with the main prize being a dot-matrix printer... ![[BASIC Nuss 1985.jpeg]] So, it was my great pleasure to congratulate Matthias on the occasion of the recent [announcement by Microsoft that their *Majorana 1* processor has achieved producing topological qubits using Majorana quasi-particles](https://news.microsoft.com/source/features/innovation/microsofts-majorana-1-chip-carves-new-path-for-quantum-computing/). We talked for a little over an hour, and our conversation covered many fascinating topics. I have summarized the key points here: ## Topological quantum computing Obviously, we first talked in-depth about the current state of the art of [[Quantum Computing|quantum computing]], and in particular about the use of Majorana quasiparticles to achieve topplogical qubits. For a long time — especially during his years as a professor at ETH Zürich — Matthias had been a vocal critic of quantum computing companies like D-Wave, because he had developed algorithms that allowed the simulation of quantum computing algorithms on classical supercomputer hardware and he was able to show that such a simulations could produce results faster than those early quantum computers due to their limited number of qubits. The recent breakthrough at Microsoft with *[topological qubits](https://en.wikipedia.org/wiki/Majorana_fermion#Topological_qubits)* is relevant insofar as it paves the path to chips with millions of qubits within the next 8-10 years. At that scale, quantum computers will, obviously, be much more capable than classical supercomputers for certain tasks, and the simulation argument no longer holds. *Topological qubits* store quantum information in the global properties (or “topology”) of certain exotic quantum states. They utilize _[anyons](https://en.wikipedia.org/wiki/Anyon "Anyon")_, a type of [quasiparticle](https://en.wikipedia.org/wiki/Quasiparticle "Quasiparticle") that occurs in two-dimensional systems. The anyons' [world lines](https://en.wikipedia.org/wiki/World_line "World line") intertwine to form [braids](https://en.wikipedia.org/wiki/Braid_theory "Braid theory") in a three-dimensional [spacetime](https://en.wikipedia.org/wiki/Spacetime "Spacetime") (one temporal and two spatial dimensions). The braids act as the [logic gates](https://en.wikipedia.org/wiki/Logic_gate "Logic gate") of the computer. ![[Topological_quantum_computer.jpg]] Compared to previous quantum computing approaches, such as trapped-ion implementations and previous superconductor architectures, such as the ones used by IBM and Google, the topological approach has several key benefits that Matthias elaborated on: - Better stability of the quantum states as they are less susceptible to decoherence - Easier way to read out the state of a qubit electronically - Easier path to scalability to millions of qubits due to arrays of nanowires For further background information on topical quantum computing, please see: - This section in my KB article on QC: [[Quantum Computing#3. Topological Qubits A Unique Approach|Topological Qubits A Unique Approach]] - This YouTube video by Domain of Science that has a great overview of Microsoft's Topological Quantum Computer: https://www.youtube.com/watch?v=ihZXl33t8So - The preprint of the recent Microsoft paper that Matthias co-authored: David Aasen, et al: "[Roadmap to fault tolerant quantum computation using topological qubit arrays](https://arxiv.org/abs/2502.12252)", [arXiv:2502.12252](https://arxiv.org/abs/2502.12252)\[quant-ph\] ## Logical vs physical qubits All quantum computers have to address [[Quantum Computing#1.3 Decoherence and Error Correction|decoherence and error correction]], because physical qubits are inherently noisy, so the typical approach is to group physical qubits into logical qubits by performing error correction and taking advantage of entanglement, wherever possible. <video src="Files/logical_qubitmp4.mp4" controls autoplay loop></video> Topological qubits offer a significant advantage over ion-trap or other superconducting physical qubits in that they are already much more stable and less susceptible to interference and decoherence due to their architecture, but there still needs to be a [logical qubit abstraction layer](https://quantum.microsoft.com/en-us/solutions/qubit-virtualization) on top of the physical qubits. However, significantly fewer physical qubits per logical qubit are needed compared to other quantum computing architectures. Furthermore, topological qubits are the only quantum computing architecture where the qubit operations can be controlled electronically by simple digital voltage signals instead of finely-tuned analog microwave or laser pulses, so it has much better I/O characteristics than other systems. ## Possible Applications Next we touched on the questions of the possible real-world applications of quantum computing, as Microsoft is building out its [Azure Quantum](https://quantum.microsoft.com/) platform, [Q# Quantum Programming Language](https://learn.microsoft.com/en-us/azure/quantum/qsharp-overview), and [learning resources](https://learn.microsoft.com/en-us/training/paths/quantum-computing-fundamentals/) at the same time to educate people on quantum algorithms. Because they can use quantum mechanics to mathematically map how nature behaves with incredible precision – from chemical reactions to molecular interactions and enzyme energies – million-qubit machines should be able to solve certain types of problems in chemistry, materials science and other industries that are impossible for today’s classical computers to accurately calculate. ![[QC_Chemistry.png]] - For instance, they could help solve the difficult chemistry question of why materials suffer corrosion or cracks. - Because there are so many types of plastics, it isn’t currently possible to find a one-size-fits-all catalyst that can break them down – especially important for cleaning up microplastics or tackling carbon pollution. - Enzymes could be harnessed more effectively in healthcare and agriculture, thanks to accurate calculations about their behavior that only quantum computing can provide. But not all current applications requiring supercomputers or large GPU-clusters would lend themselves to being addressed by quantum computing: - Even with the next generation of quantum computers, I/O will still be a major bottleneck. We are talking about reading and writing quantum states at the beginning and end of the computation, which is going to still happen at approximately kHz frequencies due to the architecture of the interface between the quantum computer and rest of the electronics/computing platform. - Therefore, as a practical limitation, only quantum algorithms that *don't need a lot of data* will initially be feasible. Quantum computers will, therefore, not be good for LLM algorithms or other AI solutions and deep-learning problems that require billions of parameters being loaded and adjusted, and terabytes of training data being processed. - The best possible candidates for quantum algorithms that we currently know are in the field of [computational chemistry](https://quantum.microsoft.com/en-us/vision/quantum-for-chemistry), which is what Microsoft is focusing on as their first application use-cases. ## DARPA Quantum Benchmarking Initiative (QBI) Matthias explained that the timeline to attempt to reach a million qubits by 2033 was driven largely by the [Quantum Benchmarking Initative (QBI)](https://www.darpa.mil/research/programs/quantum-benchmarking-initiative). That approach led the [Defense Advanced Research Projects Agency (DARPA)](https://www.darpa.mil/), a federal agency that invests in breakthrough technologies that are important to national security, to include Microsoft in a rigorous program to evaluate whether innovative quantum computing technologies could build commercially relevant quantum systems faster than conventionally believed possible. ![[DARPA_QBI.png]] Microsoft is now one of two companies to be [invited to move to the final phase](https://www.darpa.mil/news/2025/quantum-computing-approaches) of DARPA’s Underexplored Systems for Utility-Scale Quantum Computing (US2QC) program – one of the programs that makes up DARPA’s larger [Quantum Benchmarking Initiative](https://www.darpa.mil/research/programs/quantum-benchmarking-initiative) – which aims to deliver the industry’s first utility-scale fault-tolerant quantum computer, or one whose computational value exceeds its costs. The recently announced [[Quantum Computing#4. Microsoft’s Majorana 1 Processor|Majorana 1 processor]] is just the first step on that journey, and the roadmap thereafter has a goal of getting to a fault-tolerant prototype working with a handful of logical qubits and I/O at kHz frequencies by 2028. From there, the goal is to scale up that prototype by a factor of 1000x over 5 years to fulfill the stated DARPA QBI goals. ![[qubit_scaling.avif]] A key factor to enable this scaling is that the topological qubits are the only quantum computing architecture where the state can be read electronically easily, so it yield to much better I/O rates than all other systems. ## Quantum Coding In parallel with the hardware developments, the team at Microsoft is also laying the groundwork for the development and implementation of quantum algorithms using the new [Q# Quantum Programming Language](https://learn.microsoft.com/en-us/azure/quantum/qsharp-overview). And they've put together a [Quantum Computing Fundamentals](https://learn.microsoft.com/en-us/training/paths/quantum-computing-fundamentals/) learning course to explain the fundamental concepts and build basic quantum programs in Q#. And there is a sandbox available on their platform where you can run Q# code online to start experimenting with it: https://quantum.microsoft.com/en-us/tools/quantum-coding ![[Qsharp_HelloWorld.png]] ## Responsible safeguards Given the current lack of safeguards around responsible AI development and the insane race to develop AGI and ASI without proper failsafe mechanisms, we next discussed the need for responsible safeguards around quantum computing - especially at the scale that DARPA and Microsoft are aiming to achieve. In particular, Matthias pointed me to two articles where their team specifically addressed the need to use Quantum Computing responsibly: - Matthias Troyer, Emily Violi Benjamin, Ani Gevorkian: "[Quantum for Good and the Societal Impact of Quantum Computing](https://arxiv.org/abs/2403.02921)", to be published in Pontificiae Academiae Scientiarvm Scripta Varia, preprint available here: [https://arxiv.org/abs/2403.02921](https://arxiv.org/abs/2403.02921 "https://arxiv.org/abs/2403.02921"), where they specifically assert the following: Migration to quantum-safe security measures is the most meaningful proactive risk management strategy industry and governments can apply. As a complementary measure, quantum computing providers should adopt reactive safeguards that prevent cryptanalysis applications on future quantum hardware by implementing technical measures and processes that screen applications run on quantum computers. Similar to current virus protection, safeguards must include automated or manual review of the execution of user code. One approach is to offer only SaaS cloud access to quantum hardware for chemistry applications - Matthias Troyer: "[Responsible computing and accelerating scientific discovery across HPC, AI, and Quantum](https://azure.microsoft.com/en-us/blog/quantum/2024/03/05/responsible-computing-and-accelerating-scientific-discovery-across-hpc-ai-and-quantum/)", Microsoft Azure Blog Furthermore, while Microsoft has been criticized in the scientific community for not providing all details of their fabrication process, this is standard practice throughout the semiconductor industry to protect trade secrets. Matthias pointed out that essentially DARPA staff acts as the peer-review for them, and the DARPA QBI team are satisfied with the reproducibility and accuracy of the results. To that extent, Matthias also confirmed to me that he is committed to _not_ allowing customers to run [Shor's algorithm](https://en.wikipedia.org/wiki/Shor%27s_algorithm) for *cryptographically relevant key sizes* on future Azure Quantum offerings. ## Implications for cryptography and cryptocurrencies: One of the reasons I had wanted to chat with Matthias about recent quantum computing developments was the misinformation being spread in the media about quantum computing spelling certain doom for cryptography in general and cryptocurrencies, such as [[Bitcoin]], in particular. The majority of that threat is, of course, massively overblown and sensationalized in the media. In reality, most public/private key cryptographic algorithms are based on the difficulty of finding prime factors of a large integer. The best classical factoring algorithms work in [sub-exponential time](https://en.wikipedia.org/wiki/Time_complexity#Sub-exponential_time) $O(e^{1.9(log N)^{1/3}(log log N)^{2/3}})$, whereas [Shor's algorithm](https://en.wikipedia.org/wiki/Shor%27s_algorithm), the quantum algorithm for finding prime factors of an integer, runs in [polynomial time](https://en.wikipedia.org/wiki/Polynomial_time) $log N$. While this is a massive acceleration, one needs to be precise in what this means in reality. To estimate resources required for such a cryptographic attack, Microsoft has put together an online tool to visualize time scales and qubits needed: https://quantum.microsoft.com/en-us/tools/quantum-cryptography (please note that this is a double logarithmic graph): ![[resource-estimation.png]] For example, for an Elliptic curve private key with 256-bit key strength, we would need a quantum computer with about 4-6 *million* physical qubits running at full power for somewhere around 20 hours. > [!NOTE] > If you read somewhere that only a few thousand qubits are needed to break public-key cryptograph, then those estimates refer to logical qubits, i.e. they assume that these are already virtual qubits that have been fully error-corrected. > That is a massively large quantum computer, considering that Microsoft's most optimistic plan is to build a machine with 1 million physical qubits by 2033 under the DARPA QBI program. Furthermore, Microsoft has committed to *not* allowing people to run [Shor's algorithm](https://en.wikipedia.org/wiki/Shor%27s_algorithm) on their Azure Quantum platform. So what does this really mean for Bitcoin and other cryptocurrencies from a practical perspective? - All developer communities for the major cryptocurrencies are already committed to moving to [[Quantum-Resistant Cryptography in Blockchain Wallets|quantum-resistant cryptography for blockchains]] once quantum computers get closer to the actual scale required - In case of [[XML Aficionado/Bitcoin|Bitcoin]] one proposal being discussed is [BIP 360: Pay to Quantum Resistant Hash](https://bip360.org/), which would prevent exposing public keys on the blockchain — thereby eliminating the basis for a Shor's algorithm based attempt to decode the private key — and would just require a soft fork. Once such a proposal was implemented, it would then potentially require people to move [UTXOs](https://en.wikipedia.org/wiki/Unspent_transaction_output) to newer wallets, whose public keys have never previously been exposed on the blockchain, and prevent future exposure of the public keys. - But even after those changes have been implemented, attacking old wallets that were originally created based on elliptical curve algorithms is still not going to be practical, because quantum computers of that scale require massive datacenters and cooling with liquid Helium, and the providers of those systems will simply *not* allow Shor's algorithm to be used at that scale - Furthermore, when people talk about the legendary 1 million BTC owned by Satoshi Nakamoto, they overlook that Satoshi used thousands of different wallets and wallet addresses, each one containing only about 50-100 BTC, so one would need to run Shor's algorithm on each one separately to attack them So, if there is a danger to [[Bitcoin]] at all from quantum computing, it does not so much come from a hacker using a quantum computer to steal millions from the original Satoshi wallets, but rather from a possible media hype-cycle surrounding a potential future emerging cryptocurrency that is built from the ground up on quantum-resistant crypto, which would likely result in additional short-term volatility for Bitcoin and other well-established cryptocurrencies at that time. In all, it was an interesting and thought provoking discussion with Matthias and great to catch up again after such a long time... --- # References - [[Quantum Computing]] - [[Quantum-Resistant Cryptography in Blockchain Wallets]] - [[Cryptography]] - [[XML Aficionado/Bitcoin|Bitcoin]] - https://news.microsoft.com/source/features/innovation/microsofts-majorana-1-chip-carves-new-path-for-quantum-computing/ - https://news.microsoft.com/azure-quantum/ - https://azure.microsoft.com/en-us/blog/quantum/2025/02/19/microsoft-unveils-majorana-1-the-worlds-first-quantum-processor-powered-by-topological-qubits/ - https://arxiv.org/abs/2502.12252 / https://arxiv.org/pdf/2502.12252 - https://arxiv.org/abs/2403.02921 / https://arxiv.org/pdf/2403.02921 - https://quantum.microsoft.com/en-us/quantum-ready/get-started - https://quantum.microsoft.com/en-us/solutions/microsoft-quantum-solutions - https://www.youtube.com/watch?v=wSHmygPQukQ - [Quantum breakthrough in Satya Nadella interview](https://www.youtube.com/watch?v=4GLSzuYXh6w&t=1863s) - https://www.youtube.com/watch?v=ihZXl33t8So - https://learn.microsoft.com/en-us/training/paths/quantum-computing-fundamentals/