How big does a quantum computer need to be to accomplish something useful? Physicists from the University of Sussex, UK recently set out to answer this question for two pragmatic computational tasks: breaking the encryption used in Bitcoin transactions and simulating the behaviour of an agriculturally important nitrogen-fixing molecule. By estimating the number of quantum bits, or qubits, that different types of quantum computers would need for each task, members of the team say their theoretical study should help other researchers decide which designs to pursue.
Although there is no standard hardware platform for quantum computers, two of the most popular ways of engineering qubits involve superconductors and trapped ions. In either case, the number of qubits available to perform quantum operations is significant, explains Mark Webber, a PhD student at Sussex who is also involved in a Sussex spin-out called Universal Quantum. Using more qubits, he adds, may enable quantum computers to tackle important real-world problems on practical timescales even on platforms for which individual qubit operations take longer – as is the case for trapped-ion machines compared to those based on superconducting qubits.
In a study published in AVS Quantum Science, Webber and his collaborators set out to explore this balance between qubit number and operation times for superconducting and trapped-ion qubits. “The question really is, how big does your quantum computer need to be to solve really impactful problems? And how does that answer change when we’re talking about a trapped ion platform or superconducting platform?” Webber tells Physics World. Winfried Hensinger, a Sussex physicist and the study’s co-author, adds that by looking closely at the available hardware, the team’s work “immediately links to the actual hardware designs we can build and capitalizes also on the advantages of these hardware designs”.
Assume an error-corrected machine
The Sussex team began by considering common algorithmic methods that could be implemented on a quantum computer. Importantly, the physicists focused on codes and algorithms that are self-correcting, meaning they assume errors in calculation will occur and that have built-in mechanisms for rectifying them before users see the results. “This paper is using some of the most up-to-date methods on the algorithm side, and also the up-to-date methods on the quantum error correction side,” notes Gavin Brennen, a physicist at Macquarie University, Australia, who was uninvolved with the work. “And they focused on two key problems that are of use to the world.”
The first problem the team examined concerns a molecule called the FeMo cofactor (FeMo-co) that bacteria use to extract nitrogen from air and create ammonia. This same process is performed on an industrial scale in the fertilizer industry, but in a way that is much less efficient and accounts for almost 2% of the world’s energy use. A better understanding the physics of FeMo-co could boost the efficiency of this industrial process, but as the molecule is so large, Webber explains that simulating its behaviour is beyond the capabilities of classical computers.
According to the team’s calculations, a quantum computer made up of tens of millions of superconducting qubits or hundreds of millions of trapped-ion qubits could simulate FeMo-co in about 10 days. A classical computer, meanwhile, would stand no chance of producing meaningful contributions to this question in any amount of time.
Is Bitcoin quantum-safe?
In the second part of the study, the team calculated the number of physical qubits needed to break the encryption used for Bitcoin transactions. Marek Narozniak, a physicist at New York University (NYU) in the US who was not part of the study, points out that this question – whether cryptocurrencies are safe against quantum computer attacks – comes with additional constraints not present in the FeMo-co simulation. While a 10-day computation time may be acceptable for FeMo-co simulations, Narozniak notes that the Bitcoin network is set up so that a hacker armed with an error-correcting quantum computer would have a very limited time to decrypt information and steal funds.
According to Webber and collaborators, breaking Bitcoin encryption within one hour – a time window within which transactions may be vulnerable – would take about three hundred million qubits. Based on this result, Narozniak concludes that “Bitcoin is pretty safe”, although he warns that not all cryptocurrencies operate the same way. “There are other cryptocurrencies that work differently, and they have different algorithms that could be more vulnerable,” he says.
Super-size my quantum computer
While today’s quantum computers contain a little over 100 qubits at best, Tim Byrnes, who leads Narozniak’s quantum research group at NYU, says that scaling these machines to the millions of qubits discussed in the Sussex team’s work is not an impossible goal. “That sounds big, but there are commercial companies where these qubit numbers are the target. Certainly not today, but given some years, this is not too out of reach,” he says.
The quantum Y2K moment
Because the new work compares necessary hardware specifications for different types of quantum computers, it also adds new information to the competition among different quantum computer designs. “It’s been assumed that superconducting systems, because they are much faster, have a leg up on the ions,” Brennan explains. “But this paper actually shows that in some regimes the two architectures are really quite competitive.”
Webber and Hensinger, for their part, note that their work was motivated precisely by their efforts to design and engineer a competitive, error-correcting trapped-ion quantum computer. “We have a clear development path to build quantum computers with millions of qubits,” Hensinger explains. “But we really have to understand what type of error correction is needed, and what kind of advantages we can use in order to get to interesting problems like simulating molecules or breaking encryption.”
