On May 29, 2019, at 6:34 AM, Phillip Hallam-Baker <phill AT hallambaker.com> wrote:
Let me be more precise then: QM has been experimentally demonstrated with objects up to 10,000 AMU mass [https://arxiv.org/abs/1310.8343]. The smallest gravitational field that has ever been measured (AFAICT) was produced by a mass of ~10^22 AMU [http://jetp.ac.ru/cgi-bin/dn/e_067_10_1963.pdf] (~100 mg). That’s a gap of 17 orders of magnitude. It is known that QM and GR are mathematically incompatible with each other, so somewhere in that gap one or the other of the two theories has to give. But all attempts to find an experimental regime where either theory can be demonstrated to fail have failed, and all attempt to determine whether it is QM or GR that has to give have also failed.
All I’m saying is that, given the above facts, betting the future of digital security on the hypothesis that QM fails before it gets to the point where you can implement Shor’s algorithm is unwise.
Personally, my money is on gravity being quantized, and also that to demonstrate this requires a field strength on the order of what is found near the event horizon of a black hole, so we’re unlikely to see this question definitively settled in a laboratory any time soon.
That has been well understood for decades now. The seminal papers on decoherence were published in 1970. For an accessible layman’s account I recommend David Z. Alberts excellent book, “Quantum Mechanics and Experience”, chapter 5. The short version of the story is that a system decoheres if any of its degrees of freedom become entangled with anything outside of the system (and note that entanglement is not an all-or-nothing phenomenon. Entanglement is a continuum.) When that happens, the system considered in isolation is no longer in a pure state and can no longer self-interfere. The more degrees of freedom a system has, the harder it becomes as a practical matter to keep all of them isolated from (i.e. prevent them from becoming entangled with) their environment. It really is just as simple as that.
No, the assumption is that breaking RSA will be catastrophic, and so the prospect of developing QC is a cause for concern in the context of a discussion list dedicated to cryptography. I certainly never meant to imply that that’s the *only* reason anyone should care about quantum computing, but it’s certainly *a* reason.
Yes, I’m not denying that. All I’m saying is that *if* there turns out to be a insurmountable obstacle to breaking crypto with QC, that obstacle is more likely to be an engineering limitation than a scientific one.
_______________________________________________ The cryptography mailing list cryptography AT metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography