We’ve just shown that certain cryptography systems could be broken with much smaller quantum computers which means that this could happen sooner than expected, and while you don’t need to worry about your cyber security (see below), it does prove that a useful quantum computer could now be closer. This is all thanks to cat qubits.

## Quantum computers need millions of regular qubits

So what is it all about? Well, quantum computers are a new kind of computer. They draw on the peculiarities of quantum physics to do certain calculations much faster than their classical counterparts. What, then, makes such a big difference? As you know, a classical computer doesn’t deal in digits from 0 to 9 as we do (using our fingers to count!). It expresses data in strings of 0s and 1s. In order to achieve anything, a computer must be given a series of unambiguous instructions – an algorithm – to carry out certain operations on the data, transforming one string of 0s and 1s into another in a meaningful way. But in a quantum computer, the bit, the famous 0 or 1, is replaced by a quantum bit, or qubit, and this is a radically different way of representing information. More on this in a moment.

It turns out that, to be able to perform useful algorithms on a quantum computer – and that means algorithms that even a supercomputer could not run – all the studies until very recently estimate that we would need a huge number of qubits, something like 20 million. The problem is that we are nowhere near being able to build a quantum machine with that many qubits today. This is why Alice & Bob’s latest study, in collaboration with the French Atomic Energy Commission (CEA) matters. It shows that, by using a different kind of qubit, the cat qubit mentioned above, this number can be reduced to 350 000, about 60 times smaller.

## Let’s take everyone’s favourite: Shor’s Algorithm

The numbers given above would be what we need to run a crucial algorithm devised in 1994 by Peter Shor. The goal of this algorithm is to find all the prime factors of a given integer. So if we feed in 15, it should read out 15 = 5 x 3. Well, that’s trivial, right? But what if I give you a 600-digit number? Then you’ll have a hard time, and in fact you’ll be in good company, because even the largest supercomputers on the planet won’t be able to factorize that. It’s not because the algorithm doesn’t work but because It’s just too slow. And when I say slow, I don’t mean it would take a few hours, days, or years to find the prime factors. Here we’re talking about billions of years, as long as the universe itself has been around.

So, what’s the big deal? You may be thinking that this factoring problem is rather academic. Not so. We all depend on the fact that no computer can solve this problem (yet), because most of our computer security systems are based on it. Perhaps you’re wondering how that works. So let’s see, and at the same time I’ll explain why Alice & Bob is called Alice & Bob.

It all comes down to an idea for coding messages, the RSA protocol. To describe it, two people were invented called Alice and Bob. Bob wants to send a message to Alice, a message that only Alice will be able to read. Since no classical computer can find the two prime numbers of a large number, Bob can encode his message in such a way that Alice only will be able to read it. This is what is remarkable about the RSA protocol, anyone can encode a message like Bob using publicly available information, but only Alice can decode it.

That’s why factorizing large numbers into their prime divisors is relevant. If someone were able to do that, they could intercept and read your credit card number when it gets sent from the web page where you type it to the server that will validate your purchase. Or again, they could read your passwords when they go from your computer to the server that will check that your password is valid.

And it’s the same kind of algorithm that secures Bitcoin. If everyone could write transactions in the ‘blockchain’ without the sender’s agreement, the system would no longer work. To ensure that transactions made on behalf of a given sender can only be made by that sender, an electronic signature is affixed to the transaction. Thanks to an intelligent algorithm based on another mathematical device, anyone can check the signature, while actually reproducing it would require billions of years of calculation without a quantum computer. Dissuasive!

## Running Shor’s Algorithm with 350K qubits is a big achievement

As mentioned above, there’s no need to worry. This is because quantum-resistant cryptography algorithms already exist (and even secured cryptography relying on quantum physics), so there is no risk to your data. And besides, we at A&B have no plan to use Shor’s algorithm in any mischievous way. Most quantum computer companies use this algorithm as a measure of the kind of challenge their hardware must face to be useful. For one thing, it was precisely the discovery of this algorithm that showed us that quantum computers are indeed more powerful than classical ones in some situations. For another, it is one of the most resource-hungry algorithms to run, so it shows what we need to aim for if our quantum computer is to be useful for running other quantum algorithms. And finally, it’s one of the most efficient algorithms – a few seconds on a quantum computer compared with billions of years on a classical one! In fact, it was Shor’s discovery that launched the field of quantum computer research.

The upshot of all this is that some problems that were previously thought inaccessible, clearly beyond the reach of any classical computer, could in principle be solved on one of their quantum counterparts. The 60-fold reduction in the number of qubits needed to run Shor’s algorithm – and this is what we have demonstrated in our latest study – is therefore impactful. In practice, it means that quantum computers could become available earlier than previously thought. Why is this? Well, making good qubits is already complicated, and putting together 20 million of them even more so. The most popular qubits, based on superconductors, must be cooled to exceedingly low temperatures, almost absolute zero. This imposes enormous structural constraints. For comparison, the biggest prototype quantum computer so far belongs to IBM and it has a grand total of 433 qubits, which is already an engineering feat.

## The problem with quantum computing: Errors!

What I didn’t tell you above was that Shor’s algorithm would only actually need 20 000 qubits to run, not 20 million, if those qubits were perfect. But that is a very big ‘if’, because a major problem arises: errors. Quantum states are extremely sensitive to what’s going on around them. As soon as the environment gets too noisy, they can change radically in an uncontrolled way. That is exactly why quantum phenomena were not observed before 1900. A quantum computer needs these very sensitive quantum phenomena to work properly. And in practice, sensitivity means errors.

As mentioned above, a computer expresses data in strings of 0s and 1s. An error occurs when a 0 unexpectedly becomes a 1, or a 1 becomes a 0. Imagine that a 0 turns without warning into a 1 in your computer every 0.0001 seconds. You wouldn’t expect the computer to work very well. But that’s exactly what happens on a quantum computer, and indeed, if things were left like that, it wouldn’t work very well. In actual fact, classical computers also make errors, but a 0 will normally take tens (or hundreds) of years to suffer an error and transform into a 1. In this sense, classical computers are extremely robust!

Fortunately, physicists have found a solution: quantum error correction. The idea is simple. If a single 0 or 1 is too delicate to survive intact for the times required, several digits are used, as in 000 and 111, for example. If there’s only one error, 000 becomes 001, but I can still guess that what I should have is 000, so my information hasn’t really been lost. In practice, there are some difficulties due to the profound differences between quantum physics and classical physics, but the basic idea is the same. Qubits can be in the state 0 or 1, but what really distinguishes them is that they can also be in a state 0 + 1. This is the truly quantum particularity that provides the speedup in the quantum computer compared with its classical counterpart. But a 0 + 1 state can also have an error and become a 0 – 1 state, an error that will prevent us from getting the right answer. So, these two types of error need to be corrected. And the more errors your qubits make, the more redundancy needs to be included, for example, encoding 0 with 0000000 instead of simply 000. Hence the 20 million real qubits where 20 000 perfect qubits would have done.

## Self-correcting qubits

Alice and Bob was born from the idea of inventing more robust qubits to reduce the number of qubits that are not there to make calculations, but only to correct errors. When we speak of cat qubits, the reference is to the cat in Schrödinger’s thought experiment, which is somehow both dead and alive. Naturally, Alice and Bob’s qubits are not actually cats, but modes of an electric field trapped in cavities. The cat qubit is a little more complicated to engineer than regular qubits, but is designed in such a way that a 0 never (or very rarely) transforms unexpectedly into a 1. So one type of error is eliminated, leaving only the other type of error to correct, when 0 + 1 transforms into 0 – 1. The first experimental proofs of concept of these cat qubits are very recent and they are promising. And of course, the interest in eliminating one type of error is to reduce the necessary redundancy. If during the whole algorithm a 0 never accidentally transforms into a 1, ‘only’ 126 000 cat qubits would be needed for the Bitcoin digital signature and 350 000 cat qubits to factor a 600-digit number. This is the significance of our recently released article.

So there you have it. You now see why building a quantum computer that is also useful is no easy task. Everyone is betting on different technologies, but here at A&B we think building more robust qubits is the right way to go. As you have just seen, 60 times fewer cat qubits would be needed to run Shor’s algorithm! This is an exciting milestone, not because we believe that all web encryption is under an existential threat, but because the day we run Shor we will be able to say that we have successfully brought quantum computing power to the world.

## Discover more!

Follow Diego on TikTok and YouTube for more science content!