I’ve made two attempts to explain the work we’ve been doing and to explain the current realistic state of the industry:
1. A talk at PyCon: https://youtu.be/tT1YLP5T71Y
2. A free ebook “ Quantum Computing For Software Engineers” https://leanpub.com/quantum-computing-for-software-engineers
The company I left a few months ago is planning its IPO this year. Like almost all other quantum companies, it’s gonna be a SPAC merger, not a pure IPO. Those traded companies mentioned in the other comments are mostly SPACs as well.
Think of all the "sales" that comprise such things as space missions (ones without immediate real-world use) or large hadron collider. Or any other large, expensive, long scientific project. If you measure the outcome purely in money within decades, these things can be said to be zero or negative profit.
How much profit was at the end of the chain of the current Artemis lunar mission? Well, zero or negative, but lots of companies and people up the chain made meaningful progress and made a living. Quantum computing is just like that in my opinion.
The biggest problem in my eyes is the "game" of commercialization. This technology is in early research phase, but it's so expensive and not immediately game-changing that the public funding was never enough. So, companies started to play the "we sell products" and "we do IPO" games, which IMO doesn't make sense.
(Often the research is done purely within clasically-simulated quantum computers, i.e. virtual QCs, but to verify and make the research publishable they need to run at least partial sub-problems on a real chip.)
Another, smaller, market is HPC centers. They buy and install quantum computers into existing HPC infrastructure because a) they have a few customers who need it (sometimes those same research institutions/universities), and b) they need to solve the integration problem for the future when QCs are actually used for real-world problems and big customers come to HPCs to run both classical and quantum high-performance jobs.
Here is an excerpt from my book I linked above, just to give a bit more context:
---
Since quantum computers are essentially analog devices that allow you to control, in a limited fashion, a set of quantum objects, you can do some research in foundational quantum physics. [...] Still, given the current state of the industry, classical computers outperform most quantum systems. But the research applied to smaller QCs can be scaled once the hardware scales.
Of course, the main area is quantum computing itself. From abstract, mathematical notions of algorithms to very low-level questions of calibration, many universities and research organizations are eager to have a quantum computer available to prove their theories and discover new properties. Commercial companies that deal with material science, battery technology, agriculture, and chemistry are buying quantum computers (or at least buying access to one) because they want to be ready if and when truly large-scale QCs become available. [...]
And finally, integration research. This is the least known and least discussed topic in the industry but is very important. Its significance is one of the motivations for writing this book. Quantum computers, being research tools, are not normal products. They are driven by software, like anything else, but this software changes rapidly and is rarely written with long-term evolution in mind. If you buy a quantum computer today, chances are your code will not work on any other quantum computer, or even on the next iteration of the same machine. At the same time, researchers often need to work with multiple types of machines simultaneously, and HPC (high-performance computing) centers, i.e. supercomputing data centers, want to integrate quantum computers into their existing infrastructure and provide a "quantum compute" service to their users.
Quantum computing seems super cool, but I've been a little skeptical of it actually ever yielding anything useful. I would love to be wrong, it seems neat, and I have read through a few books on the subject and played with simulators, so I'm not completely talking out of my ass here, but quantum as a whole has kind of felt like vaporware to me.
As I said, I have stock in D-Wave, obviously it would be in my best interest for quantum to end up as cool as it seems.
[1] https://www.dwavequantum.com/company/newsroom/press-release/...
https://www.ibm.com/quantum/products
https://quantum.cloud.ibm.com/docs/en/guides/plans-overview
I have NOT used it, but the idea is interesting.
One of the companies around today or in the near future will be the one who makes it work at a practical scale. It will have enormous impact, but I think it will be a slow-burn kind of thing as making effective use of quantum computers will take a long time to evolve, IMHO.
Unfortunately, Google and IBM are also working on this stuff and they have deep pockets. They might do it, but even if they don't they may very well decide to acquire whoever does.
These stocks (IONQ, RGTI, QBTS, XNDU) are a sort of thinking-man's LOTTO ticket which will have its numbers called anytime within the next 5 to 20 years (probably closer to 20). I think they're worthwhile to hold in affordable quantities to see what happens. It might hit big, or it might fizzle out for a variety of reasons. There will also be some hype-driven market sugar-rushes along the way that are an opportunity to rake in a modest profit. This has happened already with IONQ, RGTI and QBTS earlier this year. It will certainly happen again when the patagonia-vest people get jazzed about something.
ms paper: https://arxiv.org/abs/2211.07629
Sure, it takes a pretty nice quantum computer or a pretty good algorithm or a degree of malice on the part of miners to break pay-to-script-hash if your wallet has the right properties, but that seems like a pretty weak excuse for the fact that the entire scheme is broken, completely, by QC.
Does there even exist a credible post-quantum proof protocol that could be used to “rescue” P2SH wallets?
...probably some people would be very inconvenienced by this. But not as inconvenienced as having the coins stolen or declared forever inaccessible.
Who specifically is claiming this? Satoshi literally mentioned the need to upgrade if QC is viable on bitcointalk in 2010.
As far as I know quantum computers still can't even honestly factor 7x3=21, so you are good. And the 5x3=15 is iffy about how honest that was either.
https://news.ycombinator.com/item?id=45082587
Bitcoin uses 256-bit encryption, it's a universe away from 5x3=15.
Consider the neutral atom proposal from TFA. They say they need tens of thousands of qubits to attack 256 bit keys. Existing machines have demonstrated six thousand atom qubits [1]. Since the size is ~halfway there, why haven't the existing machines broken 128 bit keys yet? Basically: because they need to improve gate fidelity and do system integration to combine together various pieces that have so far only been demonstrated separately and solve some other problems. These dense block codes have minimum sizes and minimum qubit qualities you must satisfy in order for the code to function. In that kind of situation, gradual improvement can take you surprisingly suddenly from "the dense code isn't working yet so I can't factor 21" to "the dense code is working great now, so I can factor RSA100". Probably things won't play out quite like that... but if your job is to be prepared for quantum attacks then you really need to worry about those kinds of scenarios.
For crypto currency you have all the data you need to break whole system ready in your hands as you will be able to produce private key from public keys of wallets. Cryptocurrency depends only on cryptography.
2) "256-bit encryption" has different meanings in different contexts. "256-bit security" generally refers to cryptosystem for which an attack takes roughly 2^256 operations. this is true for AES-256 (symmetric encryption) assuming classical adversaries. this is not true for elliptic curve-based algorithms even though the standard curves are "256-bit curves", but that refers to the size of the group and consequently to the size of the private key. the best general attacks use Pollard's rho algorithm which takes roughly 2^128 operations, i.e., 256-bit curves have 128-bit security.
in the context of quantum attackers, AES-256 is still fine although theoretically QCs halve the security; however its not that big of a deal in practice and ultimately AES-128 is still fine, because doing 2^64 "quantum operations" is presumed to be difficult to do in practice due to parallelization issues etc.
the elliptic curve signatures (used in Bitcoin) are attacked using Shor's algorithm where the big deal is that it is asymptotically polynomial (about O(n^3)) meaning that factoring a 256-bit number is only 256^3/4^3 = 262144x more difficult compared to factoring 15. this is a big difference from "standard" exponential complexity where the difficulty increases exponentially by factors of 2^n. (+ lets ignore that elliptic curve signatures dont rely on factoring but the problem is essentially the same because Shor does both because those are hidden subgroup problems)
the analysis is more complex but most of it is essentially in that paper and explains it nicely.
Bitcoin doesn't use 256 bit encryption, unless you mean 256-bit hashing. The cryptographic algorithms that are mostly under quantum threat are asymmetric, e.g. digital signatures.
Its a lot easier for your bank to change encryption methods than it is for bitcoin. Presumably you mean TLS here (where else do banks use encryption? Disk encryption?). People are already deploying experiments with quantum-proof TLS.
> As far as I know quantum computers still can't even honestly factor 7x3=21, so you are good. And the 5x3=15 is iffy about how honest that was either.
This is probably the wrong way to look at it. Once you start multiplying numbers together (for real, using error corrected qubits), you are already like 85% there. Like if this was a marathon, the multiplying thing is like a km from the finish line. By the time you start seeing people there the race would already be mostly over.
I don’t see QC coming as meaning bank accounts will be emptied.
disclaimer: I work at a bank on such systems
I am just over any sensational headlines from the past 10 years. They really need to drop a tweet like "Check out my quantum computer that is actually useful" like Sam Altman did with GPT to convince me.
I am surprised that in 2026 more websites don’t seem so concerned about responsive design, especially when the goal is to read the content.
Discussion on the Google one,
Safeguarding cryptocurrency by disclosing quantum vulnerabilities responsibly
The thing is, unlike ordinary computers, quantum computers can factor numbers about as easily as they can multiply them. So as soon as they can multiply two large integers, they'll also be able to factor the result and break RSA encryption based on keys of that size.
This blog post gives a good sense of the state of the art and what progress might look like:
Why haven't quantum computers factored 21 yet? https://algassert.com/post/2500
It's about 5000 lines of custom code. Crypto signature library written from scratch.
That's a sentence every white hat cryptography enthusiast loves to hear lol.
Isn't it a good thing that there exists at least one blockchain in the world which isn't based on the same crypto library used by every other project? What if those handful of libraries have a backdoor? What if the narrative that "you shouldn't roll out your own crypto" is a psyop to get every project to depend on the same library in order to backdoor them all at once at some future date?
Strange how finance people always talk about hedging but in tech, nobody is hedging tech.
To be (an actual) hedge, something needs to be very solidly understood (by the purchaser), a very solid investment in its own right, and either reverse correlated or independently correlated specifically with a particular asset being hedged.
And not based on analysis of one "hedging" scenario, because both are going to be owned over a huge distribution of scenarios.
Probably the worst indicator of an investment being credible, is a promoter who has to stoop to the floor to ask "What's wrong with hedging?", as if that manipulative bon mot was ever in question, or was the relevant question.
If a motivated promoter can only make a very bad case, believe them.
And, if an "expert" attempts to get respect for their work from non-experts, instead of from other experts, there is something very wrong. Because the former makes no sense.
--
If you don't know how to get respect from experts, study more, and figure out how to trash what you have. Counterintuitive. But if you have anything original right, thats how to find it. Identify it. Purify it. And be in a better position to build again, with just a little more leverage, and repeat. Or communicate it clearly to someone qualified to judge it.
You won't have to persuade anyone.
If you have to persuade someone, either you don't have something, or you don't understand what you have well enough to properly identify and communicate it.
You have ambition. You have motivation. You have interest. You follow through and build. That is it. Don't stop. Ego derails ambition. Kill your darlings. Keep going.
Besides, I am an expert. I studied cryptography at university as part of my degree. I have 15 years of experience as a software engineer including 2 years leading a major part of a $300 million dollar cryptocurrency project which never got hacked... I know why the experts were not interested in my project and after careful analysis, I believe it has nothing to do with flaws in my work.
If anything, it might be because my project doesn't have enough flaws...
At this stage, I hope you're right. I hope I will find the flaws in my projects that I've been looking for after 5 years.
Bravo on five years! I recently solved a problem that took me over 30. I originally thought, 3-5 months maybe, then 3-5 years, ... I am happy it didn't take 50. I have killed a lot of my own darlings.
Well apparently you know what you are doing, I am sure you have something.
I have found the best language models are great at attacking things. You may have already done that, but if not its worth a try. Free brutality.