I see nothing like moores law pace of change. My neg says we're still 10+ years off.
> To clarify — if, before the 2028 presidential election, a fully fault-tolerant Shor’s algorithm was used even just to factor 15 into 3×5, I would view the “live possibility” here as having come to pass.
Now that might sound a bit disappointing, as factoring 15 only requires 7 logical qubits and ~20 entangling gates, but
- Usable logical qubits were a pipe dream only a few years ago.
- He's partly coming from the perspective that Nature might somehow make quantum computing impossible by destroying quantum information before it gets 'big enough' to do real quantum computing. Even showing fault tolerance on small scales would be enough to falsify this.
One other thing, your numbers are too pessimistic. Multiple technologies have demonstrated 100+ qubits at 3 nines. Factoring cryptographically relevant numbers needs ~1,000,000 qubits at ~3 nines [1]. So like he says, many of the core technological and scientific challenges have been solved, and progress is now largely (though not entirely) a matter of scaling.
But your points are well made. I threw "useful" into the mix but he's saying any functionality, would be a significant milestone.
Perhaps I misunderstood but I find cohorts of 3 nines reliability not very reassuring. Either you need significantly more "gates" or you need repeated calculation and as gate count rises with factoring complexity I believe the same holds for digits of reliability.
I'm not in QC or cryptography btw. Amongst cryptographers that I know, I get mixed responses. Most dislike aspects of hybrid, but most also see the deep seated paranoia of future technology capabilities applying to masses of data collected and held now. Storage is cheap. Few say they think anything like as soon as "a few years" applies to even state actors backed QC attacks on real world RSA.