Need to let loose a primal scream without collecting footnotes first? Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid: Welcome to the Stubsack, your first port of call for learning fresh Awful youāll near-instantly regret.
Any awful.systems sub may be subsneered in this subthread, techtakes or no.
If your sneer seems higher quality than you thought, feel free to cutānāpaste it into its own post ā thereās no quota for posting and the bar really isnāt that high.
The post Xitter web has spawned soo many āesotericā right wing freaks, but thereās no appropriate sneer-space for them. Iām talking redscare-ish, reality challenged āculture criticsā who write about everything but understand nothing. Iām talking about reply-guys who make the same 6 tweets about the same 3 subjects. Theyāre inescapable at this point, yet I donāt see them mocked (as much as they should be)
Like, there was one dude a while back who insisted that women couldnāt be surgeons because they didnāt believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I canāt escape them, I would love to sneer at them.
(Credit and/or blame to David Gerard for starting this.)
Interesting slides: Peter Gutmann - Why Quantum Cryptanalysis is Bollocks
Since quantum computers are far outside my expertise, I didnāt realize how far-fetched it currently is to factor large numbers with quantum computers. I already knew itās not near-future stuff for practical attacks on e.g. real-world RSA keys, but I didnāt know itās still that theoretical. (Although of course I lack the knowledge to assess whether that presentation is correct in its claims.)
But also, while reading it, I kept thinking how many of the broader points it makes also apply to the AI hypeā¦ (for example, the unfounded belief that game-changing breakthroughs will happen soon).
Itās been frustrating to watch Gutmann slowly slide. He hasnāt slid that far yet, I suppose. Donāt discount his voice, but donāt let him be the only resource for you to learn about quantum computing; fundamentally, post-quantum concerns are a sort of hard read in one direction, and Gutmann has decided to try a hard read in the opposite direction.
Page 19, complaining about lattice-based algorithms, is hypocritical; lattice-based approaches are roughly as well-studied as classical cryptography (Feistel networks, RSA) and elliptic curves. Yes, we havenāt proven that lattice-based algorithms have the properties that we want, but we havenāt proven them for classical circuits or over elliptic curves, either, and we nonetheless use those today for TLS and SSH.
Pages 28 and 29 are outright science denial and anti-intellectualism. By quoting Woit and Hossenfelder ā who are sneerable in their own right for writing multiple anti-science books each ā he is choosing anti-maths allies, which is not going to work for a subfield of maths like computer science or cryptography. In particular, p28 lies to the reader with a doubly-bogus analogy, claiming that both string theory and quantum computing are non-falsifiable and draw money away from other research. This sort of closing argument makes me doubt the entire premise.
Thanks for adding the extra context! As I said, I donāt have the necessary level of knowledge in physics (and also in cryptography) to have an informed opinion on these matters, so this is helpful. (Iāve wanted to get deeper in both topics for a long time, but life and everything has so far not allowed for it.)
About your last paragraph, do you by chance have any interesting links on ācriticism of the criticism of string theoryā? I wonder, because I have heard the argument āstring theory is non-falsifiable and weird, but itās pushed over competing theories by entrenched peopleā several times already over the years. Now I wonder, is that actually a serious position or just conspiracy/crank stuff?
The sibling comment gives a wider perspective. Iām going to only respond narrowly on that final paragraphās original point.
String theories arise naturally from thinking about objects vibrating in spacetime. As such, theyāve generally been included in tests of particle physics whenever feasible. The LHC tested and (statistically) falsified some string theories. String theorists also have a sort of self-regulating ratchet which excludes unphysical theories, most recently excluding swampland theories. Most money in particle physics is going towards nuclear power, colliders like LHC or Fermilabās loops, or specialized detectors like SK (a giant tank of water) or LIGO (artfully-arranged laser beams) which mostly have to sit still and not be disturbed; in all cases, that money is going towards verification and operationalization of the Standard Model, and any non-standard theories are only coincidentally funded.
So just by double-checking the history, we see that some string theories have been falsified and that the Standard Model, not any string theory, is where most funding goes. Hossenfelder and Woit both know better, but knowing better doesnāt sell books. Gutmann doesnāt realize, I think.
Never got too deep into Hossenfelder, but I gradually got the impression that Woit was taking a bit of an online-influencer tack, even starting before influencers were really a thing. The whole ānot even wrongā flap seemed to draw in people who wanted to have strong opinions about high-energy physics and string theory without really studying them in any detail.
Thank you!
All attempts to make a theory of quantum gravity are unfalsifiable, because the relevant experiments are far beyond our means, much further so than building a practical quantum computer. String theory benefited from multiple rounds of unexpectedly interesting mathematical discoveries, which fired up peopleās hopes and kept the fires burning. None of the other assorted proposals (loop quantum gravity, asymptotic safety, ā¦) got lucky like that. Moreover, thereās a case to be made that if youāre an orthodox quantum field theory researcher, any attempt you make to quantize gravity will end up a string theory. Roughly speaking, thereās no regime in which gravity is the only force that you need to consider, so to make any predictive statements about some quantum gravity effect, you need to understand all the physics that happens at energy levels in between āwarm summer dayā and āimmediate aftermath of the Big Bangā. String theory was the only possibility that suggested there could be a way out.
You could say that this just goes to show that orthodox QFT specialists lack imagination. The pioneers of quantum theory devised it in order to explain hot gases in glass tubes. Why should their same notions about what it means to āquantizeā also apply to space and time themselves? And maybe they donāt! But proposing an alternative to quantum mechanics, or a modification of quantum mechanics that works in all the circumstances where we have already confirmed quantum mechanics, is no easy task.
āFundamentalā physics had a period of great advances, from the 1890s with the discovery of X-rays and radioactivity through the early 1970s with the establishment of the Standard Model. From then, weāve been in āthe stallā, as barbecue folks say. The big accelerators have filled in the edges of the picture and confirmed some predictions from that era, like finding the top quark and the Higgs. But they have yet to deliver a sign of beyond-Standard-Model physics that holds up under scrutiny.
Oh wow, thank you for taking the time! :)
Just one question:
Is this because the alternate proposals appeared unpromising, or have they simply not been explored enough yet?
Itās conceivable that there was some amazing math lurking in one or more of the non-string-theory ideas, and nobody was lucky enough to find it.
Comparing quantum computing to time machines or faster-than-light travel is unfair. In order for the latter to exist, our understanding of physics would have to be wrong in a major way. Quantum computing presumes that our understanding of physics is correct. Making it work is āonlyā an engineering problem, in the sense that Newtonās laws say that a rocket can reach the Moon, so the Apollo program was āonlyā a engineering project. But breaking any ciphers with it is a long way off.
I didnāt interpret the slides as an attack on quantum computing per se, but rather an attack on over-enthusiastic assertions of its near-future implications. If the likelihood of near-future QC breaking real-world cryptography is so extremely low, itās IMO okay to make a point by comparing it to things which are (probably) impossible. Itās an exaggeration of course, and as you point out the analogy isnāt correct in that way, but I still think it makes a good point.
What I find insightful about the comparison is that it puts the finger on a particular brain worm of the tech world: the unshakeable belief that every technical development will grow exponentially in its capabilities. So as soon as the most basic version of something is possible, it is believed that the most advanced forms of it will follow soon after. I think this belief was created because itās what actually happened with semiconductors, and of course the bold (in its day) prediction that was Mooreās law, and then later again, the growth of the internet.
And now this thinking is applied to everything all the time, including quantum computers (and, as I pointed to in my earlier post, AI), driven by hype, by FOMO, by the fear of āthis time I donāt want to be among those who didnāt recognize it earlyā. But there is no inherent reason why a development should necessarily follow such a trajectory. That doesnāt mean of course that itās impossible or wonāt get there eventually, just that it may take much more time.
So in that line of thought, I think itās ok to say āhey look everyone, we have very real actual problems in cryptography that need solving right now, and on the other hand hereās the actual state and development of QC which youāre all worrying about, but that stuff is so far away you might just as well worry about time machines, so please letās focus more on the actual problems of today.ā (thatās at least how I interpret the presentation).
heh yup. I think the most recent one (somewhere in the last year) was something like 12-bit rsa? stupendously far off from being a meaningful thing
Iāll readily admit to being a cryptography mutt and a qc know-barely-anything, and even from my limited understanding the assessment of where people are at (with how many qubits theyāve managed to achieve in practical systems) everything is hilariously woefully far off ito attacks
that doesnāt entirely invalidate pqc and such (since the notion there is not merely defending against today/soon but also a significant timeline)
one thing I am curious about (and which you mightāve seen or be able to talk about, blake): is there any kind of known correlation between qubits and viable attacks? I realize part of this quite strongly depends on the attack method as well, but off the cuff I have a guess (āintuitionā is probably the wrong word) that it probably scales some weird way (as opposed to linear/log/exp)