Incoming links: Grover's algorithm
2020-so-far yes, Grover's algorithm would only effectively reduce key sizes by half:but there isn't a mathematical proof either.
Encryption algorithms that run on classical computers that are expected to be resistant to quantum computers.
This is notably not the case of the dominant 2020 algorithms, RSA and elliptic curve cryptography, which are provably broken by Grover's algorithm.
However, as of 2020, we don't have any proof that any symmetric or public key algorithm is quantum resistant.
Post-quantum cryptography is the very first quantum computing thing at which people have to put money into.
The reason is that attackers would be able to store captured ciphertext, and then retroactively break them once and if quantum computing power becomes available in the future.
There isn't a shade of a doubt that intelligence agencies are actively doing this as of 2020. They must have a database of how interesting a given source is, and then store as much as they can given some ammount of storage budget they have available.
A good way to explain this to quantum computing skeptics is to ask them:Post-quantum cryptography is simply not a choice. It must be done now. Even if the risk is low, the cost would be way too great.
If I told you there is a 5% chance that I will be able to decrypt everything you write online starting today in 10 years. Would you give me a dollar to reduce that chance to 0.5%?
This is the true key question: what are the most important algorithms that would be accelerated by quantum computing?
Some candidates:
- Shor's algorithm: this one will actually make humanity worse off, as we will be forced into post-quantum cryptography that will likely be less efficient than existing classical cryptography to implement
- quantum algorithm for linear systems of equations, and related application of systems of linear equations
- Grover's algorithm: speedup not exponential. Still useful for anything?
- Quantum Fourier transform: TODO is the speedup exponential or not?
- Deutsch: solves an useless problem
- NISQ algorithms
Do you have proper optimization or quantum chemistry algorithms that will make trillions?
Maybe there is some room for doubt because some applications might be way better in some implementations, but we should at least have a good general idea.
However, clear information on this really hard to come by, not sure why.
Whenever asked e.g. at: physics.stackexchange.com/questions/3390/can-anybody-provide-a-simple-example-of-a-quantum-computer-algorithm/3407 on Physics Stack Exchange people say the infinite mantra:
Lists:
- Quantum Algorithm Zoo: the leading list as of 2020
- quantum computing computational chemistry algorithms is the area that Ciro and many people are te most excited about is
- cstheory.stackexchange.com/questions/3888/np-intermediate-problems-with-efficient-quantum-solutions
- mathoverflow.net/questions/33597/are-there-any-known-quantum-algorithms-that-clearly-fall-outside-a-few-narrow-cla