Experiments to protect against harvest now, decrypt later

Quantum computing needs thousands of qubits to crack the public key encryption we currently rely on and at present the largest (publicly announced) quantum computer only has 433 qubits. The sales pitch for protecting against quantum attacks now is that baddies could be quietly harvesting encrypted data, so that when quantum computers are ready, off they go and decrypt.

There are two main approaches to protect against quantum attacks.

One approach, quantum encryption key distribution (QKD), can be implemented one qubit at a time, e.g., by sending photons along fibre optic cables. Each photon is a realisation of a qubit. HSBC is trialling a QKD approach developed by BT and Toshiba, which builds on BB84 from forty years ago. I’ve attempted to explain BB84 in a previous blog post.

Vodafone has opted for a non-quantum approach to defend against attacks on crypto by trialling new public key encryption algorithms, on classical computers, that are thought to be quantum-safe: post-quantum cryptography (PQC).

The next major revision of Google Chrome will include a hybrid approach combining X25519 , a standard method already used by Chrome and others browsers, with Kyber-768, a PQC method that has so far resisted attack.

Since PQC methods are new, the hybrid approach offers protection while the maths continues to be stress-tested. This is important since there has already been an embarrassingly quick crack of a supposedly quantum-safe approach.


Bell (1981, C2-57):

“… it may be that it is not permissible to regard the experimental settings a and b in the analyzers as independent variables, as we did. We supposed them in particular to be independent of the supplementary [a.k.a. hidden] variables λ, in that a and b could be changed without changing the probability distribution ρ(λ). Now even if we have arranged that a and b are generated by apparently random radioactive devices, housed in separate boxes and thickly shielded, or by Swiss national lottery machines, or by elaborate computer programmes, or by apparently free willed experimental physicists, or by some combination of all of these, we cannot be sure that a and b are not significantly influenced by the same factors λ that influence A and B [measurement outcomes]. But this way of arranging quantum mechanical correlations would be even more mind boggling that one in which causal chains go faster than light. Apparently separate parts of the world would be deeply and conspiratorially entangled, and our apparent free will would be entangled with them.”

Hance and Hossenfelder (2022, p. 1382) on the assumption of statistical independence of supplementary/hidden variables and experimental settings:

“Types of hidden variables theories which violate statistical independence include those which are superdeterministic, retrocausal, and supermeasured. Some have dismissed them on metaphysical grounds, by associating a violation of statistical independence with the existence of ‘free will’ or ‘free choice’ and then arguing that these are not assumptions we should give up.

“It is, in hindsight, difficult to understand how this association came about. We believe it originated in the idea that a correlation between the hidden variables and the measurement setting would somehow prevent the experimentalist from choosing the setting to their liking. However, this is mistaking a correlation with a causation. And any serious philosophical discussion of free will acknowledges that human agency is of course constrained by the laws of nature anyway.”


Bell, J. S. (1981). Bertlmann’s socks and the nature of realityLe Journal de Physique Colloques42(C2), C2-41-C2-62. Reprinted in Bell (2004).

Bell, J. S. (2004). Speakable and unspeakable in quantum mechanics: Collected papers on quantum philosophy (2nd ed.). Cambridge University Press.

Hance, J. R., & Hossenfelder, S. (2022). Bell’s theorem allows local theories of quantum mechanics. Nature Physics, 18(12), 1382.  [Preprint]


A simple circuit

Here is a simple quantum computing circuit:

There are two qubits (quantum bits), q[0] and q[1], and two classical bits, c[0] and c[1]. The latter will be used to store results of measuring the former.

Read the circuit left to right.

∣0⟩ is a qubit that will always have a measurement outcome of 0 (in the computational basis).

H is a Hadamard gate that puts that ∣0⟩ into a “superposition” (a sum) of both the “basis states” ∣0⟩ and ∣1⟩. The resulting superposition will collapse to either ∣0⟩ or ∣1⟩ with equal probability when measured (again, assuming the computational basis is used).

The next items on the circuit that look like little dials with cables attached denote measurement. Qubit q[0] is measured first and the result saved into c[0], then q[1] is measured and the result is saved into c[1]. The two qubits are unentangled, which means that measuring one has no effect on the other. (See this post for an example with entanglement.)

So basically this circuit is a fancy way to flip two coins, using quantum objects in superposition rather than metal discs. You can run it on a real quantum computer for free at IBM Quantum. I used such a circuit to decide what to do at the weekend, choosing randomly from four options. With \(n\) qubits you can do this for \(2^n\) options. It took about an hour to get the answer. There may be better things to do with quantum computers…

Appeal to consequences fallacy in understanding Bell’s theorem

Joan Vaccaro (2018, p. 11) on arguments against superdeterminism:

“An argument that has been advocated by leading physicists is that humans are necessarily independent of the universe that surrounds them because the practice of science requires the independence of the experimenter from the subject of study. For example, Bell et al. state that unless the experimenter and subject are independent, we would need to abandon ‘…the whole enterprise of discovering the laws of nature by experimentation’, and Zeilinger claims that if the experimenter and subject were not independent ‘…such a position would completely pull the rug out from underneath science.’ However, this argument contains a logical fallacy called an appeal to consequences. Specifically, arguing for experimenter–subject independence on the basis that the alternative has undesirable consequences does not prove that experimenters are independent of their subjects. Rather, the alternative may well be true, in which case we would need to deal with the consequences.”


Vaccaro, J. A. (2018). The quantum theory of time, the block universe, and human experience. Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences, 376(2123).

The object-subject relation in science

“One can only help oneself through something like the following emergency decree: Quantum mechanics forbids statements about what really exists—statements about the object. Its statements deal only with the object-subject relation. Although this holds, after all, for any description of nature, it evidently holds in a much more radical and far reaching sense in quantum mechanics.”

– Erwin Schrödinger (1931) letter to Arnold Sommerfeld, spotted in
Fuchs, C. A., Mermin, N. D., & Schack, R. (2014). An introduction to QBism with an application to the locality of quantum mechanics. American Journal of Physics, 82(8), 749–754.


IBM unveils a 433-qubit quantum computer

IBM has today unveiled a 433-qubit quantum processor – progress in the field is accelerating.

One of the example uses of quantum computers is prime factorisation, which they can do much faster than can classical computers. One reason this is of interest is that the security of public key encryption – used everywhere on the net, from LinkedIn to banks – depends on the computational difficulty of prime factorisation.

To break a 2048-bit RSA public key would take trillions of years on a classical computer. A paper published last year argued that a 2048-bit RSA public key could be cracked in 8 hours on a quantum computer. However, that would require 20,000,000 qubits – rather more than the 433 announced today. So, our secrets seem to be safe for a while yet.

Visualising qubits on the Bloch sphere

This post brings together visualisations and sums that I found really helpful for getting to grips with the Bloch sphere representation of qubit states.


The state of a qubit is represented by the linear combination

\(\displaystyle \alpha |0\rangle + \beta |1\rangle\)

for complex amplitudes \(\alpha, \beta \in \mathbb{C}\). The amplitudes satisfy \(|\alpha|^2 + |\beta|^2 = 1\), where

\(\displaystyle |x  + yi| = \sqrt{x^2 + y^2}\),

the modulus of a complex number.

The probability of measuring (using the classical basis) a 0 is \(|\alpha|^2\) and of measuring a 1 is \(|\beta|^2\), by the Born rule.

Distinct states can imply the same measurement probabilities:

Example 1. The amplitudes in the following state are defined without any imaginary component:

\(\displaystyle \sqrt{\frac{1}{2}} |0\rangle + \sqrt{\frac{1}{2}} |1\rangle\).

Apply the Born rule and the probability of both measurement outcomes is \(\frac{1}{2}\).

Example 2. The following example has an imaginary component in both amplitudes:

\(\displaystyle \frac{1}{2}(1 + i) |0\rangle + \frac{1}{2}(1 + i) |1\rangle\).

The modulus of both amplitudes is \(\sqrt{(\frac{1}{2})^2 + (\frac{1}{2})^2} = \sqrt{\frac{1}{2}}\). So the probability of obtaining either a 0 or a 1 is again \(\frac{1}{2}\).

Bloch sphere

The state of a qubit can be represented as a point on the surface of sphere, known as the Bloch sphere. To make sense of this representation, let’s look at a couple of animations, GIFed from the QuVis visualisation project at the University of St Andrews.

Firstly, consider the following circle sliding down and up the sphere (you could think of this as travelling along the sphere’s latitudes):

The first thing to note is that the north (top) and south (bottom) pole of the sphere are where the pure \(|0\rangle\) and \(|1\rangle\) states live, respectively.

The location of the circle determines the probability of a particular measurement outcome. If the circle is at the north pole, then the probability of measuring a 0 is 1. If it’s at the south pole, then the probability of measuring a 1 is 1. At the equator, there’s a 50-50 chance of a 0 or a 1. All points on the circle at any given latitude represent states with the same measurement probabilities. Each latitude circle denotes what is called a magnitude.

Now let’s stop in the middle latitude. We can also rotate around the sphere (think of this as travelling along different longitudes):

These circles represent different relative phases of the state. Phases cannot be directly detected by measurement using the classical computational basis; however, there are methods to see what the phase is and phases are important in quantum algorithms.

Here’s a still of the sphere:

The angle \(\theta\) indexes the longitudes (moving north or south) and \(\phi\) indexes the longitudes (sweeping east or west).

The state of a qubit can be written in terms of these two parameters as follows:

\(\displaystyle \cos\frac{\theta}{2} |0\rangle + e^{i \phi} \sin\frac{\theta}{2} |1\rangle\).

Let’s fix \(\phi = 0\), so \(e^{i \phi} = 1\) and the equation above simplifies to:

\(\displaystyle \cos\frac{\theta}{2} |0\rangle + \sin\frac{\theta}{2} |1\rangle\).

The full sweep from north pole to south pole is \(180^{\circ}\) or \(\pi\) radians. Let’s try north pole (\(\theta = 0\)), equator (\(\theta = \frac{\pi}{2}\)), and south pole (\(\theta = \pi\)).

\(\theta\) \(\displaystyle \alpha = \cos\frac{\theta}{2}\) \(\displaystyle \beta = \sin\frac{\theta}{2}\) State
\(\displaystyle 0\) \(1\) \(0\) \(\displaystyle |0\rangle\)
\(\displaystyle \frac{\pi}{2}\) \(\displaystyle \sqrt{\frac{1}{2}}\) \(\displaystyle \sqrt{\frac{1}{2}}\) \(\displaystyle \frac{|0\rangle + |1\rangle}{\sqrt{2}}\)
\(\displaystyle \pi\) \(0\) \(1\) \(\displaystyle |1\rangle\)

Now what effect does the phase have? Fix \(\theta = \frac{\pi}{2}\), so the measurement probabilities are constant. A \(360^{\circ}\) turn is equal to \(2\pi\) radians. We shall try \(\phi = 0, \frac{\pi}{2}, \pi, \frac{3\pi}{2}\). This time I’m using Grokking the Bloch Sphere to visualise.

Bloch sphere \(\phi\) \(\displaystyle \alpha = \cos\frac{\theta}{2}\) \(\displaystyle \beta = e^{i \phi} \sin\frac{\theta}{2}\)
\(\displaystyle 0\) \(\displaystyle \frac{1}{\sqrt{2}}\) \(\displaystyle \frac{1}{\sqrt{2}}\)
 \(\displaystyle \frac{\pi}{2}\) \(\displaystyle \frac{1}{\sqrt{2}}\) \(\displaystyle \frac{i}{\sqrt{2}}\)
 \(\displaystyle \pi\) \(\displaystyle \frac{1}{\sqrt{2}}\) \(\displaystyle -\frac{1}{\sqrt{2}}\)
 \(\displaystyle \frac{3\pi}{2}\) \(\displaystyle \frac{1}{\sqrt{2}}\) \(\displaystyle –\frac{i}{\sqrt{2}}\)

Note how the \(\beta\) amplitudes come in pairs, one positive, one negative. The sign flips when spinning half a circle.