The Modern Crypto Primitives

The quantum crypto folks are threatening the cryptographic infrastructure that runs the world. I summarize the main functions.

Hash. Any digital message can be transformed to a 32-byte hash. It is believed that no one will ever find two messages with the same hash.

Public key pairs. A 32-byte private key can be converted to a 32-byte public key. No one can invert the operation.

Signature. A private key and a message hash can be signed to a 64-byte signature. The public key can verify the signature. No one can forge the signature without the private key.

Encryption. A 32-byte secret key can encrypt an arbitrary digital message. No one can decrypt without the secret key.

Key agreement. Two public key pairs can be combined to give a 32-byte shared secret, using the private key of one and the public key of the other. Both ways give you the same shared secret. No one can get it from just the public keys.

These functions are quite efficient and underlie the security of nearly everything on the internet today, notably https and ssh. They also underlie Bitcoin. There is broad agreement that they cannot be cracked with conventional Turing computers for the foreseeable future. There are widely available free libraries to do all these things.

Quantum computers threaten the public keys, making it possible to deduce the private key. Google predicts this will happen on what they call Q-Day, maybe as early as 2029. I doubt it will ever happen.

There are post-quantum public key pairs that are resistent to quantum algorithms, but they are much bigger and not as well tested.

Microsoft and Google are hard at work replacing their public key pairs with post-quantum ones. Some high-value targets want to switch now, because of the possibility that transmissions are being recorded now so that the Chinese can decrypt ten years from now. For a typical user ordering an online product, this is not a concern.

This reminds me a little about how IPv6 was designed to replace IPv4 internet protocol in 1998. Most of you reading this are probably still using IPv4. The reasons for change are different, but it shows how the networks are slow to change, if the old system is working just fine.

Einstein Objecting to using Observables

Einstein's unhappiness with quantum mechanics was already clear in 1926, within a year of the theory being formulated.

Heisenberg told this story:

In the spring of 1926, I was invited to address this distinguished body [University of Berlin] on the new quantum mechanics, ...

[Einstein said] "What you have told us sounds extremely strange. You assume the existence of electrons inside the atom, and you are probably quite right to do so. But you refuse to consider their orbits, even though we can observe electron tracks in a cloud chamber. I should very much like to hear more about your reasons for making such strange assumptions."

“We cannot observe electron orbits inside the atom," I must have replied, "but the radiation which an atom emits during discharges enables us to deduce the frequencies and corresponding amplitudes of its electrons. After all, even in the older physics wave numbers and amplitudes could be considered substitutes for electron orbits. Now, since a good theory must be based on directly observable magnitudes, I thought it more fitting to restrict myself to these, treating them, as it were, as representatives of the electron orbits."

"But you don't seriously believe," Einstein protested, "that none but observable magnitudes must go into a physical theory?"

[Heisenberg] "Isn't that precisely what you have done with relativity?" I asked in some surprise. "After all, you did stress the fact that it is impermissible to speak of absolute time, simply because absolute time cannot be observed; that only clock readings, be it in the moving reference system or the system at rest, are relevant to the determination of time."

"Possibly I did use this kind of reasoning," Einstein admitted, "but it is nonsense all the same. Perhaps I could put it more diplomatically by saying that it may be heuristically useful to keep in mind what one has actually observed. But on principle, it is quite wrong to try founding a theory on observable magnitudes alone. In reality the very opposite happens. It is the theory which decides what we can observe.

Einstein is credited with abolishing the aether, absolute space, absolute time, etc., but maybe that is not how he thought about it at all. He went on to try to develop unified field theories that were completely detached from observation.

Generating Quantum Randomness

I posted about someone claiming to prove quantum randomness, and now the journal Nature has published an article on Experimental randomness amplification. The article is paywalled, but here is the 2024 preprint.

In this context, randomness is defined as being fundamentally unpredictable, which means that the laws of physics forbid the prediction of its values. ...

Conventional random number generators, rooted in classical physical processes, grapple with a foundational concern — the potential for adversaries to predict their outputs by scrutinizing the microscopic degrees of freedom, thereby eroding their essential unpredictability.

Quantum-mechanical processes, on the other hand, feature innate randomness and therefore offer a natural ground to build such devices.

This is foolishness. There is no law of physics forbidding prediction.

When you measure X-component of electron spin, then the wave function collapses, and the Y-component has 50-50 chances. Heisenberg uncertainty prohibits measuring the X and Y components at the same time. So the theory is sometimes not able to predict spin. But that is not quite saying that prediction is forbidden. Maybe there is some way to predict, and we do not know how yet.

This paper does not even talk about spin. It merely assumes that you are doing Bell test experiments. Under some assumptions, you can make some random choices, and get even more random outputs.

This method could be used to generate random numbers for practical purposes like cryptography, but I do not think it is any better than tossing coins, or pointing a webcam at a lava lamp.

The Evidence for Quantum Supremacy

A newly revised paper reviews the outstanding evidence for quantum supremacy:

A brief history of quantum vs classical computational advantage
Ryan LaRose

In this review article we summarize all experiments claiming quantum computational advantage to date. Our review highlights challenges, loopholes, and refutations appearing in subsequent work to provide a complete picture of the current statuses of these experiments. In addition, we also discuss theoretical computational advantage in example problems such as approximate optimization and recommendation systems. Finally, we review recent experiments in quantum error correction -- the biggest frontier to reach experimental quantum advantage in Shor's algorithm.

So has it been proved, or not? No, not really.

It seems at this moment in history we are just on the boundary between quantum and classical computational advantage, and in the near future we expect the status of computational advantage to continue shifting between quantum and classical. We hope that this brief history helps to propel readers to the research frontier and develop new ideas which advance both classical and quantum computation.

There is still no convincing experiment that quantum computers are possible.

I would have predicted that by 2026, quantum computing would be proved possible, or investor money would dry up. I was wrong. Investor enthusiasm for QC is stronger than ever. The Trump administration just instested $2 billion into QC, mostly in startup companies. There are about five of these companies worth about $10B apiece. Most of them went public in sneaky financial maneuvers where they did not have to disclose all their risks.

New Scientist magazine just posted a video on Quantum Computers Are More Dangerous Than You Think:

On Q-Day, your privacy will be at stake. This is the moment when quantum computers break the encryption protecting the modern world, bank transactions become readable, private messages get exposed and even state secrets become vulnerable.

For years it sounded like sci-fi, something that was decades away from happening, if it happened at all. But now, research suggests that we may be hurtling towards Q-Day at a rapid speed.

In this video, New Scientist uncovers why many experts think the countdown to Q-Day may already have begun, and explains how quantum computers work and why these machines could both threaten the security of the modern world and unlock breakthroughs that could change our lives. Special thanks to Quantum Motion for letting us film at its facilities.

If and when the countdown to Q-day starts, I think that we will have about ten years. Only the computer security companies, NIST, and the US Dept of War need to prepare now.

For most people, SSL/TLS/SSH is just a way of getting assurance that a web site is real, and that no one is stealing a password or credit card number. If Q-day hits, you will just update your browser and not notice the difference.

The Bitcoin blockchain would have to be restructured, and that is feasible as long as there is a consensus on how to do it. A consensus could take a couple of years.

New Carroll Podcast to Defend Many-Worlds

Sean M. Carroll is frustrated by physicists preferring Copenhagen over many-worlds, so he posted a podcast with his views:

Solo: Looking Quantum Mechanics in the Eyeball | Mindscape 355

One of the major obstacles to understanding quantum mechanics is the difficulty we have in simply accepting what the theory itself is telling us. The problem is that we know what the everyday world looks like -- stuff, arranged in space, evolving through time. So we can't resist the temptation to impose that picture on the quantum description, even if it's not actually there. In this solo episode I talk about what it means to take quantum mechanics at face value, and the difficult work involved in understanding how the everyday world of our experience fits into the picture.

For a more technical description, he refers to his paper, Reality as a Vector in Hilbert Space.

This podcast is a defense of many-worlds theory. He says people believe in textbook QM because they are stupid:

And I suspect that most of the people in the physics survey who said that they're Copenhagenists don't actually have that view themselves, but mostly because they haven't thought about it very carefully.

He has learned that he loses his audience if he talks about the parallel universes too much.

[24:35] Many worlds by contrast and we're not going to get into the worlds aspect of many worlds that much because it's actually not relevant for what we're talking about today. I've often said that many worlds is not mostly about the worlds. The worlds come along. They're there, no doubt. But what many worlds is really about is saying there's no such thing as collapse.

I think the problem here is that he makes several serious conceptual errors.

First, he misunderstands probability. Probability is not a real physical thing, like energy or temperature, but it is essential to all scientific theories. Let me repeat. All scientific theories are based on probability predictions.

You might say: No, when Nasa sent the Artemis II rocket around the Moon, it was all deterministic Newtonian physics.

I say: Not correct. Nasa calculated the splashdown location as a probability distribution.

Next, a probability is a prediction that something will happen, with other things not happening. If I say a coin toss has a 50% chance of heads, I am referring to getting heads, and not getting tails. If I get heads, I can then disregard any possibility of that toss being tails. For example, if I toss a coin three times, and the first is heads, then I can immediately eliminate the possibility of three straight tails.

The core concept behind many worlds does not even have anything to do with QM. It is: Throw away probabilities. Throw away definite outcomes. Assume all possibilities happen, in parallel universes.

If you toss a coin and get heads, it just means that you are in the universe with heads, and a parallel universe has tails. You cannot even say that the universes are equally likely.

When Carroll says (above) that "there's no such thing as collapse", he means that if you toss a coin and get heads, you cannot say that tails did not happen.

Carroll has no evidence for anything he says. His big argument is that it somehow simplifies QM to never predict any probabilities, never do any experiments, never accept any outcomes, and never reject any possibilities.

By eliminating QM's relations to the real world, he says we get more a pure and abstract theory where we do not have to worry about issues like what defines a measurement.

At 1:42:20, he denies that there should be any experimental test for many-worlds theory. He says "that's just not how science works."

On YouTube, a comment points out:

A very good introduction to the subject, but you dodge all the important critiques:

- Probability (Born Rule) is a huge problem for Many Worlds, but I know you are working on that.

- The Schrodinger equation is obviously wrong because spacetime is an assumed background. You dealt with space/locality a few times. There is work on entanglement creating space, and I agree so far, but how can QM/QFT get time to be emergent when it is a parameter not observable? (momentum is just a thick slice of time for mass position? - someone needs to handle that. What is the calculus of position and momentum in background-free local (infinitesimal) proper time?

- It seems that Hilbert Space changes dimension with the number of 'entities' in the system. But we know that 'entities' are variable (n particle quantum number is not defined). So we must immediately leap to the HS of the whole universe: a total matter/field equation that must be fixed, which defines everything (Wheeler/DeWitt). Anything less becomes some strange variable dimensional complex space - I don't buy that. [My personal world is computation and variable size matrices are just ... mathematically impossible. ] What happens with particle creation/destruction and second quantization - hint total hack!

- I don't see any contact with gravity - yes, AdS/CFT and holography, maybe perhaps with actual finite dS boundary defined by SR light cones, etc. but that has to emerge from large (in)finite HS, I don't buy it (yet). My tendency is to trust/believe the criticism from GR gravitationalists (Sir Roger, et al). I don't think you have addressed any of those criticisms (yet). You have to admit that background-free GR is much much more beautiful than background-dependent QFT (yeah, okay, subjective).

- Of all the symmetries in the SM, matter/antimatter and chirality asymmetry are the frontier. Yes, RH/LH neutrinos are vague/undecided/outside SM, and (maybe heavy dark) RH neutrinos could be the answer (cue Neil Turok) but GR people also have tentative answers for the background (Twistors, PIN decompositions, etc) I don't hear solutions coming from pure QFT formalisms.

I could go on, but enough already.

Carroll's excuse for ignoring all these points is "I have to confess that the whole idea of steelmanning is not really my vibe". [10:00]

Einstein's Friend Wrote a Relativity Paper

Hector Giacomini writes a new paper:

This note examines an apparently unpublished manuscript on special relativity written by Conrad Habicht in 1914 and made available online by the ETH-Bibliothek Zürich in December 2024. To the best of my knowledge, no study of its content has yet been published. Habicht was one of Einstein's closest companions during the Bern years. ...

The manuscript offers a clear and pedagogical presentation of special relativity.

Habicht was a friend of Einstein before 1905, so this might have given insights on where Einstein got his relativity ideas. Unfortunately it does not.

Habicht’s manuscript is much closer to the 1907 exposition than to the original 1905 paper. The 1905 article is remarkably austere in its historical framing: it begins with the magnet-and-conductor asymmetry, formulates the two postulates, defines simultaneity, and proceeds directly to the transformation laws and their consequences. It contains no historical reconstruction of Lorentz’s theory, no explicit discussion of the Michelson–Morley experiment, and no narrative account of the ether problem. The 1907 review article, by contrast, restores much of this background. It places special relativity within the history of the conflict between the Galilean principle of relativity, Maxwell–Lorentz electrodynamics, the stationary ether, negative optical experiments, and Lorentz’s work....

Habicht’s manuscript shows that, within a circle personally close to Einstein, special relativity could be presented through the more historical, Lorentz-centered, and electrodynamical framework that Einstein himself had adopted only two years after the 1905 paper. This manuscript reminds us that the history of special relativity was not transmitted only through the paper of 1905, but also through later acts of exposition, recollection, simplification, and reorganization.

When Lorentz's work is presented, it is really hard to understand what Einstein did that was original. In 1907, the theory was known as Lorentz-Einstein theory.

There is no reference to Poincare. This is bizarre, as it is known that Habicht and Einstein read and discussed some of Poincare's papers before 1905. Poincare's 1904-05 relativity papers were widely read in Europe. It is likely that Einstein knew about them in 1905. Even if he did not, he certainly knew in 1907, and Habicht knew in 1914.

The above paper says "the history of special relativity was not transmitted only through the [Einstein] paper of 1905". That 1905 paper was not even historically very significant. Much more important were Lorentz's 1895 and 1904 papers, Poincare's 1898-1905 papers, and Minkowski's 1907-08 papers. Special relativity as we know it came from those papers, and almost nothing came from Einstein's 1905 paper.

I think this Habicht paper is mostly interesting for what it does not say. If Einstein had some of the main ideas behind special relativity before Lorentz and Poincare published them, then Habicht would be the most likely witness. This Habicht paper could have credited Einstein with having some of the ideas before 1905. It does not. It is only known that Einstein told Habicht he was preparing a paper that “provides a new conception of time and space,” in May 1905.

Giacomini wrote other papers on relativity history, discussed here and here. The first paper was just updated.

Distinguishing Newton's First and Second Laws

Isaac Newton's three laws of motion are: (1) if F = 0 then a = 0; (2) F = ma; (3) actions have reactions.

The first law is a trivial consequence of the second. Why did Newton bother to state it as a separate law?

A new paper answers the question:

On the independence problem of Newton's first law Ido Yavetz, Ehud Aharoni Newton's laws of motion pose an apparent problem, sometimes referred to as "the independence problem": the first law seems to be a simple consequence of the second law, raising the question of why it was included as a separate law. Numerous answers to this question have been proposed in the literature. The main contribution of this paper is a novel answer which we call "the formal explanation." Unlike previous accounts it relies on mathematical formalism and argues that the definitions of Euclidean geometry necessitate the inclusion of the first law. We provide evidence in support of this claim. A second contribution is a comprehensive review of previously suggested explanations, which so far have often been treated in a fragmented manner, and a discussion of the plausibility of the various answers.

It turns out that many people have addressed this, and this paper has a new explanation.

Roughly, mathematicians did not always treat zero as a number. There are many examples in Euclid's Elements where an argument gets restated for the zero and nonzero cases, when a modern textbook would unify them. This paper shows that Newton's usage is consistent with Euclid's.

Newton did not have vectors either, so he had to state the directional components of F = ma separately. One version of his second law was:

”A change in motion is proportional to the motive force impressed and takes place along the straight line in which that force is impressed.”

This is similar to Euclid, as he only wrote about nonzero quantities being proportional.