Get AI summaries of any video or article — Sign up free
What makes quantum computers SO powerful? thumbnail

What makes quantum computers SO powerful?

Veritasium·
6 min read

Based on Veritasium's video on YouTube. If you like this content, support the original creators by watching, liking and subscribing to their content.

TL;DR

SNDL turns encrypted data into a long-term liability by allowing attackers to store ciphertext now and decrypt it later once quantum computers can break the underlying math.

Briefing

Quantum computers threaten today’s public-key encryption not because they can instantly “read” encrypted data, but because they can factor the math problems that keep widely used schemes secure—fast enough to make intercepted ciphertext usable later. That risk is amplified by “Store Now, Decrypt Later” (SNDL): governments and other actors can hoard encrypted traffic today (passwords, bank details, intelligence) and wait for sufficiently powerful quantum hardware to break it within minutes years down the line. The U.S. National Security Administration has warned that a large enough quantum computer could undermine widely deployed public key algorithms, and U.S. Congress legislation has pushed agencies to start transitioning to quantum-resistant cryptography now.

The encryption most people rely on for secure communication comes in two major families: symmetric-key systems (shared secret keys) and asymmetric systems, typified by RSA. RSA’s security hinges on multiplying two large secret primes to form a public number; decrypting requires factoring that public number back into its prime components. Classical computers can attempt factoring using algorithms such as the General Number Field Sieve, but for primes hundreds of digits long, the time scale becomes effectively prohibitive—on the order of millions of years even with supercomputers.

Quantum computing changes the calculus through a specific kind of speedup. Classical bits are either 0 or 1, while qubits can exist in superpositions of 0 and 1. With enough qubits, a quantum computer can represent enormous numbers of possibilities at once. Yet the catch is fundamental: measurement collapses the superposition to a single outcome, discarding most of the information. The breakthrough comes from engineering quantum steps so that the “useful” information survives measurement.

That engineering is tied to the quantum Fourier transform and to Shor’s algorithm (developed by Peter Shor and Don Coppersmith). The core trick is to turn factoring into a problem of finding a hidden period. For a number N=pq, the method picks a random g and searches for an exponent r such that g^r is congruent to 1 modulo N. On a classical machine, finding r is slow; on a quantum machine, the periodic structure of remainders can be extracted efficiently. The quantum part uses entanglement between two registers: one holds exponents in superposition, the other stores remainders modulo N. By measuring the remainder register, the computation collapses into a periodic set of exponents separated by r. Applying the quantum Fourier transform then concentrates probability mass at values that reveal r, after which Euclid’s algorithm can recover p and q—provided r is even and the resulting factors are nontrivial.

Even so, practical quantum factoring demands “perfect” qubits plus error correction overhead. Estimates have dropped dramatically over time—from about a billion physical qubits for breaking RSA in 2012 to roughly 20 million physical qubits by 2019—while today’s machines still fall far short. That gap is why the transition to post-quantum cryptography is urgent.

NIST’s response began with a competition launched in 2016, which drew 82 proposals. On July 5, 2022, NIST selected four algorithms for a post-quantum cryptographic standard. Three rely on lattice-based mathematics. The security idea is that finding the closest lattice point (or related shortest/closest-vector problems) becomes extremely hard in high dimensions without a secret “good” basis, even for quantum computers. Messages are encoded as points plus noise on a public lattice; only someone with the private basis can decode efficiently, while attackers face a combinatorial explosion as dimension grows.

The bottom line: quantum computers don’t just threaten encryption in theory—they make today’s ciphertext potentially breakable later, so cryptography must be upgraded now. Lattice-based and other post-quantum schemes aim to keep sensitive data safe even after quantum hardware arrives.

Cornell Notes

Quantum computing threatens RSA-style public-key encryption through fast factoring, mainly by finding hidden periodicity rather than by “decrypting” ciphertext directly. RSA security depends on the difficulty of factoring a product of two large primes; classical computers make that task infeasible, but Shor’s algorithm can do it far faster using qubit superposition, entanglement, and the quantum Fourier transform. The risk is intensified by “Store Now, Decrypt Later,” where intercepted encrypted data can be stored until quantum computers are strong enough to break it. Because practical quantum machines require error correction and many physical qubits, timelines are uncertain, but the threat is real enough that NIST and others are standardizing post-quantum cryptography. Lattice-based schemes are a leading approach, using hard high-dimensional problems for security against both classical and quantum attacks.

What is “Store Now, Decrypt Later” (SNDL), and why does it matter even before quantum computers arrive?

SNDL describes a strategy where attackers intercept and store encrypted data today—such as passwords, bank details, and intelligence—because they expect quantum computers to break the encryption within roughly 10–20 years. Even if decryption is impossible now, the stored ciphertext can be decrypted later once quantum hardware reaches the needed capability. This turns today’s “safe for now” encryption into “safe only until the quantum breakthrough,” which is why governments and regulators treat quantum risk as an urgent migration problem.

How does RSA security work, and what specific mathematical task becomes vulnerable?

RSA assigns each user two large secret primes, multiplies them to form a public number N, and publishes N. To send a private message, the sender uses N to encrypt in a way that can be undone only by someone who knows the prime factors. The vulnerable task is factoring N back into p and q. Classical factoring using the General Number Field Sieve is far too slow for primes around 313 digits, but Shor’s algorithm targets factoring by converting it into a periodicity-finding problem.

Why can’t quantum computers simply “compute all answers and read them out”?

Quantum computers can place qubits into superpositions, so computations can proceed over many possibilities simultaneously. But measurement collapses the superposition to a single outcome, chosen randomly, and most information is lost. The power comes from designing algorithms so that interference amplifies the correct answer’s probability while suppressing wrong ones—so the final measurement yields the information needed (like the period r in Shor’s algorithm).

What role does the quantum Fourier transform play in Shor’s algorithm?

The quantum Fourier transform extracts frequency (period) information from a periodic structure. In Shor’s algorithm, after measuring the remainder register, the remaining exponents form a periodic set separated by r. Applying the quantum Fourier transform to that periodic superposition concentrates probability on values that reveal r. Once r is known (and typically even), the algorithm uses r to construct expressions that share factors with N, then Euclid’s algorithm recovers p and q.

How does the “period finding” step connect to factoring in the example with N=77?

For N=77, picking g=8 and repeatedly multiplying modulo 77 eventually yields an exponent r where 8^r is 1 more than a multiple of 77. That r lets the algorithm rewrite 8^r − 1 into a product of two terms, which are likely to share nontrivial factors with 77. Euclid’s algorithm then computes greatest common divisors between those terms and 77, producing the prime factors (11 and 7 in the example). The quantum speedup targets the efficient discovery of r.

Why are lattice-based post-quantum schemes considered resistant to quantum attacks?

Lattice-based cryptography relies on problems like finding the closest lattice point (or related shortest/closest-vector tasks) in very high dimensions. Without a secret “good” basis, the search becomes extremely hard because the number of lattice points grows rapidly with dimension (roughly proportional to r^d). The schemes encode messages as noisy points near a target lattice point; the receiver uses the secret basis to decode efficiently, while attackers face a combinatorial explosion that remains difficult for both classical and quantum computers.

Review Questions

  1. What is the specific mathematical bottleneck in RSA that quantum algorithms target, and how does Shor’s algorithm reframe it?
  2. Explain why measurement collapses quantum superpositions and how Shor’s algorithm still extracts useful information.
  3. Describe how lattice-based cryptography uses high-dimensional geometry and a secret basis to make decoding hard for attackers.

Key Points

  1. 1

    SNDL turns encrypted data into a long-term liability by allowing attackers to store ciphertext now and decrypt it later once quantum computers can break the underlying math.

  2. 2

    RSA security depends on the infeasibility of factoring a public number N into its prime factors p and q; quantum speedups target that factoring step.

  3. 3

    Qubits enable massive parallelism via superposition, but measurement collapses results, so algorithms must use interference to make the right answer likely to appear.

  4. 4

    Shor’s algorithm speeds up factoring by finding a hidden period r using entanglement and the quantum Fourier transform, then uses Euclid’s algorithm to recover p and q.

  5. 5

    Practical quantum factoring requires error correction and far more physical qubits than “perfect” qubits, so timelines remain uncertain but the migration urgency is high.

  6. 6

    NIST’s post-quantum standard selection (starting from 2016 proposals and culminating in July 5, 2022 selections) reflects the need for encryption that survives both classical and quantum attacks.

  7. 7

    Lattice-based post-quantum schemes aim to resist quantum attacks by making closest-vector-style problems extremely hard in high dimensions without a secret basis.

Highlights

SNDL means intercepted encrypted traffic can be decrypted years later, so “secure today” doesn’t stay secure once quantum factoring becomes practical.
RSA’s public number is easy to multiply but hard to reverse; Shor’s algorithm accelerates the reversal by extracting a hidden period rather than brute-forcing factors.
The quantum Fourier transform is the mechanism that turns periodic structure into measurable frequency information, revealing the exponent r.
Even with dramatic improvements in qubit estimates, error correction overhead makes real-world quantum attacks a moving target—hence early cryptographic migration.
NIST’s July 5, 2022 post-quantum selections include lattice-based algorithms designed around high-dimensional problems that remain hard for quantum computers.

Topics

  • Quantum Threat
  • RSA Factoring
  • Shor’s Algorithm
  • Post-Quantum Cryptography
  • Lattice-Based Encryption

Mentioned

  • Peter Shor
  • Don Coppersmith
  • Rivest
  • Shamir
  • Adelman
  • SNDL
  • RSA
  • NIST
  • NNSA
  • GCD

Get summaries like this for any content

Videos, articles, research papers — all summarized by AI and searchable in one place.

Start building your library