Using the word crypto to describe Bitcoin is an inaccuracy that comes from early misunderstandings and a false connection to distinctly different systems. As we move into an era where Bitcoin will begin to power the digital transaction economy, its time to let go and use more appropriate terms to describe this industry. So, digital currency it is.

On that note, mining also needs to go. Transaction processors play a far more important role than simply digging up new coins. Mining only applies to the disappearing block subsidy, which is only there to prime the pumpthe true function of the nodes is transaction processing and this takes over as the subsidy dies. No more coal mine stock photos, or gold mining puns in articles, lets give them the respect they deserve.

After 11 years of Bitcoin, were grown accustomed to seeing these expressions. But something never felt quite right about them. They seemed forced, bolted-on, a rushed attempt to describe a new industry using words people could relate to somehow. And over those years, crypto and cryptocurrency have also acquired the stigma of anonymity, crime, and get-rich-quick schemes like ICOs.

Digital transaction and transaction processorsget used to those expressions, because youll be seeing them a lot more often in the future.

Bitcoin is not like this

Bitcoin creator Dr. Craig Wright described the need for more accurate descriptors, saying:

Cryptocurrency is linked to a lot of discredited systems (right back to eCash) that are linked to black market and illegal use cases (drugs, money laundering etc). Next, Bitcoin is not encrypted. Blind cash systems such as Digicash used cryptographic constructs directly and are associated with encrypted transactions that cannot be traced. Bitcoin is not like this.

Bitcoin is sent in clear text. The hash is an index to the identity exchange between peers (people) but nothing is secret. It is private but not hidden.

Theres another, er, key difference. Dr. Wright continued:

With encrypted systems, the loss of the key means the inability to access data. Bitcoin is not encrypted. The transaction is published publicly. So, nothing is going to stop recovery if the nodes agree (nodes enforce rules and courts issue rules).

Even the NSA cannot force access to an encrypted file when the private key is destroyed, but, again Bitcoin is clear text and public. So, losing a key doesnt mean the transaction is lost.

I used digital signature algorithms in bitcoin, but this is still not cryptography. It is a system that uses the same maths in a new manner.

He also noted that Bitcoin was never a new technology. In his 1996 piece, The Wild, Wild Web, Gregory Spears articulated web IPOs, which used tokens to raise funds. We now call these ICOs, but the difference is that a blockchain stops the Ponzi schemes from deleting logs. Dr. Wright said:

Token security offers and capital raising dates back decades. Bitcoin was never a new technology in this area.

In the Nineties

Cryptocurrency is a word that comes from Dr. Wrights favorite decade, the 1990s. Early allusions to the term run alongside untraceable and anonymous moneywhich has shown itself to be undesirable. Interestingly, some of the first published references come from those concerned with investigating its uses. Theres the NSAs How to Make a Mint: the Cryptography of Anonymous Electronic Cash from 1996, also referenced in The American Law Review in 1997.

Its a difficult word to say, and one that causes outsiders eyes to glaze over. If they can relate to it at all, their minds subconsciously connect it to more negative aspects of the past like scams, bubbles, and crime.

Writers also know its a difficult word to type. If you dont believe us, search the web for crypocurrency and crytocurrency and see how many results you get.

We know youll check the whitepaper, so here it is

For the record, Satoshi Nakamotos 2008 Bitcoin whitepaper does not refer to cryptocurrency or miners the way theyre commonly used in todays discourse. There are just two sentences that allude to these terms. This one:

What is needed is an electronic payment system based on cryptographic proof instead of trust

And this one:

The steady addition of a constant of amount of new coins is analogous to gold miners expending resources to add gold to circulation.

Bitcoin is based on cryptography, but it is not itself a form of cryptography and it doesnt function the same way. Contrary to popular belief, it is not secured by cryptography either. Bitcoin has an economic model secured by incentives and coststransaction processors do their job for profit, and hacking or taking over the network is prohibitively expensive.

Cryptographers themselves have never liked the word crypto for digital transaction networks. That abbreviation describes their field, and many have expressed displeasure at it being reapplied to just one specific application. And miners? Like Satoshi said, its only meant to be an analogya comparison to allow newcomers to more easily grasp whats going on.

Were happy for the real cryptographers to have their word back, and restore it to its proper meaning.

Bitcoin and the digital transaction industry are mature now. The industry is ready to move on to greater challenges, and in doing so must discard the expressions that narrowed its mission so much. It gives us great pleasure to announce that crypto is dead long live the digital transaction era.

New to Bitcoin? Check out CoinGeeksBitcoin for Beginnerssection, the ultimate resource guide to learn more about Bitcoinas originally envisioned by Satoshi Nakamotoand blockchain.

See more here:
'Crypto' is deadlong live the digital transaction era - CoinGeek

A report from DLA Piper states that more than 160,000 data breach notifications have been reported across 28 nations in the European Union since the General Data Protection Regulation (GDPR) went into effect in May 2018 -- an average of more than 260 data breaches per day. And, when you consider that since California's 2004 law on privacy breaches, over 9,000 breaches have been recorded and 11.5 billion records have been exposed,it is evident that threats against sensitive data are unprecedented.

Is this the new normal? Can there be any expectation of security and privacy when even the most stringent of data privacy regulations appear to have little effect?

Companies, government agencies and consumers must change their behavior if they expect to stem this tide. They must adopt disruptive defenses to make it extremely hard for attackers to compromise data.

What is a disruptive defense? It is an uncommon defense, based on existing industry standards, that raises application security to higher levels than what is currently used by most applications.

There are six disruptive defenses that, when deployed, create significant barriers to attackers. They are as follows:

1. Eliminate shared-secret authentication schemes.

This includes passwords, one-time PINs, knowledge-based authentication, etc. This should be replaced with public key cryptography-based authentication that uses cryptographic hardware to protect keys.

Public key cryptography authentication (also known as "strong authentication") does not store secrets on the server. The secret remains with the user, stored in special hardware available on business desktops, laptops, modern mobile phones, smartcards and security keys. This is a modern authentication standard that eliminates passwords and is supported by all major operating systems as well as browsers. According to NIST, it provides the "highest assurance" among authentication technologies currently. Eliminating a 1960s authentication scheme on a 21st-century application should be the first defensive step of every web application.

2. Ensure the provenance of a transaction before it is committed.

This is accomplished through the use of a digital signature on a transaction, applied by the user using the same technology for strong authentication. Not only does this establish an authoritative source for the transaction (since only the user could have applied that digital signature with their consent), but it provides the business with a transaction confirmation, which is becoming increasingly necessary in many business environments.

3. Preserve the confidentiality of sensitive data within the application layer.

This excludes the practice of encrypting data within the database, operating system or disk drive. Encrypting sensitive data has become mandatory via multiple recent regulations. But application developers fool themselves when they use data at rest (data in a database, operating system or disk drive) encryption instead of ensuring that only authorized applications can decrypt sensitive data. Systems are rarely at rest; they're working 24 hours a day and decrypting data for attackers when a legitimate user's password-based credential is compromised. By combining disruptive defenses No. 1 and 3, applications will ensure unauthorized users never get to see decrypted data.

4. Preserve the integrity of a transaction through its lifetime.

This is accomplished, once again, by a digital signature, but it is applied by the application itself. While a digital signature acquired at the source of a transaction guarantees authenticity, transactions are modified in many applications. When data within the transaction changes, a new digital signature must be applied by the application to preserve the integrity of the modified transaction. Verifying the digital signatures of a transaction from its origin to its current state assures applications that unauthorized changes have not been made to data.

5. Use cryptographic hardware wherever cryptographic keys are stored and used.

Cryptography represents the last bastion of defense when protecting sensitive data. As such, cryptographic keys are the only objects standing between an attacker and a major headache for your company. While convenient, keys protected in files are protected by passwords and are subject to the same attacks that compromise user passwords. By using cryptographic hardware -- present in all modern systems -- applications create major barriers to attacks. While it may be argued that cryptographic hardware is also subject to attacks, evidence shows that these attacks are neither scalable nor common, as attackers would need access to the physical computer on which your cryptographic keys are stored to be able to compromise the keys.

6. Ensure cloud applications access cryptographic services from within a secure zone.

While the cloud offers many business benefits, attempting to access cryptographic services from within a public cloud's virtual machine is a recipe for disaster -- the credentials necessary to authenticate to the cryptographic services are vulnerable to compromise in a public virtual machine (as some recent breaches highlight), enabling attackers to use legitimate credentials to command key management systems to decrypt sensitive data for the attacker. Using an application architecture that guarantees access to cryptographic services only from a secure zone eliminates that risk completely.

All these disruptive defenses are based on industry standards and have been around for decades in most cases. Security-conscious professionals recognize protecting data by focusing on system security is a secondary defense; network defenses are generally nonproductive and should be minimized because the use of disruptive defenses assumes an attacker is on the network. The objective, now, is to protect data, even in the presence of this threat.

Visit link:
Disruptive Defenses Are The Key To Preventing Data Breaches - Forbes

Versal is an adaptive compute acceleration platform (ACAP), a heterogeneous compute device with capabilities that the firm claims far exceed those of conventional silicon architectures.

Added to the Premium series are 112Gbps pam4 transceivers, multi-hundred GBe and Interlaken connectivity, cryptography, and PCIe gen5 with built-in DMA, supporting both CCIX and CXL.

Developed on TSMCs 7nm process, Versal Premium combines vector and scalar processing elements, coupled to programmable logic and tied together with a network-on-chip (NoC) which provides memory-mapped access to all three processing element types.

The scalar engines are built from the dual-core Arm Cortex-A72, the adaptable engines are made up of programmable logic and memory cells and the intelligent engines are an array of very long instruction word (VLIW) and single instruction, multiple data (SIMD) processing engines and memories.

The device has over 120TB/s of on-chip memory bandwidth which, coupled with the customizable memory hierarchy, is designed to reduce data movement and remove key bottlenecks, while pre-engineered connectivity and cores allow integration into existing cloud infrastructure.

Versal Premium is designed for high bandwidth networks operating in thermally and spatially constrained environments, as well as for cloud providers. It delivers up to 9Tb/s of serial bandwidth and 5Tb/s of throughput with Ethernet, with flexibility to support various data rates and protocols, the firm says.

Its cryptography engines provide up to 1.6Tb/s of encrypted line rate throughput and support for AES-GCM-256/128, MACsec and IPsec.

The firm suggests the device will find applications in 5G communications, aerospace and defense, along with ADAS.

The Versal Premium series takes ACAPs to the next level delivering breakthrough networked hard IP integration enabling the development of single chip 400G and 800G solutions, says Kirk Saban, vice president of product and platform marketing at Xilinx.

Targeting next-generation networks and cloud deployments, Versal Premium delivers superior bandwidth and compute density in a scalable platform that is readily programmable by hardware and software developers alike for optimized acceleration and reduced TCO.

Link:
Xilinx announces addition to ACAP platform with Versal Premium - Electronics Weekly

Looking for the latest stats and info about public key infrastructure? Lookno further

74%. Thats how many organizations report not knowing how many keys and certificates they have. This unsettling statistic was reported in the latest data from The Impact of Unsecured Digital Identities, a new public key infrastructure (PKI)-focused research study by the Ponemon Institute and KeyFactor

Last year, KeyFactor and the Ponemon Institute joined forces to publish a study on public key infrastructure. This years publication is chock full of goodies and valuable insights on PKI as a whole. In early March, Chris Hickman, chief security officer at KeyFactor, and Larry Ponemon, chairman and founder of the Ponemon Institute, shared key insights from the study during a webinar. And in this years report, they included something new the Critical Trust Index. This 16-question core competency measurement aims to help businesses measure their certificate management capabilities, the effectiveness of their PKI efforts, and their agility and growth.

Its a great study one well definitely quote cybersecurity statistics from throughout the year. But what makes it so good? The items highlighted in the study are the ones we see every day from our clients across multiple industries both good and bad.

So, what can the results of this study tell you and how canit help you make informed decisions for your own PKI? And who was involved withthe study?

Lets hash it out.

The study, sponsored by our friends at KeyFactor, was independently conducted by the Ponemon Institute, both of which are well-known names within the industry.

The data in the study comes from the survey responses of 603IT and infosec professionals from across North America. The majority of therespondents (61%) reported their positions as supervisor or above and another30% indicated that they are at the staff/technician level. The majority arefrom large Enterprises, with 64% of the respondents indicating that they workfor organizations with at least 5,001 employees.

The participants were asked to respond to a series ofquestions relating to cyber security threats, strategies, budgets, certificatemanagement, compliance, and financial impacts relating to several of theseareas.

From a 30,000-foot perspective, the current mechanisms forsecuring and managing digital certificates and cryptographic keys are lacking.Many companies lack the personnel and technical resources, budgets, procedures,or policies to effectively support public key infrastructure. As such, thisleaves organizations open to significant risks from a variety of cybersecuritythreats the world over.

But no matter how challenging it can be, IT security andinformation security practitioners alike know that public key infrastructure iscritical to organizations. After all, PKI helps organizations to increase trustwith end users and clients (their web browsers) alike through authenticationand encryption. As certificate lifespans shrink and threats continue to evolve,the risk that your organization will be impacted increases with them.

But how important is PKI in the eyes of the C-suite executivesabove them? Lets find out as we glean insights about this topic and othersrelating to the PKI ecosystem.

Perception and reality are frequently two different things this is particularly the case regarding how PKI tasks and IT securitychallenges are handled. Probably the biggest takeaway that the study highlightsthe tremendous gap in perceptions in terms of confidence in the responses toquestions between the technical guardians within an organization and those who areamong the executive leadership above them.

In that data alone, it showed us very significantly how the problems of managing these types of critical assets in the organization, from the practitioners to the executives, differ when asked the same questions, Hickman said in the webinar on the study.

Their observation made them question why theres such adifference in the landscape between these different ranks within anorganization. Executives tend to be significantly more optimistic in theirresponses than their staff/technician counterparts averaging 6.2 on a 1-10scale, versus staff/technicians, who have an average confidence rating of 3.7. Thisis particularly true concerning issues relating to managing critical assets.

These responses demonstrate why challenges might exist withinorganizations leaders think issues are being handled or resolved, andpractitioners are struggling to keep up with the never-ending demands.

As with any organization and tasks, communication is key.There needs to be clear communication and transparency about the situation. Ifthere are deficiencies, insufficient resources, or other challenges, everyoneneeds to be on the same page.

Dont sugar coat things. Be open and honest about PKI and ITsecurity-related issues that exist within your organization. Make yourleadership aware of any challenges and offer recommendations and solutions toaddress the issues. Most importantly: Learn to speak their language.

One suggestion from Hickman and Ponemon shared during the webinar comes from Gartner:

Security leaders that successfully reposition X.509 certificate management to a compelling business story, such as digital business and trust enablement, will increase program success by 60%, up from less than 10% today.

Essentially, executives want to know the bottom line costsinvolved and how circumstances will affect the operation and organization as awhole. Dont speak technical mumbo-jumbo. Give them what they want while stillpushing for the resources you need by changing how you frame the situation.

Listen to your experts. Listen to understand and not to reply. Recognize that theyre humans and that the industry and cyber threats are continually changing. The threats we face today arent necessarily the same as those well face in the future. Be flexible and open to change. If you want to protect your organization, dont put off investing in your cybersecurity infrastructure and resources until tomorrow. Commit to making those changes today.

According to the report, 60% of respondents believe theyhave more than 10,000 certificates in use across their organization. Thats alot of cats to herd. Interestingly, though, the respondents arent all thatconfident in their estimates 74% indicate that they have no clue how manycertificates and keys they actually are using for certain.

So, what do all of these statistics have in common? A lackof certainty (and clarity), for one. Thats because these organizations lackvisibility into their PKI certificate management. Essentially, they dont know:

This lackadaisical approach is kind of like trying to run a restaurant without any clue about whos responsible for what and how its all getting done. For a restaurant to work, you need to know whos ordering the supply deliveries, whos making the food, whether the food thats available to serve to customers meets certain quality and hygienic standards (it hasnt expired), and whos serving it.

If you dont know these things because you lack visibilitywithin your operation, then, frankly, youre not going to be in business forvery long.

Honestly, this finding that organizations have a lack ofvisibility into their PKI doesnt strike me as surprising. After all, a lack ofvisibility is an ongoing issue for many organizations within the industry as awhole and was also an issue in their previous study from 2018. But it doessurprise me a little is that the organizations are willing to admit thatthey lack this visibility and that it continues to be an ongoing issue.

According to their data, 55% of surveyed organizations saidthey had four or more certificate outages over the last 2 years! And 73% saidthat their organizations still experience unplanned downtime and outages due tomismanaged digital certificates.

So, what can done to help you address this lack ofvisibility and poor certificate management within your organization?

Here at Hashed Out, were all about helping our readers avoidcommon PKI certificate management mistakes. One of the things we always emphasizeis the importance of having visibility over your PKI. An issue that many adminshave is that theyre trying to manage their keys and certificates using manualmethods such as Excel spreadsheets. This is not only clunky and cumbersome, butit leads to a variety of issues.

One such example is shadow ITcertificates. If youre not the only person in charge of installing,renewing, and managing X.509 digital certificates, then some certificates canget installed that you dont know about. And certificates that you may haveinstalled yourself may fall through the cracks and expire without yourknowledge. And you cant effectively manage what you dont know you have.

Using a reliable and reputable certificatemanagement solution can help you to avoid this issue. The best certificatemanagement tools enable you to

This provides you with full visibility of your public keyinfrastructure. Considering that many organizations believe they have at least10,000 certificates, you can see how trying to manually manage these assets is virtuallyimpossible.

Manage Digital Certificates like a Boss

14 Certificate Management Best Practices to keep your organization running, secure and fully-compliant.

We get it. Everyones busy and, frankly, there just arentenough hours in the day to handle every task that comes our way. But thatdoesnt change the importance of having a specific team or department thatsresponsible for handling essential tasks.

Despite this need, study respondents indicate that digitalcertificate budgets and responsibility ownership are lacking. The tasks,responsibilities, and budgetary requirements associated with certificatemanagement are often times spread among various departments within differentorganizations. Essentially, theres no clear center of excellence forcryptography.

Their findings also report that nearly just a third (38%) oforganizations claim that their organizations have the human resources dedicatedto their PKI deployment. Part of this might be because of the stagnantcybersecurity budgets in comparison to the industrys growing costs, or itcould be related to the challenges companies report facing in terms of hiringand retaining talent.

Organizations represented in the KeyFactor/Ponemon Institutestudy reported spending only 16% of their budgets on PKI. Thats approximately$3 million from the reported average IT security annual budget of $19.4 million!And they also discovered that the responsibilities and ownership is frequentlyspread among other departments:

In the U.S., were experiencing some of the lowest unemployment levels in more than two decades. The U.S. Bureau of Labor Statistics (BLS) reports that for college grads, the unemployment rate is at 2.0% and 3.8% for high school graduates as of January 2020. Were experiencing the lowest unemployment rates in IT security and technology, which is literally at 0%, according to Cybersecurity Ventures.

While this is great for jobseekers, its not as great fororganizations looking to hire them. Why? Because it would imply that theres agreater demand for skilled workers than there are people looking for jobs. Thismeans that businesses and organizations are competing for talent. So, what canyou do to combat growing workloads when you have static resources?

Some organizations are turning to automation and the use of artificial intelligence (AI). Automation can help reduce the load on your staff and augment their capabilities by eliminating the menial tasks from their workloads. Predictive analytics, language processes, authentication, and log analysis to identify anything unusual. Using AI helps to free up your employees so they can focus some of their attention on higher-level priorities and tasks.

One example of automation in PKI is a certificate management solution. You can use this tool to gain visibility into your PKI and discover shadow certificates. Its also invaluable in terms of helping your team effectively manage all aspects of the certificate lifecycle and avoid certificate expirations, which Gartner estimates can cost an average of $300,000 per hour.

SSL/TLS certificates are a must for any ecommerce business(or any website, really, that wants to rank on Google and other searchengines). And as more organizations readily adopt PKI solutions, it means thereare more keys and digital certificates to manage. Using certificate managementtools and other automation solutions can help you to not only streamline youroperations and make them more effective, but it also helps you to controlrising operational costs.

While certificate outages are a major cause of concern, theresponses received during the study indicate that failed audits due to insufficient key management practices, rogue orcompromised certificate authorities (CA), and misuse of code signingcertificates and keys are even bigger areas of concerns. This is true both interms of financial costs as well as compliance.

The seriousness of failedaudits and compliance headed up the rankings (4.1 on a 1-10 scale where 1 isconsidered a least serious problem and 10 is most serious problem). Inparticular, survey respondents are worried about insufficient or unenforced keymanagement policies and practices. The next most serious issue related toman-in-the-middle (MitM) and phishing attack vulnerabilities that stem from CAcomprormise.

We mentioned earlier that nearly three-quarters (73%) of respondents indicate that they experience unplanned outages and downtime due to mis-managed digital certificates. These occurences are more frequent than unplanned outages that result from certificate expiration. What makes these numbers even more dire is that disruptive outages are expected to keep increasing rather than decreasing. According to the report:

59 percent of respondents say the misuse of keys and certificates by cybercriminals is increasing the need to better secure these critical assets. Yet, more than half (54 percent) of respondents are concerned about their ability to secure keys and certificates throughout all stages of their lifecycle from generation to revocation

If youre using a private CA, its not really surprisingwhen things go sour. One of the best things you can do to avoid issues relatingto rogue or compromised certificate authorities is to work with established,reputable commercial CAs who provide managedPKI services. It would be best to stay away from free PKI certificateproviders because they lack the support and resources that commercial digitalcertificate providers have at their disposal.

The final insight well share from the survey is that respondents concerns stemming from post-quantum cryptography are decreasing for now. The KeyFactor and Ponemon report says:

Only 47 percent of respondents are concerned about the impact that quantum computing will have on their key and certificate management practices, but we expect this number will rise as recent advances in quantum technology bring us closer to the potential breaking point of the keys and algorithms we rely upon today.

Essentially, there is and has been hype surrounding thetopic for several years. But until quantum computing is available at the commerciallevel, well overestimate the potential negative impacts rather than highlightits positive impacts on security, Ponemon said.

Hickman says that quantum computing is our future reality its just a matter of when, not if it will become a thing. Thats why theindustrys work on post-quantum algorithms is critical (see our previousblog post highlighting DigiCerts work on post-quantum cryptography) andwhy organizations need to:

Rarely have we seen something in this industry with thepotential cataclysmic effect of quantum, and the disruptive nature that it willbring from a security standpoint, says Hickman, who emphasizes the importanceof planning, which seems to be taking a back seat in terms of being considereda priority.

Hickman continues:

Having a plan, understanding where your digital assets live, where your cryptography is deployed, having ways to manage that crypto is absolutely important. Things are going to happen along the way such as the deprecation of algorithms But youll be able to reuse that same plan and actually validate it top make sure that youre ready for a post-quantum world.

From these survey responses, its obvious that theres noone clear owner of PKI budgets and efforts with multi-discipline and multi-functionalteams. And theres also no one agreed upon method that these surveyedorganizations rely on to deal with these increasing crypto responsibilities. Butits obvious that having a governance process in place and clear visibility ofyour public key infrastructure are essential to improving a businesss certificatemanagement capabilities. Part of this entails establishing a cryptographiccenter of excellence if one doesnt already exist.

The increasing use of encryption technologies, digital certificates,etc. for compliance with regulations and policies dictates the need for better certificatemanagement practices. And as operational costs continue to increase without a parallelincrease in operating budgets to cover those costs, automation will becomeimportant the closer we get to a PQC world.

Read the original here:
5 Actionable Takeaways from Ponemon and KeyFactor's 2020 PKI Study - Hashed Out by The SSL Store - Hashed Out by The SSL Store

Dr Arne Grimsmo from Sydney Nano and the School of Physics. Photo: Stefanie Zingsheim

Scientists in Australia have developed a new approach to reducing the errors that plague experimental quantum computers; a step that could remove a critical roadblock preventing them scaling up to full working machines.

By taking advantage of the infinite geometric space of a particular quantum system made up of bosons, the researchers, led by Dr Arne Grimsmo from the University of Sydney, have developed quantum error correction codes that should reduce the number of physical quantum switches, or qubits, required to scale up these machines to a useful size.

The beauty of these codes is they are platform agnostic and can be developed to work with a wide range of quantum hardware systems, Dr Grimsmo said.

Many different types of bosonic error correction codes have been demonstrated experimentally, such as cat codes and binomial codes, he said. What we have done in our paper is unify these and other codes into a common framework.

The research, published this week in Physical Review X, was jointly written with Dr Joshua Combes from the University of Queensland and Dr Ben Baragiola from RMIT University. The collaboration is across two leading quantum research centres in Australia, the ARC Centre of Excellence for Engineered Quantum Machines and the ARC Centre of Excellence for Quantum Computation and Communication Technology.

Our hope is that the robustness offered by spacing things out in an infinite Hilbert space gives you a qubit that is very robust, because it can tolerate common errors like photon loss, said Dr Grimsmo from the University of Sydney Nano Institute and School of Physics.

Scientists in universities and at tech companies across the planet are working towards building a universal, fault-tolerant quantum computer. The great promise of these devices is that they could be used to solve problems beyond the reach of classical supercomputers in fields as varied as materials science, drug discovery and security and cryptography.

With Google last year declaring it has a machine that has achieved quantum supremacy performing an arguably useless task but beyond the scope of a classical computer interest in the field of quantum computing and engineering continues to rise.

But to build a quantum machine that can do anything useful will require thousands, if not millions of quantum bits operating without being overwhelmed with errors.

And qubits are, by their very nature, error prone. The quantumness that allows them to perform a completely different type of computing operation means they are highly fragile and susceptible to electromagnetic and other interference.

Identifying, removing and reducing errors in quantum computation is one of the central tasks facing physicists working in this field.

Quantum computers perform their tasks by encoding information utilising quantum superposition a fundamental facet of nature where a final outcome of a physical system is unresolved until it is measured. Until that point, the information exists in a state of multiple possible outcomes.

Dr Grimsmo said: One of the most fundamental challenges for realising quantum computers is the fragile nature of quantum superpositions. Fortunately, it ispossible to overcome this issue using quantum error correction.

This is done by encoding information redundantly, allowing the correction of errors as they happenduring a quantum computation. The standard approach to achieve this is to use a large number of distinguishable particles asinformation carriers. Common examples are arrays of electrons, trapped ions or quantum electrical circuits.

However, this creates a large network of physical qubits in order to operate a single, logical qubit that does the processing work you require.

This need to create a large network of physical qubits to support the work of a single operating qubit is a non-trivial barrier towards constructing large-scale quantum machines.

Dr Grimsmo said: In this work, we consider analternative approach based on encoding quantum information in collections of bosons. The most common type of boson is the photon, a packet of electromagnetic energy and massless light particle.

By trapping bosons in a particular microwave or optical cavity, they become indistinguishable from one another, unlike, say, an array of trapped ions, which are identifiable by their location.

Theadvantage of this approach is that large numbers of bosons can be trapped in a single quantum system such as photons trappedin a high-quality optical or microwave cavity, Dr Grimsmo said. This could drastically reduce the number of physical systems required to build a quantum computer.

The researchers hope their foundational work will help build a roadmap towards fault tolerance in quantum computing.

Go here to see the original:
Novel error-correction scheme developed for quantum computers - News - The University of Sydney