We don't. Here's a survey paper from quantum computing expert Scott Aaronson, posted to arXiv just a couple months ago: https://arxiv.org/pdf/2209.06930.pdf
From the abstract:
> I survey, for a general scientific audience, three decades of research into which sorts of problems admit exponential speedups via quantum computers -- from the classics (like the algorithms of Simon and Shor), to the breakthrough of Yamakawa and Zhandry from April 2022. [...] I make some skeptical remarks about widely-repeated claims of exponential quantum speedups for practical machine learning and optimization problems. Through many examples, I try to convey the "law of conservation of weirdness," according to which every problem admitting an exponential quantum speedup must have some unusual property to allow the amplitude to be concentrated on the unknown right answer(s).
I am very confused at how so many people are absolutely convinced that quantum computing is known to do, or already does, all sorts of things it is not known to do. There's a sister comment here saying exponentially superior quantum computers are available in AWS!
It's like an urban legend that circulates among software engineers.
Why would integer factorization be commercially relevant? Only practical use of that (as far as I'm aware) is breaking RSA. Hopefully people will just switch to known quantum secure algorithms. It'll be a nothing burger.
Integer factorization for codebreaking is a military or criminal application, not a commercial one. Someone will make money doing it, but it won't be contributing to society in the way we normally mean when talking about commerce. It would be like saying nukes have commercial applications.
"Quantum simulation" is too vague to speak to applicability in any domain. There is no proven or empirically demonstrated exponential speedup on any simulation problem with known commercial applications.
Switching a few key libraries like OpenSSL to using quantum-resistant cryptography is WAY WAY easier than constructing a viable quantum computer (in secret) that is able to break 512 bit or 1024 bit key RSA.
Integer factorization is relevant only because integer factorization is currently considered to be computationally difficult and effectively impossible. If this ceases to be the case (effective QC hardware, or perhaps some math breakthrough), the effect is simply that integer factorization stops being a valid security or proof-of-work measure and thus it ceases to be used, not that breaking integer factorization becomes a viable commercial industry.
From the abstract:
> I survey, for a general scientific audience, three decades of research into which sorts of problems admit exponential speedups via quantum computers -- from the classics (like the algorithms of Simon and Shor), to the breakthrough of Yamakawa and Zhandry from April 2022. [...] I make some skeptical remarks about widely-repeated claims of exponential quantum speedups for practical machine learning and optimization problems. Through many examples, I try to convey the "law of conservation of weirdness," according to which every problem admitting an exponential quantum speedup must have some unusual property to allow the amplitude to be concentrated on the unknown right answer(s).
I am very confused at how so many people are absolutely convinced that quantum computing is known to do, or already does, all sorts of things it is not known to do. There's a sister comment here saying exponentially superior quantum computers are available in AWS!
It's like an urban legend that circulates among software engineers.