[Cryptography] high-school crypto project

[John Denker]

On 05/07/2014 09:15 AM, Sanjeet Suhag wrote:

> I’m a 17 year old high school student currently studying for my last
> year in high school. I’m a student of the IB diploma and I have to do
> an extended essay, which is essentially a research paper on a topic
> related to any subject. As a programmer, I wanted to do something
> related to Computer Science. I have my fair share of technical
> knowledge of cryptography and it is clearly one of my favourite
> topics to do a research paper on. Since almost everything else has
> already been done in standard cryptography, I believe that a
> confluence of Quantum Computing and its affect on the current
> cryptographic standards would be useful. So, as most people out here
> have much more knowledge than me on topics like this, could you
> please suggest whether or not this is a feasible topic of
> investigation, or if not, is there anything else that I can do (i.e.
> some other technical aspect of Cryptography) ?

Well, first of all, it is not true that "everything else has
already been done in standard cryptography".  The fact that
you would say this suggests that your background in cryptography
is not as strong as you think it is.

Secondly, quantum cryptography is the most-challenging area of
a challenging subject.  It requires an understanding of physics
waaaay beyond anything that is normally covered in high school.
Quantum cryptography would make more sense as a graduate thesis
of above-average difficulty, rather than as a high-school project.

In any case, the effect on current crypto standards is nil.  As 
was said more than a decade ago:
     "We can factor the number 15 with quantum computers. We can also
      factor the number 15 with a dog trained to bark three times."
                 --- Robert Harley, 5/12/01, Sci.crypt.

If quantum crypto worked in practice, it would require throwing 
out many of the current standards entirely.  Meanwhile, now and
for the foreseeable future, it has no effect.  There is no middle
ground.

  As a general rule, the absence of evidence is not evidence of
  absence, but we can note that the Snowden revelations contain
  not the slightest hint that the NSA can break the fundamental
  cryptologic math.  Snowden said, quote, "the math works".  The
  breaks come from tampering with the code and from working 
  /around/ the crypto.

There are some folks who claim there are real-world applications
of quantum crypto, but in all cases I've seen, it is nothing but 
snake oil.  For example, it's OK if somebody talks about quantum-
mechanical resistance to wiretapping, but when they claim this 
solves "the key distribution problem" it means they have not the 
slightest clue what the real problem is.  Either they are very 
stupid, or they cynically believe their customers are very stupid 
... and in either case, you don't want to be their customer.

As an almost-reasonable compromise, one might consider writing
a paper debunking the claims on this page:
  http://digitaldisruption.com/4-real-world-uses-quantum-cryptography
perhaps by showing that each of the four applications could be
handled more cheaply /and better/ using classical non-quantum 
crypto.

However, even that would require a lot of work, to do it properly.
Remember that there is a lot more to security than just crypto.
For example, securing a set of election results requires verrry
much more than resistance to wiretapping.

Perhaps an even better option would be to take one of the open
questions discussed on this list, and write a review.  Pick
something that doesn't require graduate-level physics.  For
example, a few weeks ago there was a discussion of sending
encrypted email and (!) cover traffic via a netnews stream,
thereby providing a certain amount of anonymity and deniability.
A number of suggestions were made a different times.  It might
be worth writing a review that collects, evaluates, and harmonizes
the various suggestions.