[Cryptography] Quantum computers will never overcome noise issues?

[Peter Gutmann]

Jon Callas <jon at callas.org> writes:

>Less squishily, I don't think that someone is going to make a quantum
>computer by 2050 that would perform at speeds that we predict a classical
>computer could do if Moore's Law continued until then (which it won't). 

I don't think I'll be subject to compromise via quantum cryptanalysis (QCA) in
any foreseeable time period (ten years / twenty years / thirty years / my
lifetime / whatever [0]).  However, I, and everyone on this list, will be
compromised by any kind of non-QCA method you care to name (buffer overflow,
XSS, SQL injection, etc).  Again and again, endlessly [1].

And that's the problem with QCA, cryptographers have run out of things to do
with conventional algorithms (look at SHA-3 as an example, it's failed to
launch because the nearly 20-year-old SHA-2 is still good enough), while the
advent of QCA has provided a convenient excuse to spend the next ten to twenty
years publishing conference papers that would never have been considered
otherwise.  Is QCA a real threat or just a convenient bogeyman to justify lots
of new conference and journal papers that wouldn't otherwise be publishable?

In the meantime, while everyone's fixated on patching the theoretical
mousehole in the corner, they're conveniently avoiding addressing the fact
that entire walls of the barn are missing elsewhere.

Peter.

[0] This is somewhat optimistically predicting that "my lifetime" >>
    $current_date + "thirty years".
[1] And before you say "I run xyzOS and I'm very careful with what I do, I'm
    safe", how about every web site and organisation you interact with, or
    don't interact with but that has data on you?  Think Equifax, for example.