[Cryptography] QM giveth, QM taketh away

[John Denker]

On 2/11/21 9:05 AM, Henry Baker wrote:
> There has been some public hand-wringing in the media
> over China's push for quantum computation to break
> current encryption methods.
> 
> I've heard of people working on the following scheme:
> 
> 1. One-time pads can't be broken by quantum computation,
> but require incredibly long keys which are hard to manage.
> 
> 2. Quantum key distribution supposedly enables guaranteed
> private distribution of OTP keys.
> 
> 3. Quantum effects enable the *generation* of true random
> numbers for OTP encryption.
> 
> Is this the post-quantum future?

As for item 1: This is well known to be true. It is not news.

As for item 3: This is clearly false.
 For present purposes, quantum noise is serpentoleum. It is in
 no ways better than plain old thermal noise. The underlying
 physics does not distinguish between the two in any relevant
 way.

As for item 2: The word "supposedly" distracts from what I take
 to be the intended meaning, so let's factor that out and focus
 on whether quantum computing is necessary and/or sufficient to
 permit distribution of OTP material. The answers appear to be
 "no" and "no":
 — Not necessary because you can set up a private channel using
  SIDH or something like that.
    https://en.wikipedia.org/wiki/Supersingular_isogeny_key_exchange
 — Not sufficient because the problem you're trying to solve is
  complicated. After you have secured the raw channel, there remain
  authentication issues that the QM doesn't help you with.

As for all the hand-wringing, I am reminded of this:
     "We can factor the number 15 with quantum computers. We can also
      factor the number 15 with a dog trained to bark three times."
                 --- Robert Harley, 5/12/2001, Sci.crypt.

Twenty years later, the snake oil comes in larger bottles:
  https://www.ibm.com/blogs/research/2019/10/on-quantum-supremacy/