[Cryptography] QM giveth, QM taketh away
John Denker
jsd at av8n.com
Fri Feb 12 04:04:48 EST 2021
On 2/11/21 9:05 AM, Henry Baker wrote:
> There has been some public hand-wringing in the media
> over China's push for quantum computation to break
> current encryption methods.
>
> I've heard of people working on the following scheme:
>
> 1. One-time pads can't be broken by quantum computation,
> but require incredibly long keys which are hard to manage.
>
> 2. Quantum key distribution supposedly enables guaranteed
> private distribution of OTP keys.
>
> 3. Quantum effects enable the *generation* of true random
> numbers for OTP encryption.
>
> Is this the post-quantum future?
As for item 1: This is well known to be true. It is not news.
As for item 3: This is clearly false.
For present purposes, quantum noise is serpentoleum. It is in
no ways better than plain old thermal noise. The underlying
physics does not distinguish between the two in any relevant
way.
As for item 2: The word "supposedly" distracts from what I take
to be the intended meaning, so let's factor that out and focus
on whether quantum computing is necessary and/or sufficient to
permit distribution of OTP material. The answers appear to be
"no" and "no":
— Not necessary because you can set up a private channel using
SIDH or something like that.
https://en.wikipedia.org/wiki/Supersingular_isogeny_key_exchange
— Not sufficient because the problem you're trying to solve is
complicated. After you have secured the raw channel, there remain
authentication issues that the QM doesn't help you with.
As for all the hand-wringing, I am reminded of this:
"We can factor the number 15 with quantum computers. We can also
factor the number 15 with a dog trained to bark three times."
--- Robert Harley, 5/12/2001, Sci.crypt.
Twenty years later, the snake oil comes in larger bottles:
https://www.ibm.com/blogs/research/2019/10/on-quantum-supremacy/
More information about the cryptography
mailing list