[Cryptography] QM giveth, QM taketh away
Bill Stewart
billstewart at pobox.com
Sat Feb 13 14:07:00 EST 2021
On 2/11/2021 8:05 AM, Henry Baker wrote:
> There has been some public hand-wringing in the media
> over China's push for quantum computation to break
> current encryption methods.
>
> I've heard of people working on the following scheme:
>
> 1. One-time pads can't be broken by quantum computation,
> but require incredibly long keys which are hard to manage.
There are other crypto public-key algorithms that are secure against
quantum computing. They tend to have somewhat bulky keys compared to RSA
or ECC, but they're still just keys and don't need OTPs.
And for symmetric crypto, quantum computing is generally at best
equivalent to cutting the key length in half, so doubling the key length
is enough to defeat that. It's still slightly annoying because at some
point you can't fit a key into a single IP packet, but that's a lot less
annoying than OTP
> 2. Quantum key distribution supposedly enables guaranteed
> private distribution of OTP keys.
Quantum key distribution and quantum computing are pretty much
independent issues.
Quantum key distro only works if you have a dedicated path between your
two endpoints, either fiber or free-space. So there are some
applications, like satellite-to-ground, where they can be practical, but
if you use it as link encryption with fibers then you're depending on
trusting the relay points; at that point you might as well just recreate
Kerberos or one of the old pre-public-key key distribution systems.
More information about the cryptography
mailing list