[Cryptography] QM giveth, QM taketh away

Bill Stewart billstewart at pobox.com
Sat Feb 13 14:07:00 EST 2021

On 2/11/2021 8:05 AM, Henry Baker wrote:
> There has been some public hand-wringing in the media
> over China's push for quantum computation to break
> current encryption methods.
> I've heard of people working on the following scheme:
> 1. One-time pads can't be broken by quantum computation,
> but require incredibly long keys which are hard to manage.

There are other crypto public-key algorithms that are secure against 
quantum computing. They tend to have somewhat bulky keys compared to RSA 
or ECC, but they're still just keys and don't need OTPs.

And for symmetric crypto, quantum computing is generally at best 
equivalent to cutting the key length in half, so doubling the key length 
is enough to defeat that. It's still slightly annoying because at some 
point you can't fit a key into a single IP packet, but that's a lot less 
annoying than OTP

> 2. Quantum key distribution supposedly enables guaranteed
> private distribution of OTP keys.

Quantum key distribution and quantum computing are pretty much 
independent issues.

Quantum key distro only works if you have a dedicated path between your 
two endpoints, either fiber or free-space. So there are some 
applications, like satellite-to-ground, where they can be practical, but 
if you use it as link encryption with fibers then you're depending on 
trusting the relay points; at that point you might as well just recreate 
Kerberos or one of the old pre-public-key key distribution systems.

More information about the cryptography mailing list