Is quantum cryptography practical or is it no good?
Is quantum cryptography practical or is it no good?
Nolan King
Oliver Hall
Yes.
Logan Sanchez
25
Elijah Powell
It's a scam for free funding, invalid phds, and money washing.
blog.cr.yp.to
Blake Bailey
the quantum computing is only probabilistic, it is not deterministic. This means no 1-to-1 answers, only likely answers and less likely answers.
Quantum cryptography in the sense of breaking standard cryptography is good. A Q-computer cannot break an encryption key, but it can tell you where it is likely to be found, allowing you to begin brute forcing in the most likely number range.
As far as encryption goes, I dont believe we have the technology (or even an idea) of how to proceed. The very act of reading a quantum state changes it's value meaning we will need to devise some sort of tricky method to actually use it for encryption
Ayden Nguyen
Some pretty good seminar videos here on real not scifi post-quantum crypto if anybody is interested
2017.pqcrypto.org
Indeed the "Quantum Cryptography" is a gigantic scam
Lucas Roberts
>Indeed the "Quantum Cryptography" is a gigantic scam
Non-quantum physicist here and yes, this is what I thought as well.
Q-computers seem good for encryption breaking by giving you a 'number neighbrohood' that an encryption key could lie in, but dont seem all that good for actually encrypting.
I hear they could be used for key exchange though, owing to the fact their state gets changed upon observation, meaning they could be used to share a key between person 1 and 2 and as soon as person 2 views the key its state is changed meaning nobody else can view the key
Nolan Butler
10/10
/thread
Angel Garcia
Wrong link, djb explains QKD snakeoil here (both the implementation and even the theory itself is bogus) twitter.com
John Collins
Maybe, maybe not.
Q computing can only tell you the general area where the key lies, it cant tell you what the key actually is.
To counteract this I imagine RSA or ECC keys could simply be scaled in key size.
I would think that given an arbitrarily large RSA or ECC key value, even if a Q computer tells you where to start looking it may still take you millions of years to find the actual key.
Although whether having key sizes this large (megabytes in size?) is practically applicable is another story altogether.
Easton Turner
>Non-quantum physicist here
What the fuck does that mean? Any actual physicist knows and uses quantum mechanics, even if it doesn't directly apply to your research area (which is pretty unusual nowadays).
t. Actual PhD physicist
Lincoln Walker
>Im dont understand why people use the term quantum physicist
Looks like they really awarded a PhD to a winner this time
Brayden Sanchez
Literally all modern trained physicist are quantum physicists
Noah Green
then you understand the usage of the term now?
Gavin Sullivan
>Any actual physicist knows and uses quantum mechanics, even if it doesn't directly apply to your research area
not all physicists were gullible enough to fall for the "quantum" meme
Jonathan Cruz
>not all biologists were gullible enough to fall for the "evolution" meme
t. Ken Ham
Thomas Green
Not all astrologers were gullible enough to fall for the 'round earth' meme
Liam Butler
not all mathematicians were gullible enough to fall for the "real numbers" meme
t. all-seeing leprechaun
Ryan Gray
Not all historians were gullible enough to fall for the 'Einstein invented the mass-equivalence principle" meme
Nolan Gonzalez
djb wrote a book outlining how RSA, DSA, ECDSA, ECC, HECC, class groups ect are all dead in a post quantum world in that they will be trivial to run Shor's or Grover's algorithm on but McEliece (code based) NTRU (lattice based) HFE (Multivariate) and even AES will generally survive
Colton Anderson
Well it makes sense that AES will survive, its only a method of cryptology, not a type of key.
It also makes sense that shors algorithm makes all of the previosly mentioned keys obsolete, they all rely on the difficulty of factoring a very large prime number.
Did this person mention anything about the ElGamal cryptosystem? ElGamal relies on the difficulty of finding a discrete logarithm of a very large number, have you heard of any quantum algorithms that are able to determine discrete logarithms?
Kevin Martin
>not all forward-thinkers were gullible enough to fall for the "biologically determined sex" meme
t. Bill Nye
Jason Morris
...
Jeremiah Russell
Security and privacy engineer here; I did my graduate research in cryptography.
An important distinction to be made is that between "quantum cryptography" and "quantum-safe cryptography." The former refers to the development of cryptographic algorithms based upon principles of quantum computing; the latter refers to the development of cryptographic primitives resistant to cryptanalysis making use of the power of quantum computing.
The first is both practical and useful insofar as the development of quantum links becomes inexpensive and widespread: for example the observer effect in QM gives us an extremely powerful (and useful) method for key exchange.
The latter is a bit fuzzier. Its usefulness is a function of how likely you believe quantum computing is to be viable at scale, and current practicality is hardly more than a guess. All of the "quantum-safe" algorithms we currently have are given this title based on nothing more than the fact that the associated hardness assumption dos not relate to factoring. We're not entirely certain of the classes of classically intractable problems which become tractable in the context of QC.
Eli Parker
Circadia 3301 thinks so.
John James
>To counteract this I imagine RSA or ECC keys could simply be scaled in key size.
Check eprint.iacr.org
They use an 1TB RSA key.
John King
ECC/DSA/DH/ECDHA and ElGamal all rely on discrete logarithms, also broken by shor.
Don't forget Hash-based signatures as well as this thing en.wikipedia.org
>NTRU
Ring learning with errors algorithms are better due to provable security reductions to known NP-hard problems such as SVP.
You would probably want to look for New Hope instead.
Wyatt Thompson
>The first is both practical and useful
and a scam
Adrian Powell
djb and his students replaced New Hope practical key lengths with his paper NTRU Prime (and then later "Streamlined NTRU Primeā) last year in which they didn't rely on the classic NTRU/Ring-LWE tradition of using cyclotomic rings which have performance issues. So you get the practical key length of New Hope + optimized crypto speeds that make lattice crypto usable.
The best hash-based sigs so far proposed for the post-quantum world is SPHINCS-256 because it is stateless, so they could prove it is secure against quantum resources.
Anybody here who doesn't know, Daniel Bernstein and Tanja Lange teamed up to make a post-quantum, crypto engineering department in the Netherlands at TU/e after he was given a multi million euro grant to start such a school. djb fled the US during Obama's tenure as King of USA as the NSA made opening any such school impossible according to him.
As a result, they're now churning out excellent papers every semester on analyzing post quantum algorithms and optimizing them, and he runs the biggest crypto bench/analysis team in the world so other researchers can send their implementations to them to be analyzed for free and collaborate.
tl;dr if you are at all considering a grad school for cryptography, try and get into TU/e either their math masters program or direct PhD track where you get first hand experience with these PQ algorithms and test beds.
Liam Martinez
They had organised 2017.pqcrypto.org
Wasn't aware of that paper before, thanks. I am thinking of applying to get into TU/e after I finish with my undergrad degree but I fear that it might be too hard for me.