[E-Lang] Qauantum computing and capabilities
Thu, 08 Feb 2001 07:31:00 -0500
Chris Hibbert wrote:
> I'll repeat what I said before to emphasize it: I think Ralph explained
> how this is justified theoretically, and on the basis of the recent
> experiments demonstrating storage of photons and their entangled
> properties. BUT, I don't see any reason to expect that this could ever
> be turned into a practical and secure system.
As for practical, well we'll see. It may depend on how much demand for
real security there is. If it is practical it WILL be secure. It is more
practical now than interstellar travel may ever be.
> Such a system (not needing to know who will eventually observe the
> photons) would require a third party storing the photons long-term, and
> enough trust to believe that that party hadn't found a way to exploit
> their privileged access.
No trust is required. The laws of physics do not allow the party holding
the qbits to do anything bad to them but to destroy them. It's not a
matter of FINDING a way. It can be proven that there IS no way. You
don't get that very often in cryptography. Do you worry that someone
will find a way to cryptoanalyze a message encrypted with a one time pad
without the key? Breaking quantum cryptography, even with access to the
qbits in transit, is just as hard.
> It's hard to believe they wouldn't be acting in cooperation with whoever
> delivers bits over the same long distances. They'd have lots of
The whole idea of quantum cryptography is that it can be absolutely
secure even if the delivery of the qbits (and classical bits) is
completely under the control of the attacker. They wouldn't have any
incentive at all, because it wouldn't allow a successful attack.
Here's what I consider the bottom line on quantum cryptography:
(1) It is strictly stronger than one time pads. Anything you can do
with one time pads you can do with quantum cryptography, and any attack
that fails against one time pads fails against quantum cryptography.
Also, at least one attack that works on one time pads (stealing the key
in transit, keeping a copy, and delivering the original) fails against
(2) It is strictly stronger than public key cryptography, in the same
sense as above. Unlike public key, it is secure against an attacker with
infinite computing capacity. If used to replace public key it becomes
subject to some of the same attacks (Eve can impersonate Bob if she can
substitute her own public key for Bob's).
(3) It is strictly easier than quantum computation. If you can make a
quantum computer that works well enough to do the factoring needed to
break public key cryptography, you already have the most problematical
components for quantum cryptography (relaying and error correction). Non
technical (market, political, etc.) considerations could prevent it from
being available of course.
From these observations I conclude that security is not fundamentally
threatened by quantum information processing. Quantum cryptography can
be expected to be an upwards compatible replacement for anything quantum
computation breaks. As someone already said, what quantum takes away
quantum gives back.
I'm really more interested in what things quantum computation might
allow, that conventional computers do not. I know unforgable money is
one. It is not known exactly what NEW security primitives might be
possible. It would be desirable that a language for talking about
security and access control (e.g. capabilities as an abstract example,
or E as a concrete one) have the ability to express any new security
primitives even if they can not be implemented with current technology.