[E-Lang] Qauantum computing and capabilities

Ralph Hartley hartley@aic.nrl.navy.mil
Thu, 08 Feb 2001 07:31:00 -0500

Chris Hibbert wrote:

> I'll repeat what I said before to emphasize it: I think Ralph explained
> how this is justified theoretically, and on the basis of the recent
> experiments demonstrating storage of photons and their entangled
> properties.  BUT, I don't see any reason to expect that this could ever
> be turned into a practical and secure system.  

As for practical, well we'll see. It may depend on how much demand for 
real security there is. If it is practical it WILL be secure. It is more 
practical now than interstellar travel may ever be.

> Such a system (not needing to know who will eventually observe the
> photons) would require a third party storing the photons long-term, and
> enough trust to believe that that party hadn't found a way to exploit
> their privileged access.  

No trust is required. The laws of physics do not allow the party holding 
the qbits to do anything bad to them but to destroy them. It's not a 
matter of FINDING a way. It can be proven that there IS no way. You 
don't get that very often in cryptography. Do you worry that someone 
will find a way to cryptoanalyze a message encrypted with a one time pad 
without the key? Breaking quantum cryptography, even with access to the 
qbits in transit, is just as hard.

> It's hard to believe they wouldn't be acting in cooperation with whoever
> delivers bits over the same long distances.  They'd have lots of 
> incentive.

The whole idea of quantum cryptography is that it can be absolutely 
secure even if the delivery of the qbits (and classical bits) is 
completely under the control of the attacker. They wouldn't have any 
incentive at all, because it wouldn't allow a successful attack.

Here's what I consider the bottom line on quantum cryptography:

(1) It is strictly stronger than one time pads.  Anything you can do 
with one time pads you can do with quantum cryptography, and any attack 
that fails against one time pads fails against quantum cryptography. 
Also, at least one attack that works on one time pads (stealing the key 
in transit, keeping a copy, and delivering the original) fails against 
quantum cryptography.

(2) It is strictly stronger than public key cryptography, in the same 
sense as above. Unlike public key, it is secure against an attacker with 
infinite computing capacity. If used to replace public key it becomes 
subject to some of the same attacks (Eve can impersonate Bob if she can 
substitute her own public key for Bob's).

(3) It is strictly easier than quantum computation. If you can make a 
quantum computer that works well enough to do the factoring needed to 
break public key cryptography, you already have the most problematical 
components for quantum cryptography (relaying and error correction). Non 
technical (market, political, etc.) considerations could prevent it from 
being available of course.

 From these observations I conclude that security is not fundamentally 
threatened by quantum information processing. Quantum cryptography can 
be expected to be an upwards compatible replacement for anything quantum 
computation breaks. As someone already said, what quantum takes away 
quantum gives back.

I'm really more interested in what things quantum computation might 
allow, that conventional computers do not. I know unforgable money is 
one. It is not known exactly what NEW security primitives might be 
possible. It would be desirable that a language for talking about 
security and access control (e.g. capabilities as an abstract example, 
or E as a concrete one) have the ability to express any new security 
primitives even if they can not be implemented with current technology.

Ralph Hartley