One time pads
Sam Ritchie
kayakwcc at comcast.net
Wed Oct 16 18:20:37 PDT 2002
ACTUALLY, quantum computing does more than just halve the effective key
length. With classical computing, the resources required to attack a given
key grow exponentially with key length. (a 128-bit key has 2^128
possibilities, 129 has 2^129, etc. etc. you all know this...)
With quantum computing, however, the complexity of an attack grows only
polynomially. Hence a MUCH MUCH more agreeable time frame for brute force
attacks. Good stuff, eh?
~SAM
> From: "Trei, Peter" <ptrei at rsasecurity.com>
> Date: Wed, 16 Oct 2002 14:50:03 -0400
> To: David Howe <DaveHowe at gmx.co.uk>, "Email List: Cypherpunks"
> <cypherpunks at lne.com>, "'David E. Weekly'" <david at weekly.org>
> Subject: RE: One time pads
>
>> David E. Weekly[SMTP:david at weekly.org]
>>
>> Naive question here, but what if you made multiple one time pads (XORing
>> them all together to get your "true key") and then sent the different pads
>> via different mechanisms (one via FedEx, one via secure courier, one via
>> your best friend)? Unless *all* were compromised, the combined key would
>> still be secure.
>>
>> As for PKI being secure for 20,000 years, it sure as hell won't be if
>> those
>> million-qubit prototypes turn out to be worth their salt. Think more like
>> 5-10 years. In fact, just about everything except for OTP solutions will
>> be
>> totally, totally fucked. Which means that you should start thinking about
>> using OTP *now* if you have secrets you'd like to keep past when an
>> adversary of yours might have access to a quantum computer. I'd put 50
>> years
>> as an upper bound on that, 5 years as a lower.
>>
>> -d
>>
> Not quite right. My understanding is that quantum
> computing can effectively halve the length of a
> symmettric key, but that does not take it down to zero.
>
> Thus, a 256 bit key would, in a QC world, be as secure
> as a 128 bit key today, which is to say, pretty good.
>
> It's the asymmetric algorithms which have problems.
>
> Peter
More information about the cypherpunks-legacy
mailing list