Adressing quantum computer threatens crypto FUD spread by total fucking morons

Peter Fairbrother peter at tsto.co.uk
Tue Feb 6 09:04:49 PST 2024 

On 06/02/2024 13:28, pro2rat at yahoo.com.au wrote:
> Quantum encryption is the current gold standard.


Never heard of it.

Seriously.


I have heard of post-quantum cryptography, but that's apparently a
different thing - it certainly doesn't have the properties you seem to
attribute to it, it is just methods to defeat a potential future threat
to modern cryptography from quantum computers by using classical
techniques chosen for QC-resistance.

Sociologically, it is pretty much the same as present-day public-key
cryptography. Public/private keypairs, key exchange, signatures, hashes,
ciphers etc. You can also do standard classical tricks like oblivious
transfer, ORAM, zero-knowledge proofs, oblivious two-party computation
and universal reencryption, at least if you choose the right systems.



Also, there are so-called quantum key distribution systems which rely on
transfer of prechosen or entangled quanta, usually light quanta. Despite
the name you can't actually distribute a key that way, you need more -
these aren't suitable for information transfer, only key agreement (like
DH, Alice and Bob both end up with the same unpredictable number).

[there is also Kak's three pass protocol, which can pass information,
but has flaws, is subject to cloning MITM, other MITM, and is nowhere
near a gold standard - though I suppose it could be called quantum
encryption, at a pinch]

(they also aren't fast enough for file transfer type encryption, eg to
set up an OTP - and good modern classical ciphers are quantum-computer
resistant anyway. But not theoretically unbreakable.)

Well-designed prechosen or entangled quanta systems are, in theory, (but
in practice? not so much) not subject to a cloning man-in-the-middle
attack, but are hard to implement, and to be useful they would need a
network of quantum-state-retaining switches (possible, but it doesn't
exist now) and quantum repeaters - justaboutpossible, but you certainly
can't buy them from Cisco (or anyone else).

They also require an authenticated classical side channel to be secure.
Ooops.

We can attack that classically, so the "theoretically unbreakable
because unclonable quantum cryptography" is just so much eyewash.



Peter Fairbrother

More information about the cypherpunks mailing list