
Quantum Computing and Cryptography - stargrave
https://www.schneier.com/blog/archives/2018/09/quantum_computi_2.html
======
amirhirsch
"Just as it took decades for us to get supercomputers in our pockets, it will
take decades to work through all the engineering problems necessary to build
large-enough quantum computers."

This is not an accurate analogy, and you shouldn't believe that there is a
continuous engineering path to practical quantum computing as there was for
miniaturization of semiconductors. We understood that there was "plenty of
room at the bottom" for semiconductors and classical computation and had
"Moore's Law" which pointed to a future with supercomputers in our pocket.
However the physics of quantum computation are not so well bounded today, and
the author acknowledges that we may not be able to build such quantum
computers, and he is placing a bet.

Let me place my bet: error correction will prove intractable for quantum
computation, with a recursive relationship between the size and coherence time
of a topological qubit, such that the minimum number of particles required to
factor N-bit numbers will exceed the number of particles in the universe for
an N that is small enough to just keep using RSA on classical computers.

~~~
rjzzleep
That's such a weird thing to say. It's not like computing as it is now was
considered possible in the beginning.

I remember sitting with a bunch of the German senior communication networks
folks in the tube in Hamburg and they were talking stories of the past, when
their professors told them how utterly impossible/ridiculous today's
networking is.

------
nabla9
>But if the unimaginable happens, that would leave us with cryptography based
solely on information theory: one-time pads and their variants.

If I remember correctly Zones of Thought series by Vernor Vinge has aliens
that can do that (I don't want to spoil out why, because it's one of the great
ideas in the book). As a countermeasure, there are spaceships carrying massive
amount of bits around to be used as one-time pads.

~~~
parley
You remember correctly. This is present in "A fire upon the deep" by Vinge,
which is one of the best sci-fi books I have read (although I am not
particularly well read). Really, that book contained several concepts (the
drifting tech zones, the hive mind mechanisms, etc) that made it an amazing
read. I would recommend it to anyone who appreciates sci-fi.

EDIT: I forgot to add that the book was also a Hugo Award (Best Novel) winner,
which I just noticed/remembered as I took it down from my bookshelf to re-read
it... =o)

------
mathgenius
> Yes, I know that quantum key distribution is a potential replacement for
> public-key cryptography. But come on -- does anyone expect a system that
> requires specialized communications hardware and cables to be useful for
> anything but niche applications?

I don't think there is any inherent reason why this would have to be done
using "specialized communications hardware and cables". Didn't the Chinese
just demonstrate entanglement sharing via satellite?

I could imagine a post-quantum computing era where it is even possible to
know, with certainty, if you have been hacked, or data breached, because of
quantum cryptography. We are not any where near this kind of technology right
now, but the physics is real.

~~~
ThePhysicist
Yes, sounds a lot like the "I think there is a world market for maybe five
computers" prediction by IBM's president in 1943.

Practical quantum cryptography is actually not that far away IMHO as the
theory is solid and there have been many successful test deployments in the
field already.

Sure the equipment is specialized but not much more than e.g. the electronics
that you need for a mobile baseband station or other specialized applications.
You mostly need a good single-photon source and some high-quality optical
components and there's no fundamental obstacle to producing those in large
quantities and (eventually) for an affordable price. Also, high-quality fiber-
optical cables are expensive but not prohibitively so, hence intra-city
quantum links seem absolutely feasible and even inter-city connections are
doable (and as you pointed out even satellite or line-of-sight communication
is possible).

In my understanding the main issue that most cryptographers have with schemes
like quantum key distribution is that they require classical cryptography in
the bootstrapping process, so by their argument they can never be better than
those classical schemes. They often forget to mention though that the
adversary needs to be able to crack the classical cryptography during the key
exchange process (i.e. within a few milliseconds to seconds), so the method is
still much safer than any classical key exchange method except if you're
facing a god-like adversary.

~~~
posterboy
The "five computers" taken out of context might seem ridiculous but it is hard
to believe that wouldnt have been obvious back then and so must have been
understood differently, e.g. five mainframes to connect to per terminal and/or
diversion to discourage competition. And it's not qualified over time, so it
might have meant the very near future.

... or five architectures, five development boxes and the rest restricted
implementations, ie. five different co-processors e.g. for time table
scheduling which were selling by the time already.

~~~
lokedhs
The Wikipedia page on Watson discusses attempts at finding the source for this
quote, but explains that there seems to be no consensus on this.
[https://en.wikipedia.org/wiki/Thomas_J._Watson](https://en.wikipedia.org/wiki/Thomas_J._Watson)

It does quote Howard Aiken saying this in 1952:

    
    
        Originally one thought that if there were a half dozen
        large computers in this country, hidden away in research 
        laboratories, this would take care of all requirements
        we had throughout the country
    

Even though it's likely that Watson never made this particular statement, the
sentiment that the statement itself carries was a real one, and certainly
existed in the 40's.

What would be interesting to know is when the shift happened from computers
being seen as a niche tool to something that everybody would use.

------
smarky0x7CD
Numerous post-quantum public key cryptosystems exist that a completely
classical party can run. Schneier left these out of his discussion for key
distribution if quantum supremacy were to ever occur.

------
HIPisTheAnswer
Perpetual motion machines. We heard it before. Controlled fusion, free energy,
bla bla bla, bullshit, more bullshit, and a bit mor bullshit. Ohh look! The
Santa Claus !

~~~
sctb
Could you please not post like this? We're here for thoughtful and informative
discussion.

[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

