In 1977, Rivest, Shamir, and Adleman proposed the first Public Key Encryption system, that now secures all of our financial data and much of our government data.
The security rested on one premise, "We don't think computers can quickly factor large numbers." While the jury is still out on whether classical computers can quickly factor large numbers, we now know that quantum computers can quickly factor large numbers.
I was at a meeting on quantum technologies on July 5th, 2018, in Munich. There, a chief scientist from Intel informed us that their conservative estimate for a universal quantum computer was 10 years. I asked, "Ten years or more?" She replied, "Ten years or less."
Today the USA is ahead in the development of quantum computers. That lead will not last long.
In part, due to that evanescent lead, the Chinese have decided to move to a quantum cryptography based system, which is immune to attacks by even a quantum computer. And they have invested $30B to develop a quantum computer of their own.
In the meantime, the USA response to this threat is not to invest in a provably secure quantum cryptosystem, but rather to move to a "new" public-key crypto-system, post quantum-cryptograpy, which they hope—but cannot prove!—is immune to an attack by even a quantum computer.
This is the US National Security Agency position on the matter, and their protocols are being tested, quantified, and standardized by the US National Institute of Science and Technology—ready soon to be rolled out.
This is a fool's errand.
This US approach to the threat posed by quantum computers is simplistic, nearsighted, and dangerous.
Quantum key distribution uses an unbreakable one-time pad. This scheme is used by the US diplomatic corps, the CIA, and for the nuclear launch codes. Currently, the launch codes are distributed to the missile silos on 3.5" floppies driven around by a guy in a truck. Surely we can do better than that?
And why are diplomatic communications, intelligence communications, and the nuclear launch codes secured with one-time pads? It is because that the users of these systems do not trust public key encryption, since it is not provable secure. Moving to a different un-provably secure public-key encryption system does not change this reality.
The move embrace post quantum-cryptography is a move away from developing a quantum internet, for which no such public key is needed. The quantum internet is automatically secured by quantum cryptography.
To quote myself, " The future of the quantum Internet is in photons and the short circuiting of the development of optical quantum information processors in the United States means that the future quantum Internet will have 'Made in China' stamped all over it." — Schrödinger's Killer App (2013).
The future of the the quantum internet is certainly not post quantum-cryptography.
We have a completely unbreakable quantum key distribution protocol — why the hell don't we use it!?
Post quantum-cryptography is a small band-aid on an arterial wound.
The security rested on one premise, "We don't think computers can quickly factor large numbers." While the jury is still out on whether classical computers can quickly factor large numbers, we now know that quantum computers can quickly factor large numbers.
I was at a meeting on quantum technologies on July 5th, 2018, in Munich. There, a chief scientist from Intel informed us that their conservative estimate for a universal quantum computer was 10 years. I asked, "Ten years or more?" She replied, "Ten years or less."
Today the USA is ahead in the development of quantum computers. That lead will not last long.
In part, due to that evanescent lead, the Chinese have decided to move to a quantum cryptography based system, which is immune to attacks by even a quantum computer. And they have invested $30B to develop a quantum computer of their own.
In the meantime, the USA response to this threat is not to invest in a provably secure quantum cryptosystem, but rather to move to a "new" public-key crypto-system, post quantum-cryptograpy, which they hope—but cannot prove!—is immune to an attack by even a quantum computer.
This is the US National Security Agency position on the matter, and their protocols are being tested, quantified, and standardized by the US National Institute of Science and Technology—ready soon to be rolled out.
This is a fool's errand.
This US approach to the threat posed by quantum computers is simplistic, nearsighted, and dangerous.
Quantum key distribution uses an unbreakable one-time pad. This scheme is used by the US diplomatic corps, the CIA, and for the nuclear launch codes. Currently, the launch codes are distributed to the missile silos on 3.5" floppies driven around by a guy in a truck. Surely we can do better than that?
And why are diplomatic communications, intelligence communications, and the nuclear launch codes secured with one-time pads? It is because that the users of these systems do not trust public key encryption, since it is not provable secure. Moving to a different un-provably secure public-key encryption system does not change this reality.
The move embrace post quantum-cryptography is a move away from developing a quantum internet, for which no such public key is needed. The quantum internet is automatically secured by quantum cryptography.
To quote myself, " The future of the quantum Internet is in photons and the short circuiting of the development of optical quantum information processors in the United States means that the future quantum Internet will have 'Made in China' stamped all over it." — Schrödinger's Killer App (2013).
The future of the the quantum internet is certainly not post quantum-cryptography.
We have a completely unbreakable quantum key distribution protocol — why the hell don't we use it!?
Post quantum-cryptography is a small band-aid on an arterial wound.