The Long-Term Future of the Cryptography Policy Debate

[Roger Fleming]

Stefek Zaba wrote:

[...]
>Quantum computation faces some pretty stiff engineering challenges: the more
>simultaneous states you try to superpose (i.e. "solutions" you investigate
>at once), the harder it is to keep the whole thing from "losing it" (a deep
>technical term :-) In particular searching through 2**256 or so states, as you
>might want to do for factoring attacks on 1024-bit RSA, is more than 
>marginally beyond the state of the theoretical art... for now...[...]

You could say that again. For those who hadn't been aware of the progress of
the quantum computer, one has actually been built, and used to factor the 4 bit
"hard prime" number, 15. Rather delightfully, the core unit was a fresh cup of
really hot tea !! (Well, nearly). The results of these experimenters seemed to
suggest that one requires a distinct nuclear species per bit of the calculation, 
and that S/N ratio declines roughly as 1/2^(no of bits). (Somebody described
this as now being able to add a time/signal strength tradeoff to the list of
possible optimisations.) As such, no degree of refinement will be able to
expand this device beyond around 50 to 60 bits, which is already trivial with
ordinairy computers; so we can breathe a sigh of relief - for now. Of course it
is possible someone will devise a much more efficient device than this "Mk I"
quantum computer. The consequences of a processor that is able to
instantaneously perform massively parallel computations of any size are
almost unimaginable, and will go far beyond obliterating nearly all forms of
crypto.