The Long-Term Future of the Cryptography Policy Debate

[Peter Dare]

Can I just summarise again my original point:

Quantum computers will be practical propositions within decades or poss=
ibly
years.

Quantum computers are massively parallel.  You don't have to accept the=

many-worlds interpretation of quantum theory, but if you do it helps to=

understand how that massively parallel functionality is achieved - by s=
haring
the computing effort between instances of the quantum computer across m=
any (two
to the power 48?) universes.  Factorising the product of two large prim=
e
numbers will become a doddle.

Whether or not symmetric algorithms are still workable, RSA (and - thou=
gh I'm
less sure of this - possibly other public key systems) will be much eas=
ier to
crack.  The problem is - how do cyberspace strangers Alice and Bob now
communicate using symmetric algorithms (which we will assume are still
workable) without escrowing symmetric keys with a key distribution serv=
ice?
How, simply, do they agree on a symmetric key if they have never met?  =
And how
will digital signatures work?

Quantum cryptography - a different application from quantum computing -=
 may not
help.  Provided that Bell's inquality is violated (that is, provided th=
ere are
no local hidden variables) - and the experimental evidence overwhelming=
ly
supports the idea that the inequality is indeed violated in nature - th=
en
certainly Bob will always get more of the random bits that Alice transm=
its than
Eve (the eavesdropper) will do, and Alice and Bob can use those bits as=
 a basis
for a symmetric algorithm, including even a one-time pad.  But it requi=
res a
single physical path (for example, a continuous optic fibre) between Al=
ice and
Bob - something that is unlikely to be in place if Alice and Bob have n=
ever met
before.  You can't use an Internet analogy.  Store and forward, network=
ing, are
not options.  Quantum states cannot be relayed.


Peter Dare
peter_dare@uk.ibm.com
=