• bunchberry@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    2 days ago

    Quantum encryption won’t ever be a “thing.”

    All cryptography requires a pool of random numbers as inputs, and while different cryptographic methods are more secure than others, all of them are only as secure as their random number pool. The most secure cipher possible is known as a one-time pad which can be proven to be as secure as a cryptographic algorithm could possibly be, and so the only thing that could possibly lead to it being hacked is a poor random number pool. Since quantum mechanics can be used to generate truly random numbers, you could have a perfect random number pool, combined with a perfect cipher, gives you perfect encryption.

    That sounds awesome right? Well… no. Because it is trivially easy these days to get regular old classical computers to spit out basically an indefinite number of pseudorandom numbers that are indistinguishable from truly random numbers. Why do you think modern operating systems allow you to encrypt your whole drive? You can have a file tens of gigabytes bit and you click it and it opens instantly, despite your whole drive being encrypted, because your CPU can generate tens of gigabytes of random numbers good enough for cryptography faster than you can even blink.

    Random number generation is already largely a solved problem for classical computers. I own a quantum random number generator. I can compare it in various test suites such as the one released by NIST to test the quality of a random number generator, and it can’t tell the different between that and my CPU’s internal random number generator. Yes, the CPU. Most modern CPUs both have the ability to collect entropy data from thermal noise to seed a pseudorandom number generator, as well as having a hardware-level pseudorandom number, such as x86’s RDSEED and RDRAND instructions, so they can generate random numbers good enough for cryptography at blazing speeds.

    The point is that in practice you will never actually notice, even if you were a whole team of PhD statisticians and mathematicians, the difference between a message encrypted by a quantum computer and a message encrypted by a classical computer using an industry-approved library. Yet, it is not just that they’re equal, quantum encryption would be far worse. We don’t use one-time pads in practice despite their security because they require keys as long as the message itself, and thus if we adopted them, it would cut the whole internet bandwidth in half overnight. Pseudorandom number generators are superior to use as the basis for cryptography because the key can be very small and then it can spit out the rest of what is needed to encrypt/decrypt the message from it, and deterministic encryption/decryption algorithms like AES and ChaCha20 are not crackable even by a quantum computer.