• 0 Posts
  • 3 Comments
Joined 2 years ago
cake
Cake day: June 12th, 2023

help-circle

  • If you offer someone an algorithm that is impossible to break in a trillion, trillion years, and another algorithm that is in principle impossible to break, but the former algorithm is twice as efficient, then every company on the entirety of planet earth will choose the former. Some companies who pay a lot of money for bandwidth, maybe. “Any company”? Not a chance. Internet is cheap and companies routinely waste money in much more frivolous ways. And for stuff which sells on its security, e.g. messengers like Signal, the advertising value of “our encryption is mathematically unbreakable” would be well worth it. And plenty of individual nerds would opt into it just out of principle, being fully willing to cut their bandwidth in half for fuzzy feelings. Not even to mention military applications. You don’t see such things in reality, because this is, unless I misunderstand something truly massive, impossible. You can’t do unbreakable encryption over the network because you can’t securely share the pad key. Yet, even in this time before people knew DHKE could be potentially broken by quantum computers, nobody used DHKE to exchange keys for one-time pads. Well yes, because that’d be incorrect - by sharing one-time-pad keys with DHKE you’re reducing the security to that of DHKE, so you might as well drop the one-time-pad part and use an ordinary encryption algorithm instead.


  • This is a rather reductive view of quantum cryptography. The two most common applications of it I hear about is the development of encryption algorithms resistant to being broken on quantum computers (the way, say, Shur’s algorithm is known to break RSA) and techniques like quantum key distribution. Both of these are real problems that don’t become meaningless just because one-time pads exist - you need to somehow securely distribute the keys for one-time-pad encryption. That’s why one-time pads aren’t used everywhere (“it would cut the whole internet bandwidth in half overnight” would not have been a sufficient reason - that’d be a tiny price to pay for unbreakable encryption, if it actually worked).