Comment Re: Long term secrecy: there are much cheaper ways (Score 1) 125
The point about long-term secrecy is interesting, however, it can be cheaply addressed with classical cryptography, in a provably secure way (NOT depending on any computational assumptions like RSA).
http://athome.harvard.edu/dh/hvs.html
You still need more assumptions than with QC, which is why I don't exactly buy this approach, but if you really need long-term security, you might consider this scheme.
As for QC, it is expensive, point-to-point only, and makes sense only if you are worried about somebody breaking RSA or a similar problem. But the worst thing about QC is that we have no practical experience with it. QC may be theoretically unbreakable, but what about all the accompanying software and the normal communication channels that are necessary for QC to work, and standard attacks against those channels? QC is not only quantum transmission, but the whole suite of accompanying (classical) protocols, whose implementation might be seriously broken. We don't know. Why should anyone spend large amounts of money on something that may be, and in the current implementation probably is, broken and not secure at all?
http://athome.harvard.edu/dh/hvs.html
You still need more assumptions than with QC, which is why I don't exactly buy this approach, but if you really need long-term security, you might consider this scheme.
As for QC, it is expensive, point-to-point only, and makes sense only if you are worried about somebody breaking RSA or a similar problem. But the worst thing about QC is that we have no practical experience with it. QC may be theoretically unbreakable, but what about all the accompanying software and the normal communication channels that are necessary for QC to work, and standard attacks against those channels? QC is not only quantum transmission, but the whole suite of accompanying (classical) protocols, whose implementation might be seriously broken. We don't know. Why should anyone spend large amounts of money on something that may be, and in the current implementation probably is, broken and not secure at all?
