Question: Thoughts on quantum cryptography?

Chloe Martindale answered on 3 Jan 2020:

There are two approaches to cryptography that is resistant to quantum computers: one using quantum physics and one just using maths and the computers we have now.

The approach using quantum physics is mostly about about ‘quantum key distribution’ – setting up a physical link between two people who want to share a secret, which they can then use to encrypt their messages to each other. The advantage of this is that the methods to do this advance in a similar way to the methods to build the quantum computers that will break the encryption we currently use – so staying ahead of the game is maybe easier to achieve. There are quite some disadvantages though – you have to have (a) the money and (b) the resources to set up a link like this, so it’s likely to only be available to large companies and governments if at all.

This is where the other approach, just using maths and the computers we have now (called ‘post-quantum cryptography’), comes in. While the ideas available here are not yet as mature as the ideas we are currently using, they are considerably ahead of quantum key distribution in terms of what we can do, although the security assumptions are more shaky. I (optimistically) think that in a few (about 10?) years we will be ready, that is, the community will have found all the major attacks (using current computers) on these ideas so that we can be confident our algorithms our secure. Of course once we have a quantum computer on which we can really test quantum algorithms, there may also be some reconsideration of security from that front, but it shouldn’t be completely devastating. My guess is that the major difficulty will be convincing companies to switch to post-quantum cryptography in time, especially since at the moment that will mean companies, when using encryption, either pay for more computing power or sell slower devices.