Re: I don't believe Quantum Computing will ever threaten Bitcoin
In my opinion, post quantum cryptography should not be confused with cryptography based on the mutual relation of quantum states of photons.
Post-quantum cryptography uses mathematical coding methods.
Physical laws of the quantum world are used in quantum cryptography.
Post quantum systems, most of them, were developed 10-20 years ago. Some of them are new, developed recently. But they're all based on mathematics.
They should not be confused with related quantum states, it's a completely different approach to the problem.
I agree, and I'm well aware of the distinction. Post-quantum cryptography and quantum cryptography are completely different things. It's unfortunate that they have such similar names!Post-quantum cryptography uses mathematical coding methods.
Physical laws of the quantum world are used in quantum cryptography.
Post quantum systems, most of them, were developed 10-20 years ago. Some of them are new, developed recently. But they're all based on mathematics.
They should not be confused with related quantum states, it's a completely different approach to the problem.
We are not interested in quantum cryptography, it is not our level, it is not intended for ordinary users.
And it's not even planned for us.
It's post quantum mathematical cryptography that we are planning.
Not sure I agree with this point. I would contend, as I have previously, that work in quantum cryptography is progressing at pace and whilst there are technical issues to overcome, it does potentially offer a fundamentally unhackable solution to quantum attacks, and one which can be used in the mainstream. Having said that, of course post-quantum cryptography is hugely important as well, and work is progressing there, too. There's no need to focus on just the one approach, though, and dismiss the other.And it's not even planned for us.
It's post quantum mathematical cryptography that we are planning.
You are very mistaken about the length of the key if you think that a quantum computer can solve the problem of a complete search for a key only 256 bits long. No quantum computer can do that. That's why the AES-256 remains a post quantum system.
I think we agree, but are coming at this from different angles. An increase in key length is trivial to overcome if we're talking about asymmetric cryptography, where a quantum computer can apply Shor's algorithm. But as you state below, AES-256 is symmetric.AES-256 with only 256 bits of key is definitely left (it's a symmetric system), but all our asymmetric systems (including RSA and ECC) are not.
AES-256 security may be fine currently, it may be resistant to the best current attack (Grover search), but that's my point. Quantum cryptography uses the laws of quantum mechanics to make a system absolutely unhackable for all time, whereas post-quantum cryptography makes a system secure against current attacks, with no guarantee of security against future technology or future algorithms.If AES-256 can beat Grover, what about other approaches? Quantum Square Attacks? Biclique Attacks? How about all mathematical attacks that haven't yet been devised?
I'm being flippant, and I do agree that there is certainly a chance that a post-quantum cryptography solution will remain forever secure, but we can't know for certain. My point is merely that we should investigate both quantum cryptography and post-quantum cryptography. It seems wasteful to focus solely on one approach.
I value the discussion immensely, by the way - thank you
