| ▲ | tsimionescu 2 hours ago | |||||||||||||
By this standard, there is no current encryption method (except for pre-shared one time pads when used correctly) that is known to be unbreakable. For example, it is not proven that prime factoring can't be done much more efficiently on a classical computer - for all we know, it's possible that tomorrow someone will come up with a novel algorithm that can break RSA in just a small number of operations. Same is true for elyptic curves - we don't have any mathematical proof that it's impossible for a much better algorithm than the currently known ones is possible. However, just like for RSA we know that the problem of efficient integer factoring has been worked on for a long time with no progress, the same is true for quantum computing. We have been trying to figure out quantum algorithms for a great number of problems that are hard for classical computers for a long time now, and we haven't been able to, except for the ones that we have. Mathematicians have also developed certain intuitions for which problems have characteristics that make them potentially easier to solve on a QC and which don't. In general, just like with P=NP?, we haven't proven yet if BQP, roughly the class of problems which have efficient QC versions, is equal or not to P, the class of problems that can be efficiently solved on a classical computer; and we also don't know if BQP=NP. So yes, there is at least a theoretical possibility that the problems used for creating post-quantum encryption will turn out to be in BQP, will turn out to have an efficient quantum algorithm that solves them. But that would come from mathematical research, it is entirely unrelated to creating and tinkering with actual quantum computers. The math of quantum algorithms is currently far ahead of the engineering and physics on building the actual computers. | ||||||||||||||
| ▲ | connorboyle an hour ago | parent | next [-] | |||||||||||||
Has there been "no progress" on classical prime factorization? What about the AKS primality test, a polynomial-time algorithm to test the primality of a number, published in 2002? (This is not my field of expertise; I'm genuinely curious if there's a good reason to discount this as progress towards efficient prime factorization) | ||||||||||||||
| ▲ | Cider9986 2 hours ago | parent | prev | next [-] | |||||||||||||
Would post-quantum encryption also be harder for regular computers to crack? | ||||||||||||||
| ||||||||||||||
| ▲ | zeroonetwothree an hour ago | parent | prev | next [-] | |||||||||||||
I would find BQP = NP ≠ P more surprising than P = NP. But maybe it’s just me :) | ||||||||||||||
| ▲ | kibwen an hour ago | parent | prev [-] | |||||||||||||
> except for pre-shared one time pads when used correctly The relevant property here is known as "information-theoretic security", and I'm not sure if one-time pads are the only way to achieve it, e.g. Shamir's secret sharing also has this property (although the use case is slightly different): https://en.wikipedia.org/wiki/Information-theoretic_security | ||||||||||||||
| ||||||||||||||