[4232] in cryptography@c2.net mail archive
Re: quantum cryptanalysis
daemon@ATHENA.MIT.EDU (Bill Stewart)
Tue Feb 23 09:48:18 1999
Date: Mon, 22 Feb 1999 19:05:41 -0800
To: mmotyka@lsil.com, bram <bram@gawth.com>
From: Bill Stewart <bill.stewart@pobox.com>
Cc: John Kelsey <kelsey@plnet.net>, cryptography@c2.net
In-Reply-To: <36BF2E3A.3580@lsil.com>
There are systems where the ratio is $10^100:1, and the encrypter wins big,
and systems where it's 10^6:1. The latter are more interesting,
because it means they can't tap everybody, but they can tap _you_
if they really want you. Most are systems like single-DES, which are
usually avoidable, but it's possible that quantum cryptanalysis will
bring them back for some cases. I'm personally skeptical,
since I speculate that Heisenberg's uncertainty principle limits
the precision of a QC device to something like Planck's constant,
but I could be wrong.
At 10:34 AM 2/8/99 -0800, Michael Motyka wrote:
>Your theory "feels" correct but in one of the more popular real world
>scenarios the $resource$ ratio for the cracker to the encryptor could be
>as high as 10^5 or 10^6 : 1.
>
>> On Fri, 5 Feb 1999, bram wrote:
>> > I have a theory that no matter what computing machine is available, as
>> > long as the same machine is available to both the encrypter and the
>> > cracker, the cracker wins (barring non-turing complete machinery, of
>> > course.)
>> Jim Gillogly pointed out that I misspoke - I meant to say 'the encrypter
>> wins'
Thanks!
Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
