[cryptography] Subquantum Crypto Attack

Zack Weinberg zack.weinberg at sv.cmu.edu
Fri Jul 26 13:07:39 EDT 2013

... possibly I should be a little less telegraphic about my dismissiveness.

We are (I hope) all familiar with how easy it is to develop a
cryptographic algorithm or a cryptanalytic theorem which is
superficially plausible but completely broken, and how _difficult_ it
is to develop one that is actually correct. Quantum mechanics is much
the same, only (IMHO) more so, because one's natural physical
intuition can be dangerously misleading.  And the intersection of
quantum mechanics and cryptography has all the pitfalls of both

As such, I assume by default that any paper touching on both quantum
mechanics and computation is wrong, until I hear otherwise from
someone who has demonstrated that they know what they are talking
about, _such as_ Scott Aaronson (http://www.scottaaronson.com/blog/);
and I recommend this strategy to all.


On Fri, Jul 26, 2013 at 12:57 PM, Zack Weinberg
<zack.weinberg at sv.cmu.edu> wrote:
> I expect Scott Aaronson would describe this paper as 100% bunk.
> On Fri, Jul 26, 2013 at 12:43 PM, John Young <jya at pipeline.com> wrote:
>> Has subquantum crypto attack been substantiated?
>> arXiv:quant-ph/0203049v2 12 Apr 2002
>> Subquantum Information and Computation
>> Antony Valentini
>> It is argued that immense physical resources – for nonlocal communication,
>> espionage, and exponentially-fast computation – are hidden from us by
>> quantum
>> noise, and that this noise is not fundamental but merely a property of an
>> equilibrium state in which the universe happens to be at the present time.
>> It
>> is suggested that ‘non-quantum’ or nonequilibrium matter might exist today
>> in
>> the form of relic particles from the early universe. We describe how such
>> matter
>> could be detected and put to practical use. Nonequilibrium matter could be
>> used to send instantaneous signals, to violate the uncertainty principle, to
>> distinguish
>> non-orthogonal quantum states without disturbing them, to eavesdrop
>> on quantum key distribution, and to outpace quantum computation (solving
>> NP-complete problems in polynomial time). ...
>> 6 Eavesdropping on Quantum Key Distribution
>> Alice and Bob want to share a secret sequence of bits that will be used as a
>> key for cryptography. During distribution of the key between them, they must
>> be able to detect any eavesdropping by Eve. Three protocols for quantum key
>> distribution – BB84 [20], B92 [21], and E91 (or EPR) [22] – are known to be
>> secure against classical or quantum attacks (that is, against eavesdropping
>> based
>> on classical or quantum physics) [23]. But these protocols are not secure
>> against
>> a ‘subquantum’ attack [7]. ...
>> E91 is particularly interesting for it relies on the completeness of quantum
>> theory – that is, on the assumption that there are no hidden ‘elements of
>> reality’.
>> Pairs of spin-1/2 particles in the singlet state are shared by Alice and
>> Bob, who
>> perform spin measurements along random axes. For coincident axes the same
>> bit
>> sequence is generated at each wing, by apparently random quantum outcomes.
>> ‘The eavesdropper cannot elicit any information from the particles while in
>> transit ..... because there is no information encoded there’ [22]. But our
>> Eve has
>> access to information outside the domain of quantum theory. She can measure
>> the particle positions while in transit, without disturbing the
>> wavefunction, and
>> so predict the outcomes of spin measurements at the two wings (for the
>> publicly
>> announced axes).12 Thus Eve is able to predict the key shared by Alice and
>> Bob.
>> _______________________________________________
>> cryptography mailing list
>> cryptography at randombit.net
>> http://lists.randombit.net/mailman/listinfo/cryptography

More information about the cryptography mailing list