Quantum computing

Robert J. Hansen rjh at sixdemonbag.org
Sun Apr 22 00:05:13 CEST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

> ``never'' is in this case based on one case of provable secure scheme
> (that was notably difficult in implementation)?

I wouldn't be so quick to place blame on the difficulty of  
implementing the one-time pad.  Implementing the OTP is really pretty  
simple: use each pad once and burn it when you're done.  The  
difficulty lies in trying to make fallible human nature rise to the  
level of competency required to use the OTP.

Anyway, to answer your question, no.  It's based on a couple of things.

1.  Many provably secure schemes are isomorphic to the one-time pad.   
This means that the other provably secure schemes share the same  
flaws as the OTP.

2.  The provably secure schemes that aren't isomorphic to the OTP  
typically get broken pretty quickly.

As an example of #2, look at IBM's Atjai-Dwork, which was released at  
CRYPTO97.  Atjai-Dwork was some nice work, really, with a beautiful  
mathematical proof of security.  I emphasize this: _proof_.  It  
wasn't built on conjecture.

Within a year there were three different breaks against Atjai-Dwork.   
Turns out the axioms Atjai and Dwork used to build the algorithm  
weren't quite as robust as they thought.

Moral of the story: proofs of security are nice.  They give us  
something to point and laugh at.




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iQEcBAEBCgAGBQJGKoqZAAoJELcA9IL+r4EJ0NAH/iITpey1J+7LSzmOEhQXmx07
neLiSqeTb++9yy2mWWlYt8WyfvALbljNWrgmyZqFoRrMRVkkF+MhbqEPm9PcyOcp
ndE78mqt+9xI+H7SY6heFyWRemKtXVpGBYalHeFh3P+K/1xzmAio6SwfTw6PxYl+
gvAy1pvvNY1HNi/jux6PzCyI3AVSZGudV92/6cQJkED0UOPIdWcuoyu1PHY2g8St
hhLmVXewBe41P883wV1y3/5mwQBTGp+j6yH9i1FZ/46vzVhRbwidJgtYSZpnB9Yn
fsXfZlazX5MFVIJQyeUOzkARYmD4Go+sALw6TP75HhRrXYBlv7CWAqsMkm57WPg=
=sGBb
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list