Bennett and Brassard have now been named the winners of the A.M. Turing Award, one of the highest honors in computing, for “their essential role in establishing the foundations of quantum information science and transforming secure communication and computing.” The award comes with a $1 million prize.No, they did not transform secure communications. Their work has no practical applications.
Scott Aaronson says:
This is the first-ever Turing Award specifically for quantum stuff (though previous Turing Award winners, including Andy Yao, Leslie Valiant, and Avi Wigderson, have had quantum among their interests).The BB84 protocol suffers several technical flaws.As a practical proposal, BB84 is already technologically feasible but has struggled to find an economic niche, in a world where conventional public-key encryption already solves much the same problem using only the standard Internet—and where, even after scalable quantum computers become able to break many of our current encryption schemes, post-quantum encryption (again running on the standard Internet) stands ready to replace those schemes. Nevertheless, as an idea, BB84 has already been transformative, playing a central role in the birth of quantum information science itself.
The most important thing in secure communications is authentication. This is currently done with digital signatures and certificates, using RSA or ECDSA. This underlies everything. It is the most important part of ubiquitous protocols like https and ssh. But the quantum crypto cannot do it. That makes it useless for anything serious.
The next fatal defect is that it depends on hardware quirks. You have to have analog equipment that may or may not have the required precision, and may have analog vulnerabilities. This makes is subject to hardware attacks.
This makes is vastly inferior to the math-based crypto methods, because the math is not subject to hardware attacks. If a digital crypto device outputs bits that do not have the desired voltage or frequency, no info is leaked.
Another flaw is that the main BB84 security guarantee is that an attacker can probably be detected, so that transmission can be terminated. This has no value. In today's internet, systems get attacked all the time, and no one wants to shut down a communication because it is being attacked. Conventional cryptosystems are designed to be immune to such attacks.
Another flaw is that the internet is run on millions of routers. Using quantum crypto requires that all those routers be quantum computer routers. The quantum router has not even been invented, and even if it is possible, it will never be economical or have the necessary throughput.
All this has been known for decades, and that is why no one uses it, except for a few research demo projects.
No comments:
Post a Comment