Bennett and Brassard have now been named the winners of the A.M. Turing Award, one of the highest honors in computing, for “their essential role in establishing the foundations of quantum information science and transforming secure communication and computing.” The award comes with a $1 million prize.No, they did not transform secure communications. Their work has no practical applications.
Scott Aaronson says:
This is the first-ever Turing Award specifically for quantum stuff (though previous Turing Award winners, including Andy Yao, Leslie Valiant, and Avi Wigderson, have had quantum among their interests).The BB84 protocol suffers several technical flaws.As a practical proposal, BB84 is already technologically feasible but has struggled to find an economic niche, in a world where conventional public-key encryption already solves much the same problem using only the standard Internet—and where, even after scalable quantum computers become able to break many of our current encryption schemes, post-quantum encryption (again running on the standard Internet) stands ready to replace those schemes. Nevertheless, as an idea, BB84 has already been transformative, playing a central role in the birth of quantum information science itself.
The most important thing in secure communications is authentication. This is currently done with digital signatures and certificates, using RSA or ECDSA. This underlies everything. It is the most important part of ubiquitous protocols like https and ssh. But the quantum crypto cannot do it. That makes it useless for anything serious.
The next fatal defect is that it depends on hardware quirks. You have to have analog equipment that may or may not have the required precision, and may have analog vulnerabilities. This makes is subject to hardware attacks.
This makes is vastly inferior to the math-based crypto methods, because the math is not subject to hardware attacks. If a digital crypto device outputs bits that do not have the desired voltage or frequency, no info is leaked.
Another flaw is that the main BB84 security guarantee is that an attacker can probably be detected, so that transmission can be terminated. This has no value. In today's internet, systems get attacked all the time, and no one wants to shut down a communication because it is being attacked. Conventional cryptosystems are designed to be immune to such attacks.
Another flaw is that the internet is run on millions of routers. Using quantum crypto requires that all those routers be quantum computer routers. The quantum router has not even been invented, and even if it is possible, it will never be economical or have the necessary throughput.
All this has been known for decades, and that is why no one uses it, except for a few research demo projects.
Dear Roger,
ReplyDeleteI know only one of them [haven't checked up on the news and the men yet, just going by what I already know], and I came to know of him only in that context in which I'd already had cracked the Maxwell's demon problem; I guess it was when I was idly reading a lot of thermo books (mainly to understand chemical potential, a concept which I still don't understand and have left that entire field anyway), came across the problem, and solved it [what I today can tell] in simpler ontologically well-defined terms.
You know which one.
The devil in me says: If Bennett isn't already with Google, Sundar should offer him a job and he should accept it. The road has already been paved for yet another Nobel in Physics, to a Turing Award winner. And, despite arXiv becoming an NGO, they must in full faith keep denying me the deposition my 2022 iqWaves paper in the [quant-ph] category; cf., e.g., https://arxiv.org/abs/2601.00010 or https://arxiv.org/abs/2603.19189.
--Ajit
[The Real PACS Keywords: Nobel; Physics]
And, oh, by the by...
DeleteJust in case my enemies (whether here or there in your country) wish to take the above to ``prove'' themselves ``right,'' once again:
No, the problem on my PhD qualifiers at UAB was as nothing to that meaning of the chemical potential which I was struggling to get at, at that point of time. The problem on my PhD qualifiers was merely about the diff betn reaction thermo vs. kinetics (rates of reactions).
The problem of Maxwell's demon was, in comparison, both cute and, to my utter delight, when I read Benette's solution, my back then solution was also better. But yes, it's been years since I forgot both Bennette's much [unnecessarily] celebrated solution, and my [actually better] solution.
Americans know how to care for one of their own. That's for sure!
--Ajit
[And, though, while at UAB, I was impressed by America, I no longer feel the need to put the scare-quotes around ``Americans,'' any longer. Nothing to do with the last 10-odd years, BTW.]