Cryptography Reference
In-Depth Information
A New Spin on Quantum Cryptography:
Avoiding Trapdoors and Embracing Public Keys
Lawrence M. Ioannou
1
,
2
and Michele Mosca
1
,
2
,
3
1
Institute for Quantum Computing
2
Department of Combinatorics and Optimization, University of Waterloo,
200 University Avenue, Waterloo, Ontario, N2L 3G1, Canada
3
Perimeter Institute for Theoretical Physics
31 Caroline Street North, Waterloo, Ontario, N2L 2Y5, Canada
Abstract.
We give new arguments in support of
signed quantum key
establishment
, where quantum cryptography is used in a public-key in-
frastructure that provides the required authentication. We also analyze
more thoroughly than previous works the benefits that quantum key es-
tablishment protocols have over certain classical protocols, motivated in
part by the various objections to quantum key establishment that are
sometimes raised. Previous knowledge of quantum cryptography on the
reader's part is not required for this article, as the definition of “quan-
tum key establishment” that we use is an entirely classical and black-box
characterization (one need only trust that protocols satisfying the defi-
nition exist).
Quantum cryptography
1
has been promoted as a more secure alternative to
public-key cryptography based on computational assumptions (see the abstract
of Ref. [1] for a typical example). However, an opposing view is sometimes
voiced by classical cryptographers and computer security specialists question-
ing whether quantum cryptography is really a practical way to achieve security
against quantum computers, also known as
quantum resistance
. Several detailed
analyses have appeared that consider the benefits and disadvantages of quan-
tum cryptography in comparison to classical alternatives [2,3,4,5]. The present
article contributes to the dialogue in a way that we hope is very palatable to
the community of quantum-questioning cryptographers: we give new arguments
in support of
signed quantum key establishment
, where quantum cryptography
is used in a public-key infrastructure that provides the required authentication.
We also analyze more thoroughly than previous works the benefits that quan-
tum key establishment (
qke
) protocols have over certain classical protocols,
motivated in part by the various objections to
qke
that have been put forward
(for example, in Ref. [5]). Some of those objections follow.
2
1
Note that quantum cryptography includes many protocols that this paper does not
discuss. We use the term “quantum cryptography” here as a synonym for “quantum
key establishment”, often called “quantum key distribution” or “
qkd
”.
2
We have stated these objections in our own words.
