On Sun, 17 Oct 1999, Russell Nelson wrote:
> Okay, then can I ask a silly question (I prefer to contribute good
> answers, but in this case hopefully the question is good enough)? If
> quantum computers make brute-force cryptanalysis tasks easier, don't
> they also make brute-force cryptographic tasks easier as well? Put
> another way, is there something special about quantum computers that
> is different from Intel's next process shrink? That is, apart from
> the havoc it plays with key lifetime expectations?
I very strongly suspect that if the encrypter and decrypter are given the
same oracle, then the encrypter can always force the decrypter to have to
use vastly more operation of the oracle to do break a cipher than are
required to encrypt it, even with essentially normal key lengths.
I don't know of any attempts to create ciphers which rely on quantum
computation for efficient encryption which are strong against quantum
decryption techniques, although I'll bet you could get the right people to
speculate about it.
-Bram
