Assessing the impact of quantum cryptanalysis
[linkpost to Assessing the impact of quantum cryptanalysis]
I wrote this paper a few months back—it received a journal rejection because of lack of topic fit. I do not think this paper is important enough to spend more time chasing a publication, but others might benefit from it being public and I would still benefit from feedback for learning purposes; hence this post. Let me know in a comment or through a private message if you know of a publication venue which would be a better fit.
I reproduce the conclusion as a short summary of the paper. The rest of the paper is available here.
Quantum computing will render modern public key cryptography standards insecure. This risk is well-known, and as a result many reputable, well-connected and well-funded organizations are working on developing quantum secure standards for the future, eg the National Institute of Standards and Technology.
Several credible proposals for post-quantum classical cryptography already exist and are being actively researched. Another considered avenue is quantum cryptography, but as an alternative it has many shortcomings.
Should the efforts to develop post quantum public key cryptography fail, there are some theoretical arguments that indicate that we would be able to substitute its functionality by symmetric-key based standards and a network of private certificates. This alternative would incur in some efficiency overhead and security trade-offs.
Even if this more speculative approach does not work out, a more rudimentary system where people exchange keys physically would be, albeit inconvenient, potentially feasible to maintain some key applications such as secure online transactions.
All in all, given the existing attention and limited downside I would recommend against prioritizing research on mitigating the effects of quantum cryptanalysis as a focus area for public officials and philanthropists, beyond supporting the existing organizations working on post quantum cryptography and supporting existing cryptanalyst experts so they can conduce further security analysis of current post quantum cryptography candidates.