In my opinion, post quantum cryptography should not be confused with cryptography based on the mutual relation of quantum states of photons.

Post-quantum cryptography uses mathematical coding methods.

Physical laws of the quantum world are used in quantum cryptography.

Post quantum systems, most of them, were developed 10-20 years ago. Some of them are new, developed recently. But they're all based on mathematics.

They should not be confused with related quantum states, it's a completely different approach to the problem.

I agree, and I'm well aware of the distinction. Post-quantum cryptography and quantum cryptography are completely different things. It's unfortunate that they have such similar names!

We are not interested in quantum cryptography, it is not our level, it is not intended for ordinary users.

And it's not even planned for us.

It's post quantum mathematical cryptography that we are planning.

Not sure I agree with this point. I would contend, as I have previously, that work in quantum cryptography is progressing at pace and whilst there are technical issues to overcome, it does potentially offer a fundamentally unhackable solution to quantum attacks, and one which can be used in the mainstream. Having said that, of course post-quantum cryptography is hugely important as well, and work is progressing there, too. There's no need to focus on just the one approach, though, and dismiss the other.

You are very mistaken about the length of the key if you think that a quantum computer can solve the problem of a complete search for a key only 256 bits long. No quantum computer can do that. That's why the AES-256 remains a post quantum system.

I think we agree, but are coming at this from different angles. An increase in key length is trivial to overcome if we're talking about

*asymmetric* cryptography, where a quantum computer can apply Shor's algorithm. But as you state below, AES-256 is symmetric.

AES-256 with only 256 bits of key is definitely left (it's a symmetric system), but all our asymmetric systems (including RSA and ECC) are not.

AES-256 security may be fine currently, it may be resistant to the best current attack (Grover search), but that's my point. Quantum cryptography uses the laws of quantum mechanics to make a system absolutely unhackable for all time, whereas post-quantum cryptography makes a system secure against current attacks, with no guarantee of security against future technology or future algorithms.

If AES-256 can beat Grover, what about other approaches? Quantum Square Attacks?

Biclique Attacks? How about all mathematical attacks that haven't yet been devised?

I'm being flippant, and I do agree that there is certainly a chance that a post-quantum cryptography solution will remain forever secure, but we can't know for certain. My point is merely that we should investigate both quantum cryptography

*and* post-quantum cryptography. It seems wasteful to focus solely on one approach.

I value the discussion immensely, by the way - thank you

---------------------

Dear opponent!

This is the first qualitative version of the discussion with my participation. I am very pleased that there are interesting interlocutors on this business cryptographic platform.

When I wrote my posts on this topic, I thought that superficial knowledge was more successful than deeper knowledge.

But after reading your post, I realized that I was wrong.

But you know, I read a lot of opinions on "what cryptography we will need".

Of course, quantum cryptography is a technical, scientific, technological step forward. Although, in fact, nothing new is observed from the knowledge that we had 40 years ago.

Let me tell you something else. Quantum cryptography, not only in my opinion, is it a big, powerful mechanism that needs to lift a big load. Simple, not tricky, the engineer's reasoning is this:

- if the load is 10 times heavier, then you need a crane 10 times more powerful. Scrap against scrap. It works. It's convincing. But it's not exactly an engineering approach, I think. It's force versus force.

I'm a supporter of beautiful engineering, I'm a supporter of ingenuity and cunning, intelligence and innovation - and against brute force.

For this reason, I don't like the solution of the problem with quantum cryptography, but I'd really like the solution with post quantum mathematical, logical, unusual solutions.

No matter how actively quantum encryption methods are developed, if a solution is found in the direction of post quantum (mathematical) cryptography, this solution will be cheaper, simpler, more elegant, more attractive, and will have a much greater commercial success than physical quantum cryptography.

Especially since quantum methods (actually old photonic systems, but words are always ahead of the curve, it's the golden law of advertising) plan to be used as a transport protocol, not as encryption itself.

Or as an encryption key exchange system for reliable mathematical symmetric encryption systems.

As a replacement for cryptography with a pair of open and private keys.

No more than that.

Especially since quantum cryptography is ABSOLUTELY not protected from information theft. It simply informs the recipient how much information is lost, but does not protect against theft!!!

Unlike some post quantum (mathematical) encryption systems.

Weighing all of the above, I am in favor of a future dominated by post quantum cryptographic systems, not quantum cryptography.

Otherwise, it is the surrender of progressive human thought to brute physical force.

And if you look even deeper, I am a supporter of new geometric principles of encryption, without a key, and principles of new authentication without a password.

It's my theme:

https://bitcointalk.org/index.php?topic=5204368.0.

и

https://bitcointalk.org/index.php?topic=5209297.0