Is there a notion of “computational security” in quantum cryptography?


In classical cryptography, security proofs are often based on the (assumed) computational hardness of some mathematical problem. Using the principles of quantum mechanics might provide means to design cryptographic protocols for which it is impossible to realise them classically (information-theoretically) securely. But is there also a notion of computational security in quantum cryptography (assuming a polynomial-time quantum adversary) where fully quantum information is being processed to begin with? Why does or doesn't this notion of security make sense?


Posted 2020-07-07T14:24:43.960

Reputation: 111



There absolutely is. In fact, even in classical, there is the notion of computational security against polynomial time quantum adversaries. This is the whole point of post-quantum cryptography. This would let us keep using existing, classical, technology, but hopefully be secure against quantum-powered eavesdropping.


Posted 2020-07-07T14:24:43.960

Reputation: 35 722

thanks for your reply; I edited my question for some clarification. My question here would be whether "fully" quantum protocols that process arbitrary quantum information existed that are secure against computationally bounded quantum-adversaries. – jgerrit – 2020-07-08T09:23:41.880

How do you define a "fully" quantum protocol? I'm guessing you want some sort of trapdoor function based on an algorithm that cannot (to the best of our knowledge) be implemented efficiently on a classical computer? I imagine you could (and somebody probably has) define a public key crypto system based on a QMA-complete problem. But it would come with the same sorts of caveats that come with a post-quantum public key crypto system based on NP-complete problems. – DaftWullie – 2020-07-08T09:35:49.800

explicitly I am interested in protocols that process quantum information to begin with. To the best of my knowledge, post-quantum crypto aims at finding classical protocols (that process/ secure classical information) against quantum adversaries. For example, I am interested in quantum secret sharing schemes or multi-party quantum computation protocols that start with quantum inputs and whether there are protocols that are secure only against comp. bounded quantum adversaries. – jgerrit – 2020-07-08T09:54:01.963


You are confusing two different things:

  • Quantum cryptography protocols that cannot be implemented classically, and having nothing to do with computational security;

  • Mathematical problems that can be solved both quantumly and classically, and here you can consider the computational security of algorithms.


Posted 2020-07-07T14:24:43.960

Reputation: 2 447

thanks for your reply; I edited my question for some clarification and I am aware of the distinction you brought up. – jgerrit – 2020-07-08T09:26:13.217