[lanstin]

I always read perfect secrecy as a term of art with some technical meaning.

This protocol seems to solve the communication at a distance problem for which asymmetric encryption was developed but since then a lot of other uses for public key, e.g. signing and multi-party decryption and so on have come out of public key. Do you think there will be entanglement based replacements for these?

[klickverbot]

> I always read perfect secrecy as a term of art with some technical meaning.

That's indeed the case, but I fear the subtle technical definition here is usually one of the first things to go in the cycle of press releases and news articles, entirely too quickly giving rise to headlines that speak of “unhackable cryptography" or things like that. I've slightly edited my above post to clarify this, thanks.

> Do you think there will be entanglement based replacements for these [other protocols]?

One thing to note is that QKD is fundamentally a primitive to create shared, private randomness, not a communication channel – of course, the output can be used as the key for one-time pad encryption, but you might as well use it some different way.

For applications beyond that, I am really not an expert, but from what I know, people are looking into a variety of protocols, such as for leader election. There was a review article a few years back by Wehner et al., "Quantum internet: A vision for the road ahead" (https://www.science.org/doi/10.1126/science.aam9288), which highlights some proposals.

As for applications like signing, one aspect to consider is that quantum entanglement will, at least for another decade or two, always be much shorter-lived than classical data at rest. Thus, most practical quantum protocols will boil down to creating and making use of entanglement in a short amount of time, e.g. to initially establish some sort of shared secret, make a coordinated decision, etc.

[thaumasiotes]

> a lot of other uses for public key, e.g. signing and multi-party decryption and so on have come out of public key

To the best of my knowledge, multi-party decryption isn't really related to public key cryptography. Sending a message to a single recipient looks like this:

1. You write a message.

2. You encrypt it with a symmetric algorithm.

3. You encrypt the key to the encryption in step (2) with an asymmetric algorithm, using your recipient's public key.

4. You send them the combined message, encrypted ciphertext plus encrypted key-to-the-ciphertext.

5. They use their private key to decrypt the key-to-the-ciphertext.

6. They decrypt the message using the key you just sent them.

It's done that way, as far as I've learned, mostly because symmetric encryption is faster than asymmetric encryption.

But multi-party decryption is exactly the same:

1. You write a message.

2. You encrypt it with a symmetric algorithm.

3. You encrypt the key to the encryption in step (2) using the various public keys associated with each of your intended recipients.

...

So instead of a single-recipient message being a ciphertext accompanied by a header revealing the encryption key to the ciphertext, a ten-recipient message is a ciphertext -- exactly the same ciphertext! -- accompanied by ten headers, each of which is only readable by a particular private key. There's nothing about this method that draws on public key cryptography; if I've exchanged OTP material with each of ten people, I could send a multi-recipient message exactly the same way. (And doing so would be at least as valuable as it is in the public-key case -- doing things that way allows me to send a message of arbitrary length while only consuming a bounded amount of OTP material.)