Still, you don't have to search the Manifesto for the flaws to understand what the writer is criticizing. And I believe the whole context is even more important, and it is explained in the Nature article mentioned by the writer:
"The European Commission says that its goal is to "give Europe a global lead in the data-driven economy" so that everyone reaps "benefits of big data revolution". How could they have thought that this goal justifies putting massive funding (1 billion Euros, 15% of the total European Cloud Initiative funding) into quantum computation? Here are three theories:
- malice "If I tell them that quantum computers won't process big data then they'll take away money for quantum-algorithms research"
- stupidity "people could have been honestly thinking that quantum algorithms are important for big data, because they simply don't know any better."
- marketing "The European Commission actually has only the foggiest idea of what it means by "the Cloud" and "the data-driven economy." "Isn't even the tiniest piece of data part of the big-data revolution that surrounds us all? Join us in relabeling your research with the latest buzzwords!"
and
"Instead of highlighting the security threat of quantum technology and recommending funding for a scientifically justified response, the Manifesto makes the thoroughly deceptive claim that quantum technology improves security."
The author's critique is based on a wrong understanding of the funding process in my opinion, as the funding of this project is not the result of a unilateral decision of the European Commission, but of a community- and science-led effort where many initiatives across Europe competed for the funding. That the commission selected the Quantum Computing project was largely due to the very convincing and sound proposal, which was written collaboratively and with the support of almost all the relevant research groups in that domain in Europe (e.g
CEA Saclay, ETH Zürich, TU Delft, University of Innsbruck, Research Centre Jülich and many more).
If critique is voiced (and this is absolutely legitimate), it should at least be based on a basic understanding of the underlying funding mechanisms, which I think is not the case in this article.
I understand that you are aware of the process of the competition, I'd however like to read some meaningful response to the questions asked, like, what quantum computing has to do with the cloud and big data at all (as the funding comes from these goals), and the dubious "security" claims.
Quantum Computing capabilities will probably delivered through the cloud, as buying quantum computers will not be viable for many organizations in the near future (due to high cost / maintenance effort ). Quantum Computing has many potential uses in Big Data, e.g. in biology but also combinatorics (see e.g. Google's or Microsoft work on this, or search online for "Quantum Algorithm Zoo"). Security claims are mostly related to quantum-based secure communication and key distribution, which are technologies that provably work and are already being transformed into products right now. Breaking security (e.g. by efficient prime factoring) is not of big interest to most researchers, as this is more something that nation states might be interested in.
Everyone is aware of the fact that we don't yet have a full understanding of quantum algorithms and the computational power of quantum computers, what's clear though is that classical computers have certain limitations in various domains that can be overcome by quantum computers. What everyone agrees on is that quantum computers will not replace classical computers but will supplement them in certain niches.
Not sure if this answers all points, hope it clarifies a bit the motivations behind quantum computing though.
It seems unlikely that the author, who is on the faculty of Eindhoven University of Technology, would be unaware of how the funding of a major project in his field works.
Because he does not seem to have knowledge of the decision process and the different actors involved, which is why he puts up several conjectures , such as that the people involved in the funding of this project are either malicious or stupid.
I just really don't like this way of arguing, and I think it does a large injustice to most of the people involved, many of which are excellent scientists that have put lots of work into their winning proposal. Claiming that they are driven by greed or are selling "snake oil" is very unfair and also a bit ridiculous: The funding process was very transparent and open to debate, and there would surely have been a way for the author to voice his critique through an official channel, especially if he is a faculty member of a European University. To me it seems that he's just unhappy that the funding didn't go to his department, and instead of interacting with people in a constructive way (or better yet, get people from the crypto community together to write a proposal of their own) he just belittles the people involved in this project. This isn't scientific debating, it's just ranting.
I just attended the "Quantum Europe" conference in Amsterdam, where the manifesto was announced and where the details were worked out.
While the manifesto is surely geared towards a specific audience (politicians) and contains a lot of buzzwords, the flagship project is very well thought out and supported by some of the largest research institutions inside and outside of Europe (e.g. including Intel, who invested 50 million in the QuTech centre in Delft).
The author tries to convey the impression that the manifesto and flagship project are the result of some undemocratic and misguided funding process, while in fact they are the result of many years of work putting together a proposal for this kind of project. This effort, which was mainly done by the scientific community, dates back to 2009 and earlier and has been a fully transparent and community-led effort.
The ideas behind the flagship project are very sound as well (in my opinion): Get different research groups in Europe to collaborate and share resources, provide a level of funding that allows those researchers to compete with e.g the US / Canada / Australia (which are all investing similar amounts) and get the industry involved to commercialize technologies where possible.
Also, qantum computing is only one of several flagship projects that have been selected for funding, the Human Brain project being another one.
All in all this kind of funding scheme in which scientists rather than politicians play a leading role are highly welcome in my opinion, and I would like to see this model copied around the world.
Concerning the potential overselling of quantum technologies: The limitations and uncertainties of this research were discussed very openly at the conference, and many speakers explicitly warned against promising too much to the public.
All in all I think all actors are aware of the fact that quantum computing / cryptography won't solve all their problems, but they still believe that these technologies might have a deep impact on the European and world economy in the next 20 years.
Why is this money taken from "European Cloud Initiative"? It has nothing to do with it. Is the comission aware of this fact?
Are all those research institutions standing behind claimed security impact of their work? Were security experts and cryptographers involved, or is this just wild speculation from physicists as DJB's Theory 2 assumes.
I'm all for moving more EU money to basic research, but money can be moved to the direction I want with wrong promises.
Honestly this is the first time that I hear this claim, and I cannot judge whether it is true or not (I will try to find out). What I know is that the money for the flagship projects was allocated around five years ago already (within the Horizon 2020 programme), and I am not aware of any relation to the European Cloud Initiative.
The only mention of cloud computing at the conference was in the context of providing Quantum Computing capabilities over the cloud as a means to make these technologies accessible to a wider audience as soon as possible, as buying a quantum computer will probably be beyond the capabilities of most individuals / organizations for the foreseeable future.
€2 billion in Horizon 2020 funding will be allocated to the European Cloud Initiative[1].
Quantum manifesto lists many items that might be funded under the Cloud Initiative [2],
- Core technology of quantum repeaters
- Secure point-to-point quantum links
- Quantum networks between distant cities
- Quantum credit cards
- Quantum repeaters with cryptography and eavesdropping detection
- Secure Europe-wide internet merging quantum and classical communication
- Universal quantum computers will be available with computational power at a level of
performance that will exceed even the most powerful classical computers of the future.
They will be reprogrammable machines used to solve demanding computational
problems, such as optimisation tasks, database searches, machine learning and image
recognition. They will contribute to Europe’s smart industry, helping to make European
manufacturing industries more efficient.
The question is whether the 1 Bn. € allocated to quantum computing would have been spent on other cloud technologies instead, which in my understanding is not the case.
As far as my understanding goes the flagship money was distributed via an open propsal-based process, so I really don't see how this money was "stolen" from other initiatives, as the goal of this kind of funding is to let researchers compete for it by making convincing proposals.
The way I see it the question is not that proposal based process itself was fair.
The question is if the winning proposals made credible promises. Did the commission know it funded basic research without practical solutions in the sight, or did they read material like Quantum Manfiesto and thought there would be commercial and infrastructure benefits?
I'm leaning towards Theories 2 and 3: stupidity and marketing. Physicists who want to build quantum devices made claims outside their expertise and the commission didn't consult experts to verify these claims because it generally has no idea of what it's funding.
You should not assume that the EU commission is stupid, as they have a large department which employs experts across many fields (mostly scientists as well) that informs policymakers about the risks and potential of these things.
And concerning the potential risk of failure: Yes, everyone is aware of that. The flagship projects fund research, which means that there is a risk of failure and that we don't know all the details yet (otherwise it would be engineering). The funding bodies are fully aware of this and they do not expect that every project they fund will work out, but they know that today's research is tomorrow's revenue.
DJB is one of the leading experts in the field. Who are the security experts who think that quantum communication premises could lead to practical implementations?
Even if the base research is successful, most experts agree that quantum communication is solution searching for problem. We can already transmit data securely trough bit-pipes using quantum resistant symmetric ciphers. Actual security problems are on different level (protocols etc.)
As far as practical implementations are concerned, the Chinese already have a running quantum network between large cities, and are planning to launch a "quantum satellite" in June as well. There are companies selling this kind of equipment already, e.g. ID Quantique, so this technology is already quite mature and working. I don't understand why this should not count as a practical implementation. Also, to my knowledge it's the only technology that can (in principle) provide a fully secure key exchange over an insecure channel, and with states like the US investing heavily in quantum computing the possibility of decrypting RSA-based cryptography (and similar method) seems not so far-fetched anymore. Of course symmetric cryptography can be resilient against quantum attacks (as far as we know today) if this keys are sufficiently long, but the problem is to securely exchange those keys, and this is were quantum cryptography has its place (again, in my opinion). I would love to hear why this idea is flawed though, I just don't think that calling the other side "stupid" is a legitimate way of arguing.
> Of course symmetric cryptography can be resilient against quantum attacks (as far as we know today) if this keys are sufficiently long, but the problem is to securely exchange those keys, and this is were quantum cryptography has its place (again, in my opinion). I would love to hear why this idea is flawed though
Because security-wise, according to djb claims in the original article (and Schneier too (2)), everything that the "quantum network" does can as well be implemented with the normal insecure internet and the symmetric ciphers, with the same security limitations (the secure channel, as per djb, initially is needed in both cases: "Quantum cryptography, like locked-briefcase cryptography, also relies on a preexisting secure channel (to authenticate choices of "bases" by Alice and Bob)" See also (1) ). So from the security standpoint it's a typical "snake oil" not improving anything but costing more, being much more complicated to maintain and therefore much less secure from the get-go.
"The Manifesto says that it is "endorsed by a broad community of industries, research institutes and scientists in Europe" and is accompanied by an online list of thousands of signatories; but the list looks more like a rather narrow community of people who are hoping that the Manifesto makes money for them, such as quantum physicists and their students. Security review, like environmental review, requires experts who are skeptical."
"These proofs are unconditionally secure in the sense that no conditions are imposed on the resources available to the eavesdropper, however there are other conditions required:
- Eve cannot physically access Alice and Bob's encoding and decoding devices.
- The random number generators used by Alice and Bob must be trusted and truly random (for example a Quantum random number generator).
- The classical communication channel must be authenticated using an unconditionally secure authentication scheme.
- The message must be encrypted using one-time pad like scheme."
but those requirements apply to the case where the attacker has unlimited classical and quantum computing capabilities.
Under those conditions, all classical cryptographic methods fail (except one-time pad), because the attacker can just brute-force any key. That QKD still works under these assumptions is amazing in itself, and in any practically relevant scenario the limitations will probably not matter, as long as the key exchange is fast enough such that no decryption & manipulation of the classical channel is possible. Also, the attacker not having access to the decoding device is a reasonable assumption IMHO, as classical encryption won't do you any good either if the attacker has full access to your computer.
All in all, I think that the critique is justified but it is not something that will keep QKD from being useful in the field (I could be wrong of course).
The problem is, from the point of view of that conventional security expert (and of me too) the only "usefulness in the field" is the possibility to sell the extremely expensive snake oil to the buyers who don't ask what the price is. Because even without the same snake oil, the equivalent system can be designed, maintained and be significantly cheaper.
Getting money from those who can give a lot can also be a valid economic goal, or in this case an accepted approach to funding (I quoted that Microsoft researcher) but using "snake oil" can still be seen as the evil opposite of the established principles of honest security engineering, the classic entry for Schneier's "doghouse."
The fair approach would be, "we're doing the basic research, no there's no too practical applicability of our research, but it's good to fund it anyway, that's why the research is different from engineering."
It would also let engineers do their work and not force them to implement less secure directions "because policy." Which is the effect that certainly appears here and there on the EU level.
>I just don't think that calling the other side "stupid" is a legitimate way of arguing.
There should not be "the other side". Yet there is no sign of security researches involved making these claims and you seem genuinely surprised that there is controversy and security researchers debunk the claims.
I do not say that there is another side, this is what the article proposes. Also, there is a difference between engaging with someone in a constructive discussion and just ranting against a funding decision. Has the author actually tried engaging with the people involved on the EU side or the researchers working on these systems? Also, saying that there is no involvement of the security research community in the development of these systems is almost certainly not true at least it would be very surprising to me.
"Bennet, Bernstein, Brassard, and Vazirani demonstrated that quantum computers cannot provide an exponential speedup for search algorithms, suggesting that symmetric encryption algorithms, one-way functions, and cryptographic hash algorithms should be resistant to attacks based on quantum computing [4]."
(4: C. Bennett, E. Bernstein, G. Brassard, and
U. Vazirani. Strengths and weaknesses of quantum computation. Special Issue on Quantum Computation of the Siam Journal of Computing, Oct. 1997.)
Note, this was already known in 1997, two decades ago.
After all the discussion up to now, I believe even more in djb's conclusion:
"Ultimately the victims are the users. A quarter of a billion Euros, despite being explicitly aimed at communication security, will actually be devoted to quantum technologies that are much less secure than modern real-world cryptography. The occasional users who can afford to deploy quantum cryptography won't realize how easy it is to break. Meanwhile a similar level of funding will be sensibly devoted to quantum computing, but without a proper acknowledgment of the resulting security apocalypse, and without a corresponding level of funding for the most plausible plan to prevent this apocalypse."
However it's sure that not only EU scientists make grandiose claims:
"With a quantum computer, we hope to find a more efficient way to produce artificial fertilizer, having direct impact on food production around the world, and we hope to combat global warming."
Ugh. And cure cancer and make your pennies bigger. Hey it's quantum. Anyway Chinese already sell the "quantum diagnostics devices" comparably "amazing":
That quantum computers can't break symmetric cyphers efficiently is well-known, I just don't see why this makes quantum cryptography obsolete, as it is mostly about secure key exchange. Also, why are quantum algorithms less secure? There are some possible exploits (e.g. due to problems in the detector), but theoretically the encryption is unbreakable with our current understanding of Physics.
It's not about the "algorithms" it's about everything around them. The security is a strong as the weakest link:
Again djb, the original article we are supposed to comment here: "Fundamentally, quantum cryptography makes the same mistake as locked-briefcase cryptography: it aims for security in an oversimplified model of the physical world, takes resources away from more serious security techniques, and ends up damaging security in the real world. Quantum cryptography, like locked-briefcase cryptography, also relies on a preexisting secure channel (to authenticate choices of "bases" by Alice and Bob), and does nothing to address the problems handled by public-key cryptography."
See also my comment to "quantum credit cards" here as another illustration.
But why does this make research on quantum cryptography worthless? Building a system that delivers the full promise of quantum encryption and addresses the weaknesses of the system is the very goal of such research. Classical encryption schemes would never have gotten to the point they are today without this kind of research funding, so why don't we grant this to quantum cryptography as well? And if the method is so fundamentally flawed as some people want to make us believe, why are several dozen research organizations around the world pursuing it?
And why is it a bad thing to talk about applications that seem far-fetched today, like "quantum credit cards"? Blockchain-based currencies were probably also a pretty far-fetched concept 20 years ago, but today they have a fixed place in the currency eco-system.
Extrapolating from my involvement in FP6, I am pretty convinced that there are hardly an actual experts involved. Any random professor from Europe qualifies there as an expert and the expertise of this level of academia can be characterized by ignorance, inflated egos and outdated knowledge.
Why? Because no sane attacker is interested in placing his probe between the laser and the card, but in the plain traditional electronics that controls the laser. If I were an attacker I couldn't care less that you send "a quantum state" with the laser in the card reader. It's just the plain classical bits on the level I'd be interested in.
To protect from that, you'd need the full "quantum internet" to every credit card reader! Which is exactly what djb claims is wrong with the "Quantum Manifesto:" making grandiose security claims that can't stand to the scrutiny of "classical" security researchers, as soon as the whole implementation is considered:
"an embarrassingly oversimplified model of the attacker that allows the attacker to inspect photons being sent between quantum-cryptography devices but that does not allow the attacker to interact with the devices in any other way."
European Semantic Web: http://eswc-conferences.org/ "Various automated services, based on reasoning with metadata and ontologies, will help the users to achieve their goals by accessing and processing information in machine-understandable form."
I could be wrong but I'm sure that once the relevant level (actual calls) is reached research proposals about the security impact of quantum computing will be very welcome. I wouldn't be shocked if a couple of research projects on post-quantum cryptography would be funded. In fact I'll go ahead and say there will be a clause in all calls along the lines of "ethical, security, privacy and legal issues and social impact has to be outlined in the proposal"
The way I read it is: "Other people will research it, EU needs to research it as well" and that's the security benefit (not being behind on what could be a core technology with security and other implications).
34 comments
[ 4.4 ms ] story [ 87.4 ms ] threadhttp://www.nature.com/news/row-hits-flagship-brain-plan-1.15...
and I'd also suggest the example of the other Europe's "big project" mismanagement, also mentioned in the Nature's article:
http://www.scientificamerican.com/article/why-the-human-brai...
I agree with the writer's opinions:
"The European Commission says that its goal is to "give Europe a global lead in the data-driven economy" so that everyone reaps "benefits of big data revolution". How could they have thought that this goal justifies putting massive funding (1 billion Euros, 15% of the total European Cloud Initiative funding) into quantum computation? Here are three theories:
- malice "If I tell them that quantum computers won't process big data then they'll take away money for quantum-algorithms research"
- stupidity "people could have been honestly thinking that quantum algorithms are important for big data, because they simply don't know any better."
- marketing "The European Commission actually has only the foggiest idea of what it means by "the Cloud" and "the data-driven economy." "Isn't even the tiniest piece of data part of the big-data revolution that surrounds us all? Join us in relabeling your research with the latest buzzwords!"
and
"Instead of highlighting the security threat of quantum technology and recommending funding for a scientifically justified response, the Manifesto makes the thoroughly deceptive claim that quantum technology improves security."
If critique is voiced (and this is absolutely legitimate), it should at least be based on a basic understanding of the underlying funding mechanisms, which I think is not the case in this article.
Everyone is aware of the fact that we don't yet have a full understanding of quantum algorithms and the computational power of quantum computers, what's clear though is that classical computers have certain limitations in various domains that can be overcome by quantum computers. What everyone agrees on is that quantum computers will not replace classical computers but will supplement them in certain niches.
Not sure if this answers all points, hope it clarifies a bit the motivations behind quantum computing though.
Why do you think that is the case?
I just really don't like this way of arguing, and I think it does a large injustice to most of the people involved, many of which are excellent scientists that have put lots of work into their winning proposal. Claiming that they are driven by greed or are selling "snake oil" is very unfair and also a bit ridiculous: The funding process was very transparent and open to debate, and there would surely have been a way for the author to voice his critique through an official channel, especially if he is a faculty member of a European University. To me it seems that he's just unhappy that the funding didn't go to his department, and instead of interacting with people in a constructive way (or better yet, get people from the crypto community together to write a proposal of their own) he just belittles the people involved in this project. This isn't scientific debating, it's just ranting.
While the manifesto is surely geared towards a specific audience (politicians) and contains a lot of buzzwords, the flagship project is very well thought out and supported by some of the largest research institutions inside and outside of Europe (e.g. including Intel, who invested 50 million in the QuTech centre in Delft).
The author tries to convey the impression that the manifesto and flagship project are the result of some undemocratic and misguided funding process, while in fact they are the result of many years of work putting together a proposal for this kind of project. This effort, which was mainly done by the scientific community, dates back to 2009 and earlier and has been a fully transparent and community-led effort.
The ideas behind the flagship project are very sound as well (in my opinion): Get different research groups in Europe to collaborate and share resources, provide a level of funding that allows those researchers to compete with e.g the US / Canada / Australia (which are all investing similar amounts) and get the industry involved to commercialize technologies where possible.
Also, qantum computing is only one of several flagship projects that have been selected for funding, the Human Brain project being another one.
All in all this kind of funding scheme in which scientists rather than politicians play a leading role are highly welcome in my opinion, and I would like to see this model copied around the world.
Concerning the potential overselling of quantum technologies: The limitations and uncertainties of this research were discussed very openly at the conference, and many speakers explicitly warned against promising too much to the public.
All in all I think all actors are aware of the fact that quantum computing / cryptography won't solve all their problems, but they still believe that these technologies might have a deep impact on the European and world economy in the next 20 years.
More background information on the FET flagships within the Horizon 2020 programme: projects:http://ec.europa.eu/programmes/horizon2020/en/h2020-section/...
Are all those research institutions standing behind claimed security impact of their work? Were security experts and cryptographers involved, or is this just wild speculation from physicists as DJB's Theory 2 assumes.
I'm all for moving more EU money to basic research, but money can be moved to the direction I want with wrong promises.
The only mention of cloud computing at the conference was in the context of providing Quantum Computing capabilities over the cloud as a means to make these technologies accessible to a wider audience as soon as possible, as buying a quantum computer will probably be beyond the capabilities of most individuals / organizations for the foreseeable future.
Quantum manifesto lists many items that might be funded under the Cloud Initiative [2],
- Core technology of quantum repeaters
- Secure point-to-point quantum links
- Quantum networks between distant cities
- Quantum credit cards
- Quantum repeaters with cryptography and eavesdropping detection
- Secure Europe-wide internet merging quantum and classical communication
- Universal quantum computers will be available with computational power at a level of performance that will exceed even the most powerful classical computers of the future. They will be reprogrammable machines used to solve demanding computational problems, such as optimisation tasks, database searches, machine learning and image recognition. They will contribute to Europe’s smart industry, helping to make European manufacturing industries more efficient.
[1]: http://europa.eu/rapid/press-release_MEMO-16-1409_en.htm
[2]: http://qurope.eu/system/files/u567/Quantum%20Manifesto.pdf
As far as my understanding goes the flagship money was distributed via an open propsal-based process, so I really don't see how this money was "stolen" from other initiatives, as the goal of this kind of funding is to let researchers compete for it by making convincing proposals.
The question is if the winning proposals made credible promises. Did the commission know it funded basic research without practical solutions in the sight, or did they read material like Quantum Manfiesto and thought there would be commercial and infrastructure benefits?
I'm leaning towards Theories 2 and 3: stupidity and marketing. Physicists who want to build quantum devices made claims outside their expertise and the commission didn't consult experts to verify these claims because it generally has no idea of what it's funding.
And concerning the potential risk of failure: Yes, everyone is aware of that. The flagship projects fund research, which means that there is a risk of failure and that we don't know all the details yet (otherwise it would be engineering). The funding bodies are fully aware of this and they do not expect that every project they fund will work out, but they know that today's research is tomorrow's revenue.
Even if the base research is successful, most experts agree that quantum communication is solution searching for problem. We can already transmit data securely trough bit-pipes using quantum resistant symmetric ciphers. Actual security problems are on different level (protocols etc.)
Because security-wise, according to djb claims in the original article (and Schneier too (2)), everything that the "quantum network" does can as well be implemented with the normal insecure internet and the symmetric ciphers, with the same security limitations (the secure channel, as per djb, initially is needed in both cases: "Quantum cryptography, like locked-briefcase cryptography, also relies on a preexisting secure channel (to authenticate choices of "bases" by Alice and Bob)" See also (1) ). So from the security standpoint it's a typical "snake oil" not improving anything but costing more, being much more complicated to maintain and therefore much less secure from the get-go.
"The Manifesto says that it is "endorsed by a broad community of industries, research institutes and scientists in Europe" and is accompanied by an online list of thousands of signatories; but the list looks more like a rather narrow community of people who are hoping that the Manifesto makes money for them, such as quantum physicists and their students. Security review, like environmental review, requires experts who are skeptical."
1) https://en.wikipedia.org/wiki/Quantum_key_distribution
"These proofs are unconditionally secure in the sense that no conditions are imposed on the resources available to the eavesdropper, however there are other conditions required:
- Eve cannot physically access Alice and Bob's encoding and decoding devices.
- The random number generators used by Alice and Bob must be trusted and truly random (for example a Quantum random number generator).
- The classical communication channel must be authenticated using an unconditionally secure authentication scheme.
- The message must be encrypted using one-time pad like scheme."
2) "Quantum Cryptography: As Awesome As It Is Pointless" https://www.schneier.com/essays/archives/2008/10/quantum_cry...
Under those conditions, all classical cryptographic methods fail (except one-time pad), because the attacker can just brute-force any key. That QKD still works under these assumptions is amazing in itself, and in any practically relevant scenario the limitations will probably not matter, as long as the key exchange is fast enough such that no decryption & manipulation of the classical channel is possible. Also, the attacker not having access to the decoding device is a reasonable assumption IMHO, as classical encryption won't do you any good either if the attacker has full access to your computer.
All in all, I think that the critique is justified but it is not something that will keep QKD from being useful in the field (I could be wrong of course).
Getting money from those who can give a lot can also be a valid economic goal, or in this case an accepted approach to funding (I quoted that Microsoft researcher) but using "snake oil" can still be seen as the evil opposite of the established principles of honest security engineering, the classic entry for Schneier's "doghouse."
The fair approach would be, "we're doing the basic research, no there's no too practical applicability of our research, but it's good to fund it anyway, that's why the research is different from engineering."
It would also let engineers do their work and not force them to implement less secure directions "because policy." Which is the effect that certainly appears here and there on the EU level.
There should not be "the other side". Yet there is no sign of security researches involved making these claims and you seem genuinely surprised that there is controversy and security researchers debunk the claims.
http://www.nist.gov/manuscript-publication-search.cfm?pub_id...
"Bennet, Bernstein, Brassard, and Vazirani demonstrated that quantum computers cannot provide an exponential speedup for search algorithms, suggesting that symmetric encryption algorithms, one-way functions, and cryptographic hash algorithms should be resistant to attacks based on quantum computing [4]."
(4: C. Bennett, E. Bernstein, G. Brassard, and U. Vazirani. Strengths and weaknesses of quantum computation. Special Issue on Quantum Computation of the Siam Journal of Computing, Oct. 1997.)
Note, this was already known in 1997, two decades ago.
After all the discussion up to now, I believe even more in djb's conclusion:
"Ultimately the victims are the users. A quarter of a billion Euros, despite being explicitly aimed at communication security, will actually be devoted to quantum technologies that are much less secure than modern real-world cryptography. The occasional users who can afford to deploy quantum cryptography won't realize how easy it is to break. Meanwhile a similar level of funding will be sensibly devoted to quantum computing, but without a proper acknowledgment of the resulting security apocalypse, and without a corresponding level of funding for the most plausible plan to prevent this apocalypse."
However it's sure that not only EU scientists make grandiose claims:
http://www.macleans.ca/society/science/trudeau-versus-the-ex...
"With a quantum computer, we hope to find a more efficient way to produce artificial fertilizer, having direct impact on food production around the world, and we hope to combat global warming."
Ugh. And cure cancer and make your pennies bigger. Hey it's quantum. Anyway Chinese already sell the "quantum diagnostics devices" comparably "amazing":
https://www.youtube.com/watch?v=iaDQgVwKO-Y
It's not about the "algorithms" it's about everything around them. The security is a strong as the weakest link:
Again djb, the original article we are supposed to comment here: "Fundamentally, quantum cryptography makes the same mistake as locked-briefcase cryptography: it aims for security in an oversimplified model of the physical world, takes resources away from more serious security techniques, and ends up damaging security in the real world. Quantum cryptography, like locked-briefcase cryptography, also relies on a preexisting secure channel (to authenticate choices of "bases" by Alice and Bob), and does nothing to address the problems handled by public-key cryptography."
See also my comment to "quantum credit cards" here as another illustration.
And why is it a bad thing to talk about applications that seem far-fetched today, like "quantum credit cards"? Blockchain-based currencies were probably also a pretty far-fetched concept 20 years ago, but today they have a fixed place in the currency eco-system.
https://www.osapublishing.org/optica/fulltext.cfm?uri=optica...
Why? Because no sane attacker is interested in placing his probe between the laser and the card, but in the plain traditional electronics that controls the laser. If I were an attacker I couldn't care less that you send "a quantum state" with the laser in the card reader. It's just the plain classical bits on the level I'd be interested in.
To protect from that, you'd need the full "quantum internet" to every credit card reader! Which is exactly what djb claims is wrong with the "Quantum Manifesto:" making grandiose security claims that can't stand to the scrutiny of "classical" security researchers, as soon as the whole implementation is considered:
"an embarrassingly oversimplified model of the attacker that allows the attacker to inspect photons being sent between quantum-cryptography devices but that does not allow the attacker to interact with the devices in any other way."
"Semantic Web" did much better by having plenty of millions euros projects funded in FP6/7 and H2020 with absolutely no outcome.
European Semantic Web: http://eswc-conferences.org/ "Various automated services, based on reasoning with metadata and ontologies, will help the users to achieve their goals by accessing and processing information in machine-understandable form."
FP7: https://ec.europa.eu/research/fp7/index_en.cfm
H2020: https://ec.europa.eu/programmes/horizon2020/
The way I read it is: "Other people will research it, EU needs to research it as well" and that's the security benefit (not being behind on what could be a core technology with security and other implications).
Will we see a surge in quantum_____.com domain regstrations?
How about a .quantum TLD?
Keep the hype machine rolling.