Performing trillions of operations is faaaaar from being enough to break standard cryptosystem.

But the question is if physics allow to make huge amount of them parallely.

And on this 'silly' question depends world's safeness...

Some people believe that the only real algorithmic advantage of QC is the Shor's algorithm. Maybe they are right, but ... QC can theoretically make all calculations at once (is almost nondeterministic Turing machine) and the only problem is with the extraction. I'll show how to enhance it, but it would be strange if basic QC wouldn't already allow for more, maybe even solving NP in polynomial time.

Generally what physics do is solving its own partial differential equation - that means processing simultaneously infinitely many (or huge amount) degrees of freedom. I see a few ways of 'giving' there some NP-problem to be solved ... maybe some of them are practical ...

In such case 1024 bit keys, which are more than atoms in the universe, would be a piece of cake - elongating key may be not enough. Especially that I believe that we could easily protect private key cryptosystems against such eventualities by using preinitialized ones.

But designing public key cipher is much more difficult and I have no idea how to make a protected one???

The next argument that we should take such scenarios seriously is that maybe basic QC is not the only possibility for massive parallel computation physics gives us. First of all there is so called Feynman-Stueckelberg effect

http://groups.google.com/group/sci.p...10b4e5cbda1108
which hasn't been taken seriously, but maybe it will change in a few months in LHC ... but such computer would require (huge?) accelerator.

The other option can be (quantum) loop computers

http://forums.devshed.com/security-a...ms-580926.html
I'm strongly confused about this idea, especially for classical computers.

But ... if used for quantum computation, such feedback should amplify the correct solution (wavefunction), making the rest of them vanish.

It couldn't be standard approach to QC in which we use some sequence of for example external fields on some lattice of atoms.

We would need a circuit which allows to sustain entanglement of many calculations.

Observe that similarly to benzene, (-CH=CH-) sequence can be in quantum superposition with shifted one (=CH-CH=) - we could use such molecule as a wire for qbits. Unfortunately it has some resistance, but there are know such superconductors also.

We know also transistors made of single molecule - they are irreversible so would destroy entanglement, but there should be possible also quantum gates made this way.

The question is if such molecular quantum computers could sustain entanglement for practically long time ... There is also problem with auxiliary variables - we need a lot of them because in QC all calculations has to be reversible. They cannot be sent in the loop - they should be treated in some special way to not destroy the entanglement...

... but maybe ?

Probably physics doesn't allow to solve NP in polynomial time, but I'm far from being sure of it.

And I believe that preinitialized cryptosytems should be practically protected against all presented hypothetical possibilities. And this protection is achieved practically for free.

-------------------------------------

Ok - I was too pessimistic about public key cryptography - we should be able to make protected and practical hybrid systems - public key cipher for very short message like a key for a secret-key cipher or a hash value for authentication.

Most generally, public key is a parameter of some transformation which is extremely difficult to reverse. But there is the private key - some kind of 'clues' which make this reverse easy.

So if someone could solve quickly NP problems:

- he could try all possible 'clues' and for example check if for some block encrypting and then decrypting gives the same block. If yes - he could try a few more different blocks to be sure it's the correct private key, but there is also more dangerous attack:

- searching not for these 'clues' but straightforward for the reverse function: having encrypted message in a form of independent blocks, for each block he could try to encode all possible input blocks with the public key to get the given block.

So to protect it in analogy to secret-key ciphers, we rather have to make that encoding already require extremely large amount of calculations. The problem is that this time these huge calculations cannot be just made while initialization like before, but has to be made for each block - it could be practically used only for extremely short messages, like the key for a secret-key cipher or a hash value.