Such a public key cryptosystem would be "quantum safe" in the sense that quantum computers cannot efficiently solve QMA hard problems.
Asked
Active
Viewed 219 times
6
1 Answers
4
Please start by reading my answer here. I believe you've mistaken the requirements for post-quantum crypto. If you use a scheme which is QMA-hard, then that means either your problem is QMA-complete (in which case, you can decrypt the message using a quantum computer, but not with a classical computer unless NP=QMA), or not (in which case you cannot decrypt efficiently even on a quantum computer). What you typically want for post-quantum crypto is something for which the decryption (by the holder of the private key) can be performed efficiently on a classical computer.
There may be schemes out there which are designed to be run with quantum computers performing the (allowed) decryption, but I'm not aware of any, and they are not the main focus of research at the moment.
As I also described in the other answer, what you're more likely to be interested in is some form of typical case complexity. I suppose it's conceivable that cases with an NP-complete typical case complexity could have worst-case complexity that's QMA-hard.
DaftWullie
- 62,671
- 4
- 55
- 140