Ok, just wanted to point out some incorrect statements here.
A. You said 'The trick to QC is that there's an algorithm which can calculate exactly which bits were sniffed, so that a key can be composed of the remaining safe bits.' Not true. This sort of processing is called privacy amplification and it is used to compensate for inefficient quantum channels. Basically if you are not sending a single photon for each bit of your quantum key, there is a possibility that an eavesdropper could use a beam splitter to observe some of your key bits. To account for this you use privacy amplification to throw out a certain percentage of the bits in order to stimy an eavesdropper. With a 100% efficient system this would not be necessary.
B. You say 'QC can be done with photons, molecules in NMR, electrons, etc. Anything that can be reduced to an EPR pair (or alternately, a Hadamard gate) is a basis for QC.' This sentence makes no sense to me. You produce EPR pairs and you perform Hadamard gates on objects, I don't understand what you mean by 'reduced to'. Also an EPR pair and a Hadamard gate are not at all the same thing. Hadamard gates are used in quantum computing to initialize qubits to initial states that are perfectly juxtaposed between 0 and 1 states, but I do not see how this could be used for quantum cryptography. Also, using QC to describe this is ambiquous as you could mean either quantum computing or quantum cryptography. Better terms are Quantum Information Science (QIS) and Quantum Key Distribution (QKD).
C. Grover's algorithm can do a search in 0(log(n)) not 0(sqrt(n))
Good thoughts here, tho there is one thing I would like to point out. Data transfered over a quantum channel is not secure. It is only secure if the photon being sent is part of an EPR pair. If you just sent the message over the quantum channel it would be readable by a third party using methods that can be used on a conventional fiber optic line. And yes, the transfer rate on the quantum channel is currently very slow ( less than 10Mbs)
As far as Diffie-Hellman is concerned, there is a need for conventional cryptography in two sections. One is in the internal part of the sender and receiver's systems as you observed, the other is for the public conventional channel over which 'privacy amplification' information is passed to compensate for less-than-perfect efficiency over the quantum channel.
Actually if the quantum channel is 100% efficient there is no way to break the code as any act of eavesdropping will completely destroy the eavesdropped content and the eavesdropper will not be able to reproduce the lost content to send on to the receiver because she only has one half of an Einstein-Podolsky-Rosen pair, the other half of which is held by the transmitter.
It is true that there are only a few algorithms currently known that can take advantage of the exponential speedup offered by quantum computers (mostly in the realm of hidden subgroup problems, and there are several more than Schor's and Grover's now, but they are not currently of interest to anyone but number theorists).
To say that quantum computers would be slower than conventional computers at other operations is incorrect. That will depend much on the architecture that is eventually used and currently there is no consensus on that subject.
Slashdot Mirror
Ok, just wanted to point out some incorrect statements here.
A. You said 'The trick to QC is that there's an algorithm which can calculate exactly which bits were sniffed, so that a key can be composed of the remaining safe bits.' Not true. This sort of processing is called privacy amplification and it is used to compensate for inefficient quantum channels. Basically if you are not sending a single photon for each bit of your quantum key, there is a possibility that an eavesdropper could use a beam splitter to observe some of your key bits. To account for this you use privacy amplification to throw out a certain percentage of the bits in order to stimy an eavesdropper. With a 100% efficient system this would not be necessary.
B. You say 'QC can be done with photons, molecules in NMR, electrons, etc. Anything that can be reduced to an EPR pair (or alternately, a Hadamard gate) is a basis for QC.' This sentence makes no sense to me. You produce EPR pairs and you perform Hadamard gates on objects, I don't understand what you mean by 'reduced to'. Also an EPR pair and a Hadamard gate are not at all the same thing. Hadamard gates are used in quantum computing to initialize qubits to initial states that are perfectly juxtaposed between 0 and 1 states, but I do not see how this could be used for quantum cryptography. Also, using QC to describe this is ambiquous as you could mean either quantum computing or quantum cryptography. Better terms are Quantum Information Science (QIS) and Quantum Key Distribution (QKD).
C. Grover's algorithm can do a search in 0(log(n)) not 0(sqrt(n))
Good thoughts here, tho there is one thing I would like to point out. Data transfered over a quantum channel is not secure. It is only secure if the photon being sent is part of an EPR pair. If you just sent the message over the quantum channel it would be readable by a third party using methods that can be used on a conventional fiber optic line. And yes, the transfer rate on the quantum channel is currently very slow ( less than 10Mbs)
As far as Diffie-Hellman is concerned, there is a need for conventional cryptography in two sections. One is in the internal part of the sender and receiver's systems as you observed, the other is for the public conventional channel over which 'privacy amplification' information is passed to compensate for less-than-perfect efficiency over the quantum channel.
Actually if the quantum channel is 100% efficient there is no way to break the code as any act of eavesdropping will completely destroy the eavesdropped content and the eavesdropper will not be able to reproduce the lost content to send on to the receiver because she only has one half of an Einstein-Podolsky-Rosen pair, the other half of which is held by the transmitter.
It is true that there are only a few algorithms currently known that can take advantage of the exponential speedup offered by quantum computers (mostly in the realm of hidden subgroup problems, and there are several more than Schor's and Grover's now, but they are not currently of interest to anyone but number theorists).
To say that quantum computers would be slower than conventional computers at other operations is incorrect. That will depend much on the architecture that is eventually used and currently there is no consensus on that subject.