I understand that the current state of the art suggests that factoring into primes is a difficult problem. I also understand that a large part of public key cryptography seems to be based on that supposition.
However, is there any proof that factoring into primes is a "difficult" problem? Can we mathematically prove that something is "difficult"?
Is current state of the art cryptography based solely on a conjecture?
- thanks to Ricky Demer for pointing out I should be writing factoring into primes rather than factoring of primes (whoops!!!)
No. $\:$ In fact, factoring of primes is very easy; just output one and the prime.
There's also no known proof that factoring into primes is a difficult problem,
and there is a known efficient quantum algorithm for that problem.
Yes. $\;\;\;\;$ Since $\:$ BPP $\subseteq$ P/poly $\subset$ PEXP $\:$, $\:$ the problem
"Given a probabilistic Turing machine M and a non-negative integer t, is the
probability that the M halts on the empty input within t steps greater than 1/2$\hspace{.02 in}$?"
is difficult for classical algorithms, even when they can take advice.
Since $\:$ BQP $\subseteq$ PP $\:$ and [the Time Hierarchy Theorem generalizes to show that $\:$ PP $\subset$ PEXP $\:$],
that problem is also difficult for quantum algorithms.
Since BQP/qpoly does not contain EESPACE, the problem
"Given a deterministic Turing machine M and a non-negative integer s,
does M halt on the empty input without using more than 2^s space?"
is difficult even for quantum algorithms that can take quantum advice.
No. $\:$ Shamir secret sharing is not based on any conjecture, and quantum key distribution is only based on the current understanding of quantum physics. $\:$ Even if Shamir secret sharing is not "current state of the art" and that understanding counts as "a conjecture", it would still be the case that "current state of the art cryptography" is based on conjecture$\hspace{.02 in}$**s**, rather than "a conjecture".