we have reason to believe that such a quantum computer can probably
What are those reasons?
Quantum computers could as well be nonsensical bullshit funded since 40s years
There are a few QC skeptics with various arguments.
If you were the head of NIST (or the NSA), would you be willing to bet the entire security of your civilian and military communications infrastructure that these few skeptics are right? There were atomic bomb skeptics too, and it took Einstein to convince the US government to ignore them and move forward.
Seems silly to make such a high stakes bet against the scientific consensus, especially if classically computable algorithms that are both classically and quantum strong can be found and deployed and if doing so is not that expensive.
Reminds me of Asimov's saying (paraphrasing): "When a distinguished but elderly scientist says something is possible, they are probably right. When a distinguished but elderly scientist says it is not, there's a non-trivial chance they're wrong." In this case quite a few of distinguished elderly physicists are saying you probably can build a (useful non-toy) quantum computer. If history is any guide, they're much more likely to be right than wrong.
Edit: it's not a bad idea to develop new algorithms anyway just to have them around. We don't think the trap door functions behind current asymmetric crypto are classically reversible (in any practical amount of compute time), but there is no mathematical proof of this. It's a strong conjecture that's held up so far, but it's still a conjecture.
Yes, my heuristically rational denial of the possibility of useful quantum computing does not imply that we should not prepare even for the lowest risks, especially when they're an existential threat.
That being said I do not understand the need of this NIST competition.
I had the believe that current SHA256/512 is quantum proof.
Is that wrong? Why?
> That being said I do not understand the need of this NIST competition. I had the believe that current SHA256/512 is quantum proof. Is that wrong? Why?
SHA2, SHA3, and AES256 are all quantum proof, yes. This competition is about asymmetric cryptography though, it replaces non-quantum proof algorithms such as RSA, DSA, ECC, etc.
