you were right to leave it out - quantum cryptography and quantum computing have only the quantum in common. (i've published on quantum cryptography protocols)

Could you elaborate on this?

Classical encryption can be done on a classical computer.

Is it the case that (some) quantum encryption cannot be done on a quantum computer?

quantum cryptography isn't "encryption" in the sense that crypto algorithms are involved. the encryption part is just XOR with a random one-use string (the key). the hard part is distributing that key.

a better name is quantum key distribution. entangled photons are used to get the random data to both parties in a way that eavesdroppers would introduce error (because of something called quantum indeterminancy).

since no computation is involved, there's not a lot relation to quantum computing. wikipedia's got the details!

Disclaimer: I'm not quantum-anything researcher. But: Based on the description of how "quantum encryption" works, I prefer to call it "quantum intrusion detection". It allows you to verify that the channel is free of eavesdroppers and get a stream of random bits that are guaranteed to only be agreed upon by the two ends of the connection, which can then be used for any other purpose that a stream of random bits only known by two parties can be used for. Using it for a one-time pad is the easiest thing from a theoretical point of view, but you can use it to feed a conventional encryption algorithm, too.

The real key isn't the "random", which is easily obtained from a wide variety of other sources, including fully unpredictable ones like decay sources, nor is it the "encryption" which is merely one application (though easily the "killer app") of the system. The real key is the part where you can detect any intrusion into the connection.

(Obviously, you, enki, know this, well, unless I'm wrong. I'm just elaborating.)

hey, nice idea - but that's not how it works.

there's no intrusion detection - an attacker increases the error rate, and by the error rate we can calculate the maximum probabilistic information an attacker plausibly might have. i say can, because that number is actually pretty uninteresting, since it isn't intrusion detection - we just now there's something causing the error rate to go up - doesn't have to be an attacker. a higher error rate in practice just means we gotta throw more bits away both during error correction and during privacy amplification - which is kinda like packetloss on a classical channel.

at some point the error rate is too high for error correction with a positive yield (= more key lost in communication, than gained through said communication) - thus the scheme stops working.

my personal favorite name is 'quantum key growing', because that's essentially what happens - you turn an initial shared secret (= random key) into a longer random key. (and while you're continually doing this, you're using up part of the previous key to secure communication as you go along)

Is there some interesting characteristic of the channel that you're looking for, other than intruders, though? Merely detecting the error rate on a channel is uninteresting; conventional algorithms have nailed that problem to the wall. I'm not worried about exactly how it is done, I'm thinking about what it's good for; take away the ability to detect intruders, even if that's not the only thing it may be doing, and what's left?

Because it isn't a computation (in the 'transform data' or 'answer question' sense).

But it seems that quantum cryptography allows you to do more than what is possible with classical computing: namely, to detect someone listening in on your communication.

What is the relationship between quantum cryptography and quantum computing?