Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Post-Quantum Asymmetric Key Exchange?

Posted by timothy on from the tin-can-no-string dept.

First time accepted submitter LeDopore writes "Quantum computers might be coming. I'd estimate that there's a 10% chance RSA will be useless within 20 years. Whatever the odds, some of the data we send over ssh and ssl today should remain private for a century, and we simply can't guarantee secrecy anymore using the algorithms with which we have become complacent. Are there any alternatives to RSA and ECC that are trustworthy and properly implemented? Why is everyone still happy with SSH and RSA with the specter of a quantum menace lurking just around the corner?"

8 of 262 comments (clear)

  1. Re:Fine. You find an asymmetric primitive by Anonymous Coward · · Score: 5, Informative

    ECC is AFAIK theoretically vulnerable (i.e. while there aren't KNOWN quantum gate implementations of ECC, there are no good reasons to think it is unfeasible).

    McEliece and the Lattice-based stuff are promising, they just hadn't be as inspected as RSA yet...

  2. Re:Vulnerable in 20 years by Waffle+Iron · · Score: 5, Insightful

    Well the person is an idiot. His estimation of 20 years is laughably naive.

    My response to this statement is a quantum superposition of two thoughts:

    A. I agree. A 20 year estimate is ludicrous. It's far too much time.

    B. I agree. A 20 year estimate is ridiculous. It's far too short.

  3. Re:Sky isn't falling by Fallingcow · · Score: 5, Funny

    I'm not so worried that someone is recording all of my SSH streams for future use in the hope that Quantum Computing becomes a reality and they can decode the stream and see that I typed "sudo service apache2 restart".

    Clearly you know more than you're letting on since that's the exact command I ran over SSH on my server an hour ago!

    I guess SSH is insecure after all, since you were able to break it so easily and post a line from my super secret command line session on Slashdot.

  4. Re:There's one uncrackable method by tom17 · · Score: 5, Funny

    It's one time pads, all the way down!

  5. probably by superwiz · · Score: 5, Insightful

    because most people estimate that the cost of putting a software of even hardware-based keylogger is cheaper today than quantum computing will be even when matures. ie, the powers that be, that need to keep tabs on you, already can keep tabs on you.

    --
    Any guest worker system is indistinguishable from indentured servitude.
  6. Re:Sky isn't falling by hawguy · · Score: 5, Insightful

    I don't think the attacker is so much interested in the "sudo service apache2 restart" command but rather the response to the password prompt immediately following...

    If he can break the RSA key exchange to get to the symmetric key encrypting my session, he can already log in as me, he doesn't need the password. But unless he gets his quantum computer within the next 90 days, I'll have already changed the password.

  7. Re:Fine. You find an asymmetric primitive by ewanm89 · · Score: 5, Informative

    Different sort of quantum computer, it can't do general computing or schors algorithm, it's more like a quantum calculator, relegated to very specific statistical calculations rather than generic 3 bit computing.

  8. Re:ECC is not voulerable by CuBr · · Score: 5, Informative

    There is no known attack on ECC using quantum computers.

    This should not have been modded up, because it is blatantly false. The security of ECC relies on the presumed hardness of the discrete logarithm problem (in elliptic curves over finite fields). But Shor's algorithm can solve the discrete logarithm problem in ANY finite group (assuming you have an efficient way of operating on the group elements).