Cryptographers Brace For Quantum Revolution

Tokolosh writes: An article in Scientific American discusses the actions needed to address the looming advent of quantum computing and its ability to crack current encryption schemes. Interesting tidbits from the article: "'I'm genuinely worried we're not going to be ready in time,' says Michele Mosca, co-founder of the Institute for Quantum Computing (IQC) at the University of Waterloo..." and "Intelligence agencies have also taken notice. On August 11, the US National Security Agency (NSA) revealed its intention to transition to quantum-resistant protocols when it released security recommendations to its vendors and clients." Another concern is "intercept now, decrypt later", which presumably refers to the giant facility in Utah.In related news, an anonymous reader points out that the NSA has updated a page on its website, announcing plans to shift the encryption of government and military data from current cryptographic schemes to new ones that can resist an attack by quantum computers.

Re:quantum-resistant

[The+Real+Dr+John]

Somehow I doubt they are bracing. Maybe glancing sideways would be more appropriate.

Re:Quantum Encryption

[bobbied]

It would stand to reason that there will also come of this, quantum encryption which is not crackable by quantum computing.

Ying and Yang are restored.

Yes, but the problem is the "record now" and "decrypt later" concept. To be secure, you have to know how long the data you are passing can be expected to remain obscured. How long does it take to decrypt it by doing a brute force - try every possible key - approach? If the data you are protecting goes stale in a year, you need to be assured that a persistent attacker won't decrypt your transmission in that time. For a lot of data being passed around, the stale dates are like 30 years in the future, which is a serious problem.

If advances in quantum computing happen and we get the huge jump in processing power they expect, what's currently a brute force time of years can become days or hours. This makes the recorded stuff from 5 years ago very valuable to the spooks who can now decrypt it overnight. And scares the daylights out of the folks who need that data to stay obscured for 30 years.

So, yes, future stuff will be harder to brute force because the same advances in computing power that make brute forcing possible faster will make encryption faster too, but having a treasure trove of easy to decrypt stuff recorded is what is feared.

Re:Back in the 1950's ...

[slew]

The world didn't end in the 1950's and the world won't end now. Technology will grow, people will learn it, and we'll move on with the times. Nothing to see here.

FWIW, The world didn't end in 1962 in our version of the multiverse, but for the action of one man...
Sometimes we just get lucky...

Re:Time to go back

[thinkwaitfast]

Isn't single pad encryption still safe, though less convenient?

Re:Is a usable quantum machine possible?

> RSA factorization using today quantum registers is more than useless; The last year largest number processed was: 56,153. The quantum decoherence is faster when the number of particle increases; And to defeat the RSA some huge quantum registers are required. The only question: is a quantum machine that can process useful computing operation is even possible?

One of the cardinal rules of crypto: attacks always get better.

Re:Is a usable quantum machine possible?

[Bite+The+Pillow]

I assume you mean this

They have shown that the exact same room-temperature nuclear magnetic resonance (NMR) experiment used to factor 143 can actually factor an entire class of numbers, although this was not known until now. Because this computation, which is based on a minimization algorithm involving 4 qubits, does not require prior knowledge of the answer, it outperforms all implementations of Shor's algorithm to date, which do require prior knowledge of the answer. Expanding on this method, the researchers also theoretically show how the same minimization algorithm can be used to factor even larger numbers, such as 291,311, with only 6 qubits.

On top of this, in the same paper the researchers demonstrated the first quantum factorization of a "triprime," which is the product of three prime numbers. Here, the researchers used a 3-qubit factorization method to factor the triprime 175, which has the factors 5, 5, and 7.

The previous record was 143, and they did 56,153. And it works on *classes* of numbers, and moves into interesting new triprime territory.

That leads me to believe your comment is dildos. This technique vastly improves on previous methods, and the research is ongoing. Quantum computing is really just beginning (okay, maybe it's 20 years old, or 50), but the progress made in 2 years is quite remarkable.

I'm currently assuming that no existing hardware will be safe in 10 years. If I'm wrong, no harm done.

Re:Quantum Encryption

[bobbied]

It is my sincerest belief that any people who think that any data that is relevant today genuinely needs to stay obscured for 30 years have sticks up their asses that need to be removed as soon as possible in the best interests of themselves and everyone they should ever meet.

Then I think you are burying your head in the sand. I can see legitimate reasons where things will need to remain obscured for more than a lifetime, especially in specific cases where national security and defense secrets are involved. How old are the LGM-30 Minuteman missiles? The last one was purchased in 1970 or so, which makes them 40+ years old and I'm pretty sure you don't want to publish their specifications on the internet for all to see even now given we still depend on them for defense purposes..

Re:Clarification

Things like Elliptic curve Diffie Helman are secure.

Absolutely not. Elliptic curve cryptography is vulnerable to a modified version of Shor's algorithm: Wiki, arXiv.