Quantum Computers Will Break the Encryption that Protects the Internet

An anonymous reader shares a report: Factorising numbers into their constituent primes may sound esoteric, but the one-way nature of the problem -- and of some other, closely related mathematical tasks -- is the foundation on which much modern encryption rests. Such encryption has plenty of uses. It defends state secrets, and the corporate sort. It protects financial flows and medical records. And it makes the $2trn e-commerce industry possible. Nobody, however, is certain that the foundation of all this is sound. Though mathematicians have found no quick way to solve the prime-factors problem, neither have they proved that there isn't one. In theory, any of the world's millions of professional or amateur mathematicians could have a stroke of inspiration tomorrow and publish a formula that unravels internet cryptography -- and most internet commerce with it.

In fact, something like this has already happened. In 1994 Peter Shor, a mathematician then working at Bell Laboratories, in America, came up with a quick and efficient way to find a number's prime factors. The only catch was that for large numbers his method -- dubbed Shor's algorithm -- needs a quantum computer to work. Quantum computers rely on the famous weirdness of quantum mechanics to perform certain sorts of calculation far faster than any conceivable classical machine. Their fundamental unit is the "qubit", a quantum analogue of the ones and zeros that classical machines manipulate. By exploiting the quantum-mechanical phenomena of superposition and entanglement, quantum computers can perform some forms of mathematics -- though only some -- far faster than any conceivable classical machine, no matter how beefy.

So what

So put other quantum computers to work finding even larger primes thus continuing the prime arms race that exists today

Re: So what

The trouble is that with the quantum algorithms finding the key becomes the same order of difficulty as deciding the message if you know the key. Before decryption was O(N) and cracking was O(2^N), so you can increase the key size until you get the right trade-off of ease of use and security. If they are the same order then there may not be a key size that has a reasonable ease of use and security trade-off.

That said, this generally only applies to RSA. If you're using elliptic curve cryptography it discrete logarithms then you are probably still safe (since we haven't yet figured out how to get qubits to perform analogous operations without collapsing).

Re: So what

[thechemic]

Agreed. The article is essentially the same rehash of, "tomorrow's computers will break today's encryption just like today's computers broke yesterday's encryption." Nothing to see here; we already know that tomorrow's encryption will be reinvented.

Re: So what

It's not "just like" at all. This is a fundamental change to information theory from classical to quantum. Symmetric encryption is still safe for 256bit keys. We may want to move to 512 at some point, but no hurry. 128bit effective strength is all we need, but quantum cuts symmetric strength by the square root and the log of current popular asymmetric.

Re: So what

Yes and no. It pretty much is "just like", only the attack vector is shifting and it's becoming closer to reality that it'll actually happen. This whole thing is kind of old hat. We've known quantum computers would destroy any algos based on prime factorization since the 1970s. Quantum resistant algos were even created back then but they were too computationally intensive for the computers of that era.

https://en.wikipedia.org/wiki/McEliece_cryptosystem for example

Re: So what

Wrong. There are also efficient quantum algorithms to compute discrete logs and elliptic curve discrete logs (which is generally what elliptic curve cryptography is based on). Lattice based crypto and symmetric key systems might well be safe, but quantum computers basically break all commonly used public key cryptography protocols.

Re: So what

No, that's *not* true for RSA, or asymmetric crypto in general. QC brings cryptographic hash attacks and symmetric key algorithms down from O(N) to O(sqrt(N)) but it brings (many) asymmetric crypto algorithms from O(N), or technically L[a, ...] for a strictly positive a, to O(polylog(N)), often linear.

Re: So what

No. You can trivially find out the discrete logarithm given the factorization. For most semiprimes n=pq, the discrete log will be one of the divisors of (p-1)(q-1).

So what?

[forkfail]

If you're not guilty, you have nothing to hide.

And unbreakable encryption only serves the Bad Guys (tm).

Or so we're told...

Re:So what?

[mark-t]

If you're not guilty, you have nothing to hide.

And yet absolutely every person I've ever heard make this statement was fully clothed when they made it.

People have things to hide not because there is anything wrong with them, but because they are private. Full stop.

Re:So what?

[mwvdlee]

Governments encrypt everything, so they would know best.

Re: So what?

You do realize that there are practical reasons for wearing clothes, right?

Re:So what?

Microwave scanners in airports see through clothes. Society (as a whole) has given up privacy in that context in the name of security.

Re: So what?

Most things can be stored in your colon. Pockets are overrated.

Re:So what?

[cascadingstylesheet]

If you're not guilty, you have nothing to hide.

And yet absolutely every person I've ever heard make this statement was fully clothed when they made it.

People have things to hide not because there is anything wrong with them, but because they are private. Full stop.

Bad metaphor dude ... Slashdot has taught me that that anti-nudity thing is just an American hangup, from our bad old puritan days

Re:So what?

Ok, let's try this:

"If you're not guilty, you have nothing to hide."

"So you poop with the door open?"

Re:So what?

[Rick+Schumann]

The people who actually push that agenda also think the old saying about 'people in glass houses' is about the future of civilization, not a warning about being hypocritical. When it comes right down to it, they want to be able to break our (the common citizens) encryption -- but they (The Rich, and The Powerful) want their own unbreakable encryption. After all we're all criminals so far as they're concerned -- we just haven't been caught, tried, and incarcerated yet.

Of course what they refuse to acknowledge is that like the RIAA/MPAA (and similar), trying to stamp out 'piracy', they're playing an endless game of Whack-a-Mole; maybe they can create computers that will break even the strongest current version of encryption in no time at all, but someone else will come up with a new way to encrypt things, or otherwise protect data, that even a so-called quantum computer won't be able to crack. Then I suppose they'll just go back to dragging people behind closed doors and beating them until they give up whatever information they want them to give up -- until someone creates yet another machine to crack the new encryption; then the cycle repeats. Power-hungry and control-freak types will, sadly, always exist, at least until (if?) we evolve past it. Until then we'll have to endure these endless cycles.

Re:So what?

[Rick+Schumann]

People have things to hide not because there is anything wrong with them, but because they are private. Full stop.

What basic psychology I ever learned said precisely this, that it's normal, natural, and healthy for people to want privacy, and to 'share' when it's their choice. This is a fact despite what so-called 'social media' corporations have been trying to indoctrinate people with over the last 20 years or so.

Re:So what?

[Rick+Schumann]

Sure. And as I said above, they want total access to all our stuff without delay of any kind, yet they can keep hidden whatever they want. Are we sure we have 'freedom'?

Re: So what?

[cordovaCon83]

You do realize there are practical reasons for encrypting your data, right?

Re: So what?

[Your.Master]

You do realize that's not a parallel, right?

The reasons to encrypt your data are all about information hiding and non-repudiation. The reasons to wear clothing include that, and temperature modulation, shelter from elements, carrying capacity upgrades, and sanitation. And on a less practical level, self-expression (you could argue encryption as self-expression, but that's usually cyphers that humans can decode).

The analogy is just a terrible one. We already know why "if you're not guilty, you have nothing to hide" is a troublesome statement and it's not really similar to why people wear clothing.

Re:So what?

[Your.Master]

Is the only reason that you poop with the door closed is to hide your poop?

Really?

Here's the difference: with poop, 99.99% of the time you don't actually care if somebody *wants* to deal with your poo, you just know that they almost certainly don't.

With encryption, you do care if somebody wants to deal with your contents, even though in most cases they probably don't.

It's completely different. Why don't we use normal analogies? The surprise you intend to keep for a loved one until their birthday?

Re: So what?

I poop out in public, on the streets. That has nothing to do with encryption or quantum computing though, just the fact that i live in San Francisco

Re: So what?

[mark-t]

Oh, it's very similar.... the fact that there are so-called practical reasons for wearing clothing that have nothing to do with privacy is irrelevant, because it is still the single most overpowering reason... so much so that we even have actual laws that govern what levels of clothing are considered "decent".

Re:So what?

They are winning though:

o The latest consoles have been out for years, and there has not been a single successful break, or even insight into their architecture.

o Blu-Ray is still uncracked.

o Satellite radio and TV is well locked down. No magic cards anymore.

o EME has not been cracked, and that is in virtually every web browser out there.

o Valve's VAC has not been cracked.

o Apple's DRM for movies and eBooks has yet to be cracked.

Sorry, but the pirates are losing.

Re: So what?

[cordovaCon83]

There certainly are parallels between the two. There are some things that we don't want people to see or touch without permission, ethical and moral implications aside. If things were exactly alike then we wouldn't use an analogy to compare them.

Re:So what?

Yet there's hardly any shortage of things to download, are there? I think most of the things you're citing there are either not cracked because nobody cares enough to or can get the content in other ways, or you're just not plugged in enough to know if they're cracked. After all it's not like crackers make press releases to the news services when they succeed in breaking into things, now do they?

Re: So what?

In Cali? You should be able to get PPPOE service. Pee poo puke over ethernet.

Re:So what?

[liquid_schwartz]

What basic psychology I ever learned said precisely this...

Basic psychology is also clear that men want one style of job and women another, but that won't stop the tirade of 'tech hates women' and 'diversity'.

Re: So what?

Yeah pirates do...they have a site called crackwatch.

And PS4s can be exploited over LAN and have files dropped.

And bluray is just a cat and mouse game. All the old keys are out. Not to mention you could just use a cheap gamer DVR that ignores HDCP...

Nobody wants satellite anything so it's no surprise that scene died. It was already dying in the 90's.

Cable descramblers no longer needed, just MAC spoof a technician's box.

Re:So what?

So you poop with the door open?

Not everyone can afford a door.

- Pajeet

Re:So what?

[Rick+Schumann]

Basic psychology is also clear that men want one style of job and women another

Okay, I'll bite: post links to credible, academic and/or science-based studies, preferably peer-reviewed, that back that statement up.

Re:So what?

That's like saying you don't care about free speech just because you have nothing to say.

Re:So what?

If yoU know the location of the tiger in the jungle, but your adversaries do not know, then your right to 'privacy' is based on the principle of 'the right to survive' ...
Is there any counter argument?

Re:So what?

If the innocent had nothing to hide, we wouldn't require them to wear clothes.

Re: So what?

[piojo]

Have you never been hot and realized you would be more comfortable without a shirt, but couldn't take it off due to the setting? The analogy fits, but it is confusing due to the other reasons for clothing which are not about privacy or modesty.

Re:So what?

[mark-t]

That's not supported by basic psychology, that is supported by anecdotal evidence.

Re:So what?

[mark-t]

Nobody has any "right" to privacy beyond the fact that they might want it, and one may have the delusion that anything that a person wants is something that they somehow also have a right to have.

My point, above, is only that people who have not necessarily done anything wrong still desire privacy, and it is simply a matter of being humanely decent to eachother that compels every one of us to respect it. Man-made laws in excess of this which impose restrictions on what people are allowed to do which might interfere with someone else's privacy are a nice-to-have, but again, only in that privacy is something that is generally desirable in the first place.

Re: So what?

Sure, but when the state decides to inspect you they'll do it in a climate controlled building, so you have no excuses for not stripping down whenever asked, for any reason.

Re:So what?

Statistics aren't anecdotes. It's empirical evidence. Across history and cultures, men and women tend to segregate their activities based on physical capability and biological impulse.

Re:So what?

So the one good thing is maybe the government will invest in quantum computing research

No, they will not

[gweihir]

First, even if QCs ever work for reasonably sized problems, it will take a long, long time for them to get there. If the last 30 years are any indication, they scale decidedly sub-linear with time. And second, nobody knows whether they scale at all or are limited to low qbit numbers.

Any panic over this is a few decades premature.

Re:No, they will not

Also, we will have poisoned ourselves with micro plastics way before this is an issue.

Re:No, they will not

Take the QC progress that's known about publicly, then multiply it by 5-10x. That's roughly it's progress in the classified world. If you're not concerned yet, you likely should be.

Re:No, they will not

[NicknameUnavailable]

First, even if QCs ever work for reasonably sized problems, it will take a long, long time for them to get there.

TIL 5 years is a long time.

Re:No, they will not

[gweihir]

I should be concerned over a QC that can factor 100 bit numbers? My RSA key is 2048 bit. No reason for concern at all.

Re:No, they will not

And you know this how? Oh, right, you're making it up. Gotcha.

Re: No, they will not

[jd]

https://www.google.co.uk/amp/s...

IBM begs to differ. And IBM doesn't beg very often.

Re:No, they will not

[Minupla]

There are classes of secrets for which "decades" is a reasonable threat model. Communications can be an example. If I'm recording everything you send NOW, are you sure there's nothing in there that won't be a problem for you in 20, 30 years? Consider some person is going to be present of the US in 20, 30 years.

If you're on the Nation State side of this, recording everything you can and decrypting later is a totally legitimate strategy, as SOMEONE will be the leader of $otherCountry then, and having all their emails ever is going to be valuable, even if only for putting together a psychological profile.

So people who work for companies whose job it is to protect your information SHOULD be looking ahead. I know I'm writing policy documents with words like "Quantium Horizon" in them and looking at up and coming post-quantum algorithms. You're welcome :).

Min

PS: https://csrc.nist.gov/projects...

Re:No, they will not

[mark-t]

Not sure if you were being sarcastic. You may be concerned, however, that the 2048 bit value is not even two full orders of magnitude harder for a QC to factor than a 100 bit number, compared to over 500 orders of magnitude for a conventional alogorithm.

Re:No, they will not

First, even if QCs ever work for reasonably sized problems, it will take a long, long time for them to get there. If the last 30 years are any indication, they scale decidedly sub-linear with time. And second, nobody knows whether they scale at all or are limited to low qbit numbers.

Any panic over this is a few decades premature.

This statement brought to you by the NSA and CIA.

Quantum computing has a couple large hurdles to pass. It's like you're comparing it to computers in a pre-transistor era. Or dark age feudal societies. Or ancient human hunter-gatherer tribes.
History has shown many times over that often there are a particular but limited set of challenges to face before a new concept can spread, but once it does it takes off. I fully expect quantum computing, once it reaches feasibility, to grow like how classical computers did.

Re: No, they will not

[gtall]

Well, you haven't been reading their financial statements then.

Re: No, they will not

Lol you are as funny as you are clueless.

Trolling?

2048 bit is laughable to those in the know. Also adjust the number of rounds if you truly care.

Re:No, they will not

[ceoyoyo]

That's probably not true. Quantum computers are more difficult to make the more qubits you need to stick together. In a conventional computer the "difficulty" of a computation is dominated by the number of operations. In a quantum computer it tends to be dominated by the number of qubits that are required.

Re:No, they will not

[jaymemaurice]

Consider some person is going to be present of the US in 20, 30 years.

Decryption: The inaugural unwrapping of the new US present.

Re:No, they will not

Shor's algorithm doesn't merely scale linearly with bit count. Also there is scant evidence that progress in QC is happening at the exponential pace that moore's law did.
Are you, mark-t, personally concerned? Have you taken steps recently in your PKI to anticipate quantum supremacy? If not now, when?

Re:No, they will not

[mark-t]

In a quantum computer [difficulty] tends to be dominated by the number of qubits that are required.

True, but it's still a fixed cost for any given quantum computer and amortizes over a large number of operations that can be done by that computer.

Quantum computers are more difficult to make the more qubits you need to stick together

And I'd suggest that this principle is only true today, while there are actual real inviolable reasons why factoring large numbers is hard for any conventional computer (unless P=NP can be proven), there are no such theoretical barriers on how difficult quantum computers are inherently hard to make.

Re:No, they will not

[ceoyoyo]

"And I'd suggest that this principle is only true today"

Unlikely. It's fairly easy to make a qubit. It's fairly easy, but not trivial, to put a bunch of them on a chip. It's hard to put a bunch of them on a chip, have them highly coupled, and have them maintain coherence long enough to do something useful. And it gets harder rapidly the more you want to have, due to real physical limitations.

Re: No, they will not

Nothing in the article contradicts what the post you replied to says. Nothing at all. It is a theory about quantum computers. Nothing about actually building one.

Re: No, they will not

We have no proof that factoring is hard (for classical computers) even under the assumption that P!=NP. Factoring is not NP complete.

Re: No, they will not

I think this point of view misses some things. Panic is meritted today if u are using assymetric key agreement to protect what shpuld be long term secrets (e.g. as in almost all implementations of forward secrecy). Traffic recorded today will become decryptable once powerful enough QCs are built. Panic then will be too late.

Also in the last 2-3 years the number of coherrent qubits for general purpose QCs has started to grow more rapidly. My guess would be that breaking 2048 bit RSA is closer to 2 decades away than 3.

Re:No, they will not

Being a septuagenarian, I could not care less ...
but...
being a shaper of the future of future generations, I could not care more ....

tkjtkj

Re:No, they will not

[gweihir]

Indeed. This tech has scaled sub-linear for 4 decades now. It is very likely it will only get worse at larger sizes. It may well hit a wall at sizes far below what is needed to threaten modern encryption and it will certainly not get there anytime soon. These are not classical computing scaling factors were you got a factor of 16 in just 8 years for a long time.

Re: No, they will not

[gweihir]

So? If it is high-order polynomial, things stay secure. You can do public-key crypto with, say , effort n in in one direction and n^4 in the other. Requiring NP is just convenient and if you can get it, go for it. But it is not required at all.

Re: No, they will not

[gweihir]

And you just outed yourself as utterly clueless. There are no "rounds" in RSA. You are thinking of a Feistel-construction or the like, which is something completely different. Incidentally, I am in the know but you would not even understand what that means.

Re: No, they will not

[gweihir]

IBM is desperate for relevancy these days. They are on their knees.

Re:No, they will not

[gweihir]

You have no clue what you are talking about. Due to fundamental physical limitations, QCs will never scale the way digital computers did for a long time.

Re: No, they will not

To be clear: we have no interesting lowerbound *at all* for factoring. Not Np completness. Not n^4. Not even n^1.1 for that matter. all we really have is a failure to produce good factoring algorithms up till now as far as the public knows.

while basing security on n^4 instead of what wr do in practice which is more like 2^n might work in some cases (maybe?) but even then it would make things way way more in efficient in every metric for the good guys. hardly ideal...

fud

New Headline: Quantum computers will create new protection to protect the internet.

Re: fud

while vaguely true that's not helpful unless two things wrre to happen:

A) we all (not just attackers) are equipped with QCs and

B) our networks become capable of long distance routing of qubits.

Fortunately classic post quantum crypto is a far more realistic and readily available defence against quantum computers that require neother.

And Schrodinger's cat is dead

Slashvertisement?

Second article this year Iâ(TM)ve seen about

https://www.forbes.com/sites/forbestechcouncil/2018/04/18/worse-than-y2k-quantum-computing-and-the-end-of-privacy/

This is worse than y2k

Oh No!!!

Will this break all the foundational DRM on which all our good stuff depends?!?!?

Fusion power vs Quantum computing

Quantum computing is a good way to fleece investors, but that is about it.

Re: Fusion power vs Quantum computing

QC holds big promisses for some optimization problems, quantum chemsitry and material science long before breaking modern assymetric crypto is possible. those are far more realistic applications in the nearer future. (Just less talked about is all.) There's a reason Intel, Google, IBM and others are spending millions (if not billions) *of their own money* on this tech. amd its not breaking crypto.

More like...

Olds for nerds

No it will not

The encryption is ALREADY broken, we don't have to wait for quantum machines to get there

Additionally speed is not the ONLY factor in security/encryption. complexity is also a key factor, but if people would get rid of ridiculous ideas like "public CA's" and force everyone to perform private and variable key exchanges provided by the site itself on first visit we can rapidly increase security. [this is just one simplified example and to save time not a complete answer, so don't get your undies in a wad]

As long as you require an encryption system that relies on a 3rd party institution as part of its key exchange it will never be secure, Quantum hacking or not.

Real security is hard and requires some inconveniences.

Re: No it will not

[jd]

Nobody has broken RSA.

Re: No it will not

[mark-t]

RSA can be broken by solving the discrete logarithm problem, which QC's are also very good at... As long as the size of the quantum computer can scale linearly with the size of the key, it can still be efficiently solved with a quantum computer.

Re:No it will not

What if the first visit was already compromised? Either you have to trust a 3rd party or you trust yourself. And "yourself" is a relative term where most people will just click "yes". You're advocating zero security.

Quantum proof algorithm?

[Camembert]

I seem to remember having read about a recent cryptographic algorithm that could withstand a quantum computer. Anyone remembers more detail?

Re:Quantum proof algorithm?

[feedayeen]

Many of our existing algorithms, AES, ECDH, and others scale to the 2^(N-K) for N bits used in their keys with classical computers in terms of the operations to break them and that K is very small compared to the 64, 128, or 256-bits. Some of the proposed quantum attacks reduce these states by about the square root causing it to become 2^(N/2) operations. 2^32 states isn't that many for a classical computer to evaluate so 64-bit keys could reasonably break. 256-bit keys are reduced to 2^128 operations which is likely still 'age of the universe' even with these updates.

The practical costo of using these larger keys is slightly slower key generation and encryption calculations. Aes takes about 1.4 times as long for doubling of the key size for instance so between these factors, the existing encryption methods are scaling a lot better against advances in quantum computers but we likely will want to update our minimum acceptable standards.

Re:Quantum proof algorithm?

[JMZero]

Lots of cryptographic algorithms are fine, or may just need longer codes. The hardest ones to replace are public-keys, where I think the front runners are lattice or error correction based (see NTRU and McEliece).

The other possibility is public key encryption dies, and we have to build some wacky network of symmetric encryption trust rings or something.

Re:Quantum proof algorithm?

[rajkiran_g]

There are several:
https://en.wikipedia.org/wiki/...

Re:Quantum proof algorithm?

Syemtric keys are 2^(N/2). Current asymmetric keys can be broken in the same number of operations as it is to encrypt, effectively being realtime.

No worries

https://csrc.nist.gov/Projects/Post-Quantum-Cryptography

Don't panic, citizen.

Re: No worries

[jd]

https://www.safecrypto.eu/pqcl...

So use elliptical curve cryptography.

AFAIK elliptical curve cryptography isn't as vulnerable to Quantum Computing as number factoring. Symmetric algorithms only need to double the key length from say 128 bits to 256 bits to gain the same level of protection, since a Quantum Computer only reduces the key space by the sqrt(2).

Also, we're still a LONG way away from having a quantum computer than can even factor very short prime numbers of say 4 digits, something you can do by hand. RSA relies on numbers that are hundreds of digits long.

So don't hold your breath about quantum computers that can solve these problems. We'll get their eventually, but it'll likely be decades before we do.

Re:So use elliptical curve cryptography.

EC crypto is even worse than RSA when it comes to security and quantum computing.

Sounds like an ad for

[bobstreo]

the company offering quantum encryption.

If QC is the latest, greatest thing that is coming "Real Soon Now" you should ignore botnets with hundreds of thousands of systems, which exist now.

On the other hand, QC may make mining bitcoins much more economical.

Re:Sounds like an ad for

[religionofpeas]

Bitcoin mining involves doing SHA256 hashes, that's not something you can do faster with a quantum computer.

Re:Sounds like an ad for

[phishybongwaters]

sure, if you don't have the slightest clue what quantum computing actually is. That botnet can theoretically hash out stuff yes, but you aren't pooling that processing power, you are distributing it which causes it's own bottlenecks and headaches. A quantum computer (they DO exist) can hash out faster than any of those combined. As well, through entanglement, the actual communication takes place over nothing, and is instant. So, i mean while we can say QC may help break our current encryption, the technology that QC can eventually provide us will literally remove the need for encryption. Unless you are at point A or point B, there's nothing to encrypt, listen to or steal. Spooky action at a distance is a real thing and it's spooky as fuck but potentially will change our entire techno-ecosphere for the better.

Re:Sounds like an ad for

[kamakazi]

-On the other hand, QC may make mining bitcoins much more economical.-

Isn't the expense of mining the only intrinsic value bitcoin has? If mining cryptocurrencies is economical then inflation in those currencies will make them valuless.

Re:Sounds like an ad for

[JMZero]

If Bitcoins suddenly became easier to mine, they'd just have to increase difficulty. It's not like there's a static amount of work to be done, and this will do it faster (which is good, as otherwise Bitcoins would rapidly lose value as computing improved). If they couldn't adjust the difficulty enough to compensate, the system would need major change.

But it would likely actually collapse for a different reason: QC could make spending other people's Bitcoins very easy - and thus make all of them worthless.

Re:Sounds like an ad for

FTFY: SHA256 hashing is not something that has a published quantum acceleration. Very different than "not something you can do faster with a quantum computer."

Re:Sounds like an ad for

[WaffleMonster]

sure, if you don't have the slightest clue what quantum computing actually is.

All it does is search a space of all possible states at once. Each real qubit added doubles the search space (power) of your computer.

QC is great for some problems that can be expressed as search problems. It doesn't do much otherwise.

That botnet can theoretically hash out stuff yes, but you aren't pooling that processing power, you are distributing it which causes it's own bottlenecks and headaches.

A quantum computer (they DO exist) can hash out faster than any of those combined.

Even if you assume RSA smashing quantum computers exist there is still no evidence they could put much of a dent in 'hashing out'.

the technology that QC can eventually provide us will literally remove the need for encryption. Unless you are at point A or point B, there's nothing to encrypt, listen to or steal. Spooky action at a distance is a real thing and it's spooky as fuck but potentially will change our entire techno-ecosphere for the better.

"spooky action at a distance" decides outcomes rather than conducts information. It can't be used to conduct information.

Problem with quantum encryption schemes is point A and point B are not mprotect()'d by god who infallibly only allows intended parties to communicate. You still have to bind the quantum channel while leveraging it for keying to prove integrity of the quantum channel. This requires classical communication and encryption algorithms. So while quantum crypto does provide a useful service it is still only as good as the algorithms and enabling guarded secrets. It isn't infinitely secure or infallible by any means.

Re:Sounds like an ad for

[religionofpeas]

No, it's the other way around. The value of bitcoin determines how much effort people will put in mining.

The word "intrinsic" is misleading. Nothing has intrinsic value. Value always depends on context.

Re:Sounds like an ad for

[istartedi]

No, BTC's value proposition is in the hard-limited number of coins and in the ability to verify ownership via the blockchain. Also, like any other currency its value is in the collective actions of those who support it.

Re:Second article this year Iâ(TM)ve seen abo

[nitehawk214]

https://www.forbes.com/sites/forbestechcouncil/2018/04/18/worse-than-y2k-quantum-computing-and-the-end-of-privacy/

This is worse than y2k

If it is 10x worse than y2k, then it will still be no problem at all.

Yeah but....

...can they do it far faster than any conceivable classical machine?

Re: Yeah but....

[jd]

No, because you can conceive of a very large scale parallel computer, such as the one the EFF built.

Quantum attacks are parallel attacks, so a large enough parallel computer can mimic them.

This again...?

[SCVonSteroids]

How often can we rehash the same thing?
We've been saying this for how long now?

Re: This again...?

[jd]

Hashes must repeat, limited outputs. if

And if...

[TheDarkMaster]

...your encryption method does not use prime numbers to work?

SETEC ASTRONOMY

Nobody will post a more apt comment than my title alone.

Re:SETEC ASTRONOMY

[rogoshen1]

utterly amazing how well that movie aged, isn't it?

FUD FUD FUD

There is nothing to worry about.

SIDH in Go for quantum-resistant TLS 1.3

It's the crappy mega corporations that we cannot necessarily trust with our security but even stinking Google has stepped up!

TSL is already moving to quantum algorithms. Microsoft have developed a version of Open VPN that is also quantum resistant.

public-key only?

Isn't this only an issue with public-key encryption? So RSA key exchange, etc?

Re:Second article this year Iâ(TM)ve seen abo

Really? A problem that required billions of dollars and millions of man-hours to fix worldwide wasn't a big deal?

That breaks RSA

[jd]

Which has been on the decline on the Internet for a while. Factorising large numbers won't help with elliptic curve, Rijndael or any other post-quantum crypto.

For the latest:

https://www.safecrypto.eu/pqcl...

Quantum Theranos

In another decade all the idiotic VCs will be wondering how they got taken again...

Phishing scams break the internet

[edi_guy]

Really...people are still worried about the front door attacks? Not too long ago, my employer w/ >10,000 employees hired a company to send out fake phish emails to see who would take the bait and click. Over 15% of the people clicked on the bogus link. Extrapolating, would indicate that there are 1,500 times from one single email, that a bad guy could pwn our Fortune 500 company. Probably already does.

Hell, we even see news items that the NSA contractors are USB'ing data around, dropping passwords, and using their hotmail accounts at work etc. Front door breaks are for academics, interesting mathematically, but not useful day to day.

Re:Phishing scams break the internet

[ole_timer]

yep, there's enough people that continue to fall for phishes that it's profitable for ransomware crooks and spies to keep sending them.

Re:Phishing scams break the internet

Front door breaks are for academics, interesting mathematically, but not useful day to day.

If you really think that, turn off all your https encryption and see if you have a problem.

Before https was common, pilfering authentication credentials from people on wifi connections was common. In the days before ssh, sniffing telnet connections for passwords was incredibly easy and common.

The TJ Maxx hack that leaked many CCs was the result of them using WEP security:
https://www.zdnet.com/article/wi-fi-hack-caused-tk-maxx-security-breach/

Breaking encryption isn't just an academic exercise, it's quite real. The real question is about the feasibility of it within the next few years, not the impact.

The Economist "predicts" what everyone believes

[iMadeGhostzilla]

There is no other value to their analyses. Their track record shows that. The magazine is a nicely packaged nothing.

Quantum safe is a NSA conspiracy

[WaffleMonster]

Always prudent to make sure security stacks are sufficiently configurable to enable rapid phase out of broken technology as it becomes necessary. It's great to work on quantum safe key exchange and new ciphers just in case.

What is foolish and wasteful is switching to something else from a position of fear of what can't be ruled out when no affirmative evidence to support such fears exists. At that point you are no better off hiring keyboard mashing monkeys to set policy.

Already been done

[smooth+wombat]

could have a stroke of inspiration tomorrow and publish a formula that unravels internet cryptography

They made a movie about it. The problem is the "deep state" has hidden it from the public, just like they've hidden those aliens who helped us in World War II.

How is quantum-resistant crypto research going?

[presidenteloco]

In general. parent is saying ECC is still probably safe, but can anyone reference or summarize other work in this?
I know Vitalik Butarin was concerned about it and investigating, a few years ago, because apart from existing e-commerce and secure surfing etc this, quantum computer cryptanalysis would also destroy all existing blockchain implementations and cryptocurrencies.

Re:How is quantum-resistant crypto research going?

[lgw]

In general. parent is saying ECC is still probably safe

The problem with ECC is the damn NSA. Fifteen or so years ago the NSA strongly endorsed moving to ECC to get ahead of the risk of quantum computing. Sadly, the specifics they suggested were poison: what the proposed was weak in a way the NSA knew about, but they hoped no one else would ever figure out. There's a lingering distrust for ECC as a result, perhaps unfairly.

And there's no good reason to choose ECC for "post-quantum" crypto when there are good alternatives

Re:How is quantum-resistant crypto research going?

ECC isn't new. If you used NeXTStep 3.0, it had Fast Elliptic Encryption for its E-mail, which did a better job than PGP. To boot, this was way back in the early 1990s. It is just that people don't care about crypto or security unless there are dollar/Euro/yuan signs attached.

Re:How is quantum-resistant crypto research going?

[Dragonslicer]

... quantum computer cryptanalysis would also destroy all existing blockchain implementations and cryptocurrencies.

I fail to see the problem.

Re:How is quantum-resistant crypto research going?

ECC is not post-quantum, it relies on the discrete log problem for which there are good QC algorithms.

Re:How is quantum-resistant crypto research going?

Hash based cryptography is safe from quantum computing as it only relies on the existence of one-way functions and any one way function can be substituted in. It is not as convienient as RSA by a long shot as each key is only valid for a finite number of messages, but still would work. https://en.wikipedia.org/wiki/Hash-based_cryptography

Re:How is quantum-resistant crypto research going?

[lgw]

ECC is not post-quantum, it relies on the discrete log problem for which there are good QC algorithms.

https://en.wikipedia.org/wiki/...

Check it out. Supersingular isogeny Diffieâ"Hellman key exchange uses ECC operatins, but is post-quantum and not patented.

Only broken for a while

[HeckRuler]

Encryption is a force multiplier.

1) They'll make fast computers that are so cheap that everyone can use them (or time-share them or whatever), and therefore be resistant to quantum-computer-speed brute-force.

2) They'll make fast computers that are so expensive only the the most powerful can crack encryption, and only selectively at that. But it's probably easier for the CIA and NSA to get around encryption other ways. I just kind of assume that they've got their fingers into most everything.

3) Something in between.

We live in a magical age where the poorest of poor can utilize services (that are so cheap they're free) which the most powerful of the powerful cannot thwart. They are secure in their person and papers. Despite a warrant. And that really rankles the powerful. They're typically not big fans of not having power over people. If they make a fundamentally faster computer, it'll crack the encryption of today. But it WON'T crack the encryption of tomorrow, because they'll simply use the faster computing technology. (or from factoring to ellipse curves). The transition period is where cyberpunk novels are written.

Ok NPC!

whatever you say

Ah yes the old progress is linear trope

[presidenteloco]

Technological progress is definitely not linear in general.
It builds on itself and thus sometimes has a geometric or exponential progress.
Often times, advances in multiple areas can combine to make a new revolutionary solution that was impractical before.
e.g. Theoretical advances + materials research can lead to practical quantum computing, or maybe high temperature superconductivity etc,
which then can be a foundation for a whole new layer of practical revolutionary and unpredicted technologies.
It tends to have breakthroughs, tipping points etc, in other words, punctuated equilibrium.

So don't count on progress in quantum computing staying slow and incremental.

Re:Ah yes the old progress is linear trope

[gweihir]

Quantum computing has failed to perform for something like 40 years now. Any other technology this abysmally bad has just been scrapped. But somehow there are a lot of really clueless people that think this is magic and will suddenly scale and whatnot. There is absolutely no indication for that and a ton of indications to the contrary.

Re:Ah yes the old progress is linear trope

[Entrope]

Nuclear fusion?

Re:Ah yes the old progress is linear trope

[shoor]

My own favorite example of start and stop progress is aeronautics. As a kid, I remember seeing a Twilight Zone episode in which a World War I fighter pilot flew his plane into a cloud and came out in the present (which at the time the episode was made was the late 50s or maybe early 60s). So there was this scene of a World War I Biplane fighter taxing past Boeing B-52 stratofrotresses and other aircraft representing 30-40 years of progress in aviation, and the contrast was stark and amazing to my youthful mind. The pilot was an Englishman who thought he was still in World War I and commented to the first Americans he saw that he didn't realize we Americans were so advanced., That was circa 1960. Go forward 50-60 years and we're still flying B-52s. According to the wikipedia, they're expected to see use into 2050. What happened to all the initial progress in aviation tech?

Re:Ah yes the old progress is linear trope

[alexgieg]

Any other technology this abysmally bad has just been scrapped.

Low hanging fruits. We first developed the easy technologies, in which the S curve had a short slow R&D start, then a relatively steep exponential growth curve, and a slowly developing plateau. Alongside that we stumbled upon classic computation, which had (emphasis on had) the most insanely steep exponential growth of all technologies developed before and probably will never be matched again. That one has now matured and plateaued too. So now we're entering the realm of hard to develop technologies that might have a very, VERY long initial R&D curve, followed by a slightly exponential, perhaps even linear, growth curve, followed by a long, looong plateauing.

So, the choices are:

a) Don't even try. Keep going for the few remaining low hanging fruits and then stop and keep forever iterating and gold plating over what has already been done.

b) Accept the R&D phase is now going to take decades, maybe even centuries, before turning into anything resembling a growth curve. Adjust societal investments according to the new reality.

I prefer "b". Bring on the multi-generational efforts with risk of ending up empty handed after 100, 500 or 10,000 years of effort. It's best to do that in hope science and technology will keep advancing than to shrug and let it go.

Re:Ah yes the old progress is linear trope

[presidenteloco]

Well you may be right of course since we don't really have it yet.
Risk analysis (for cryptographically protected data and communications) would say:
risk (real soon) = Medium or High because = probability=low x impact=ginormous (for now).

Also, I can see a group of natural philosophers sitting around 600 years ago in a drinking establishment (I drink therefore I am) listening to someone in a wooden armchair griping "You people have been yammering on about figuring out how things work for 2000 years now, and I don't see any progress."

Re:Ah yes the old progress is linear trope

[ffkom]

There is proof in the sky, visible to everyone, that nuclear fusion actually works at large scale. But there is no proof at all that quantum computers will ever scale to useful complexity.
The belief that quantum computers will deliver complex results in an instant is like believing that you can add numbers of arbitrary precision with a slide rule. Theoretically possible, but only if a certain physical model was a complete description of the real world, which we know for sure it is not.

Re:Ah yes the old progress is linear trope

[ffkom]

Decade-long R&D is fine, but fear-mongering by predicting improvements that are nowhere near is not welcome.
Plus, the amount of money put into one specific research topic should not be just based on media hypes. There are plenty of research fields that promise much sooner life-improving progress than the hypothetical quantum computers.

Re:Ah yes the old progress is linear trope

[gweihir]

You are comparing apples and oranges. Nuclear fusion has at least two observable instances where it works large-scale: 1. The sun 2. Hydrogen bombs. Nothing like that exists for QC.

Re:Ah yes the old progress is linear trope

[gweihir]

Nice example! Technologies do plateau, the question is where. For classical computing we are pretty much there now. But we had a fed decades of rapid progress before and these things are very powerful and useful. For Quantum Computers, it looks like they pretty much plateaued as well or are about too, bit at a scale were they are pretty useless and a modern pocket calculator can beat them easily.

Re:Ah yes the old progress is linear trope

[gweihir]

Exactly. Incidentally, the slide-rule example is limited pretty much by noise and measurement precision. The same is true for classical digital computers (at some scale and speed you are losing bits and digital computations become infeasible) and the huge success for classical computers comes from them having dealt very effectively with noise. It looks now like noise is the bane of QCs as well, but at a scale where they have not yet scaled to any useful size as classical computers hang that bar very high.

Re:Ah yes the old progress is linear trope

[gweihir]

Indeed. And that is just my point. QC is a crapshot at this time. It may at some time be valuable, it is not today and will not be for a long time. That does not mean stop all research, but that does certainly mean do not prioritize it and do not put major emphasis in decision making on what it may or may not eventually deliver. Now, it is possible that at some future time some other tech becomes available that makes higher-intensity research into QCs a good idea, but at the moment this is not the case and the whole thing is a large bubble of hot air.

Re:Ah yes the old progress is linear trope

[gweihir]

I disagree. After 40 years of failure, the probability("real soon") is at worst "low" but realistically "very low". And the impact is not "ginormous", but rather "moderate". That makes risk = low ... very low.

Even most encryption is not threatened. A working, scaling QC is nowhere near as magic as people believe. These things are useless except for a few tasks and even for them (factorization) they may have huge constants in their run-times.

Re:Ah yes the old progress is linear trope

We're still flying B-52s as a good replacement has never been produced. One could make a case it hasn't needed a replacement because it's perfect for the job tasked to do, carry a shitton of ordinance of various sorts and drop them on some poor bastards.

Re: Ah yes the old progress is linear trope

My understanding was that grover's search and schorr's alg both dont have such bad constants. Thats why people have already been able to run toy examples to even though we've only built QCs with very limited number of qubits so far.

Also while symmetric crypto will only have its security halved most crypto applications end up usong both assymetric and symmetric in combination (TLS, PGP, many VPNs, Blockchains, Secure Messaging, etc.) and breaking the assymrteic compnents is enough to completely destroy to securoty of the entire protocol (even if the symmetric stuff were to saty untouched!)

Re: Ah yes the old progress is linear trope

[gweihir]

My understanding was that grover's search and schorr's alg both dont have such bad constants. Thats why people have already been able to run toy examples to even though we've only built QCs with very limited number of qubits so far.

They have constants in real life that allows you to run toy examples in a matter of weeks or worse. Sure, the one good run was much faster, but do the researchers list how many bad ones they had and how much time that took? Also, you may get additional complexity from the real-world set-up. That would not show up in the toy examples or the theory, but it may well show up in practice.
A practical example is that when you run out of memory for a hash-table, you suddenly have to put it in SSD, then disk, then tape. That gives you a pretty bad additional factor and the last step is often prohibitive. The same thing could well be happening here, for example if the whole thing has to be made successively colder to support larger computations. It does not help you much if you get a result in seconds, but have to cool the whole thing for a few months after programming it to get that one result and have to repeat the process every time for a new computation.

Now, I am not saying this particular problem is going to manifest here, but after 40 years of research doing even toy quantum computations is excessively hard. So chances are there will be massive hurdles to scale this in reality, even if the theory works out for larger examples. As larger examples need the theory to be much, much more precisely describing reality, it may well turn out that instead we find another more complicated theory and that one does not support large quantum calculations.

In any case, nothing threatening to real-world crypto will be happening in the next few decades and that is much longer than current asymmetric keys are expected to be secure against conventional attacks. For really long-term stuff, use one-time-pads or excessive key-lenght, like 100'000 bit RSA. As a QC cannot subdivide problems (unlike a classical computer) that makes you pretty secure.

Also while symmetric crypto will only have its security halved most crypto applications end up usong both assymetric and symmetric in combination (TLS, PGP, many VPNs, Blockchains, Secure Messaging, etc.) and breaking the assymrteic compnents is enough to completely destroy to securoty of the entire protocol (even if the symmetric stuff were to saty untouched!)

Only if you can actually break the asymmetric part in reasonable time and at mass-scale. If it turns out that, say, the NSA can break one 1024 bit RSA key per year investing 100M into that and the process is already optimized to the limits of what is possible, then this is not a threat.

Re:Ah yes the old progress is linear trope

The airframe of a B-52 may not have changed much... but everything else has. The engines, avionics, radars, flight planning systems, and internal payload capabilities have changed *tremendously.* And continue to do so.

Just because the airframe is old doesn't mean it doesn't do its job. To me it's just evidence of excellent design.

Eventually

On a wide spread , easily accessible to bad guys basis... sure.
Or something else will come along in classical computing.

It's not like TLS 1.0 was good enough to last forever. Our best encryption today will be obsoleted by SOMETHING... QC simply accelerates that timeline.

Next article, please.

Perhaps we need a better infrastructure.

[jellomizer]

Encryption of TCP/IP traffic was always a kludge workaround to the internet problem.

Re: Y2K

[presidenteloco]

The armchair wise-asses laughed at how lame Y2K was.
Their pea-brains didn't understand that it was no big deal precisely because a lot of planning, time, and effort went into technical fixes and technology replacements to avoid the impacts of the problem.
A lot of computing-related problems are still pretty binary. Either they'll happen, or if fixed, they won't. It can be all or nothing easily. E.g. a patch for a critical and easy to exploit OS security hole. Could be a laughable hype, if discovered and widely patched in time, or could be a widespread disaster.

Quantum computers are useless

[140Mandak262Jamuna]

They will do all sorts of calculations, fast. But if you try to read the answer, it will change.

The results of the computation depends on the observer

And it is a QA nightmare, none of the computations are repeatable.

All the memory states of a quantum computers can be 1 or 0 till you read it your would not know. Once you read it the memory is destroyed.

Re:Quantum computers are useless

While I agree with you generally, I think the issue is more that QC do not work the way they are currently believed to work. There is no free lunch in physics.

Will? Who's Will?

Will? Who's Will?

It breaks encryption? Solution: QuantumSSH

Ok, so quantum computer will break all currently known encryption. That was expected eventually. BTW, thanks a fucking lot, quantums. You've ruined everything.

Solution: Use these quantum computers to encrypt the data, so only the NEXT breakthrough technology will be able to break it.

Thank You

I read this thinking, "this is news? In 2018, on /., this is news??"

How long has /. been publishing stories on this subject? How long has this been known and accepted by the tech community? Ten years? Twenty?

In fact quantum logic has been developed, quantum algorithms, and primitive quantum computers. So no, this isn't news.

"Dog bites Man is not news. Man bites Dog, now that's news!"

Finds the period of a function - doesn't factor

[FeelGood314]

For RSA you don't actually have to factor the large composite number, you need to just know the period of the messages, which is what Shor's algorithm does.

In RSA you choose two large prime numbers p and q, and then publish n=(p*q) and e. e is a smallish usually prime number. Your private key is a number d such that e*d is congruent to 1 module (p-1)(q-1). (p-1)(q-1) is the number of coprime numbers to (p*q). Given a number M less than n that is coprime to n, if you raise that number to every different power less than (p-1)(q-1) and take the modulus n, you will get every coprime number of n. When you raise M to (p-1)(q-1) and take the modulus you will get 1 and when you raise it to (p-1)(q-1)+1 you will get M again.

(p-1)(q-1) is the number of coprimes to n and also the period of any M being raised to a power modulo n. In classical computing you would likely find p and q by factoring n and then calculate (p-1)(q-1). However, Shor's algorithm actually gives you the period. (You could then find p and q though)

Remember when you thought privacy existed?

[CranberryKing]

You can argue about encryption algorithms and faster computers, but the real issue is time. Anything that traverses the wire becomes part of a permanent record. They copy and store every single bit, knowing that they cannot crack your encryption today, but in the future it will become trivial. So at best you're talking about mitigation. Everything you've ever said or done will have to live up to the impossible moral standard of the world communist courts of the not so distant future. There will be no deviation from the hive mind of public opinion which you will be happy to oblige.

Future Algorithms - difficulties today

[FeelGood314]

We can sign things with just a hashing function. For key agreement and other fun things there are other problems that it appears a quantum computer can't solve. https://en.wikipedia.org/wiki/...

However, there are a number of problems:
1 - If the NSA records the handshake of your conversation today, they will be able to read your messages in the future when/if they build a quantum computer. I find this point very frustrating. So many people think they are safe as long as they adopt something before a quantum computer is built.
2 - Adoption is going to be very slow. Other than Supersingular elliptic curve isogeny, none of the other proposals are drop in replacements for what we do today. So the protocols will have to change.
3 - Performance and bandwidth - some of the new algorithms have similar computation requirements but many are more expensive, some require significantly more RAM and almost all require huge message sizes. Most of my work is with ZigBee and 21 byte ECC point representations are fine. 1K messages are going to be really hard. 30K will be impossible. The bandwidth will take nearly an hour, many $1 systems won't even have that much memory. Hell the power consumption to be awake to receive the message will kill some devices.

Confusing hype with reality

The article talks about quantum computers as if they actually exist. For a purpose such as implementing Shor's algorithm to factor a 512-bit number, they do not and are nowhere close to existing.

In fact, Shor's algorithm has *never* been implemented, on any scale, on any quantum device. Over a decade ago there were headlines about quantum computers factoring very small numbers (15, and later 21), but these toy computations did only the "easy" part (the logic) of Shor's algorithm. The hard, numerical part was replaced by a table lookup. A table of 21 entries was a challenge for a quantum device, but a table of 2^512 entries is not physically possible in our universe. In any case, allowing that much pre-computation, even a classical computer can "factor" a number in constant time.

Quantum computation is fascinating subject for mathematicians like Peter Shor to ponder, but whether it will ever be practically realized in hardware remains an open question.

You can stop reading at "Factorising"

It's sufficient evidence that noone actually working in the field did proofread that article.

Real quantum computers do not yet exist

[Jerry]

and it may be decades before they do.

IBM's 5 qbit machine is coherent for 50 microseconds. It is not big enough to solve any useful problems. D-Wave isn't any faster than an ordinary computer and using quantum "annealing" it is limited in the kinds of problems it can solve.

If someone created a 4096 GPG key it would most likely be good for their lifetime.

It's why the summary is false

[Actually,+I+do+RTFA]

The summary says:

In theory, any of the world's millions of professional or amateur mathematicians could have a stroke of inspiration tomorrow and publish a formula that unravels internet cryptography -- and most internet commerce with it.

Anyone smart enough to solve this problem is smart enough to do something other than publish the proof. Patriots will probably get a large payday for delivering it to their local intelligence service. Black hats can sell it on the dark web. White hats would warn about an impending publication and let everyone crash move to a new system first.

Re:Second article this year Iâ(TM)ve seen abo

Just because "billions of dollars and millions of man-hours" was spent on it doesn't mean that is what was required

Consultant Fees all the way down

Communication via Entanglement makes this obsolete

[burhop]

Quantum physics allows us to entangle bits (really qubits) and separate them by great distances. We can create a totally secure "quantum net" that allows instantaneous communication between one set of entangled bits and another set of entangled bits.

Yeah, you physicists are going to say something about "information passing", "speed of light limits", yada, yada yada. That is fine in theory, but in practice 99% of all social media post have no real information.

Re:So what? Define "guilty" !!

Does "guilty" mean: "opposing government policy"?? Does it mean opposing irrational social mores ?? Are such possibilities part and parcel of "Guilt" ?
Has "guilt by association" been replaced by: "Guilt by Thinking?"

and what happens when the 'code' used by a brain is 'broken'? ... we are not far from that irreversible future!

No evidence

There is no evidence that quantum computers work the way they say they do. None. After decades of research.

Normally that should exist before the decades of hype, not after.

False assumptions

This article is rife with false assumptions. The first assumption is that the only viable encryption method on the internet is public key encryption. Granted, public key encryption is the lazy man's preference, because it takes less work on the part of all parties to encrypt and decrypt messages. But this article exposes the weaknesses in public key encryption, and inevitably, public key encryption will be rendered obsolete.

The second false assumption is that quantum computers are so strong, that they can decrypt the most powerful encryption methods known to man today, such as one way hashes.

That assumption is dubious at best, because quantum computer advocates have yet to show how they can crack a seed that gives the permutations of 134217728 or larger on a 64 bit classical computer with 32 gigabytes or more of memory, where the message digest is encrypted back to back 128 or more times with unique seeds each time. The point is that such an encryption method is unwieldy if implemented all over the internet, because the management of so many seeds is a nightmare.

Nevertheless, quantum computer advocates cannot go around boasting that they can decipher absolutely any type of encryption method because of the way quantum computers process in parallel.

I have nothing to hide...

I have nothing to hide
from people I completely trust.

Post-quantum cryptography

To my understanding there are algorithms already available to defeat Quantum computers for some time.

Lattice-based cryptography
Multivariate cryptography
Supersingular elliptic curve isogeny cryptography
Symmetric key quantum resistance

They are not to expensive computationally and are available today?

Re:Second article this year Iâ(TM)ve seen abo

y2k would have been problematic if so much remediation was not done in the 90's