Slashdot Mirror

← Back to Stories (view on slashdot.org)

Quantum Computers Pose a Security Threat That We're Still Totally Unprepared For (technologyreview.com)

Posted by BeauHD on from the depressing-but-probably-accurate dept.

An anonymous reader quotes a report from MIT Technology Review: The world relies on encryption to protect everything from credit card transactions to databases holding health records and other sensitive information. A new report from the U.S. National Academies of Sciences, Engineering, and Medicine says we need to speed up preparations for the time when super-powerful quantum computers can crack conventional cryptographic defenses. The experts who produced the report, which was released today, say widespread adoption of quantum-resistant cryptography "will be a long and difficult process" that "probably cannot be completed in less than 20 years." It's possible that highly capable quantum machines will appear before then, and if hackers get their hands on them, the result could be a security and privacy nightmare.

Today's cyberdefenses rely heavily on the fact that it would take even the most powerful classical supercomputers almost unimaginable amounts of time to unravel the cryptographic algorithms that protect our data, computer networks, and other digital systems. But computers that harness quantum bits, or qubits, promise to deliver exponential leaps in processing power that could break today's best encryption. The report cites an example of encryption that protects the process of swapping identical digital keys between two parties, who use them to decrypt secure messages sent to one another. A powerful quantum computer could crack RSA-1024, a popular algorithmic defense for this process, in less than a day. The U.S., Israel and others are working to develop standards for quantum-proof cryptographic algorithms, but they may not be ready or widely adopted by the time quantum computers arrive.

"[I]t will take at least a couple of decades to get quantum-safe cryptography broadly in place," the report says in closing. "If that holds, we're going have to hope it somehow takes even longer before a powerful quantum computer ends up in a malicious hacker's hands."

107 of 193 comments (clear)

  1. Comment removed by account_deleted · · Score: 2, Interesting

    Comment removed based on user account deletion

  2. Malicious hacker? by Anubis+IV · · Score: 2

    You mean like every hostile or competing nation state?

  3. hope by Ryan+adiputra · · Score: 1

    "it will take at least a couple of decades to get quantum-safe cryptography broadly in place", I hope this will happen soon

    1. Re:hope by jpaine619 · · Score: 1

      It's no big deal really, the resources to do much with it are so insane that only a few people have it - and so intel agencies will watch - and if they use it for cracking, off goes their internet nationally. Fuck China lol.

      Guess you haven't been keeping up with what quantum computing is all about.. Gonna be hard to spy on anyone when they are using quantum networking.. Observe a single bit and the sender/receiver know they're being watched..

    2. Re:hope by jpaine619 · · Score: 1

      One time pads.. Totally safe against quantum computers.. There are ways of distributing those safely when your adversary is online.

    3. Re:hope by gweihir · · Score: 1

      I hope this will happen never. There is not need for it and changing things without need is just incredibly bad engineering because it always causes problems.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    4. Re:hope by gweihir · · Score: 2

      Funny story: All these systems have been broken so far. Turns out that the perfect theory does not translate to a perfect implementation.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    5. Re:hope by gtall · · Score: 1

      Yep, this is the answer. We'll install SneakerNet along side our Electron Challenged Networks to distribute the one-time pads. Oh, and no sneaky allowing your one-time pads escape into the wild, keep them close to your body.

    6. Re:hope by bobbied · · Score: 1

      One time pads.. Totally safe against quantum computers.. There are ways of distributing those safely when your adversary is online.

      Oh yea, that key distribution problem is a bear you know... Maybe we can order one time pads from Amazon now? With prime shipping it will only take a day to get them.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    7. Re:hope by postbigbang · · Score: 1

      In the future, you'll go down to the market and have a box of one-times along with your soylent bars, pocket fusion recharges, and totally-tuned porn drivers for your artificial mate.

      Until then, the quantum kids have spent billions and have bupkis+ to show for it, and acknowledge that even the algorithms are going to cost billions and billions, too. Quantum doesn't work like Von Neumann computing and so none of that tawdry PHP and node.js you learned is going to be useful. There are no libc-q's available.

      I don't mind seeing the motivation to evolve better encryption. The rest of it is largely clickbait. Today, correctly implemented, we have good algorithms available. In the future, one-time pads as well as multiple-seeders are very likely to suffice, until there's a point where serious societal changes will have already occurred.

      --
      ---- Teach Peace. It's Cheaper Than War.
    8. Re:hope by jpaine619 · · Score: 1

      One time pads.. Totally safe against quantum computers.. There are ways of distributing those safely when your adversary is online.

      Oh yea, that key distribution problem is a bear you know... Maybe we can order one time pads from Amazon now? With prime shipping it will only take a day to get them.

      Yeah, that's what I was implying..... I didn't imply it would be easy or even practical. I simply stated it was absolutely secure against quantum attacks, and it is.

      For Joe User, it's not a solution.. For Fortune 500 Corp it could be. If we couldn't come up with anything else that would resist quantum attacks, it might be worth it to generate physical OTPs if you're transferring a billion dollars or something...

  4. Pure bullshit on a level with ... by CaptainDork · · Score: 5, Insightful

    ... scary AI.

    I swim in the quantum theory waters and it's goddam near impossible to rake the jiggle out of one qubit. The temperature has to be at near-absolute zero and Heisenberg's Uncertainty Principle plus all of the laws of thermodynamics and the properties of quantum vacuum are working against us.

    As the qubit count increases, the randomness multiplies at an exponential rate. It's a nice dream, as is the theory of AI killing us all, but the hurdles are too great.

    In the spirit of, "never say never," a practical quantum computer is at least 100 years away.

    And here's the 411 on the encryption fear, anyway: A quantum computer that could instantly break today's encryption could just as quickly create encryption that is impossible to break.

    --
    It little behooves the best of us to comment on the rest of us.
    1. Re:Pure bullshit on a level with ... by Actually,+I+do+RTFA · · Score: 2

      And here's the 411 on the encryption fear, anyway: A quantum computer that could instantly break today's encryption could just as quickly create encryption that is impossible to break.

      The difference is the NSA, and other government agencies (in various countries) will be the only ones able to afford quantum computers.

      --
      Your ad here. Ask me how!
    2. Re:Pure bullshit on a level with ... by CaptainDork · · Score: 2

      Your point is well taken. Cost is a factor (ignoring the fact that QC can'y get that big). As the qubit count rises, the structure necessary to combat the three evils I listed gets to be enormous. We're talking LHC large, at least.

      "Nil Tl Son, do you see the large cold thing? Take it out."

      --
      It little behooves the best of us to comment on the rest of us.
    3. Re: Pure bullshit on a level with ... by gravewax · · Score: 1

      Yep but their are quite a few clueless individuals that look at X number of Qubits that have been successfully tested and think that somehow translates into the ability to turn this into an operational quantum computer (i.e. one that can operate for any length of time that would make such encryption breaking calculations possible). They don't seem to grasp the massive gulf between what we have now and where we need to get too.

    4. Re:Pure bullshit on a level with ... by angel'o'sphere · · Score: 2

      plus all of the laws of thermodynamics ... are working against us.
      Actually: no!

      Thermodynamics has nothing to do with quantum computers nor Heisenberg's Uncertainty Principle have anything to do with it ...

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    5. Re:Pure bullshit on a level with ... by Anonymous Coward · · Score: 1

      In the spirit of, "never say never," a practical quantum computer is at least 100 years away.

      I wouldn't even go that far. I'm not convinced that a useful quantum computer will ever be constructed. For example, here is an interesting quote from another recent article, The Case Against Quantum Computing :

      "Experts estimate that the number of qubits needed for a useful quantum computer, one that could compete with your laptop in solving certain kinds of interesting problems, is between 1,000 and 100,000. So the number of continuous parameters describing the state of such a useful quantum computer at any given moment must be at least 2^1,000, which is to say about 10^300. That’s a very big number indeed. How big? It is much, much greater than the number of subatomic particles in the observable universe.

      To repeat: A useful quantum computer needs to process a set of continuous parameters that is larger than the number of subatomic particles in the observable universe."

    6. Re:Pure bullshit on a level with ... by gweihir · · Score: 1

      And that is just the thing: Mass-hype and mass-panic that completely ignore practical aspects. Here is news for these people: Practical aspects are what makes or breaks a technology.

      Incidentally, general AI has even less substance than QCs have, because there is not even a credible theory how they could work. In the few fields where we actually have theories (like automated deduction), the effort is so great that smart human beings can do things a universe-size computer could not. QCs seem to at least work for a few bits. Although, just as you say, there is very strong evidence for inverse-exponential scaling and that has the little problem that you run into a pretty hard limit at some (in this case very low) limit. Currently, it looks very much like QCs that are actually faster than practical computers will not ever materialize.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    7. Re:Pure bullshit on a level with ... by Anonymous Coward · · Score: 1

      Don't call people retards when you don't know the difference between there and their.

    8. Re:Pure bullshit on a level with ... by gtall · · Score: 1

      You are ignoring another Uncertainty Principle, that is the amount of money that can be squeezed out of funding agencies by getting their bloomers in a twist over quantum: Big Bad Quantum is coming, be very afraid, very scared, and very willing to allow us to save you for a small sum, although it might seem vast from your point of view....we here at Quantum Uncertainty Enterprises assure you it is not.

    9. Re:Pure bullshit on a level with ... by mermeid007 · · Score: 1

      You are right. What nice people have to deal with.

    10. Re:Pure bullshit on a level with ... by jabuzz · · Score: 1

      And no more MRI scans and ... There is a reason that scientist worry about fritting away a limited and precious resource on party balloons when you could use a hydrogen/nitrogen mix that is no more dangerous than a Christmas cracker.

    11. Re:Pure bullshit on a level with ... by mermeid007 · · Score: 1

      Just you wait. and you wait. and you wait. No christmas presents after christmas? Jokes on you.

    12. Re:Pure bullshit on a level with ... by Anonymous Coward · · Score: 1

      Indeed, it looks like it is time to have The Talk again...

    13. Re:Pure bullshit on a level with ... by OneHundredAndTen · · Score: 1

      I already assume todays encryption IS broken or key stealing is not so difficult.

      What Snowden revealed is that the NSA gets FAR more traction from traditional (and not so traditional) spying and eavesdropping techniques than from trying to break encryption schemes. In most circumstances, the latter approach will be far more involved and more costly.

    14. Re:Pure bullshit on a level with ... by drinkypoo · · Score: 1

      The difference is the NSA, and other government agencies (in various countries) will be the only ones able to afford quantum computers.

      That's not clear at all. With our current level of technology, being able to build a useful general purpose quantum computer for any amount of money at all is outside of predictable reach. Perhaps some new technological breakthrough will make it more possible, but there's no particular reason to believe that breakthrough won't also bring it within reach of NGOs or even wealthy individuals.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    15. Re:Pure bullshit on a level with ... by jythie · · Score: 1

      oh yeah, the guy who keeps talking about a simple linear growth model of QC starting from a few months ago proves beyond a doubt that we will have giant systems in a few years.

    16. Re:Pure bullshit on a level with ... by CaptainDork · · Score: 1

      I agree. Plenty of revenue all around. Hype a disease; hype a cure.

      Laughter is the best medicine when opportunists abound.

      --
      It little behooves the best of us to comment on the rest of us.
    17. Re:Pure bullshit on a level with ... by CaptainDork · · Score: 1

      Yeah, never fear the time when NSA, CIA and all other three letter agencies have a multibillion $ quantum computer ...

      You had a good reply right there and fucked it up with the "before and after," words.

      --
      It little behooves the best of us to comment on the rest of us.
    18. Re:Pure bullshit on a level with ... by CaptainDork · · Score: 1

      I enjoy reading posts by those who get it and have additional information to add. Thanks..

      To explain the problem of QC (which is quantum jitters) I can offer an analogy (I'm not clever enough to make it a car one, though):

      The speed of light, "c" is qualified by the value of "in a vacuum."

      A vacuum is defined as a space that has nothing. Zero. Zip shit. Nada. That knowing, with certainty, as agreed, violates the Uncertainty Principle.

      So, what's the deal with the fucking vacuum? It's a quantum vacuum. Some call it a quantum foam. Particles appear and disappear at random times and places with random energies, spins, magnetic moments, and other exotic features.

      --

      That doesn't stop anyone from using the theoretical value for the speed of light in a vacuum to sell us a bitcoinized cloudly coated AI-driven ball cap.

      --
      It little behooves the best of us to comment on the rest of us.
    19. Re:Pure bullshit on a level with ... by Actually,+I+do+RTFA · · Score: 1

      Perhaps some new technological breakthrough will make it more possible, but there's no particular reason to believe that breakthrough won't also bring it within reach of NGOs or even wealthy individuals.

      The NSA, etc. are willing to pay billions for a QC that can crack RSA. Hell, they'd spend billions on a coinflip where "heads" got them that QC.That means they can sponsor research, build a giant infrastructure to keep it near absolute zero, and do other things that really are out of reach of NGOs or wealthy individuals.

      There's also the fact that I'm not really sure what uses a QC has other than codebreaking. I mean, I know a lot of things (e.g. the travelling salesman problem) need a QC to actually solved, but it seems like the heuristics do a pretty good job in reasonable time.

      --
      Your ad here. Ask me how!
    20. Re:Pure bullshit on a level with ... by CaptainDork · · Score: 1

      Wow. Thank you. I have read all the quantum physics books I can find, most recently one published in 2017 by Paul Halpern (quantum fundamentalist) "The Quantum Labyrinth."

      I bookmarked your reference link. It summarizes the state of the art of quantum computing very well.

      Again, thanks.

      --
      It little behooves the best of us to comment on the rest of us.
    21. Re:Pure bullshit on a level with ... by CaptainDork · · Score: 1

      Sorry for the down mods. As for me, I see what you did there.

      --
      It little behooves the best of us to comment on the rest of us.
    22. Re:Pure bullshit on a level with ... by CaptainDork · · Score: 1

      Care to expand and defend your remarks?

      --
      It little behooves the best of us to comment on the rest of us.
    23. Re: Pure bullshit on a level with ... by CaptainDork · · Score: 1

      I cleverly counter your remarks with the +10 sword of blockchain.

      --
      It little behooves the best of us to comment on the rest of us.
    24. Re:Pure bullshit on a level with ... by Anonymous Coward · · Score: 1

      Thermodynamics has everything to do with QC. If you say it doesn't, you don't understand how it works. Information is produced by flow of matter under exertion of work. Work is a measurement of energy - classical computers expend energy to produce computed information via electron storage. QC has no model of energy expenditure for work. You "observe" the output and magical numbers appear in the entangled coherent qubits as the waves collapse. It's free / zero point energy expenditure to get information. That is why it violates the laws of thermodynamics.

      We don't understand QC at this point. There is a phenomenon going on, but we don't have all the laws worked out yet. QC will follow the laws of thermodynamics when we understand it, but right now our understanding is flawed.

    25. Re:Pure bullshit on a level with ... by CaptainDork · · Score: 1

      No idea what anime/etc you're referencing either, should anyone know that?

      They should.

      I do.

      --
      It little behooves the best of us to comment on the rest of us.
    26. Re:Pure bullshit on a level with ... by CaptainDork · · Score: 1

      Off topic, but I'll byte.

      Then you have a future where I have to walk around with a gun

      You're full of shit and I can give examples.

      Recall the Civil Rights Riots. Recall the Vietnam Riots. Recall the Ferguson riots. Recall the Baltimore riots.

      Using those examples, and others, you won't be using guns.

      No, you'll be using stone-age technology.

      --
      It little behooves the best of us to comment on the rest of us.
    27. Re:Pure bullshit on a level with ... by CaptainDork · · Score: 1

      It's inherently obvious to the casual observer that you don't know bullshit from wild honey.

      --
      It little behooves the best of us to comment on the rest of us.
    28. Re:Pure bullshit on a level with ... by angel'o'sphere · · Score: 1

      Sure,

      what is your question regarding steam engines (thermodynamics) and measurements of movement of small particles as in electrons and photons (aka Heisenberg)?

      Oh, you did not know that thermodynamics is about steam engines and heated gases and pressure and has nothing to do with "ordinary physics"? Yeah ... guessed that.

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    29. Re:Pure bullshit on a level with ... by CaptainDork · · Score: 1

      what is your question ...

      I don't have questions. I have answers.

      I'm sorry, but your knowledge of quantum and classical physics does not rise to the level where I can be of any help.

      Perhaps you could concentrate on the study of pregnant squirrels eating sandwiches.

      --
      It little behooves the best of us to comment on the rest of us.
    30. Re:Pure bullshit on a level with ... by CaptainDork · · Score: 1

      Oh yeah, that's gonna leave a mark.

      --
      It little behooves the best of us to comment on the rest of us.
    31. Re:Pure bullshit on a level with ... by angel'o'sphere · · Score: 1

      If you mix up thermodynamics with quantum mechanics you obviously have no big physics education. Or you forgot everything :D But no worries, there are hardly any people on /. that grasp thermodynamics. I would wager 99% of all posts where it is mentioned are wrong about it.

      The hint with the squirrels is interesting ... perhaps I could get an easy PhD that way.

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    32. Re:Pure bullshit on a level with ... by CaptainDork · · Score: 1

      You're a lazy son of a bitch.

      Now in a new study, physicists have shown that quantum shortcuts are subject to a trade-off between speed and cost, so that the faster a quantum system evolves, the higher the energetic cost of implementing the shortcut. In accordance with the laws of thermodynamics, an infinitely fast speed would be impossible since it would require an infinite amount of energy.

      --
      It little behooves the best of us to comment on the rest of us.
    33. Re:Pure bullshit on a level with ... by angel'o'sphere · · Score: 1

      In accordance with the laws of thermodynamics, an infinitely fast speed would be impossible since it would require an infinite amount of energy.
      You see. Wrong again.
      There is no law of thermodynamic saying anything about speed of anything.
      https://en.wikipedia.org/wiki/...

      No idea why you want to argue abut stuff you have no clue about, or the author you cite has no clue about.

      Infinite fast speeds, require being faster than light, wich means it violates general relativity theory, not thermodynamics. And yes: it would require infinite energy as the mass of the particles in question would increase more and more and hence would require more energy to be accelerated.

      Thermodynamics is about steam engines ... it is apart of "mechanics" and has nothing to do at all with relativity, quantum mechanics etc.

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
  5. Wrong, Quantum encryption. by wolfheart111 · · Score: 1

    Once the Bits are tampered with (observed) they change.

    --
    [($)]
  6. Slashdot finally getting woke to the quantum scam by Anonymous Coward · · Score: 1

    Just a way for otherwise useless academics to extract tax payer dollars from militaristic states.

  7. Good thing quantum computers don't work by goombah99 · · Score: 4, Interesting

    A few days ago one of the slashdot articles explained why quantum computers of a significant size will never be possible.

    Which is right?

    --
    Some drink at the fountain of knowledge. Others just gargle.
    1. Re:Good thing quantum computers don't work by MrMr · · Score: 1

      In a few years we can claim we knew it all along. At least for one of the stories.

    2. Re: Good thing quantum computers don't work by Anonymous Coward · · Score: 3, Funny

      Both... Thats the point

    3. Re:Good thing quantum computers don't work by angel'o'sphere · · Score: 1

      That is obvious: /. is right!!

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    4. Re:Good thing quantum computers don't work by angel'o'sphere · · Score: 1

      Well, the other stories fold into ... nothing ...

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    5. Re:Good thing quantum computers don't work by arglebargle_xiv · · Score: 2

      The one that says it's not possible. However, "post-quantum" is a really hot buzzword, possibly even hotter than "blockchain" now that that one's burning out, so there's a lot of academic kudos and, once someone figures out how to commercialise it, money to be made peddling quantum crypto anything. The hype cycle tends to be 3-5 years before disillusionment, so we've got awhile to go yet.

      For my part, I predict we'll have fusion reactors and Mars colonies before we have quantum cryptanalysis, so there's plenty of time to publish endless masturbatory post-quantum articles and papers.f

    6. Re: Good thing quantum computers don't work by michelcolman · · Score: 1

      Until you open the box.

    7. Re:Good thing quantum computers don't work by jythie · · Score: 1

      For the moment, anyone who tries to tell you what will happen for certain is wrong. There is a lot of hype, and there is a lot of criticism, and for the moment the engineering simply is not done yet to see how feasible it actually is.

    8. Re: Good thing quantum computers don't work by illiac_1962 · · Score: 1

      The problem is that traditional flat bit computers are not going away and that they will not be able to decrypt the encryption generated by a quantum computer. Which will be nessessary since the greatest common factor is the most important. In flight data can be encrypted via quantum entanglement, but again, will require a trusted quantum machine to be utilized by a flat bit machine.

  8. Isn't elliptical curve good enough? by Actually,+I+do+RTFA · · Score: 2

    I thought elliptical curve cryptography was good enough?

    Also, it occurs to me they're concerned about a "20 year" timespan to get it widely deployed. Maybe a truly excellent algorithm just got patented, and they have to wait until it's unencumbered for it to spread?

    --
    Your ad here. Ask me how!
    1. Re:Isn't elliptical curve good enough? by chrish · · Score: 1

      All currently-used public-key cryptography, including ECC, is vulnerable to attacks by quantum computers because the underlying hard math problems aren't hard for quantum algorithms.

      There's a technique for using elliptic curves to construct schemes that aren't vulnerable; supersingular isogeny Diffie-Hellman for example works like ECDH.

      Disclosure: I work for a company producing encryption code that's safe against attacks by quantum adversaries.

      --
      - chrish
    2. Re:Isn't elliptical curve good enough? by Actually,+I+do+RTFA · · Score: 1

      Since it was buried either as an AC response, or an AC response to an AC:

      EEC is vulnerable because "QCs can solve the abelian hidden subgroup problem, which ECC is within." However, RSA (and other prime factorization issues) are cracked by QCs using Shor's Algorithm. The same algorithm cannot be used on ECC.

      --
      Your ad here. Ask me how!
  9. Re:Yet... by ClickOnThis · · Score: 1

    The world relies on encryption to protect everything from credit card transactions to databases yet they keep getting hacked repeatedly so what's the point?

    The point is to keep making it harder for the bad guys to succeed. It's an arms race.

    Of course, the good guys can turn into the bad guys, so be vigilant.

    --
    If it weren't for deadlines, nothing would be late.
  10. Re:Yet... by angel'o'sphere · · Score: 1

    Getting hacked has usually nothing to do with encryption but with stupidity.

    E.g. if I call you and ask for your credit card number, would you encrypt it somehow over the phone call?
    Would you give it to me?

    --
    Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
  11. Re:Prediction for 4096-bit RSA? How about EC? by ShanghaiBill · · Score: 1

    Most sites that actually care use either 4096-bit RSA or have switched to EC at a comparable bit-strength.

    What about the sites that don't care, but should?

  12. Re:Not a problem by jpaine619 · · Score: 1

    No.. no.. I believe there are a couple of quantum computers out there.. They're only going to get better/smaller.. Things don't tend to get larger/worse...

  13. Re:Backdoor by AHuxley · · Score: 1

    The NSA and GCHQ have the math that finds the users computer. From then its just waiting for the user to enter their pw as gov/mil pushed software collects everything.
    No easy connected network? Then MI6/CIA start to look at the workers on site.

    The magic was a PRISM like front door into the OS, telcos.
    The mathematical flaw was people had to trusted their OS crypto junk/used a telco network.

    Quantum will be a cover story for more PRISM, more police ready crypto designed into products.

    Quantum will hide all new questions as "national security".
    Was it an informant? A lawyer talking to the police?
    The telco? The OS? The anti virus software? Malware used by a gov?

    Quantum covers for all as the amazing new super computer cover story.
    The quantum decrypted everything in real time. No need to look for informants, OS granted police backdoors.

    --
    Domestic spying is now "Benign Information Gathering"
  14. We already have quantum safe cryptography by jpaine619 · · Score: 1

    It's called the OTP (one time pad). It's immune to quantum based attacks and, if your adversary is online only, you can distribute them physically..

    1. Re:We already have quantum safe cryptography by GuB-42 · · Score: 1

      OTP is private key / symmetric cryptography: you have to transfer the one time pad to the other party using a secure channel before you can communicate securely. That would be the equivalent of AES, and AES is still unbroken, even with a hypothetical quantum computer.
      The advantage of algorithms like AES over OTP is that OTP is very inconvenient. It needs a massive amount of true random data (using a PRNG would turn it into just another stream cipher), and all of it has to be transferred securely. That inconvenience can introduce more security problems than its mathematical perfection solves.

      What quantum computers break is public key cryptography. Public key cryptography allows secure communication when no secure channel exists, which is typical on the internet. OTP doesn't fix the problem. If anything, it makes it worse. The reason quantum computer could break current public key cryptography is that all algorithms that are used in practice rely on the fact that the discrete logarithm or integer factorization problems are hard, and quantum computers can theoretically solve them easily using the Shor algorithm.

    2. Re:We already have quantum safe cryptography by jpaine619 · · Score: 1

      OTP is private key / symmetric cryptography: you have to transfer the one time pad to the other party using a secure channel before you can communicate securely. That would be the equivalent of AES, and AES is still unbroken, even with a hypothetical quantum computer.

      You can transfer them physically. That is the most secure possible way of transferring data if your adversary is online. I specified this. If you generate a OTP, on a non internet connected computer, print it out, and transfer the copy physically to the other end, and only use it once, you're golden. Nobody online can break that message.

    3. Re:We already have quantum safe cryptography by jpaine619 · · Score: 1

      To clarify, I mean generate the OTP and print that out.. The email message can still be transmitted through the normal internet, but if the key never touches the online world no computer, quantum or otherwise, can ever break that message.

    4. Re:We already have quantum safe cryptography by GuB-42 · · Score: 1

      Yes, that's how you use OTP. The issues are:
      - You need a true RNG, i.e. specialized hardware (/dev/random may be ok). And these typically have a rather low bandwidth. That's fine for short message, less so for HD video.
      - You need to transfer a lot of data using your secure (e.g. physical) channel. As much random data as all the data you intend to send. It means that it can't be memorized or told, you need a physical support, like a USB stick for instance. There is quite a lot of work involved in order to transfer it, store it securely and destroy it. All that logistical nightmare opens a lot of potential attack vectors. Printed paper can be seen on camera, USB sticks can be stolen, your mailbox can be opened, people can follow you to your in-person meeting.
      - How are you going to tell your partner how to meet you for the OTP transfer? Are you comfortable giving out your physical location on an insecure channel, when your communications are so secret that they justify using an OTP. The catch-22 where you need a secure channel to establish a secure channel is exactly the reason why public key cryptography exist.

      OTP has its uses. For example the "red phone" famously used it, and it was perfectly justified, but a communication line between government officials of two competing superpowers is definitely a special case. "Competing" is key here. Because neither knew the the state of the art of the other regarding cryptanalysis, and there is no way they would share that knowledge, a neutral, simple, and proven secure algorithm makes sense despite the logistical nightmare.

    5. Re:We already have quantum safe cryptography by jpaine619 · · Score: 1

      Yes, that's how you use OTP. The issues are: - You need a true RNG, i.e. specialized hardware (/dev/random may be ok). And these typically have a rather low bandwidth. That's fine for short message, less so for HD video.

      We're talking big budgets for cases where OTP are appropriate.. One could have a microwave receiver pointed at the CMB (cosmic microwave background) and use that... Just an idea.. But that's about as random as you can ask for.

      - You need to transfer a lot of data using your secure (e.g. physical) channel. As much random data as all the data you intend to send. It means that it can't be memorized or told, you need a physical support, like a USB stick for instance. There is quite a lot of work involved in order to transfer it, store it securely and destroy it. All that logistical nightmare opens a lot of potential attack vectors. Printed paper can be seen on camera, USB sticks can be stolen, your mailbox can be opened, people can follow you to your in-person meeting.

      Agreed. You MUST have at least as much random data as data you plan to encrypt. Printed paper cannot be seen on camera if it's bound in book form. While a USB stick can be stolen, I have specified SEVERAL times that I was talking about defeating an online adversary. You don't get to mix the two. If we're going out into the real world there's no fucking point encrypting the data in the first place. You put it on a USB stick, put that in an armored car, and have an Apache Gunship escort them.. Yeah, encrypting the data would add one more layer, but....

      My only point was that we already have quantum resistant cryptography TODAY. I didn't say it was convenient or easy to use.. Simply that it exists and is unbreakable. Unbreakable for all time. Well, until we get brain reading machines I suppose.. But the ciphers are mathematically provably secure.

      I also specified that, while not convenient, there are some cases where OTP would be worthwhile IF the stakes were big enough; wire transfer of $1BN for example. Or, perhaps you have to move some ultra secret plans via the internet... If you're going to do it more than once or on a regular basis, you provide the recipient with matching OTPs ahead of time. Not practical for you and I checking our bank balances, but practical for plenty of things involving national security. If your adversary has the most capable quantum computer ever, he's still not breaking that OTP if you used a good random source..

      I know from personal experience that the US military uses some... physically shared ciphers (or used to) on a daily basis for some things. They were strips of paper that you did what you had to do with them and then they were burned in front of at least 2 other witnesses. They may not have been OTP (maybe they were, but it wasn't my area of expertise) but them things were secure.. Printed out.. carried to where they were needed, used, and then burned.. Lather, rinse, and repeat 24 hours later.

  15. Re:Don't worry, we're prepared by ShanghaiBill · · Score: 3, Insightful

    Don't forget hydrogen fuel cells! Remember those?

    You should not ridicule hydrogen fuel cells. They turned out to not be the best solution, but when facing a critical need the best approach is a Flooding Algorithm, where you research every plausible solution. It is important to not only identify what works, but also what doesn't work. The cost of the research failures is negligible compared to the benefit of finding the best alternative transportation technology.

  16. Re:Yet... by gravewax · · Score: 1

    and? the encryption hasn't been hacked yet. just because many companies are incompetent doesn't make encryption broken. Just like if a house collapses it isn't the hammers fault.

  17. Can we _please_ stop with this nonsense? by gweihir · · Score: 1

    There are no QCs of sufficient size to even break amateur-crypto. Scaling is proving difficult enough that it is unclear whether it works at all. There is no threat here. No, really not.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  18. Re:quantum computing by gweihir · · Score: 1

    I agree. The whole thing is both useful idiots and "scientists" without ethics that want to profit from the hype a bit longer.
    The best supporting evidence for your citation is that QCs have almost not scaled at all in now something like 40 years of research.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  19. Re:Not a problem by gweihir · · Score: 1

    Indeed. Some people just cannot let go of a bad idea, possibly because they have no other skills...

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  20. Re:Prediction for 4096-bit RSA? How about EC? by gweihir · · Score: 1

    More likely the NSA has buried a lot of backdoors in ECC curves and is now running scared they could leak...

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  21. Re:Not a problem by Anonymous Coward · · Score: 1

    I'm guessing you aren't married.

  22. On breaking encryption for good ends. by 3seas · · Score: 1

    There's a lot of cryptocurrency mining hardware being dumped & can be repurposed to solve Wikileaks Insurance Files encryptons. Pursuing this direction & not knowing when solves will happen will motivate govs & banks to correct themselves. And that is a Good Thing to do.

  23. meh by sad_ · · Score: 2

    who cares, encryption will be broken by the time viable quantum computers are a reality anyway.
    australia is just the first domino to fall, soon other nations will follow and all encryption must be breakable by law.

    --
    On a long enough timeline, the survival rate for everyone drops to zero.
    1. Re:meh by sad_ · · Score: 1

      I've NOT accepted it, and i will resist, but i also think it will be a fight that will not be won.

      --
      On a long enough timeline, the survival rate for everyone drops to zero.
  24. Re:Prediction for 4096-bit RSA? How about EC? by Megol · · Score: 1

    Yeah the NSA defines the mathematics behind elliptic curves, changing reality as they go.

  25. Re:quantum computing by Megol · · Score: 1

    I agree

    Yes but you are an idiot.

    . The whole thing is both useful idiots and "scientists" without ethics that want to profit from the hype a bit longer.

    If one want to profit and have no ethics there are easier ways. But again you are an idiot.

    The best supporting evidence for your citation is that QCs have almost not scaled at all in now something like 40 years of research.

    Going from proof of concept systems to something that can be used to solve small problems.
    Longer coherency times, more qubits and actually demonstrating that it works as predicted. No, nothing happening.
    Starting to look how to program a realistic future quantum computer - nothing.

    It's a hard problem to crack. But those that attempt to do it aren't idiots and know their stuff.

  26. Re:fidtitious quantum computer by bobbied · · Score: 1

    Can you explain how a quantum computer could work? How would one program the quantum computer if it existed? How would one inspect code for errors? How would one know truth of quantum computer output?

    Ask your cat.

    Schrodinger, is that you? If you'd put down the box, I have a question....

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  27. Re:and if hackers get their hands on them, the res by bobbied · · Score: 1

    Same thing at times. Or didn't you know that? The arms race is real on this front.

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  28. Re:quantum computing by gweihir · · Score: 1

    You seem to be completely unaware how a large part of the scientific establishment and the funding it gets works. The idiot here is you.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  29. Re:Prediction for 4096-bit RSA? How about EC? by gweihir · · Score: 1

    There is no need to change reality. ECC is very easy to backdoor, by the very mathematics it uses. Have you done even minimal research?

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  30. Re:Don't worry, we're prepared by orzetto · · Score: 3, Interesting

    Uhh... going pretty strong. Prices have been gradually coming down and there is a lot of interest from industry. However, since batteries have also improved in the meantime, the focus is moving away from consumer applications (cars) to larger ones (ships, buses, trucks, trains, even regional planes), so they are not so visible to the man in the street.

    I do work in hydrogen & fuel cells, and in the last 2-3 years we have seen a surge in industrial interest we can barely handle. We know that FC manufacturers are tooling for mass production, at which point prices will fall a lot faster. At this point we are where batteries were about 15 years ago, with some applications ready for deployment (buses, home CHP, trucks, trains) and plenty of others in advanced development—maritime is likely the next big thing.

    So just because you don't hear about it in the 9 o'clock news it does not mean it has been abandoned. It has simply dipped down from the hype peak and started maturing.

    --
    Victims of 9/11: <3000. Traffic in the US: >30,000/y
  31. Color me skeptical by OneHundredAndTen · · Score: 2

    Research on quantum computing is now over 35 years old, and it has been systematically hyped all along, while having very little to show for itself. Existing quantum computers have yet to solve anything that can't be solved by traditional computers far more cheaply, an at least as efficiently, for all practical purposes. The horizon for quantum computers capable of tackling non-trivial problems was ten years away ten years ago, and it still remains ten years away today. Finally, it is not even clear yet that the engineering associated with keeping qubits appropriately entangled for solving problems of interest can be developed, just we don't know whether the engineering associated with warp drives is attainable. True, practical quantum computers may be developed within the next ten years - but the may also never be developed - we don't know yet. At this point, I'd bet that we'll get practical controlled nuclear fusion before we get practical quantum computing - i.e. quantum computing that solves serious, non-Mickey Mouse problems.

  32. 20 years? by MMC+Monster · · Score: 1

    widespread adoption of quantum-resistant cryptography "will be a long and difficult process"

    What other computer technology took 20 years to get widespread adoption? The last one I could think of was either the Internet itself or the WWW.

    Why would cryptography take so long?

    Or are we talking about getting quantum-resistant cryptography in our InternetOfThings devices? I'm screwed if someone's using that much resources to hack my car. It would probably be cheaper to hire a league of assassins to take me out.

    --
    Help! I'm a slashdot refugee.
  33. Re:nope by OneHundredAndTen · · Score: 1

    of course RSA-1024 has been considered too weak to use for a number of years now.

    From an academic point of view. However, nobody has been able to break anything beyond RSA-768, at least not publicly. And chances are that nobody has been able to break anything beyond that, period: the time, effort and money involved to break such keys are not worth the while, for such keys do not protect information that is all that valuable. Most likely, it is far easier and cheaper just to steal the keys, if necessary.

  34. Re:Just something stupid here by OneHundredAndTen · · Score: 1

    Since cryptography depends on very large primes,

    Only a small subset thereof does.

    couldn't quantum computers actually be used to find very large primes that conventional computers would take years to find?

    Classical computers can already find the primes of interest in cryptography very quickly and efficiently.

  35. Re:Don't worry, we're prepared by drinkypoo · · Score: 1

    Don't forget hydrogen fuel cells! Remember those? They even had a hydrogen bus in Chicago back in the 2000s. I wonder what happened to it?

    What happened to it is that you can now lease hydrogen vehicles in California and GM and Honda have a joint fuel cell plant and predict that it will actually be profitable to sell FCEVs in the next generation. GM in particular is betting on Hydrogen to be the future fuel of the military. If you actually cared about this stuff, though, you'd know all of this.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  36. Setec Astronomy by l0n3s0m3phr34k · · Score: 1

    TOO MANY SECRETS. Quantum computing will be code-breaking box off Sneakers.

  37. Re:Don't worry, we're prepared by jythie · · Score: 1

    And fusion! Or thorium? Or any number of free energy devices that the inventors just need a LITTLE more capital to finally get above 1:1.

  38. Re:Don't worry, we're prepared by jythie · · Score: 1

    Hydrogen fuel cells themselves I agree do not deserve ridicule, but the hype that they were going to take over and replace everything can be mocked.

  39. Encryption feels lame/stupid at this point anyway by Seven+Spirals · · Score: 1

    SSL = corporations hand-jobbing each other ("signing") and claiming they are "trusted". By who? Each other? Gimme a break. Too many times people trust encryption only to be let down by it either being a shitty implementation that gets hacked or the algo itself gets broken (or more likely becomes "questionable" and in some grey area due to some asshole's "paper" on some esoteric part of the algo). Do I see the need for it in theory? Yes. I do understand why authorization and authentication processes as well as data transport is best secured. I'm just saying that on the flipside of these needs, it's also worth looking at the fact that the old saying about 'putting your eggs in one basket' looks pretty apt for crypto. It's a great place to put all your shit and then find out it's nowhere near as secure as writing it in cleartext on a 3x5 notecard in your desk. People need to keep in mind that no single security measure keeps you protected. That's why we have defense in depth strategies that view crypto as one small part (a part I believe should get even smaller). Crypto also seems to work a lot better for corrupt governments and rich assholes, but nobody likes pointing that out and instead resort to fantasies about Greenpeace and Amnesty International NGO's using PGP to send secret messages to the free world. In reality, it's the corporations and giant global fuckers that get the most mileage out of it (think SSL and other corporate design-by-committee crypto garbage). I'd sooner trust sensitive data to a typewriter and a steel safe than a crypto algorithm and someone's lame implementation. Experience shows that shit has a rough track record.

  40. Quantum Warranty by goombah99 · · Score: 1

    Good until you open the box.

    I await the Quantum EULA

    --
    Some drink at the fountain of knowledge. Others just gargle.
  41. Re:Prediction for 4096-bit RSA? How about EC? by Jeremiah+Cornelius · · Score: 1

    NSA also crippled the maths for generating unpredictable curves. Well, NIST did that, in collusion with the NSA request, resulting in FIPS 186-3.
    https://crypto.stackexchange.c...

    You hint at this in your last statement. We can NEVER trust spooks. They are not here to help. Ever. Period.

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
  42. Re:Prediction for 4096-bit RSA? How about EC? by Jeremiah+Cornelius · · Score: 1

    As for Quantum Computing? Pfffft.
    Pull the other one. QC is the Cold Fusion of computing technology.

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
  43. Re:Don't worry, we're prepared by ShanghaiBill · · Score: 1

    the hype that they were going to take over and replace everything can be mocked.

    I must have missed the hype. I remember GWB advocating hydrogen fuel cells, but nobody believed he was serious, and he was widely ridiculed at the time. I don't remember anyone else hyping it.

  44. Re:Don't worry, we're prepared by ShanghaiBill · · Score: 1

    I think the supposition that the fossil fuel industry would abandon $Trillions of infrastructure and proven petrol reserves was the greatest failing of the hydrogen revolution.

    That is not why hydrogen fuel cells failed. They failed partly because the fuel cells are expensive (requiring platinum coatings), need regular maintenance to keep the membranes clean, and have very limited range because of the difficulty of storing H2.

    But the main reason they failed was because of dramatic advances in the cost and storage capacity of lithium batteries.

  45. Re:Prediction for 4096-bit RSA? How about EC? by TheRealMindChild · · Score: 1

    Prove it. You are the one making the assertion

    --

    "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
  46. Re: Prediction for 4096-bit RSA? How about EC? by illiac_1962 · · Score: 1

    Doubt it. Lockheed has a data center full of quantum computers. They are trying to use them to figure out thier spaghetti code for the F-35.

  47. I Call FUD by Zamphatta · · Score: 1

    Is this /. or some news outlet for old fogies who don't understand computers? Isn't it already a standard security practice to only allow a few tries at a password before requiring a few minutes wait time til anyone can try again? No matter how fast an attacking computer is, its speed won't be an advantage if it can only attempt 3 tries every 15 or 20 minutes.

  48. Re:Prediction for 4096-bit RSA? How about EC? by godel_56 · · Score: 1

    O rly?

    And what about all of their off-site backups? Have they re-encrypted them, or is it is a matter of janking some tapes from Iron Mountain, or company's on-site storage, and applying quantum decryption to them?

    Quantum computing is relevant to public key, asymmetrical ciphers used in establishing online communications. Static data such as backups is encrypted using symmetrical ciphers such as AES and Twofish which are not susceptible to quantum computers.

  49. Re:Prediction for 4096-bit RSA? How about EC? by gweihir · · Score: 1

    I do not need to prove things already proven elsewhere. Look it up you lazy slob.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  50. Re:Prediction for 4096-bit RSA? How about EC? by TheRealMindChild · · Score: 1

    So you have nothing. You aren't fooling anyone in this neck of the woods. Take your propaganda elsewhere

    --

    "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson