Slashdot Mirror
Quantum Computer Not Ready To Break Public Key Encryption For At Least 10 Years, Some Experts Say (theregister.co.uk)
physburn writes: The Register has spoken to some experts to get a better understanding of the risk quantum computers present to the existing encryption systems we have today. Richard Evers, cryptographer for a Canadian security biz called Kryptera, argues that media coverage and corporate pronouncements about quantum computing have left people with the impression that current encryption algorithms will soon become obsolete. But they will not be ready for at least 10 years, he said. As an example, Evers points to remarks made by Arvind Krishna, director of IBM research, at The Churchill Club in San Francisco last May, that those interested in protecting data for at least ten years "should probably seriously consider whether they should start moving to alternate encryption techniques now." In a post Evers penned recently with his business partner Alastair Sweeny, he contends, "The hard truth is that widespread beliefs about security and encryption may prove to be based on fantasy rather than fact." And the reason for this, he suggests, is the desire for funding and fame.
nt
That sounds optimistic - I think that we have yet to reach the point at which we can tell with certainty that that will at all be feasible. Forget when.
It will never happen. This whole thing is a scam. Educate yourself and use your brain if you believe this is viable.
If publicly available machines will be capable in about 10 years, the military/intelligence agencies in the US have likely had them for 15 years already.
Really, 10 years is nothing. The NSA is presumably the world's largest employer of mathematicians and they are probably also not very short on engineers. 10 years of development judged from public available sources could mean that the NSA and similarly well-equipped intelligence agencies can already break it. Ten years is not a security margin at all in cryptography.
The "experts" say "not possible for 10 years".
This means it will likely happen in the next 18 months.
When will we see a traditional computer and quantum computer side by side, showing the quantum computer actually performing the same computation a million, or maybe just a thousand, or perhaps just ten times faster than the traditional computer?
Let me know when, because before then it's nothing but quantum schmantum pipe-dreaming and weird research projects.
Quantum computers are already breaking Public key encryption. The public shall not be informed for at least the next century.
Whether or not people should be switching to encryption methods today that will be resistant to decrypting by quantum computers in thee future depends on the expected relevance of those messages in the future. If you assume that no message sent today will be relevant 10 years from now, then there is no hurry to update encryption methods. On the other hand, if you need to ensure that an encrypted message sent today or in the near future remains unreadable 10 years from now, then maybe you should be researching and changing methods today.
I don't think the military/intelligence agencies are ahead tech wise. In fact, I think they are way behind because of the complex structure and slow moving. When they want something, they don't use state of the art technique but rather simple letter request for it... or you go in jail. Gov don't break security by breaking the protocol, just just ask for a backdoor at the company. Much much easier and put the job on someone else.
If I were the US govt that's exactly what I would tell you. ;-)
"Nope. We can't see your data. That's a decade away!" Wink. Wink.
Quantum computers work by solving the "hard" problem of prime factorization.
Essentially an RSA key is the product of 2 randomly selected prime numbers. One is chosen by Alice and one is chosen by Bob at which point they exchange their halves, then they multiply to construct the key. Since the key is never transmitted, only the halves, the theory is that anyone attempting to decrypt their communications needs to guess the two halves of the whole key.
So all of RSA is based on this idea that it is very hard to take a large number and deconstruct it into it's prime factors. But this is and always has been smoke and mirrors.
The problem here is that there are a limited number of prime numbers currently known, roughly 2 billion, especially if you discount the smaller primes that wouldn't be cryptographically useful.
Thus the total RSA key space is limited to the square of the total number of known primes, or 4 quintillion possible keys given the known number of primes. This is a really big number, but it isn't at all intractable.
If you simply precompute by multiplying all known primes together, you can get at the shared secret for every RSA exchange. This could be stored in a database of just 500 petabytes.
Considering there are systems that can crunch this kind of data in the 10TB/s range, you could safely crack any RSA message in no more than 14 hours on an HPC cluster, or 5 days running at home on your laptop.
This is why quantum computing isn't particularly useful. State actors like the NSA, and Mossad and of course Bose Allen Hamilton (who handles the contracting work for both and sells the intelligence they gather in the process to the highest bidder) already have this capability and have been using it for decades.
Simply switching over to NaCL https://nacl.cr.yp.to/index.html is enough to defeat this and for message exchanges larger than a few K you can use NaCL to handle AES key exchange, then use AES for the heavy lifting.
But the powers that be will never allow this to become standard because it would prevent them from profiting off you. Hence the whole "quantum computing is coming zomg! schtick"
Broken already I'd say.
The "experts" say "not possible for 10 years".
There's also the aspect of, the NSA is about 10 years ahead in relation to crypto and computing related technologies so...
Nothing to worry about! Move along!
"There is more worth loving than we have strength to love." - Brian Jay Stanley
So if you encrypt something today, do you care if itâ(TM)s secret 10 years from now? Depending on what youâ(TM)re encrypting, yes you do.
If your oposition is nation-states, theyâ(TM)re probably collecting things that are interesting now, for decryption later when they have the ability, so ya, you probably care now.
Iâ(TM)ve had multiple professional conversations about âoepost-quantum cryptographyâ in the last 2 years because of exaclty this. Todayâ(TM)s emails are evidence or headlines 10 years from now, so you may care.
Min
On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
AI quantum computing holy cow!
I wish I could only get news that *have* happened, or *will for sure* happen in the next week. None of these bullshit fantasies.
10 years? Where have I heard that before? Oh, right, AI in the 1960s.
AI is all based on the ability of software, which is why predictions of reaching a specific point (which itself wasn't all that specific anyway, very nebulous) can and will be wildly inaccurate.
When talking about quantum computing though, you aren't talking about anything nebulous or so hard to predict progress of. Generally predictions around when hardware will be developed by have been pretty accurate (if not underestimated).
"There is more worth loving than we have strength to love." - Brian Jay Stanley
To quote from Cryptonomicon:
... has pointed out to Avi, in an encrypted e-mail message, that if every particle of matter in the universe could be used to construct one single cosmic supercomputer, and this computer was put to work trying to break a 4096-bit encryption key, it would take longer than the lifespan of the universe.
Randy
"Using today's technology," Avi shot back, "that is true. But what about quantum computers? And what if new mathematical techniques are developed that can simplify the factoring of large prime numbers?"
"How long do you want these messages to remain secret?" Randy asked, in his last message before leaving San Francisco. "Five years? Ten years? Twenty-five years?"
After he got to the hotel this afternoon, Randy decrypted and read Avi's answer. It is still hanging in front of his eyes, like the after image of a strobe:
I want them to remain secret for as long as men are capable of evil.
Burglar just released from prison says not ready to break into houses for a least a few years. "If anyone sees a break in," he offers, "It wasn't me. No sir."
=^..^= all your rodent are belong to us
On the assumption they think it will take 10 years to crack existing crypto before there is a need to migrate to post-quantum algorithms, leads me to think they already have it or will very soon.
I attended the RSA Data Security Conference In, I think it was 1993, when Diffie talked about cracking DES with dedicated hardware in a matter of hours. That same year, 512 bit RSA was cracked as one of the RSA Challenges.
Quantum computing is useless against a one-time pad. It would just come up with all possible pads which convert the ciphertext into all possible plaintexts which makes sense. e.g. It would come up with decryption ciphers which convert the ciphertext to "one of by land, two if by sea" and "two if by land, one if by sea", leaving the code breaker no better off than not being able to break it.
The only reason we use public key encryption is because it's a lot easier than meeting up in person to exchange a one-time pad before you can exchange secure communications. In public key encryption, you can exchange the key publicly yet still have encrypted communication. Also, it's slow enough that it's generally not used for the communications itself. It's used to exchange AES key(s) (basically one-time pads) securely. The encryption of the plaintext is then done using AES.
All breaking public key encryption would do is put us back to the pre-1970s state of encryption, where secure communications required pre-sharing keys in some way. Difficult for random people/sites who have never spoken to each other before. But trivial for things like chipped credit cards, where the credit card company first has to physically mail you the credit card. (The one-time use rule for a one-time pad could be maintained by pre-loading thousands of one-time pads onto the chip, and replacing the credit card before they're all used up. Unthinkable a couple decades ago, but trivial today with modern storage capacities.)
I could see trusted key escrow services popping up, which pre-share one-time pads with online sites and users. So if a user needs to communicate securely with some online site that they hadn't heard of until 5 minutes ago, they could go through the key escrow service to securely exchange keys with the site. User generates temporary key and securely transmits it to the key escrow service. Escrow service relays key to the site using their pre-shared key with the site. Escrow service immediately destroys their interim plaintext copy (the key the user generated). User uses that key to exchange a new key with the site. Then user can go about communicating securely with the site. It's not as secure as public key encryption since there's a third party involved. But it's still workable, and immune to quantum computing.
There are many ways to assemble qubits, it is not/not all cryogenic, so the naive and frankly irresponsible commentary that large quantum computers will take a long time to develop reveals scientific ignorance. There are already quantum computers online today and available for use to the general public, the only questions is when they will be large enough to break crypto. This is now an engineering problem, not a physics question. China has invested 200X the combined US private/public investment in quantum computing and they've been storing US encrypted commercial and government communications for over a decade knowing they'll be able to break it in the near future. The US technological future is quantum computing, not AI or anything else. Don't listen to the opinions of English and biology majors (aka science writers *gulp*) about the feasibility, they have zero basis for a valid assessment, no more than a physicist has about oncology. These are the same people who never admit they were wrong and the first to make excuses like they didn't have all the facts. No, they did, they just weren't smart enough to be silent instead of pretending to have a knowledgeable opinion or insight. In this case, it is about the durable secrecy and privacy of communications that matter - financial, health, government, etc. Many of these collected today are still highly valuable ten years from now. Just ask Google, Facebook, Microsoft, etc. Big companies with decades of engineering experience have been working in stealth to be first to market and the first few are just now going public, see Honeywell.
We've been told that once quantum computers reached quantum supremacy they would be able to break current encryption also known as Y2Q. Now you're saying it will be another 10 years? I don't buy it.
https://en.wikipedia.org/wiki/Quantum_supremacy
If that's what they're announcing then it means they've broken it and are now trying to put our minds at ease, in order to "catch the bad guys" of course.
#DeleteFacebook
Please turn off "smart" quotes in your keyboard settings.
No there are fundamentally different level.
Old encryption standard, be it the venerable Enigma or more recently DES, were considered "hard to crack" because the key-space couldn't realistically be searched with the hardware available at the time.
But lo and behold:
- Computer technology emerged, making the enigma search-space manageable (well that, and a few short-coming of the Enigma algorithms, making it easier to crack thanks to clever tricks).
- As mentioned above, DES couldn't be realistically brute forced with the available hardware, but researcher estimated that hardware capable of covering the search-space could be built within budget available to some state-level adversaries. And with Moore's law helping, modest modern hardware can now beat these.
They were never considered "impossible to crack" only "very hard to crack" but eventually over time/with ressources, it could be achieved.
More modern encryption standards such as RC4, AES, etc. are considered "impossible to crack within current laws of physics and/or math" because even if you converted the whole planet Earth into a giant computer, you couldn't cover the whole search-space before the death of the solar system. This time even Moore's law won't save you (in time).
You'd need :
- Cryptanalysis: problems found in a standard such as RC4. Meaning that you don't actually need to spend the heat-death of the universe searching the whole search-space. Instead there are way to find the few most likely candidate to focus on.
- New physics/maths: finding new different ways to solve the problem that won't necessitate individually testing every single key in the search-space.
TL;DR: So in short, old algos weren't secure, because eventually somebody would built a bigger computer faster enough to brute-force the password.
Modern algos are secure, because the "bigger computer" required is beyond what is physically possible.
You either need new physics.
Or discovering that actually the password is always "Swordfish".
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
This is the problem. You can bet your butt that groups like the NSA have a cache of encrypted communications - why not, they store everything else they intercept - and the moment they have a way to break the system used to encrypt, they will go back and read all those documents and communications.
There's a really good sci-fi story by Isaac Asimov, "The Dead Past" where the protagonists discover a means to spy on the present but not the far past. Instead, we'll have a rolling horizon and communications from 10 years ago, 5 years ago, 3 years ago will slowly become exposed as the tech progresses.
Assuming the tech works.
Encryption will be broken just in time for state actors to empty out my 401K. Watch as my government shrugs and doesn't give a shit.
We can wait ten years before bothering to attempt to design post quantum encryption because we're safe until then!
"Quantum Computer Not Ready To Break Public Key Encryption For At Least 10 Years, Some Experts Say"
That's what they want you to believe.
You know, the mysterious, shadowy "they" that's behind everything- chemtrails, the flat-earth, anti-vaxxers, Reptilians, C++ pointers...it's all them and they. Hopefully they won't delete this post where I blow the lid off of their nefarious activities.
The light in your fridge burned out? They did it. One of your tires suddenly gets low? They did it. Who ate all the ice cream? They did.
It's so obvious, sheeple! Wake up!
Just cruising through this digital world at 33 1/3 rpm...
funny, it seems like we are always being told that we are given encryption tools that are unbreakable, only in hindsight to find out that they were nowhere as secure as advertised.
Maybe the long post wasn't clear enough.
I'm not saying that the algorithms are guaranteed 100% unbreakable for ever.
I'm just saying that the reason of unbreakability have change drastically over time.
- Old algorithms were unbreakable because to break them requires additional computing power. It wasn't available at the time. But with time (and Moore's law) a big enough computer is guaranteed to emerge, eventually.
They were (in a way) *guaranteed* to be breakable one day in the future. Just a matter of (computer) engineering.
- Newer algorithm *WILL NOT* be broken just by a bigger computer. That doesn't guarantee that they'll never be broken, it only guarantees that a bigger computer *IS NOT* the thing that will break.
They'll get broken instead by either one of the following three:
- New type of physics and maths that make the algorithm irrelevant.
( ^- that is what all the quantum-crypto love to speculate about, but currently it's not something that we observe in the wild)
- Bugs are discovered, turns out the algorithm is flawed. In theory no a big enough computer can physically exist to break it, but it in practice, thanks to bugs it turns out it's trivial.
( ^- that's what happens to all cryptography standards that get phased out. See RC4)
- People are stupid. No amount of cryptographic science is going to save you if your password everywhere is always "123". Hey that's my luggage's... Or if it can simply be bypassed due to implementation blunder, because basically the lock is indeed locking the door on the left side, but noone will prevent you from unscrewing the door's hinge on the right side.
( ^- in practice, that's what is happening most of the time time nowadays. See haveibeenpwnd).
So, you can take your condescending attitude and have a nice circle-jerk with megol whilst feeling secure nobody will break the encryption on your video
Nobody is saying that the encryption of the video is never ever going to by broken.
The things that we try to say is that the way it will be broken have changed.
Back in the old days, the hairy-porn video with moustaches will eventually get broken, because somebody will eventually make a big enough computer.
Nowadays, most of the time, the amateur-porn will get broken/private nudie pick will get disseminated, because most likely some bozo though that "pa$$w0rd" was secure enough (but, it follows the required numbers/signs rules !), or because some researcher has noticed that the reportedly "military grade super secret crypto technique" used by the video storage, if you twiddle the bits in a certain un-expected way, boils down to a simple ROT-13 that your pocket calculator could break.
But nowadays a bigger computer isn't the thing that will break it, it's physically not possible *now*.
(but it was physically possible a long time ago, but considered distant enough, so such crypto did get used back then)
To go back to the subject,
- 56bits DES got broken, because 56bits is small and eventually a big computer could be built (even back then people were drawing attention and sending alerts that a government *could* have the budget to make such a big computer quite soon).
- 256bits AES cannot be broken by a physical computer. Not now, not in 1'000 years from now. It could be broken by an entire new physics and maths to make an exotic new type of computer (that's what quantum computing is touted by some to be able to open as possibilites), or because some scientist will discover bugs, enabling ways to break AES, without needing to go through all 2^256 combinations (and this just hasn't happened yet for any meaningful reduction of this big number).
AES considered unbreakable and potentially getting broken on
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]