If you're worried that quantum computers will crack your crypto, don't be – at least, not for a decade or so. Here's why Quantum computing has been portrayed as a threat to current encryption schemes, but the ability of finicky vaporware to overthrow the current security regime looks like it's massively overstated. Richard Evers, cryptographer for a Canadian security biz called Kryptera, argues that media coverage and corporate pronouncements …
I think really as individuals we don't have much to worry about until quantum computers are small and cheap enough to be bought by anyone. If you're a big multinational or subject to nation state attacks then maybe yes you do need to take some account of this.
For the rest of us you can encrypt all you like, a bit like having the best safe in the world, but if I really want your stuff I'll get it. Probably by threatening the kids of the person who has legitimate access. Ubiquitous xkcd - https://xkcd.com/538/
"Most encryption can be defeated by holding a hammer over the fingers of the person with the key "
Not if he's a masochist or a wimp. The former would respond, "HARDER!" while the latter would faint before you can even get started.
Or if level 10 pain (same level as torture*) makes an appearance several times a day. What with the opioid crisis they simply won't prescribe anything (fentanyl, oxycontin) that works.
* - why yes, I have been tortured so I have a scale to measure against. Lots of screaming and begging involved. I don't have to imagine the worst possible amount of pain. I've managed to kill myself several times only to be brought back by the ambulance service despite having a DNR on file with them and the local hospitals.
I wonder, if at that level, the quantum world will just collapse into the real world? While physicists have managed to get large groups of atoms to behave 'quantumly' thats as a unit rather than a lot of things being quantumly individually which is where it becomes matter and may ignore our requests for eye popping flashes of octarine.
Spontaneous collapse of the quantum state to a classical state is indeed a major problem for quantum computing. And the problem increases not only with the number of entangled qubits, but also with the number of operations performed on these. And to crack codes with longer keys, you not only need more qubits, you also need more operations on each.
The simple way to avoid quantum computers cracking your code is just to increase the key length -- if 256 bit keys become crackable in 10 years (which I doubt), you just go to 1024 bit key length, and you will be safe for another decade or more. Unless some giant breakthrough is made that will make quantum computers scale easily, and I seriously doubt that.
That doesn't mean that quantum computers are pointless. They can be used for things such as simulating quantum systems and for quantum annealing. But forget about cracking codes or speeding up general computation. You are better off with massively parallel classical computers, and to avoid huge power bills, you should probably invest in reversible logic, which can avoid the Landauer limit (a thermodynamic lower bound on the energy cost of irreversible logic operations).
"If 256 bit keys become crackable in 10 years (which I doubt), you just go to 1024 bit key length,"
That works for symmetric crypto. Today AES128 is secure. Gover's algorithm effectively halves the key-length - so just double it back to AES256 and you are fine.
The problem is asymmetric crypto. Shor's algorithm doesn't halve the key length ... it square roots it. So (stupidly over-the-top) RSA4096 suddenly has 64 bits of security (which is brute-forcible). If you want to get back to 128 bits of security, you'll need to use RSA16384 (and wait a week for key generation).
Use a one time pad. This is the only encryption that is known to be unbreakable (provided that the one time pad is kept secure).
An alternative approach that will drastically increase decryption cost for attackers :-
Use a three stage encryption - pad the message to a multiple of 16 bytes and insert 16 random bytes at the start of the message - first stage normal (eg AES 256) encryption and append 16 random bytes to the end of the message - second stage reverse encryption (starting at the last byte proceeding to the first byte) using a different encryption (eg Blowfish) and insert 16 random bytes at the start of the message - third stage normal forward encryption using another encryption method (eg Serpent).
As the input to the last 2 stages looks like random noise, conventional decryption attacks (even chosen known plaintext) are highly unlikely to be able to succeed.
(The reason for the reversed encryption in stage 2 is to make all the bytes in the encrypted message depend on all the bytes in the original message as well as on the 48 random bytes.)
I suspect the "proof" to be flawed. Imagine a simple stack of 2 encryption methods - ROT13 and AES 256 - the encryption strength given by the AES 256 would not be adversely affected by the trivial ROT13.
Assuming different encryption methods with different keys then at a minimum the strength of stacked encryptions should be the strength of the strongest encryption. If all the encryption methods are good then the effective key length should be equal to the sum of the individual key lengths.
Quantum computing ... finicky vaporware .... Thomas Claburn in San Francisco
Well, two outta three aint bad, TC, but vaporware is definitely for the odd bods left petrified and stagnating out in the cold.
"The hard truth is that widespread beliefs about security and encryption may prove to be based on fantasy rather than fact." .... Richard Evers, cryptographer for a Canadian security biz called Kryptera
You mean like the widespread beliefs about security and encryption being possible whenever IT Programs and Systems Analysis Programmers are always proving them to be impossible to achieve with no degree of absolute certainty?
In any 'normal' business environment, such services would extraordinarily render themselves as likely victims and patsies liable to crippling prosecution and censure and even lengthy incarceration in a crooked penitentiary for surely such would be a Systematic Systemic Fraud.
And is "Nevertheless, be careful" the best that systems have to offer?
In your dreams, buster. Things have changed, .... or if you are slow and unfashionably late to parties and have missed all the foundational action, content yourself with believing, in a see of doubt and hubris, that things are a'changing.
At least then you can maybe imagine yourself being able to do something about it with the addition of content for utilisation and realisation in Greater IntelAIgent Games Plays.
Most of the algorithms were generated by former-NSA folks or those with ties to the US gov.
The current state of the art algorithms were pretty much all invented by one person, Daniel Berstein. Most people would not regard djb as having close ties to the US, or any other, government. If he is working for someone, they've got 99% of the entire world's secrets.
Does the research take into consideration the possibility of black projects whose very existence is denied and could be much further ahead than the known state of the art? For example, what if the data center in Utah is really just a cover for a working Shor-running quantum computer using the data above to crunch away?
That would imply an "alternate" physics community of individuals unknown to the people currently working in the field.
It's worth reading this paper On the Viability of Conspiratorial Beliefs.
TL;DR version: secret conspiracies only remain secret if there are very few people involved.
TL;DR version: secret conspiracies only remain secret if there are very few people involved. .... Arthur the cat
Super secret conspiracies always remain secret and incredibly future active if the very few people involved are believed to be correct in their presumptions and prognostications ..... for such suddenly opens up Colossal Doors into Almighty New Worlds where Everything is Ideally Shown in Original Perfect Working Condition ... in Order to easily identify all Damaged and Perverted, Corrupted and Subverted Counterfeited Copycat Machines/Right Dodgy Beings.
And with IT and AI Delivering Whole New Virtual Dimensions to Command and Control/Mentor and Administer to the Delight of Beings Knowing of Original Perfect Working Conditions.
Simple way to keep dark secrets, use social media and closely held mainstream media to ridicule and marginalize those who do not support the official narratives. Use terms like nutters, deniers, haters, anti-something or other, for anyone who questions the approved story line.
Shaming and Shunning.
Publish a hammed up version to various conspiracy sites - instant plausible deniability
"oh we know where that story came from it was on sodiumlaurylsulfatemindcontroldrug.com, you know that haven of cranks, conspiracy nuts and reputed child molesters
(I just typed something random for that URL by the way and no it doesn't resolve at the time of posting this)
This post has been deleted by its author
Conspiracy theories aside, a good rule of thumb is that if you hear the military is "considering research into something", they've long since completed the research, and either have the results ready to go or have decided it's not worth the trouble. Translating "physics experiments" into useful technology can be pretty difficult, but if there is any way at all to break public key encryption with current technology, brute force or otherwise, it has already been done and is in use. If you ran a major government, what would /you/ do? So, you should probably start with the assumption that asymmetric encryption is at least somewhat transparent to certain agencies, if you are important enough to warrant the expense, regardless of the published state of quantum computing or any other research.
And don't forget about time travel. We're all traveling forward in time at the speed of /normal time/. So, with the magic of archiving, your internet traffic can *travel through time to the future* and be decrypted using what, by then, will be cheap technology. The only thing protecting you is that archiving it is a pain, and it's really not worth the trouble. And of course you're not doing anything important enough to attract attention, right?
Howdy, Steve K
I'm wondering why anyone would use grant money for that, other than to attempt Root Breaking/System Cracking.
Methinks that's Top Military Grade Spooky Shit. It most definitely should be if it is not.
The Beauty there is it's a Money Pit for Churning Cash into Novel Future Projects with Almighty Programs.
And the really good/bad ones are always best left to be invisible and rendered relatively unknown via Immaculate Bounties ...... N0 Books Slush Funding. That other crazy lottery for winning with agreed promises accepted to deliver future goods for good futures to deliver promises as agreed.
Where there's a will, there's a way with limitless ways is true for anyone and everything everywhere is I imagine an Ancient COSMIC Truth that Fired Up ...... At the Beginning, long before there were any heavens or earths ...... you know, the Time Before Words Create All there is to See and Enjoy/Experience as often as one is able and inclined ..... which is what keep the Dark Side up at Night and Living Comfortably at the Shadows of Shade.
Its also scarily simple to cyber stalk someone and figure out who their nearest and dearest are, grab their spouse/kids.....
(Its frightening how many military personnel in the UK have their branch of service, duty posting and job title on publicly accessible profiles, when I mentioned this might not be a good idea "Your just scaremongering" "no ones going to grab me" this continued despite pointing out that on high had already made it verboten to put this info online due to OPSEC and PERSEC, along with it would be more than simple to grab your gf or wife and use them as leverage.....no one listened and that included those with quite classified roles and serious access to stuff and who should have damned well known better.)
Its probably easier to ask for a grant to buy zero-days to compromise end-points rather than cracking strong encryption...... .... Steve K
To deserve a grant/reward/fee for either the delivery or non-delivery of any number of catastrophic zero-days that easily and irrevocably compromise end-points rather than cracking strong encryption is one of those DaneGeld Operations/Cleaned Flash Cash AIMissions so beloved of the Mercenary Rogue and Renegade Private Pirate alike, Steve K.
Such done remarkably well makes asking for loadsamoney unnecessary.
The ready availability of quantum computers is predicated on room temp operations - from what I can see, like superconductive materials, quantum computers need chilling to near absolute zero - not easily achieved without a big bankroll and technical capabilities well beyond the average hackophile. We've been waiting decades for room temp superconductors, and the quantum computing environment is a whole nother level beyond that. So not concerned about my stuff, or my local retailer's files for my credit cards.
Nation-state spying is what it's going to be all about. Later than sooner.....no, wait, my 7 year old grandson has made sure he has better system security than most government agencies. Why are we worrying so much about quanta when good old silicon is still all you need to thrive in this world of failed security.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
