back to article Warning: China planning to swipe a bunch of data soon so quantum computers can decrypt it later

Tech consultancy Booz Allen Hamilton has warned that China will soon plan the theft of high value data, so it can decrypt it once quantum computers break classical encryption. The firm offers that scenario in a recent report, Chinese Threats In The Quantum Era, that asserts the emerging superpower aspires to surpass US-derived …

Page:

  1. Phones Sheridan Bronze badge

    Would the counter to this be to create giga/tera/peta-bytes of encrypted junk files left in suitably mis-secured servers connected to the internet. You may not be able to stop the Chinese gov from hacking and obtaining data but you can make the indefinite storage of it pretty hard. Also if it’s encrypted gibberish, would that slow down the decryption of it? After all if an unencrypted file appears to be random data, then it hasn’t been decrypted properly, so back to the code breakers it goes, wasting more resources. A sort of data Cold War.

    1. Ken Hagan Gold badge

      An interesting question: when you are brute-forcing something, how do you know when to stop?

      1. Anonymous Coward
        Anonymous Coward

        When you've tried all possibilities — it's like trying all combinations on a luggage lock.

        1. Mike 137 Silver badge

          "When you've tried all possibilities"

          Or sooner if the result seems to make sense. I vaguely remember that some researchers reported an ability to encrypt in a way that could yield more than one apprently valid decrypt. Does anyone here have a reference to this?

          1. Charles 9 Silver badge

            Re: "When you've tried all possibilities"

            It's a defining feature of one-time pads. Given the right key, you can literally get anything out within the size limit.

            1. Brewster's Angle Grinder Silver badge

              Decryption Chaff

              You've misunderstood the point. The argument is to have plaintext1 and plaintext2 both of which encrypt to ciphertext. So when you brute force decrypt you don't know which was the real plaintext.

              It's like collision attack in reverse.

              1. Charles 9 Silver badge

                Re: Decryption Chaff

                It is you who misunderstand the point. That is EXACTLY what I'm getting at. In a proper one-time pad, a ciphertext of "******" (literally) could decode to ANY six-character combination, including words. All it takes is the appropriate key for each one.

                So in your above example, ciphertext when run through key1 will result in plaintext1 while the same text run through key2 will result in plaintext2. That's all that it takes, and it's one of the key strengths of one-time pads: there is absolutely no way to predict the plaintext from the ciphertext.

                1. Long John Silver
                  Pirate

                  Re: Decryption Chaff

                  Taking that back into the broader context of other encryption techniques - which are inherently less secure because 'one time' methods are impracticable when several people on unspecified occasions want access to information - the question of how an adversary knows encryption has been broken becomes important.

                  Assuming quantum computers are the wonderful beasts they are made out to be, difficult questions remain when decoding data not in advance known to have been encrypted by a particular class of method (e.g. a pubic key based system). Heavily secret communication among a small pre-defined number of people can be based upon well-known algorithms but in combinations varying according to whether the message is first, second, third, etc. from a particular sender among the group.

                  Ordering the algorithms, number and types, can be separated from keys which need to be known for a particular instance of use of a given combination of algorithms.

                  Encryption/decryption takes place under supervision of an overarching algorithm which requires, in this example, a 'sequence number' and the keys. The former is not embedded in the code. Human operators must keep track of position in each individual's sequence of message sending to the group. Each sequence number invokes a pseudo-random number generator within the overarching algorithm. The generator is seeded exactly the same in all distributed copies of the overarching algorithm.

                  This degree of additional obfuscation would make it difficult for the quantum computer's algorithms to determine whether decoding is successful. Further obfuscation of the original data is easily applied using variants of insecure techniques such as letter substitution.

                  It would not be a matter of the computer eventually spitting out plain text. Unless, the quantum computer is, or is connected to, a very powerful pattern recognition device it might be necessary for human operators to check output from many steps of the process. Thereby speed of quantum computers is slowed to a pace humans can stand and also, as in the case of some messages among the military, it matters not at all if by the time the code is cracked events referred to have already taken place.

                2. Brewster's Angle Grinder Silver badge

                  You're right in the most trivial way. Yes, when you use a one time pad (OTP) there are as many keys to the ciphertext as there are possible ciphertexts of that length. And there is no way anybody could be certain which one was correct.

                  But regular symmetric encryption has that property, too. You can normally decrypt a symmetrically encrypted string with any of the possible keys and not be certain whether it was the correct key. (I'm glossing over a few snags and details, but that's broadly true.) The only difference between an OTP and a symmetric key is length, and symmetric encryption converges on an OTP as the length of the symmetric key approaches the message length. (Again, after a little squinting.)

                  The problem, in both cases, is getting the key to the recipient. If you can solve that, you're absolutely right that quantum computers would be useless. But if we could solve that we wouldn't need potentially-quantum-comptuer vulnerable public key cryptosystems. And that's where cleverer systems might come in.

                  1. Charles 9 Silver badge

                    Sounds to me like we're running into a problem of the physics level, much like how much further one can compress a substance once it has already become a liquid or solid.

              2. tekHedd

                Re: Decryption Chaff

                With the right context a random burst of noise can become *any* message you like. This ultimately is the only thing you can use as protection against brute force...

        2. Anonymous Coward
          Anonymous Coward

          Have they tried 1,2,3,4,5 as the combination on the luggage?

      2. Anonymous Coward
        Anonymous Coward

        A very good question

        Essentially by looking for cues that you know in the answer - hopefully I've posted the right youtube thing (I have no association with this, just found it interesting), but it explains how you can start pruning your decryption search until you get something meaningful.

        https://www.youtube.com/watch?v=RzWB5jL5RX0

      3. 2+2=5 Silver badge

        > An interesting question: when you are brute-forcing something, how do you know when to stop?

        Very easily for compressed file formats like docx because the compressed file includes a checksum. So you do a trial decrypt, then unzip and if the checksum matches you know it unzipped correctly, therefore it must have been decrypted correctly.

    2. Doctor Syntax Silver badge

      Rather than actually generate and store, just simulate a file system and generate the random stuff when an intruder "reads" it. The cost of storage then falls entirely on the intruder. For bonus points simulate an entire network. Let them keep "discovering" another server full of stuff.

      1. TeeCee Gold badge

        Beat me to it. I was going to suggest that a couple of exabytes of pseudo-random crud in a directory named "Iz verry sekrit yes" would keep Winnie the Pooh's robot sheep gainfully employed for a while.

      2. I am the liquor

        ln -s /dev/urandom MySecretz.zip

      3. Doctor Syntax Silver badge

        One aspect of this is that each time it's read it's different so it must be very actively maintained material and hence of even more interest.

      4. Anonymous Coward
        Anonymous Coward

        How about making that data just a bunch of Rick roll videos?

    3. 96percentchimp

      Presumably you can tell whether something has informational value by analysing its structure, even if it's encrypted, in the same way that linguists analyse animal communications to compare their relative information density. So your junk files would have to look like something interesting to be worth decrypting (unless you started to disguise rich content as weak sauce to make it look innocuous...).

      1. Charles 9 Silver badge

        But doesn't encryption encrypt the structure as well, making it look like a bunch of gibberish?

        1. mattaw2001

          Not only does encryption de-structure it, nearly all encryption systems start by compressing information to reduce/eliminate repeated information, and save compute time on the expensive encryption/de-cryption. Compression maximizes the amount of information per bit (in a documented, reversible way) and then it gets encrypted.

    4. Long John Silver
      Pirate

      A further twist?

      Among files an adversary may be able to access, deposit some others particularly heavily encrypted and containing detailed plans for projects in which subtle flaws have been introduced.

      Mention has been made of creating many files of encrypted garbage alongside genuine files. This 'needle in a haystack' technique is pretty sound in its own right regardless of adversaries' decryption capabilities.

    5. Glen 1

      "COMSTOCK"

      1. john 103

        Upvote for the Cryptonomicon Reference

  2. Dinanziame Silver badge
    Boffin

    Quantum computing and decryption

    I know that quantum computers are theoretically able to decrypt some encryption methods, because they can factorize large numbers. But I thought there were different encryption methods which didn't use large number factorization, was it elliptic functions? Doesn't that mean that we could switch to those methods and quantum computers would stop being such a bogeyman for encryption?

    How close are quantum computers to be of any use anyway? Because they often seem to be predicted for right after fusion reactors, or whenever half life 3 is released, whichever happens last...

    1. druck Silver badge

      Re: Quantum computing and decryption

      It nice to know the Chinese have bought in to the quantum snake oil, jut like everyone else.

      1. vtcodger Silver badge

        Re: Quantum computing and decryption

        "It nice to know the Chinese have bought in to the quantum snake oil, jut like everyone else."

        You've got a point there. A bit of skepticism is probably appropriate. On the other hand, China (and US and EU and ...) probably can't afford not to assume that quantum or other advanced decryption techniques might become available at some future time.

      2. Twanky Silver badge

        Re: Quantum computing and decryption

        It nice to know the Chinese have bought in to the quantum snake oil, jut like everyone else.

        No, Booz Allen Hamilton are slathering on the snake oil with 'Look, the Chinese are buying up all this stuff! Get yours while you can.'.

        1. Paul Crawford Silver badge
          Gimp

          Re: Quantum computing and decryption

          Booz Allen Hamilton are slathering on the snake oil

          That is a mental image I could do without!

          1. Twanky Silver badge
            Coffee/keyboard

            Re: Quantum computing and decryption

            You promised not to share those pictures!

        2. Youngone Silver badge

          Re: Quantum computing and decryption

          Booz Allen Hamilton make vast amounts of money from the US military, which is looking for another enemy since the Afghanistan gravy train has ended.

          China is one that they're trying at the moment to see how much they can shake loose.

    2. DJO Silver badge

      Re: Quantum computing and decryption

      How close are quantum computers to be of any use anyway

      Depend on what you want to do. Quantum computing uses Shor's algorithm to factorise integers.

      The current highest number factorised this way is 21, they tried to factorise 35 but failed because of accumulating errors.

      So if your requirements are factorising small numbers then they are ready to go. If you actually want to do something useful then probably not for a long time, if ever.

      Of course if something better and more fault tolerant than Shor's comes along then it may all change overnight.

      1. Charles 9 Silver badge

        Re: Quantum computing and decryption

        That's just what we know, though. Don't rule out black projects.

      2. Anonymous Coward
        Anonymous Coward

        Re: Quantum computing and decryption

        @DJO

        On my pathetic £400 laptop, the gmp library was used to make the composite number below in about ten seconds -- two primes multiplied together. I wonder how long it will take ANY computer to find the two factors.

        Six hundred long composites don't take much longer!

        Add in computers using Diffie/Helman exchange to generate a new random secret key for each message and it looks like quantum computing might have a ways to go!

        Just saying"

        char longcomposite[] =

        "3288306533776777626411433309037643693147509600353570240217437271873281970118129"

        "7547603626504446209022019227497264048426529986066096436811004225158618715188472"

        "7118464102218192230016940402989677902015761042902394722765517612869525648163783"

        "0614468973914626280676474193870264032605759557393311992855066995175590046668812"

        "2438582715856843699233289162841410335903309988107371498012732626334195500748854"

        "75193";

    3. Tomato42
      Boffin

      Re: Quantum computing and decryption

      Shor's algorithm works for attacking elliptic curves, as used in ECDHE or ECDSA, just fine.

      You'd need to switch to supersingular elliptic curves to be secure against quantum computers. But the current most likely winner is lattice based crypto.

      1. Anonymous Coward
        Anonymous Coward

        Re: Quantum computing and decryption

        Lettuce based crypto? Sounds healthy.

        1. Doctor Syntax Silver badge

          Re: Quantum computing and decryption

          It's a little gem.

    4. SCP

      Re: Quantum computing and decryption

      "Doesn't that mean that we could switch to those methods and quantum computers would stop being such a bogeyman for encryption?"

      Yes, quantum secure algorithms have been (and continue to be) developed - there are various calls out by NIST on the subject which are readily accessible.

      This would mean that now (or in the near future) would be a good time to snatch encrypted data - before such algorithms come into common use; that data might then be decryptable by future quantum computers.

      Whether the data retains its value in the future points to one of the considerations that should be made when deciding data encryption choices: do you need to secure data for a few minutes, hours, days, months, years, or forever. For example, a short-lived 2FA code should have no value after a few minutes, whereas a collection of identificatiion data of the people that have assisted you in a hostile region of the world ought to be protected for many many years.

    5. Eclectic Man Silver badge
      Boffin

      Re: Quantum computing and decryption

      There is also the 'discrete logarithm' problem*, which is the security behind the Diffie-Hellman key agreement algorithm**. I don't know which Quantum Computing algorithm is currently used to determine those.

      Not being a quantum mechanic, I don't understand either quantum mechanics or Quantum Computing, but I believe that it relies for its power on the idea that quantum particles can exist in a superposition of states. The trick is to get those states to be possible solutions to your problem. When you have all the particles set up properly, when they 'collapse' into a coherent and self-consistent state, you have your answer.

      The reason why the one time pad is 'Quantum Secure' is that every solution is possible and no computer, quantum or otherwise can tell them apart without more information. Quantum computers would generally be used to crack the session key distribution algorithm, which is often a public-key algorithm, based on large primes (RSA, Elliptic Curves) or the discrete logarithm problem. The session key is usually used to encrypt one message, and distributed using a, currently secure, public key algorithm.

      * https://www.doc.ic.ac.uk/~mrh/330tutor/ch06s02.html

      **A bit too complicated to describe here, but see

      https://www.hypr.com/diffie-hellman-algorithim/

      https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange

      1. Doctor Syntax Silver badge

        Re: Quantum computing and decryption

        "A bit too complicated to describe here"

        The margins aren't big enough.

    6. Tom 7 Silver badge

      Re: Quantum computing and decryption

      I think it was IBM who just doubled the number of qbits last week. And there are plans to double again early next year. Given the IBM one was 127 Qbits and each new Qbit doubles the power of the machine we're looking at some serious increases in power.

  3. I should coco

    Encrypt data... errr quantumly

    What if its encrypted using quantum encryption then is it not possible to tell if its being hacked because of entanglement?

    Once the middle kingdom has the quantum computing capability its a fair assumption that uncle sam will too.

    1. Anonymous Coward
      Anonymous Coward

      Re: Encrypt data... errr quantumly

      We can't assume that America will be able to keep up - China has way more engineers because they're working hard to give everyone with the ability the opportunity to learn for free, while America's increasingly expensive education system means only those with existing wealth or willing to commit to a lifetime of debt can afford to train.

      Even turning everything around now would not be enough to catch up by this point- China has already won the 21st century from a technology perspective.

      1. confused and dazed

        Re: Encrypt data... errr quantumly

        That's an interesting point - cheapness of quality science and engineering graduates links to technological leadership ..... maybe. I suppose it depends on whether there is a direct correlation between quantity of those graduates and your dominance.

        As for losing the 21st century - we still have a long way to go

      2. Version 1.0 Silver badge

        Re: Encrypt data... errr quantumly

        So now we are having to live with No Secure Apps?

    2. Eclectic Man Silver badge

      Re: Encrypt data... errr quantumly

      Are there any genuine quantum cryptographic algorithms? That is, encryption / decryption algorithms which can only be implemented on quantum rather than classical digital or analogue computers?

  4. Anonymous Coward
    Anonymous Coward

    Post quantum cryptography

    Yep!

    https://en.wikipedia.org/wiki/Post-quantum_cryptography

    We're a long long way from having decent quantum computers, they're still in the research phase now. Workable qubits are in the hundreds at the moment and I've heard an estimate that you need about a million for anything useful. And you still need to 'program' them, which is non-trivial. There may be a breakthrough in tech, but like you say, future quantum computers should be powered by fusion!

    And its standard practice to harvest data and hope to decrypt it in the future, although you're making your haystack bigger with a potentially rusty needle in it.

  5. CrackedNoggin

    Why would they bother?

    All they have to do is put on embargo on exports to Amazon and the West will be brought to it's knees.

    If they did it today it would be like murdering Santa - goodby Christmas!

    1. Brewster's Angle Grinder Silver badge

      This Christmas Was Surprisingly Violent

      "...the West will be brought to it's knees."

      And shortly thereafter, their own economy would collapse. The biggest security threat is China transitioning to a large, internal market that can support its own economic activity.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022