back to article China plans to swipe a bunch of data soon so quantum computers can decrypt it later

Tech consultancy Booz Allen Hamilton has warned that China will soon plan the theft of high value data, so it can decrypt it once quantum computers break classical encryption. The firm offers that scenario in a recent report, Chinese Threats In The Quantum Era, that asserts the emerging superpower aspires to surpass US-derived …

  1. Phones Sheridan Silver badge

    Would the counter to this be to create giga/tera/peta-bytes of encrypted junk files left in suitably mis-secured servers connected to the internet. You may not be able to stop the Chinese gov from hacking and obtaining data but you can make the indefinite storage of it pretty hard. Also if it’s encrypted gibberish, would that slow down the decryption of it? After all if an unencrypted file appears to be random data, then it hasn’t been decrypted properly, so back to the code breakers it goes, wasting more resources. A sort of data Cold War.

    1. Ken Hagan Gold badge

      An interesting question: when you are brute-forcing something, how do you know when to stop?

      1. Anonymous Coward
        Anonymous Coward

        When you've tried all possibilities — it's like trying all combinations on a luggage lock.

        1. Mike 137 Silver badge

          "When you've tried all possibilities"

          Or sooner if the result seems to make sense. I vaguely remember that some researchers reported an ability to encrypt in a way that could yield more than one apprently valid decrypt. Does anyone here have a reference to this?

          1. Charles 9

            Re: "When you've tried all possibilities"

            It's a defining feature of one-time pads. Given the right key, you can literally get anything out within the size limit.

            1. Brewster's Angle Grinder Silver badge

              Decryption Chaff

              You've misunderstood the point. The argument is to have plaintext1 and plaintext2 both of which encrypt to ciphertext. So when you brute force decrypt you don't know which was the real plaintext.

              It's like collision attack in reverse.

              1. Charles 9

                Re: Decryption Chaff

                It is you who misunderstand the point. That is EXACTLY what I'm getting at. In a proper one-time pad, a ciphertext of "******" (literally) could decode to ANY six-character combination, including words. All it takes is the appropriate key for each one.

                So in your above example, ciphertext when run through key1 will result in plaintext1 while the same text run through key2 will result in plaintext2. That's all that it takes, and it's one of the key strengths of one-time pads: there is absolutely no way to predict the plaintext from the ciphertext.

                1. Long John Silver
                  Pirate

                  Re: Decryption Chaff

                  Taking that back into the broader context of other encryption techniques - which are inherently less secure because 'one time' methods are impracticable when several people on unspecified occasions want access to information - the question of how an adversary knows encryption has been broken becomes important.

                  Assuming quantum computers are the wonderful beasts they are made out to be, difficult questions remain when decoding data not in advance known to have been encrypted by a particular class of method (e.g. a pubic key based system). Heavily secret communication among a small pre-defined number of people can be based upon well-known algorithms but in combinations varying according to whether the message is first, second, third, etc. from a particular sender among the group.

                  Ordering the algorithms, number and types, can be separated from keys which need to be known for a particular instance of use of a given combination of algorithms.

                  Encryption/decryption takes place under supervision of an overarching algorithm which requires, in this example, a 'sequence number' and the keys. The former is not embedded in the code. Human operators must keep track of position in each individual's sequence of message sending to the group. Each sequence number invokes a pseudo-random number generator within the overarching algorithm. The generator is seeded exactly the same in all distributed copies of the overarching algorithm.

                  This degree of additional obfuscation would make it difficult for the quantum computer's algorithms to determine whether decoding is successful. Further obfuscation of the original data is easily applied using variants of insecure techniques such as letter substitution.

                  It would not be a matter of the computer eventually spitting out plain text. Unless, the quantum computer is, or is connected to, a very powerful pattern recognition device it might be necessary for human operators to check output from many steps of the process. Thereby speed of quantum computers is slowed to a pace humans can stand and also, as in the case of some messages among the military, it matters not at all if by the time the code is cracked events referred to have already taken place.

                2. Brewster's Angle Grinder Silver badge

                  You're right in the most trivial way. Yes, when you use a one time pad (OTP) there are as many keys to the ciphertext as there are possible ciphertexts of that length. And there is no way anybody could be certain which one was correct.

                  But regular symmetric encryption has that property, too. You can normally decrypt a symmetrically encrypted string with any of the possible keys and not be certain whether it was the correct key. (I'm glossing over a few snags and details, but that's broadly true.) The only difference between an OTP and a symmetric key is length, and symmetric encryption converges on an OTP as the length of the symmetric key approaches the message length. (Again, after a little squinting.)

                  The problem, in both cases, is getting the key to the recipient. If you can solve that, you're absolutely right that quantum computers would be useless. But if we could solve that we wouldn't need potentially-quantum-comptuer vulnerable public key cryptosystems. And that's where cleverer systems might come in.

                  1. Charles 9

                    Sounds to me like we're running into a problem of the physics level, much like how much further one can compress a substance once it has already become a liquid or solid.

              2. tekHedd

                Re: Decryption Chaff

                With the right context a random burst of noise can become *any* message you like. This ultimately is the only thing you can use as protection against brute force...

        2. Anonymous Coward
          Anonymous Coward

          Have they tried 1,2,3,4,5 as the combination on the luggage?

      2. Anonymous Coward
        Anonymous Coward

        A very good question

        Essentially by looking for cues that you know in the answer - hopefully I've posted the right youtube thing (I have no association with this, just found it interesting), but it explains how you can start pruning your decryption search until you get something meaningful.

        https://www.youtube.com/watch?v=RzWB5jL5RX0

      3. Anonymous Coward
        Anonymous Coward

        > An interesting question: when you are brute-forcing something, how do you know when to stop?

        Very easily for compressed file formats like docx because the compressed file includes a checksum. So you do a trial decrypt, then unzip and if the checksum matches you know it unzipped correctly, therefore it must have been decrypted correctly.

    2. Doctor Syntax Silver badge

      Rather than actually generate and store, just simulate a file system and generate the random stuff when an intruder "reads" it. The cost of storage then falls entirely on the intruder. For bonus points simulate an entire network. Let them keep "discovering" another server full of stuff.

      1. TeeCee Gold badge

        Beat me to it. I was going to suggest that a couple of exabytes of pseudo-random crud in a directory named "Iz verry sekrit yes" would keep Winnie the Pooh's robot sheep gainfully employed for a while.

      2. I am the liquor

        ln -s /dev/urandom MySecretz.zip

      3. Doctor Syntax Silver badge

        One aspect of this is that each time it's read it's different so it must be very actively maintained material and hence of even more interest.

      4. Anonymous Coward
        Anonymous Coward

        How about making that data just a bunch of Rick roll videos?

    3. 96percentchimp

      Presumably you can tell whether something has informational value by analysing its structure, even if it's encrypted, in the same way that linguists analyse animal communications to compare their relative information density. So your junk files would have to look like something interesting to be worth decrypting (unless you started to disguise rich content as weak sauce to make it look innocuous...).

      1. Charles 9

        But doesn't encryption encrypt the structure as well, making it look like a bunch of gibberish?

        1. mattaw2001

          Not only does encryption de-structure it, nearly all encryption systems start by compressing information to reduce/eliminate repeated information, and save compute time on the expensive encryption/de-cryption. Compression maximizes the amount of information per bit (in a documented, reversible way) and then it gets encrypted.

    4. Long John Silver
      Pirate

      A further twist?

      Among files an adversary may be able to access, deposit some others particularly heavily encrypted and containing detailed plans for projects in which subtle flaws have been introduced.

      Mention has been made of creating many files of encrypted garbage alongside genuine files. This 'needle in a haystack' technique is pretty sound in its own right regardless of adversaries' decryption capabilities.

    5. Glen 1

      "COMSTOCK"

      1. john 103

        Upvote for the Cryptonomicon Reference

  2. Dinanziame Silver badge
    Boffin

    Quantum computing and decryption

    I know that quantum computers are theoretically able to decrypt some encryption methods, because they can factorize large numbers. But I thought there were different encryption methods which didn't use large number factorization, was it elliptic functions? Doesn't that mean that we could switch to those methods and quantum computers would stop being such a bogeyman for encryption?

    How close are quantum computers to be of any use anyway? Because they often seem to be predicted for right after fusion reactors, or whenever half life 3 is released, whichever happens last...

    1. druck Silver badge

      Re: Quantum computing and decryption

      It nice to know the Chinese have bought in to the quantum snake oil, jut like everyone else.

      1. vtcodger Silver badge

        Re: Quantum computing and decryption

        "It nice to know the Chinese have bought in to the quantum snake oil, jut like everyone else."

        You've got a point there. A bit of skepticism is probably appropriate. On the other hand, China (and US and EU and ...) probably can't afford not to assume that quantum or other advanced decryption techniques might become available at some future time.

      2. Twanky

        Re: Quantum computing and decryption

        It nice to know the Chinese have bought in to the quantum snake oil, jut like everyone else.

        No, Booz Allen Hamilton are slathering on the snake oil with 'Look, the Chinese are buying up all this stuff! Get yours while you can.'.

        1. Paul Crawford Silver badge
          Gimp

          Re: Quantum computing and decryption

          Booz Allen Hamilton are slathering on the snake oil

          That is a mental image I could do without!

          1. Twanky
            Coffee/keyboard

            Re: Quantum computing and decryption

            You promised not to share those pictures!

        2. Youngone

          Re: Quantum computing and decryption

          Booz Allen Hamilton make vast amounts of money from the US military, which is looking for another enemy since the Afghanistan gravy train has ended.

          China is one that they're trying at the moment to see how much they can shake loose.

    2. DJO Silver badge

      Re: Quantum computing and decryption

      How close are quantum computers to be of any use anyway

      Depend on what you want to do. Quantum computing uses Shor's algorithm to factorise integers.

      The current highest number factorised this way is 21, they tried to factorise 35 but failed because of accumulating errors.

      So if your requirements are factorising small numbers then they are ready to go. If you actually want to do something useful then probably not for a long time, if ever.

      Of course if something better and more fault tolerant than Shor's comes along then it may all change overnight.

      1. Charles 9

        Re: Quantum computing and decryption

        That's just what we know, though. Don't rule out black projects.

      2. Anonymous Coward
        Anonymous Coward

        Re: Quantum computing and decryption

        @DJO

        On my pathetic £400 laptop, the gmp library was used to make the composite number below in about ten seconds -- two primes multiplied together. I wonder how long it will take ANY computer to find the two factors.

        Six hundred long composites don't take much longer!

        Add in computers using Diffie/Helman exchange to generate a new random secret key for each message and it looks like quantum computing might have a ways to go!

        Just saying"

        char longcomposite[] =

        "3288306533776777626411433309037643693147509600353570240217437271873281970118129"

        "7547603626504446209022019227497264048426529986066096436811004225158618715188472"

        "7118464102218192230016940402989677902015761042902394722765517612869525648163783"

        "0614468973914626280676474193870264032605759557393311992855066995175590046668812"

        "2438582715856843699233289162841410335903309988107371498012732626334195500748854"

        "75193";

    3. Tomato42
      Boffin

      Re: Quantum computing and decryption

      Shor's algorithm works for attacking elliptic curves, as used in ECDHE or ECDSA, just fine.

      You'd need to switch to supersingular elliptic curves to be secure against quantum computers. But the current most likely winner is lattice based crypto.

      1. Anonymous Coward
        Anonymous Coward

        Re: Quantum computing and decryption

        Lettuce based crypto? Sounds healthy.

        1. Doctor Syntax Silver badge

          Re: Quantum computing and decryption

          It's a little gem.

    4. SCP

      Re: Quantum computing and decryption

      "Doesn't that mean that we could switch to those methods and quantum computers would stop being such a bogeyman for encryption?"

      Yes, quantum secure algorithms have been (and continue to be) developed - there are various calls out by NIST on the subject which are readily accessible.

      This would mean that now (or in the near future) would be a good time to snatch encrypted data - before such algorithms come into common use; that data might then be decryptable by future quantum computers.

      Whether the data retains its value in the future points to one of the considerations that should be made when deciding data encryption choices: do you need to secure data for a few minutes, hours, days, months, years, or forever. For example, a short-lived 2FA code should have no value after a few minutes, whereas a collection of identificatiion data of the people that have assisted you in a hostile region of the world ought to be protected for many many years.

    5. Eclectic Man Silver badge
      Boffin

      Re: Quantum computing and decryption

      There is also the 'discrete logarithm' problem*, which is the security behind the Diffie-Hellman key agreement algorithm**. I don't know which Quantum Computing algorithm is currently used to determine those.

      Not being a quantum mechanic, I don't understand either quantum mechanics or Quantum Computing, but I believe that it relies for its power on the idea that quantum particles can exist in a superposition of states. The trick is to get those states to be possible solutions to your problem. When you have all the particles set up properly, when they 'collapse' into a coherent and self-consistent state, you have your answer.

      The reason why the one time pad is 'Quantum Secure' is that every solution is possible and no computer, quantum or otherwise can tell them apart without more information. Quantum computers would generally be used to crack the session key distribution algorithm, which is often a public-key algorithm, based on large primes (RSA, Elliptic Curves) or the discrete logarithm problem. The session key is usually used to encrypt one message, and distributed using a, currently secure, public key algorithm.

      * https://www.doc.ic.ac.uk/~mrh/330tutor/ch06s02.html

      **A bit too complicated to describe here, but see

      https://www.hypr.com/diffie-hellman-algorithim/

      https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange

      1. Doctor Syntax Silver badge

        Re: Quantum computing and decryption

        "A bit too complicated to describe here"

        The margins aren't big enough.

    6. Tom 7

      Re: Quantum computing and decryption

      I think it was IBM who just doubled the number of qbits last week. And there are plans to double again early next year. Given the IBM one was 127 Qbits and each new Qbit doubles the power of the machine we're looking at some serious increases in power.

  3. I should coco

    Encrypt data... errr quantumly

    What if its encrypted using quantum encryption then is it not possible to tell if its being hacked because of entanglement?

    Once the middle kingdom has the quantum computing capability its a fair assumption that uncle sam will too.

    1. Anonymous Coward
      Anonymous Coward

      Re: Encrypt data... errr quantumly

      We can't assume that America will be able to keep up - China has way more engineers because they're working hard to give everyone with the ability the opportunity to learn for free, while America's increasingly expensive education system means only those with existing wealth or willing to commit to a lifetime of debt can afford to train.

      Even turning everything around now would not be enough to catch up by this point- China has already won the 21st century from a technology perspective.

      1. confused and dazed

        Re: Encrypt data... errr quantumly

        That's an interesting point - cheapness of quality science and engineering graduates links to technological leadership ..... maybe. I suppose it depends on whether there is a direct correlation between quantity of those graduates and your dominance.

        As for losing the 21st century - we still have a long way to go

      2. Version 1.0 Silver badge

        Re: Encrypt data... errr quantumly

        So now we are having to live with No Secure Apps?

    2. Eclectic Man Silver badge

      Re: Encrypt data... errr quantumly

      Are there any genuine quantum cryptographic algorithms? That is, encryption / decryption algorithms which can only be implemented on quantum rather than classical digital or analogue computers?

  4. Anonymous Coward
    Anonymous Coward

    Post quantum cryptography

    Yep!

    https://en.wikipedia.org/wiki/Post-quantum_cryptography

    We're a long long way from having decent quantum computers, they're still in the research phase now. Workable qubits are in the hundreds at the moment and I've heard an estimate that you need about a million for anything useful. And you still need to 'program' them, which is non-trivial. There may be a breakthrough in tech, but like you say, future quantum computers should be powered by fusion!

    And its standard practice to harvest data and hope to decrypt it in the future, although you're making your haystack bigger with a potentially rusty needle in it.

  5. Anonymous Coward
    Anonymous Coward

    Why would they bother?

    All they have to do is put on embargo on exports to Amazon and the West will be brought to it's knees.

    If they did it today it would be like murdering Santa - goodby Christmas!

    1. Brewster's Angle Grinder Silver badge

      This Christmas Was Surprisingly Violent

      "...the West will be brought to it's knees."

      And shortly thereafter, their own economy would collapse. The biggest security threat is China transitioning to a large, internal market that can support its own economic activity.

  6. breakfast
    Black Helicopters

    Given most of the hardware the rest of the world uses is made in China, "oh that? yeah we deciphered it with quantums" might make for a good cover if anyone found them using data that should have been securely encrypted without giving away any spy-in-the-hardware type systems they have slipped into people's chips, motherboards, memory, graphics cards etc &co. A side benefit being that it would make it look like they had way more quantums than anyone else which would probably America to work much harder on that, knowing that if the US makes any big breakthroughs that are practical to turn into products they'd probably have them manufactured in China.

  7. cantankerous swineherd

    so we can safely assume the Americans have this program well in hand.

    1. amanfromMars 1 Silver badge

      Take nothing for granted is prudent advice and a timely reminder to be prepared for shocks/surprises

      so we can safely assume the Americans have this program well in hand. ..... cantankerous swineherd

      A question to ponder and wonder at, for it may be considered too awesome to answer correctly and truthfully, is does China [and therefore the East] lead in that other emerged quantum domain/those other developing fields with applications exercising and advanced beta testing Deep See Ware fare ..... with IT forks into AIMindfulness .... or does the West assume and presume to be a primary leader worth following via mass multi media tales in that field too ‽ .

      1. John Miles

        Re: quantum computers

        I wonder if quantum computers can decipher "amanfromMars 1" posts? ;)

        1. Ken Hagan Gold badge

          Re: quantum computers

          Shhh! amanfromMars's posts are a distribution mechanism for a one-time pad. That's why they are indecipherable.

          1. amanfromMars 1 Silver badge

            Re: quantum computers competitive edge at a spooky entangling distance

            Shhh! amanfromMars's posts are a distribution mechanism for a one-time pad. That's why they are indecipherable. ..... Ken Hagan

            Hmmm? Now if that were in any way true, Ken, and I certainly wouldn’t argue with you and dispute the matter, it would be a novel development with extremely valuable, as in priceless, invisible export/import earner potential and a quite perfect fit for the likes of a publicly-admitted-openly-struggling-with-failure-behind-the-scenes-of-a-leading-curve intelligence agency and/or MI6

            cc .... C c/o SIS HQ Vauxhall Cross/PO Box 1300 London SE1 1BD

            [If you want to try out the full fat relatively anonymous spooky contact route this is the official page you will need to read for all the intel on the hoops to jump through to keep yourself maybe secure ...... in these strange postmodern times and spaces where there are no secret places to hide anything from prying eyes and inquisitive minds.]

  8. Chris G

    Mostly the dangers that Booz Allen are reporting on are a list of all of China's naughtyness over the last few months that have been reworked to sound as though they can relate to 'quantum'.

    Quantum computers, fusion, flying cars and robo-butlers will all be possible around the same time (pick a repeating number i.e. decade, twentyfive years, blah blah.

    I imagine that anyone who has come by some unencryptable data has stuck it in a drawer marked quantum.

  9. batfink

    Meh

    TLAs all round the world have been hoovering up raw data for decades in the hope that sooner or later they'll be able to decrypt it (and hope it's still useful by then).

    Adding "Quantum!" to this doesn't make it news.

  10. ThatOne Silver badge
    Devil

    Military plans an AI offensive

    ROTFL! AI-driven military, now that's reassuring! We just took hill #234, computer suggests to attack hill #234 (it is 'trending'!).

    Or maybe could we interest you in hill #234?

    "Other generals attacked..."

    1. Androgynous Cupboard Silver badge

      Re: Military plans an AI offensive

      People that bought hill #234 also bought: ammunition, bodybags...

  11. Pen-y-gors

    Damn!

    What will we do when they decode our plans for landing in Normandy on D-Day!

    1. Ken Hagan Gold badge

      Re: Damn!

      That depends on which plans they decode. (Almost relevant ref: https://en.wikipedia.org/wiki/Operation_Mincemeat)

      And so we find ourselves back at the top of this comments page.

  12. Pen-y-gors

    Won't someone think of the planet?

    This does not bode well - China using all those terawatts of coal-powered electricity to run their crypto-cracking servers. Why wasn't this mentioned at COP26? Surely our governments can use this as yet another justification for attempting to ban encryption?

    1. elsergiovolador Silver badge

      Re: Won't someone think of the planet?

      Governments can't mention China if they want to keep supply chains going.

  13. Anonymous Coward
    Anonymous Coward

    T'Pau

    Is this an advertorial for Edward Snowden's former employers? Colour me bored by yet another 'They might do exactly what we are/want doing!"

    China in my haaaaaaaaaaaaaand!

  14. elsergiovolador Silver badge

    Random

    The properly encrypted data is indistinguishable from completely random data. Just create a honey pot for Winnie the Pooh, like a file browser with files like gravity-engine-confidential-rc.zip.enc or F-35-bill-of-materials.zip.enc or big-pharma-lobbyist-payroll-2021.zip.enc and serve data straight from /dev/random

  15. hammarbtyp

    I can see it now...Christmas 2031. The Chinese leadership crowd around the screen as the multi-billion dollar Quantum decrypter is turned on for the 1st time.

    Technician ashen face turns to the glorious leader. "I don't understand it", they say, "we have tried a number of runs on our captured data but it only returns cat pictures...."

    <Insert Schrodinger joke here....>

  16. Tom 7

    I heard a while back this is quite common

    as in governments storing stuff in the hope of decrypting it later.

  17. Anonymous Coward
    Anonymous Coward

    "Lets write a report that..."

    CIOs buy to justify fancy new encryption kit

    Quantum encryption snake oil vendors buy to spruik their stuff

    NSA convenes a secret committee to get vital funding for this new critical threat

    Chinese spies use to get funding for a boondoggle to collect vast amounts of data that they can't even read

    Google puts a new fibre across to china to carry all the extra unreadable data

    China's cloud providers go to the govt offering to store the unreadable data "securely", y'know, in case it were to get corrupted

    Chinese academics make the govt fund their cool really cold stuff

  18. Teejay

    Meanwhile...

    Steal, copy, deny, and if anybody points out what has been happening for the last twenty years, call it sinophobia - Genius!

  19. patrickdevine

    That's (one of the many reasons) why Format Preserving Tokenisation is preferred to Encryption

  20. Beleagured Greybeard
    Facepalm

    Asimov's 3 Laws?

    > Integrated warfare based on Internet of Things systems that uses intelligent weaponry and equipment and their corresponding methods in the land, sea, air, space, electromagnetic, cyber, and cognitive domains

    So we're not going with the traditional 3 laws of robotics then?

    Link to pertinant XKCD comic ==> https://xkcd.com/1613/

  21. Bitsminer Silver badge

    "intelligentized warfare"

    Chinese AI systems, presumably trained on artificial turf using artificial bullets, won't be immune to the usual issues with the current crop of "learned machines": a 20% chance of raining on the wrong fellow's parade.

    For example, automated translation systems can get things wrong, and nobody dies. In a battle, the misinformed or misconfigured AI can kill everybody. Not the kind of thing you can hand-wave away.

    It's going to be a hot century.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like