back to article JPMorgan Chase readies for post-quantum security world

These days it seems every major company is outlining a quantum strategy, even if those plans are nebulous at best. However, in areas like financial services, especially at global banks like JPMorgan Chase, getting a handle on both quantum computing and quantum security are top priorities. It all boils down to the next …

  1. Eclectic Man Silver badge

    Post Quantum Security

    I believe this refers to cryptography which is secure from quantum computing algorithms. I understand that the USA is actively seeking such algorithms, but haven't heard of anyone producing even a theoretical model for the properties such an algorithm would have.

    Generally the larger the keyspace the more secure the encryption for a given algorithm, although some algorithms are relatively easy to crack even with quite large keys, when you get to the size of the key being the size of the message to make it secure, you effectively need a one-time-pad and the algorithm is effectively considered to have been broken.

    1. Snake Silver badge

      Re: Post Quantum Security

      So therefore we learn that, in the future, life will imitate the art of Schlock Mercenary

      https://www.schlockmercenary.com/2006-03-28

      https://www.schlockmercenary.com/2006-03-29

    2. Anonymous Coward
      Anonymous Coward

      Re: Post Quantum Security

      It can be summed up quite succinctly as:-

      A: We are developing quantum bollocks

      B: We are already working on quantum anti-bollocks.

      1. AdamT

        Re: Post Quantum Security

        Isn't this just another massive scaling up of the trust problem?

        i.e. the number of people who actually understand this stuff enough to have a valid opinion on it is vastly smaller than for conventional encryption and the level of trust we will need to have in those people will be higher too.

        1. amanfromMars 1 Silver badge

          Re: Post Quantum Security

          Isn't this just another massive scaling up of the trust problem?

          i.e. the number of people who actually understand this stuff enough to have a valid opinion on it is vastly smaller than for conventional encryption and the level of trust we will need to have in those people will be higher too. ..... AdamT

          No, AdamT, it is not.

          The very few who know anything at all valid on what this stuff can, and therefore invariably will do, at any time of its choosing, convenient or otherwise, care not a jot for any wider popular trust for such is not needed for that which can be done and revealed/uncovered/discovered with a practical universal immunity and virtually remote impunity.

          I trust that is not in any way ambiguous nor difficult to fully understand.

          As I’m sure all can appreciate, and especially so those active with commentary and opinion here on El Reg, does such make secure Quantum Communication Control of Systems something of a Fundamental Elemental Holy Grail Development, and whether one would like it classed or classified as a Novel Private Invention or a Noble Pirate Discovery or a Popular NEUKlearer WMD also matters not a jot either to the few who know enough about this stuff to have everybody else understandably extremely worried and/or terrifyingly excited and petrified with doubt in unsure disbelief. That is only natural, and they certainly should be.

          1. Youngone Silver badge

            Re: Post Quantum Security

            Did you just threaten humankind with extermination?

            You're hard to understand at the best of times but I'm buying tinned food just in case.

    3. Vestas

      Re: Post Quantum Security

      You have to use a system which doesn't use factorisation as those algorithms can be solved in polynomial time on a quantum computer.

      Lattice-based cryptography is the likely candidate to replace public-key applications.

      Symmetric key systems (like AES) are currently resistant to quantum computers provided a large enough key size is used but that's not a long term solution.

      1. MJB7
        Boffin

        Re: Post Quantum Security

        "but that's not a long term solution." Yes it is. We know how to halve the effective key length of a symmetric key with a quantum computer - but that still leaves AES-256 (halved to 128 bit security) taking universe life-times to crack with an arbitrarily large computer.

    4. You aint sin me, roit

      Not seeking, choosing

      NIST ran their usual crypto competition for PQC algorithms and are busily selecting their faves. There are already trials for so-called hybrid schemes for TLS.

      Though it is still a moot point when a powerful enough quantum computer will be built That troubles current crypto, or even if one can ever be (the number of error correction qubits would appear to increase exponentially...).

    5. MJB7

      Re: Post Quantum Security

      "haven't heard of anyone producing even a theoretical model for the properties such an algorithm would have."

      Then I don't think you have been paying attention. The NIST post-quantum algorithm competition reached the final stage last year, and has four key agreement algorithms and three signature algorithms.

      https://en.wikipedia.org/wiki/NIST_Post-Quantum_Cryptography_Standardization#Finalists

      The concern of course is that quantum algorithms is a _fairly_ new field, and somebody might come up with an approach that completely breaks one of them. On the other hand, somebody might come up with an algorithm to factor large numbers quickly tomorrow (which completely breaks RSA).

  2. ebyrob

    I don't get it.

    Is this saying they built a test network that just pretends it is doing Quantum Key Distribution? Or are they actually distributing the keys quantumly now? I'm not sure how they could actually be doing it the quantum way now if the technology doesn't exist / work yet...

    1. Paul Crawford Silver badge

      Re: I don't get it.

      Marketing...

      1. amanfromMars 1 Silver badge

        Re: I don't get it.

        Marketing... Paul Crawford

        Viral Guerrilla Warefare for AI Warfare, Paul C, which is not Virtual Vapourware. And to the Valiant Victors, Universal Spoils Beyond even the Wildest and Widest of Dreams. That’s the Prize for Worthy Winning and Secure Capture.

    2. MJB7

      Re: I don't get it.

      QKD hardware has been commercially available for _years_. QKD doesn't use quantum computers (which are at the toy stage).

  3. amanfromMars 1 Silver badge

    One Smart Cookie

    He then moved into quantum algorithms and noticed that JPMorgan Chase was leading the way in future quantum security.

    Oh???? Hmmmm????? That's a boldly going assertion/assumption/presumption/tale. Was JPMorgan Chase itself aware at that time of their leading position in such an ethereal field? Are they aware now it not a safe and secure field to have any lead in ...... for one then naturally becomes a hostile target of particular and peculiar especial interest to A.N.Others able to remain invisible and unknown and intangible ..... both practically and virtually untouchable and verging on the almighty powerful and energetic ....... with an avid keen interest in securing all of their business and other businesses requiring Quantum Communication Control Systems.

    1. You aint sin me, roit
      Big Brother

      Re: One Smart Cookie

      I don't believe JPMorgan Chase are groundbreakers in PQC.

      Certainly not to the extent that they deserved this article-long advert.

      And any article on QKD is perverse not to mention Chinese efforts: 2000km fibre key distribution, satellites used to transfer keys (intercontinental).

  4. trevorde Silver badge

    Real reason Marco Pistoia joined JPMorgan Chase

    After 24 years at IBM, he'd become a 'dinobaby' and been RA'd because he didn't have the right mix of skills

  5. T. F. M. Reader Silver badge
    Coat

    Further research is needed...

    As a physicist, I see enormous possibilities for making rubber-hose cryptanalysis totally useless: the more you know of the quantum key the less certain you will be of the decrypted content.

    As a computer scientist, I realize that the same uncertainty principle will of course apply to Byzantine generals. But that's just another kind of uncertain failure, innit?

    Coat, please - I am off to prepare my next grant application! ---->

    1. amanfromMars 1 Silver badge

      Re: Further research is needed...

      Coat, please - I am off to prepare my next grant application! ---->.... T.F.M.Reader

      :-) Good luck with finding anyone competent enough to understand anything you might be presenting which proves itself Great Game Changing and Ground Breaking, T.F.M.Reader.

      They are maybe out there somewhere, lurking in the many shadows of deep and dark shade, timid and/or petrified of what is to be discovered and uncovered to lay waste to the myriad putrid and rotten open fields of corrupted endeavour and perverse pervasive behaviour.

      However, phishing to find and engage the the right lions and trusty dragons to slay the fiends and daemons out there is an engaging hunt and enlightening trawl ..... but well worth every effort whenever the fields of such work, rest and play are so rank and in need of merciless purging with assets replacement if current existing leading stock improvement is impossible but deemed certainly necessary to guarantee future fabulous fabless progress.

      Oh ..... and nothing anywhere comes anywhere near close to paying one any better and that can be very attractive and even quite addictive to many or some or a few.

  6. This post has been deleted by its author

  7. Anonymous Coward
    Anonymous Coward

    QKD technology lets you know if a point to point transport link has a passive tap somewhere and therefore some keys may have been copied en-route by a third party with crocodile clips.

    QKD does not stop keys being surreptitiously copied on or by the kit that makes or uses them.

    QKD does nothing at all for applications and clouds and will not secure the Twittagrams on your mobile phone.

    There are currently passive taps all over the Internet for assurance and regulatory reasons, a lot of red lights would go permanently if anyone tried to scale QKD up to beyond a niche.

    Owners of military networks may want QKD to replace or create physical courier networks to meet key rotation policy for kit related to state secrets. But given the stakes, the entry cost is owning most of the supply chain.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022