
"an effort to keep encrypted Signal chat messages protected from any future quantum computers"
Don't worry guys, you've got 50 years to prepare for that . . .
Signal has adopted a new key agreement protocol in an effort to keep encrypted Signal chat messages protected from any future quantum computers. Quantum computers – which every decade experts believe may be able to crack today's encryption schemes within the next decade or two – aren't particularly useful at the moment. " …
..... which coincidentally also intentionally introduces the Wonderfully Remote Access Trojan Horse of Global Operating Devices.
All systems which have to rely on increasingly obscure and touted as extremely secure and advanced sophisticated encryption to try to keep locked away and top secret, uncomfortable and self-destructively damaging information/intel/knowledge and not plain common sense, are always very quickly and easily defeated with the simple otherworldly-wide free sharing of novel honest news and noble views for all manner of conventionally established and traditionally conservative and politically inept mainstream and alternative disruptive underground and dark web media channels to report on and further investigate and question or be forced to try to prevent the universal presentation of, because of the undeniable diabolical truths that be revealed to expose those responsible and accountable for their existence and your constant debilitating suffering in and for them ........ and why those despicable powers that used to be practically almighty and virtually undefeatable are just like now, in these 0day times and cyber spaces of mounting and expanding troubles without the realisation of vitally needed and radically different solutions, forced to wage dirty wars it can never ever win against free honest speech speaking unpleasant truths unto nations.
This non partisan, politically correct broadbandcast was brought to you courtesy of Merlin the AIMagician and Meta Data Based Physicians and SMARTR Virtual Clinicians. I Kid U Not We Kid U Not.
And what is it that they say? ..... Hell hath no fury like a global trojan scorned
Aloha Merl et al
It's a wonderful news you bring in concert
Yet 3 to 5 considerable almighty letters are still thoroughly missed/yet carefully avoided to be righteously placed between W.R.A and G.O.D
Or is this just me humbly thinking them should be there.... but they should not?
I personally would have put the explanation of the asymmetric key, the first paragraph of which is not specific do the algorithm, much further up in the text. And the paragraph starting with "This type of attack" comes out of the blue, the data harvesting should come before naming the attack, I think.
For this readership I would have left this stuff out anyway. I am pretty sure that most of us know these things quite well (and many know more about it than I do). Additionally, saying that some the countries trying to implement this type of key cracking are considered adversaries by the US read quite weird for this international readership. Many of us do consider spying by the US and US companies a threat, even if we live in the "western" world.
And I would have liked more insights into what makes the new algorithms more difficult to attack,I guess I need to read the papers...
The post-quantum cryptographic algorithms are believed to be QC-resistant because they use problems that 1) are believed to be trapdoor, i.e. worse-than-polynomial time to solve but polynomial-time to confirm;1 2) don't resemble any problems known to be in complexity class BQP, i.e. the ones amenable to a quantum-computing speedup; and 3) are believed for theoretical reasons not to be in BQP.
CRYSTALS-Kyber is in the family of lattice-based PQC algorithms. It uses learning-with-errors over modules. LWE-type algorithms go back at least to the original NTRU proposal, though NTRU and most others were LWE over rings rather than over modules.
There are tons of papers and blog posts and the like describing the various NIST PQC candidates as they moved through the various rounds of the competition. I'll link to Soatok's, because his crypto expertise is solid and his explanations are generally easy to follow. And Soatok's whole fursona thing irks people I dislike, as an added bonus.
1This requires P≠NP, of course, or the complexity hierarchy collapses. If P=NP everything is (even more) terrible and we can't have cryptography. OK, it's a little more complicated than that; Impagliazzo's classic "Five Worlds" paper is a good introduction.
Quote: "...a sufficiently powerful quantum computer ... could be used to compute a private key from a public key thereby breaking encrypted messages..."
Confused!
Yes....schemes like PGP use a private key and a published public key.
But schemes like Diffie/Hellman NEVER publish any encryption keys.
Diffie/Hellman uses public and private tokens.....but encryption keys are calculated when needed (and then thrown away)...but encryption keys are never stored or published.
Does this article not confuse Diffie/Hellman tokens (which are not encryption keys) with the actual secret encryption keys?
The whole idea behind Diffie/Hellman is that two people can exchange tokens in public, but that the encryption keys are never shared (or even known to the users).
No, the concept of Diffie Hellman is to form a secure channel by which you both agree upon a temporary secret - which you then use to share your public keys with each other to initiate an channel elsewhere under ordinary public key encryption - and then discard everything DH because it's no longer needed.
It's literally called a key exchange protocol.
Now, there may be some confusion of terminology and scope here, but ultimately any public key being able to be used to determine the private key is death to all public-key encryption, whether you used DH to transmit the keys or not.
What you're hinting at is that if you use DH in a PFS scheme, you send temporal keys to each other constantly, that's where they are "never shared or even known to the users" and "never stored or published". Hell, you can even mis-use DH directly as an encryption scheme (there are several like that), but it's uncommon.
But the majority use of DH is to exchange keys and go home, and then to leave you to do then something else, somewhere else. PFS uses DH in the way you describe, but not all public-key-encryption bothers with PFS.
And the fact is that a quantum computer of sufficient size would break DH, PFS and most common public key cryptography quite easily, as none of them are quantum-computing-safe.
We do have quantum-safe equivalents of the above, but they are vastly different, and they are also being weakened all the time (and many are not even in active use yet!).
(To simplify the QC-safe thing: At the moment we "scramble" two numbers mathematically to make it almost impossible to determine what the original two numbers were - but there's only really one correct answer, it just takes countless billion-billion-billion attempts to find it by brute-force. With QC, we basically do the opposite - we try to make as many answers as possible appear valid, so that each one is "returned" by a quantum computer, but you still can't work out which one was actually the original message without knowing what the original message was (kind of like a known-plain-text attack). So even though you know all the possible starting numbers, you end up with a billion-billion-billion equally likely and viable number-pairs, and no clue which one is the right one until, basically, you already know what the message contained in the first place to compare it with)
really, the starting point for any encryption decision is the nature of what you are trying to protect. And that needs to be made on the understanding that encryption is a temporary state of affairs, and that at some point in the future, that code will be cracked.
If it's embarrassing stories about your countries history - a few decades may be OK. If it's a shopping list for Mum, a few days is probably also OK.
Does it really matter if your bank details are cracked in 30 years ?
"Does it really matter if your bank details are cracked in 30 years ?"
Although I agree with your general point, yes it does - I've already had one of my bank accounts for longer than that and I'm hopefully not about to shuffle off anytime soon...
Right from the abstract: "It is currently not clear if the algorithm can lead to improved physical implementations in practice."
We frequently see new quantum algorithms being published. Sometimes they're simply wrong – someone made a mistake. Sometimes they rest on unproven assumptions, such as the assumption that QAOA is good for anything and not just a huge waste of time.
Now, Regev is a legitimate researcher and reliable, and Aaronson referred to the paper as exciting. The algorithm looks good so far, as far as I can see from informed commentary (it's beyond my level of expertise to critique it), and it does lower the complexity of the quantum part from O(N2) to O(N3/2), which is indeed smaller – significantly so once N gets large. (Regev's paper actually talks about quantum circuits of size proportional to O(N3/2), not time, but since you have to set up the circuits time becomes proportional to size, I think.) But it's still going to require a lot of fast qubits to work. And it depends on a number-theoretical assumption which remains unproven.
So why even mention it? Either Shor's Algorithm is already sufficiently bad news for RSA, DH, and classic ECC (on the assumption that one day large QCs become physically and economically feasible), or irrelevant (if that assumption doesn't hold). Regev's algorithm might advance the traditional-problem-asymmetric-cryptography doom clock forward just a bit, but in practice it doesn't really make a difference. We're still far away from it being practical or sensible to break most traditional asymmetric cryptography, and by the time we get there, most traditional asymmetric crypto will have been replaced by PQC just in case.