Singapore's monetary authority advises banks to get busy protecting against quantum decryption The Monetary Authority of Singapore (MAS) advised on Monday that financial institutions need to stay agile enough to adopt post-quantum cryptography (PQC) and quantum key distribution (QKD) technology, without significantly impacting systems as part of cyber security measures. "Leading experts forecast that cyber security …
A computer that can crack 256 bits would take about 13 million qubits for a full day, or about 317 million for an hour. Obviously quantum computing is nowhere near that yet.
But qubits are going up at Moore's Law, and there have recently been some designs that are much more stable (so need far fewer qubits to error correct).
It's not unreasonable to think that at this rate it will be 10-15 years before quantum computers can crack these, especially with China going all in on this and being capable of stealing any new technological advances.
Then consider how hidebound and glacial banks are, how incredibly thick and glacial governments are, and that *all the previously encrypted stuff that was ever out there will have been saved and is ready to be cracked*. Like global warming, unless you start planning for the inevitable future NOW, you are going to suddenly be looking down the barrel of the gun going 'Oh my stars and garters, lawd awmighty! Nobody ever warned me about this! Nobody could have ever seen this coming!' Everything that was ever encrypted with 256-bits will have been captured and saved, ripe for cracking. If you make it 4096 bits that's only 16 more times computing power for a classical cpu, a couple more qubits for quantum. The only way out of this is going for a new algorithm that even a quantum computer chokes on (and people are working on these).
10 years is not too soon to be considering this at all.
with 256-bits will have been captured and saved, ripe for cracking. If you make it 4096 bits that's only 16 more times computing power for a classical cpu
Er, no. Going from 256 bits to 257 bits is one more bit of entropy, twice as many choices.
Assuming no deep flaws that make the algorithm susceptible to short cuts...
From TFA: The Monetary Authority of Singapore (MAS) advised on Monday that financial institutions need to stay agile enough to adopt post-quantum cryptography (PQC) and quantum key distribution (QKD) technology, stay gullible enough to adopt whatever anti-quantum-computing-labelled snake-oil which happens to be on sale, without significantly impacting systems as part of cyber security measures.
FTFY.
If the plaintext is no longer than the key, then every possible plaintext is equally probable; thus, there is no way to tell whether a given ciphertext might resolve to "DEFEND THE FORT AT SUNSET", "ATTACK THE BRIDGE AT NOON" or "MY DAUGHTER HAS THE PILES".
Even quantum decryption cannot get around this.
The only thing that makes it not quite that easy is the need for each end to have copies of the same keys -- bearing in mind that this essentially requires a secure communication channel already to exist in the first place. Though, many messages' worth of key information could conceivably be exchanged during a single face-to-face meeting in private.
A random and secure one-time pad does indeed render definite decryption impossible.
In the real world, and for messages of non-trivial size, it is simply not practical. Hence the need for key-exchange algorithms that are hard to do (or QKD so you know if a key was intercepted), and block ciphers that are tolerably fast and tolerably secure on shorter keys thus exchanged.
The concerns are real, not because quantum comping is just around the corner, but because it might be in a decade's time and most big businesses like banks are as agile as an oil tanker in a yacht race.
Even seen The Imitation Game?
Turns out the only German you need to know is...
Known-plain-text attacks combined with quantum computers will decrypt the rest of the message too, by a reasonable probability.
QE doesn't care about your key size (it just makes your QC larger), only whether it can identify the signal in the noise. And it *can* use the tiniest hints to increase the SNR enormously. It probabilistic, so you really don't want to narrow the possibilities at all, and QE may well have more viable known-plain-text attacks that public key encryption.
Also, quantum key exchange algorithms already exist, as well as quantum-safe encryptions that can be performed on an ordinary computer. You probably have them in your browser already, in fact.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
