back to article Singapore's monetary authority advises banks to get busy protecting against quantum decryption

The Monetary Authority of Singapore (MAS) advised on Monday that financial institutions need to stay agile enough to adopt post-quantum cryptography (PQC) and quantum key distribution (QKD) technology, without significantly impacting systems as part of cyber security measures. "Leading experts forecast that cyber security …

  1. ldo

    Where’s The Potential Threat?

    Last I heard, no “quantum” computer has ever demonstrated an ability to perform the simplest number-theoretic calculation. Without such a capability, how are such (hypothetical) machines going to perform any kind of code-cracking?

    1. sarusa Silver badge

      Re: Where’s The Potential Threat?

      A computer that can crack 256 bits would take about 13 million qubits for a full day, or about 317 million for an hour. Obviously quantum computing is nowhere near that yet.

      But qubits are going up at Moore's Law, and there have recently been some designs that are much more stable (so need far fewer qubits to error correct).

      It's not unreasonable to think that at this rate it will be 10-15 years before quantum computers can crack these, especially with China going all in on this and being capable of stealing any new technological advances.

      Then consider how hidebound and glacial banks are, how incredibly thick and glacial governments are, and that *all the previously encrypted stuff that was ever out there will have been saved and is ready to be cracked*. Like global warming, unless you start planning for the inevitable future NOW, you are going to suddenly be looking down the barrel of the gun going 'Oh my stars and garters, lawd awmighty! Nobody ever warned me about this! Nobody could have ever seen this coming!' Everything that was ever encrypted with 256-bits will have been captured and saved, ripe for cracking. If you make it 4096 bits that's only 16 more times computing power for a classical cpu, a couple more qubits for quantum. The only way out of this is going for a new algorithm that even a quantum computer chokes on (and people are working on these).

      10 years is not too soon to be considering this at all.

      1. Paul Crawford Silver badge

        Re: Where’s The Potential Threat?

        with 256-bits will have been captured and saved, ripe for cracking. If you make it 4096 bits that's only 16 more times computing power for a classical cpu

        Er, no. Going from 256 bits to 257 bits is one more bit of entropy, twice as many choices.

        Assuming no deep flaws that make the algorithm susceptible to short cuts...

      2. ldo

        Re: nowhere near that yet

        Shor’s algorithm came out in the 1990s. Since then, the progress towards implementing it has been precisely ... zero.

  2. An_Old_Dog Silver badge

    Anti-Quantum-Computing-Labelled Snake-Oil

    From TFA: The Monetary Authority of Singapore (MAS) advised on Monday that financial institutions need to stay agile enough to adopt post-quantum cryptography (PQC) and quantum key distribution (QKD) technology, stay gullible enough to adopt whatever anti-quantum-computing-labelled snake-oil which happens to be on sale, without significantly impacting systems as part of cyber security measures.

    FTFY.

  3. John Sager

    So what financial data needs to be protected for the length of time before quantum computers likely get good enough to break existing public key systems?

    Not a lot, I would suggest, and despite NIST's efforts, the current candidates for PQC don't look that great.

  4. JulieM Silver badge

    Easy solution

    If the plaintext is no longer than the key, then every possible plaintext is equally probable; thus, there is no way to tell whether a given ciphertext might resolve to "DEFEND THE FORT AT SUNSET", "ATTACK THE BRIDGE AT NOON" or "MY DAUGHTER HAS THE PILES".

    Even quantum decryption cannot get around this.

    The only thing that makes it not quite that easy is the need for each end to have copies of the same keys -- bearing in mind that this essentially requires a secure communication channel already to exist in the first place. Though, many messages' worth of key information could conceivably be exchanged during a single face-to-face meeting in private.

    1. Paul Crawford Silver badge

      Re: Easy solution

      A random and secure one-time pad does indeed render definite decryption impossible.

      In the real world, and for messages of non-trivial size, it is simply not practical. Hence the need for key-exchange algorithms that are hard to do (or QKD so you know if a key was intercepted), and block ciphers that are tolerably fast and tolerably secure on shorter keys thus exchanged.

      The concerns are real, not because quantum comping is just around the corner, but because it might be in a decade's time and most big businesses like banks are as agile as an oil tanker in a yacht race.

    2. Lee D Silver badge

      Re: Easy solution

      Even seen The Imitation Game?

      Turns out the only German you need to know is...

      Known-plain-text attacks combined with quantum computers will decrypt the rest of the message too, by a reasonable probability.

      QE doesn't care about your key size (it just makes your QC larger), only whether it can identify the signal in the noise. And it *can* use the tiniest hints to increase the SNR enormously. It probabilistic, so you really don't want to narrow the possibilities at all, and QE may well have more viable known-plain-text attacks that public key encryption.

      Also, quantum key exchange algorithms already exist, as well as quantum-safe encryptions that can be performed on an ordinary computer. You probably have them in your browser already, in fact.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like