Australia moves to drop some cryptography by 2030 – before quantum carves it up Australia's chief cyber security agency has decided local orgs should stop using the tech that forms the current cryptographic foundation of the internet by the year 2030 – years before other nations plan to do so – over fears that advances in quantum computing could render it insecure. The Land Down Under's plans emerged last …
X25519+Kyber
20.7% of TLS 1.3 traffic at cloudflare is using post-quantum encryption in Australia
Google's Chrome 124 enabled it by default this year, starting on April 17, and adoption grew rapidly following that release, including Chrome derivatives. Other browsers are on path as well: Mozilla Firefox has started rolling out post-quantum by default, and cloudflare observed Apple Safari starting initial testing.
whats surprising is I dont see SHA-384 being retired any earlier
Indeed. I'm not understanding the vibe that this will be difficult, in the main. There are very few software libraries, and also not that many applications that account for the bulk of use. It's very desirable that it is easy to swap out crypto primitives in case of sudden unexpected weakness(*), whether that's quantum attack or not, and it really shouldn't take more than 5 years to retire a set of busted algorithms at orderly pace.
These days that should even apply to most hardware. There may be performance degradation that makes it unacceptable in some cases but well designed modern products should tolerate an upgrade. Older gear that can't be upgraded is often using algorithms already considered too weak against classical attack anyway.
I get that some people think the quantum risk is overblown but there aren't really strong arguments against a switch. The risks that come with lattice-based primitives also come with existing primitives.
(*) Or, more typically weakness that is trailered for 20 years with a series of ever-more serious breaks that everybody ignores because it's all theoretical until suddenly it's not.
No arguments against this change here guv, but migrations typically are not that difficult in the main, its the edges that are difficult. You could do 99% of devices, and still have millions of bricked hardware devices that are too expensive, too remote, too abandoned to update the software on. Completing migrations is core!
Look at their encryption rules for payment terminals, they are totally unique. Not surprised they want to continue to buck the tends and go their own way, I mean Quantum Computing is only just round the corner isn’t it? (I know that phase, been practising it for so many years, wish I had trade marked it)
You wouldn't want to wait until 2039 as your deadline. First of all because whenever a deadline like this is set it always takes longer in reality. Second because storage is very cheap so someone with a vested interest (financial, spying, whatever) could afford to save a lot of encrypted data and decrypt it later.
Someone's encrypted session to The Register isn't going to win you much, but an encrypted session to their bank or cryptocurrency exchange, or an encrypted email between government leaders detailing secrets that are still important to be kept secret even 10 years later, let alone one year later.
So a goal of 2030 seems like a good target - gives enough time to make it happen, leaves enough slop to account for inevitable delays.
What's the worst that happens if quantum computers are never "real", and the make-work "quantum supremacy" tasks are all they are ever able to do? You trade one encryption scheme for another, and yes there is a risk that the new scheme has a hole in it. There's an even bigger risk that current schemes have holes in them though, because they've been in use longer and therefore under attack for longer.
The worse that can happen is that in the rush to protect against magic fairy dust quantum computers which will never be able to crack conventional secure algorithms, we get sold a bunch of post quantum snake oil which is eventually found to be far weaker.
Where the comment below nails down that there's no proof that quantum computers can, there's nothing set-in-stone about quantum computers, so you can't prove they can't. Someone will just change the hand-wavy until your proof evaporates.
Shor's algorithm is the big cryptography contender. The problem here is, like Euler's algorithm, it has to run iteratively to discover the underlying mathematics. The problem is: we can't do this. We're talking about running quantum computers in the GHz range of classical PC's, where we currently run quantum computers .... every couple seconds? a few times a second?
For reasons of noise, etc. there's nothing set out that this will ever be possible. It may be that quantum computers can do many great things (analysis, inference), but not reverse things (break encryption). You might take it: the current mathematical theories around quantum computers say, "We could do X, if we have Y," just as they currently say, "We can calculate on encrypted data, without ever encrypting it, and such a calculation should only take 200 000 years." Yes, some mathematical ideas are there, but no, they're not practical. Will they ever be? Only future mathematicians will know. It's almost certainly not going to be a near-term theorem.
That is indeed the risk, however it seems very unlikely.
The quantum-hardened algorithms are public, and large numbers of very smart people have been examining them for flaws.
Implementation errors will doubtless exist, but setting a date five years from now is far more likely to result in good implementations than waiting a few years then suddenly panicking.
Other industries have completely ignored security (despite the various laws), and are still waiting until something goes very badly wrong. At that point, whichever manufacturer lost the bet loses huge market share, and the rest quietly panic while rushing anything at all to market - certainly with massive flaws.
So a goal of 2030 seems like a good target - gives enough time to make it happen,
Except that, as with a lot of climate change efforts, politicians never actually commit the resources to make it happen. They simply ban something they think is bad, and assume that a good replacement will then appear by magic in the required timeframe. When it doesn't, it's the fault of everybody else except those politicians, of course.
It's just a matter of rolling them out. Which is doable.
Oh it is doable, but it also costs money to replace something. More so if it is hardware like some fancy security appliance with hardware acceleration for current algorithm primitives to meet performance targets, but even for software you will find a lot of stuff is not "just a free upgrade away".
Looking at most of the OS we have (and crucially the servers), they pretty much only support these cryptography standards, and half of them are scheduled to be still in support well after that date, so a standoff between vendor and regulators seems pre-programmed.
Nice of Australia to add to MS’s roadmap: Its too late for W12, which is we can expect will mandate AI capabilities , so that means either Windows 13 or even 14…
Personally, what Oz are missing is when will quantum reach the masses; as stuff will only really become insecure once the price of a quantum rig becomes affordable and readily available, which will most probably be shortly followed by a new version of Windows mandating quantum chipset..
What you're forgetting is that affordable for a state actor != affordable for the average person to have on their desk.
State actors were the first to invest in computing during WW2 (with the UK building Colossus, the first programmable computer) and the US investing in computing for artillery tables with ENIAC etc in the 50s. Throughout this period both GCHQ (formerly the Government Code and Cipher School) and the NSA were maintaining and improving upon their WW2 computing capability to be able to read messages sent between various government organisations in other countries using "cryptographically secure" methods - in fact they sold Enigma machines on through third parties to those governments to make their messages easier to read.
Ever since, they've been spending vast amounts of capital on newer and better and bigger computer systems to be able to read communications, either on radio or on tapped telephone lines or now on the internet. Quantum computing will most likely give them the ability to read vast swathes of current internet traffic and you can bet they're storing it in advance so they can open it later. Other governments in other nations are no doubt doing the same also.
Will Quantum computers ever be able to break encryption? Despite all the optimistic noises coming out of Silicon Valley we don't seem any closer than we were 5 years ago. In fact, Quantum Computing is starting to look more and more like Nuclear Fusion, which was always 10 years away from becoming a reality...for 70 years.
I'll believe it when I see it. They may want to start by demonstrating some *useful* application, which Quantum Computers currently are incapable of.
BTW: the blind spot everyone's missing is that the $2 trillion in Bitcoin will become worthless literally overnight if Quantum Computers can break encryption.
The sudden wave of LLMs should remind you of the "slowly then suddenly" rule. LLMs were nowhere near usable and then overnight they were usable enough to excite the mass market.
For quantum it's worse because if a government cracks it, they will keep it secret and use it to their advantage. So you may not find out Quantum has been successfully cracking crypto till years later.
There's no guarantee that this will happen with Quantum Computing. Or nuclear fusion.
I don't believe government can crack quantum computing any faster than the scientific community. Just throwing money at it will not solve a problem quicker.
If a certain problem has already been solved, as was the case with the CCD chip, throwing huge amounts of government money at it may speed-up development (CCD imaging chip used in spy satellites) a little bit, but not by much (Sony introduced the first CCD camcorder only 5 or 6 years later).
You missed the historical precedent in my subject line. Enigma was cracked by the British Government and we kept quiet about it and encouraged poorer nations to use reconditioned machines.
And by doing nothing you are betting the farm on it being impossible to crack when we have quantum-proof algorithms we could start using now.
The first commercial enigma version changed codes once every three months instead of daily, and had weaknesses in its usage that allowed most of the work be done by a giant lookup table. Then changes were made that required a much larger lookup table which Poland at the time could not produce. And then usage was changed so that vulnerability was gone.
The knowledge that was transferred was mostly the knowledge how enigma worked, and the fact that enigma was beatable. Which was eventually enough.
"LLMs were nowhere near usable and then overnight they were usable enough to excite the mass market."
And we all know how stupid/gullible the "mass market" is ... Seriously, LLMs don't actually do anything useful for the mass market, regardless of how excited they might be.
Negative, Bitcoin will not "become worthless literally overnight". No, don't believe some rando like me posting that rebuttal on the Internet. Here is what Forbes said about it last week:
https://www.forbes.com/sites/ansellindner/2024/12/12/googles-quantum-computing-leap-what-it-means-for-bitcoins-security/ Their conclusion:
"Bitcoin is not dead. Far from it. With robust existing cryptography and a clear path to quantum resistance if needed, Bitcoin is more resilient and forward-looking than other technologies potentially vulnerable to the quantum computing threat."
Don't you just love the assumptions in all of this!
(1) There are no other encryption schemes apart from those defined by standard (SHA-256, RSA, ECDSA, ECDH, Curve25519, samba20, etc., etc.)
(2) NIST can't possibly have any but the purest motives!
(3) No one out there is using one time pads!
And then there are some purely pragmatic considerations.
(4) Many messages are likely to be worthless.
(5) Many messages have a value which declines sharply with time.
So......if this (Australian) sort of approach forces everyone to encrypt everything.....
(6) How will the snoops identify the messages which they need to decrypt?
(7) Particularly if the so called bad guys (aka adversaries) are also obfuscating end points
This news item sounds like the usual Five Eyes misdirection of the public.
You know...along the lines of "We are doing something"......
Because that is entirely theoretical at this point, and has no immediate impact.
Using quantum computers for decryption is theoretical, but people can record encrypted data now and feed that into a quantum computer if/when they become available. So nation states that want to keep their Top Secret information secret for decades, are starting to worry about quantum computers now.
Nothing. They're too slow.
The "encryption" that you hear about is what China is doing: transmission-secrecy. Except, it doesn't keep the transmission *secret* -- it can still be intercepted. However, doing so changes the parameters of what is received, and you can know that it was intercepted. Thus, you retransmit a new key until it's not intercepted, encrypt the data, and transmit the properly-protected data.
Encryption is one of those things that classical computers do well: apply this algorithm, in repetition, many times. This is one of the things that quantum computers do badly: fast, and/or big data. It's better to use classical to compute the encrypted value than it is to use quantum to do something magical.
https://valerieaurora.org/hash.html
We've known the SHA2 family was vulnerable since 2008. The probability of an unofficial breech, at this point, cannot be ignored. I did not see SHA3 mentioned, which lends weight to the idea that the Australians have found flaws they're keeping under wraps.
They are specifically talking about high assurance cryptography here, ie link layer encryption and storage devices specifically designed, built and evaluated products for SECRET and TOP SECRET systems.
These are systems that handle information that needs to stay well-protected for decades.
A good encryption algorithm will provide what appears to be valid output for many of keys and that will break attempts to use quantum cracking. If the block sizes is too big, then it allows for rapid determination that the key is wrong which would be very bad. The problem with the EFF Deep Crack wasn't that it could generate the correct key but figuring it wasn't a false positive. There was a book that went into detail about how many keys had to be double checked since they passed the first phase of it looks like it might be right.
... the real risks to data loss were, are, and will continue to be bad software and bad management. If I'm talking to someone about computer security, and "encryption" is the first thing they start talking about, as far as I'm concerned, discussion is over. We aren't using words the same way. Encryption is cool, and it is a good thing, but bad software and bad administration is how real world data is lost.
Why worry about sniffing data and running it through a hypothetical quantum computer when you can sit in a basement half a world away and see how many accounts you can get into using the password, "Welcome123", on a system where the only implementation criteria is "get it working" and the OS hasn't been upgraded in ten years, because the person who cobbled that crapplication together was laid off shortly after it was "completed"?
This post has been deleted by its author
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
