China plans to swipe a bunch of data soon so quantum computers can decrypt it later Tech consultancy Booz Allen Hamilton has warned that China will soon plan the theft of high value data, so it can decrypt it once quantum computers break classical encryption. The firm offers that scenario in a recent report, Chinese Threats In The Quantum Era, that asserts the emerging superpower aspires to surpass US-derived …
Would the counter to this be to create giga/tera/peta-bytes of encrypted junk files left in suitably mis-secured servers connected to the internet. You may not be able to stop the Chinese gov from hacking and obtaining data but you can make the indefinite storage of it pretty hard. Also if it’s encrypted gibberish, would that slow down the decryption of it? After all if an unencrypted file appears to be random data, then it hasn’t been decrypted properly, so back to the code breakers it goes, wasting more resources. A sort of data Cold War.
You've misunderstood the point. The argument is to have plaintext1 and plaintext2 both of which encrypt to ciphertext. So when you brute force decrypt you don't know which was the real plaintext.
It's like collision attack in reverse.
It is you who misunderstand the point. That is EXACTLY what I'm getting at. In a proper one-time pad, a ciphertext of "******" (literally) could decode to ANY six-character combination, including words. All it takes is the appropriate key for each one.
So in your above example, ciphertext when run through key1 will result in plaintext1 while the same text run through key2 will result in plaintext2. That's all that it takes, and it's one of the key strengths of one-time pads: there is absolutely no way to predict the plaintext from the ciphertext.
Taking that back into the broader context of other encryption techniques - which are inherently less secure because 'one time' methods are impracticable when several people on unspecified occasions want access to information - the question of how an adversary knows encryption has been broken becomes important.
Assuming quantum computers are the wonderful beasts they are made out to be, difficult questions remain when decoding data not in advance known to have been encrypted by a particular class of method (e.g. a pubic key based system). Heavily secret communication among a small pre-defined number of people can be based upon well-known algorithms but in combinations varying according to whether the message is first, second, third, etc. from a particular sender among the group.
Ordering the algorithms, number and types, can be separated from keys which need to be known for a particular instance of use of a given combination of algorithms.
Encryption/decryption takes place under supervision of an overarching algorithm which requires, in this example, a 'sequence number' and the keys. The former is not embedded in the code. Human operators must keep track of position in each individual's sequence of message sending to the group. Each sequence number invokes a pseudo-random number generator within the overarching algorithm. The generator is seeded exactly the same in all distributed copies of the overarching algorithm.
This degree of additional obfuscation would make it difficult for the quantum computer's algorithms to determine whether decoding is successful. Further obfuscation of the original data is easily applied using variants of insecure techniques such as letter substitution.
It would not be a matter of the computer eventually spitting out plain text. Unless, the quantum computer is, or is connected to, a very powerful pattern recognition device it might be necessary for human operators to check output from many steps of the process. Thereby speed of quantum computers is slowed to a pace humans can stand and also, as in the case of some messages among the military, it matters not at all if by the time the code is cracked events referred to have already taken place.
You're right in the most trivial way. Yes, when you use a one time pad (OTP) there are as many keys to the ciphertext as there are possible ciphertexts of that length. And there is no way anybody could be certain which one was correct.
But regular symmetric encryption has that property, too. You can normally decrypt a symmetrically encrypted string with any of the possible keys and not be certain whether it was the correct key. (I'm glossing over a few snags and details, but that's broadly true.) The only difference between an OTP and a symmetric key is length, and symmetric encryption converges on an OTP as the length of the symmetric key approaches the message length. (Again, after a little squinting.)
The problem, in both cases, is getting the key to the recipient. If you can solve that, you're absolutely right that quantum computers would be useless. But if we could solve that we wouldn't need potentially-quantum-comptuer vulnerable public key cryptosystems. And that's where cleverer systems might come in.
Essentially by looking for cues that you know in the answer - hopefully I've posted the right youtube thing (I have no association with this, just found it interesting), but it explains how you can start pruning your decryption search until you get something meaningful.
https://www.youtube.com/watch?v=RzWB5jL5RX0
> An interesting question: when you are brute-forcing something, how do you know when to stop?
Very easily for compressed file formats like docx because the compressed file includes a checksum. So you do a trial decrypt, then unzip and if the checksum matches you know it unzipped correctly, therefore it must have been decrypted correctly.
Presumably you can tell whether something has informational value by analysing its structure, even if it's encrypted, in the same way that linguists analyse animal communications to compare their relative information density. So your junk files would have to look like something interesting to be worth decrypting (unless you started to disguise rich content as weak sauce to make it look innocuous...).
Not only does encryption de-structure it, nearly all encryption systems start by compressing information to reduce/eliminate repeated information, and save compute time on the expensive encryption/de-cryption. Compression maximizes the amount of information per bit (in a documented, reversible way) and then it gets encrypted.
Among files an adversary may be able to access, deposit some others particularly heavily encrypted and containing detailed plans for projects in which subtle flaws have been introduced.
Mention has been made of creating many files of encrypted garbage alongside genuine files. This 'needle in a haystack' technique is pretty sound in its own right regardless of adversaries' decryption capabilities.
I know that quantum computers are theoretically able to decrypt some encryption methods, because they can factorize large numbers. But I thought there were different encryption methods which didn't use large number factorization, was it elliptic functions? Doesn't that mean that we could switch to those methods and quantum computers would stop being such a bogeyman for encryption?
How close are quantum computers to be of any use anyway? Because they often seem to be predicted for right after fusion reactors, or whenever half life 3 is released, whichever happens last...
"It nice to know the Chinese have bought in to the quantum snake oil, jut like everyone else."
You've got a point there. A bit of skepticism is probably appropriate. On the other hand, China (and US and EU and ...) probably can't afford not to assume that quantum or other advanced decryption techniques might become available at some future time.
How close are quantum computers to be of any use anyway
Depend on what you want to do. Quantum computing uses Shor's algorithm to factorise integers.
The current highest number factorised this way is 21, they tried to factorise 35 but failed because of accumulating errors.
So if your requirements are factorising small numbers then they are ready to go. If you actually want to do something useful then probably not for a long time, if ever.
Of course if something better and more fault tolerant than Shor's comes along then it may all change overnight.
@DJO
On my pathetic £400 laptop, the gmp library was used to make the composite number below in about ten seconds -- two primes multiplied together. I wonder how long it will take ANY computer to find the two factors.
Six hundred long composites don't take much longer!
Add in computers using Diffie/Helman exchange to generate a new random secret key for each message and it looks like quantum computing might have a ways to go!
Just saying"
char longcomposite[] =
"3288306533776777626411433309037643693147509600353570240217437271873281970118129"
"7547603626504446209022019227497264048426529986066096436811004225158618715188472"
"7118464102218192230016940402989677902015761042902394722765517612869525648163783"
"0614468973914626280676474193870264032605759557393311992855066995175590046668812"
"2438582715856843699233289162841410335903309988107371498012732626334195500748854"
"75193";
"Doesn't that mean that we could switch to those methods and quantum computers would stop being such a bogeyman for encryption?"
Yes, quantum secure algorithms have been (and continue to be) developed - there are various calls out by NIST on the subject which are readily accessible.
This would mean that now (or in the near future) would be a good time to snatch encrypted data - before such algorithms come into common use; that data might then be decryptable by future quantum computers.
Whether the data retains its value in the future points to one of the considerations that should be made when deciding data encryption choices: do you need to secure data for a few minutes, hours, days, months, years, or forever. For example, a short-lived 2FA code should have no value after a few minutes, whereas a collection of identificatiion data of the people that have assisted you in a hostile region of the world ought to be protected for many many years.
There is also the 'discrete logarithm' problem*, which is the security behind the Diffie-Hellman key agreement algorithm**. I don't know which Quantum Computing algorithm is currently used to determine those.
Not being a quantum mechanic, I don't understand either quantum mechanics or Quantum Computing, but I believe that it relies for its power on the idea that quantum particles can exist in a superposition of states. The trick is to get those states to be possible solutions to your problem. When you have all the particles set up properly, when they 'collapse' into a coherent and self-consistent state, you have your answer.
The reason why the one time pad is 'Quantum Secure' is that every solution is possible and no computer, quantum or otherwise can tell them apart without more information. Quantum computers would generally be used to crack the session key distribution algorithm, which is often a public-key algorithm, based on large primes (RSA, Elliptic Curves) or the discrete logarithm problem. The session key is usually used to encrypt one message, and distributed using a, currently secure, public key algorithm.
* https://www.doc.ic.ac.uk/~mrh/330tutor/ch06s02.html
**A bit too complicated to describe here, but see
https://www.hypr.com/diffie-hellman-algorithim/
https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange
We can't assume that America will be able to keep up - China has way more engineers because they're working hard to give everyone with the ability the opportunity to learn for free, while America's increasingly expensive education system means only those with existing wealth or willing to commit to a lifetime of debt can afford to train.
Even turning everything around now would not be enough to catch up by this point- China has already won the 21st century from a technology perspective.
That's an interesting point - cheapness of quality science and engineering graduates links to technological leadership ..... maybe. I suppose it depends on whether there is a direct correlation between quantity of those graduates and your dominance.
As for losing the 21st century - we still have a long way to go
Yep!
https://en.wikipedia.org/wiki/Post-quantum_cryptography
We're a long long way from having decent quantum computers, they're still in the research phase now. Workable qubits are in the hundreds at the moment and I've heard an estimate that you need about a million for anything useful. And you still need to 'program' them, which is non-trivial. There may be a breakthrough in tech, but like you say, future quantum computers should be powered by fusion!
And its standard practice to harvest data and hope to decrypt it in the future, although you're making your haystack bigger with a potentially rusty needle in it.
Given most of the hardware the rest of the world uses is made in China, "oh that? yeah we deciphered it with quantums" might make for a good cover if anyone found them using data that should have been securely encrypted without giving away any spy-in-the-hardware type systems they have slipped into people's chips, motherboards, memory, graphics cards etc &co. A side benefit being that it would make it look like they had way more quantums than anyone else which would probably America to work much harder on that, knowing that if the US makes any big breakthroughs that are practical to turn into products they'd probably have them manufactured in China.
so we can safely assume the Americans have this program well in hand. ..... cantankerous swineherd
A question to ponder and wonder at, for it may be considered too awesome to answer correctly and truthfully, is does China [and therefore the East] lead in that other emerged quantum domain/those other developing fields with applications exercising and advanced beta testing Deep See Ware fare ..... with IT forks into AIMindfulness .... or does the West assume and presume to be a primary leader worth following via mass multi media tales in that field too ‽ .
Shhh! amanfromMars's posts are a distribution mechanism for a one-time pad. That's why they are indecipherable. ..... Ken Hagan
Hmmm? Now if that were in any way true, Ken, and I certainly wouldn’t argue with you and dispute the matter, it would be a novel development with extremely valuable, as in priceless, invisible export/import earner potential and a quite perfect fit for the likes of a publicly-admitted-openly-struggling-with-failure-behind-the-scenes-of-a-leading-curve intelligence agency and/or MI6
cc .... C c/o SIS HQ Vauxhall Cross/PO Box 1300 London SE1 1BD
[If you want to try out the full fat relatively anonymous spooky contact route this is the official page you will need to read for all the intel on the hoops to jump through to keep yourself maybe secure ...... in these strange postmodern times and spaces where there are no secret places to hide anything from prying eyes and inquisitive minds.]
Mostly the dangers that Booz Allen are reporting on are a list of all of China's naughtyness over the last few months that have been reworked to sound as though they can relate to 'quantum'.
Quantum computers, fusion, flying cars and robo-butlers will all be possible around the same time (pick a repeating number i.e. decade, twentyfive years, blah blah.
I imagine that anyone who has come by some unencryptable data has stuck it in a drawer marked quantum.
This does not bode well - China using all those terawatts of coal-powered electricity to run their crypto-cracking servers. Why wasn't this mentioned at COP26? Surely our governments can use this as yet another justification for attempting to ban encryption?
The properly encrypted data is indistinguishable from completely random data. Just create a honey pot for Winnie the Pooh, like a file browser with files like gravity-engine-confidential-rc.zip.enc or F-35-bill-of-materials.zip.enc or big-pharma-lobbyist-payroll-2021.zip.enc and serve data straight from /dev/random
I can see it now...Christmas 2031. The Chinese leadership crowd around the screen as the multi-billion dollar Quantum decrypter is turned on for the 1st time.
Technician ashen face turns to the glorious leader. "I don't understand it", they say, "we have tried a number of runs on our captured data but it only returns cat pictures...."
<Insert Schrodinger joke here....>
CIOs buy to justify fancy new encryption kit
Quantum encryption snake oil vendors buy to spruik their stuff
NSA convenes a secret committee to get vital funding for this new critical threat
Chinese spies use to get funding for a boondoggle to collect vast amounts of data that they can't even read
Google puts a new fibre across to china to carry all the extra unreadable data
China's cloud providers go to the govt offering to store the unreadable data "securely", y'know, in case it were to get corrupted
Chinese academics make the govt fund their cool really cold stuff
> Integrated warfare based on Internet of Things systems that uses intelligent weaponry and equipment and their corresponding methods in the land, sea, air, space, electromagnetic, cyber, and cognitive domains
So we're not going with the traditional 3 laws of robotics then?
Link to pertinant XKCD comic ==> https://xkcd.com/1613/
Chinese AI systems, presumably trained on artificial turf using artificial bullets, won't be immune to the usual issues with the current crop of "learned machines": a 20% chance of raining on the wrong fellow's parade.
For example, automated translation systems can get things wrong, and nobody dies. In a battle, the misinformed or misconfigured AI can kill everybody. Not the kind of thing you can hand-wave away.
It's going to be a hot century.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
