Time Running Out for Public Key Encryption 300
holy_calamity writes "Two research teams have independently made quantum computers that run the prime-number-factorising Shor's algorithm — a significant step towards breaking public key cryptography. Most of the article is sadly behind a pay-wall, but a blog post at the New Scientist site nicely explains how the algorithm works. From the blurb: 'The advent of quantum computers that can run a routine called Shor's algorithm could have profound consequences. It means the most dangerous threat posed by quantum computing - the ability to break the codes that protect our banking, business and e-commerce data - is now a step nearer reality. Adding to the worry is the fact that this feat has been performed by not one but two research groups, independently of each other. One team is led by Andrew White at the University of Queensland in Brisbane, Australia, and the other by Chao-Yang Lu of the University of Science and Technology of China, in Hefei.'"
Well... (Score:4, Insightful)
What this does mean is that there's going to be a lot of money to be made replacing public-key cryptograhy in custom code ala Y2K.
Re:I'm not sure how big of a deal this is. (Score:3, Insightful)
Re:More like the Chinese gov (Score:5, Insightful)
Yeah, the Chinese government is the only government that would like to do that.
Re:bigger keys? (Score:4, Insightful)
plus, cryptography is very resource-intensive, growing exponentially with key size. there comes a point when it's just not practical to use a key that large, as it will take too long to encrypt/decrypt/generate the key.
Not the end (Score:5, Insightful)
new decryption methods == new encryption methods (Score:2, Insightful)
Re:I'm not sure how big of a deal this is. (Score:3, Insightful)
This poses a big threat to governments, and possibly financial institutions, but not individuals.
As an individual, I consider threats to governments and financial institutions "a big deal".
No big deal (Score:4, Insightful)
Not PK encryption per se, the RSA implementation (Score:4, Insightful)
some perspective... (Score:1, Insightful)
"Quantum computing has the potential to change everything, no doubt about it. However, I won't get excited about it until they can factor a number larger than, oh, let's say, FIFTEEN. Until then, everything in this class about turing machines, P, NP, etc is still the world we live in."
That's the quote as best as I can remember it, and the number he said was really close to 15 if I recall. Bottom line, what he said is still true--this is fascinating, fascinating stuff, but we really need to see it happen for larger numbers!
-Jaro
Re:how hard is it to build a quantum computer? (Score:2, Insightful)
by the way, I'm just making this up, but I bet you believed me. Sad state of affairs we're in.
What Codes? (Score:3, Insightful)
Re:bigger keys? (Score:2, Insightful)
Therefore... Quantum Computing Illegal in US? (Score:2, Insightful)
Re:bigger keys? (Score:3, Insightful)
Properly applied, one-time pad encryption is not crackable. Ever. Using any amount of technology or resources.
Unless you already know the key, any message of the proper length could be the plaintext you're looking for. Even a huge quantum computer wouldn't be able to tell that the ciphertext "VPx\PztI-H&jAL" decrypts to "attack at dawn" and not "attack at dusk" or "retreating now". (or even "yay ice cream!") It might seem like this would break down with degenerate plaintext (such as signed messages), but as long as no key bits are reused and the key is not compromised, it holds up.
"If it's so perfect, why doesn't everyone use it," you ask? "Proper" OTP requires the key to be as big as (or bigger than) the message, and requires the entire key to be shared between both parties, securely, beforehand. Not exactly something eBay can roll out tomorrow.
-:sigma.SB
Re:Not the end (Score:4, Insightful)
Re:bigger keys? (Score:3, Insightful)
Re:SO what if they break the encryption? (Score:5, Insightful)
Example, vising gmail and checking out the certificate Google (which is pretty security conscious) has a key valid from 05/03/2007 through 05/14/2008 (over a year).
In order to trivially look at EVERY session encrypted over gmail an attack would need to crack that key ONCE. Google is pretty good by the way, there are certs in existence for far longer than 1 year out on the intraweb.
It is true that every session uses a symmetric cypher with a different session key... but how do you think the keys are exchanged? Once the PKI encryption is broken, the attacker will be able to read the session key in plaintext and decrypt the entire session. And this is for every single person using Google's certificate. That is why cracking PKI is so profitable, the long-term nature of the keys means once it is cracked, you have free reign for a long time.
Re:SO what if they break the encryption? (Score:5, Insightful)
Re:Just RSA, actually (Score:4, Insightful)
SC doesn't work against things in class NP-COMPLETE, but it's quite effective against many problems that are in NP but less than NP-COMPLETE. In fact, I'm scratching my head trying to find one that SC doesn't work against.
Also, the total number of qubits required is twice the number of bits in the key. While nontrivial, it is not as ridiculous as you're making it out to be. It's possible we'll have this in twenty years. Less, if engineering breakthroughs go our way; more, if they don't.
Re:bigger keys? (Score:3, Insightful)
Anywho, it is said that AES-256 should be strong enough to withstand attacks by quantum computing. Of course, by definition, one time pads are resistant against every attack, as long as the keys are really kept safe. The reason why they are not commonly used is the size of the keys (as long as the plain text) and key distribution & memory issues.
So symmetric encryption is still rather safe, and as long as they aren't able to build a rather large quantum computer, I presume that asymmetric encryption is still safe as well.