IBM Warns Quantum Computing Will Break Encryption (zdnet.com) 197
Long-time Slashdot reader CrtxReavr shares a report from ZDNet:
Quantum computers will be able to instantly break the encryption of sensitive data protected by today's strongest security, warns the head of IBM Research. This could happen in a little more than five years because of advances in quantum computer technologies. "Anyone that wants to make sure that their data is protected for longer than 10 years should move to alternate forms of encryption now," said Arvind Krishna, director of IBM Research... Quantum computers can solve some types of problems near-instantaneously compared with billions of years of processing using conventional computers... Advances in novel materials and in low-temperature physics have led to many breakthroughs in the quantum computing field in recent years, and large commercial quantum computer systems will soon be viable and available within five years...
In addition to solving tough computing problems, quantum computers could save huge amounts of energy, as server farms proliferate and applications such as bitcoin grow in their compute needs. Each computation takes just a few watts, yet it could take several server farms to accomplish if it were run on conventional systems.
The original submission raises another possibility. "What I wonder is, if encryption can be 'instantly broken,' does this also mean that remaining crypto-coins can be instantly discovered?"
In addition to solving tough computing problems, quantum computers could save huge amounts of energy, as server farms proliferate and applications such as bitcoin grow in their compute needs. Each computation takes just a few watts, yet it could take several server farms to accomplish if it were run on conventional systems.
The original submission raises another possibility. "What I wonder is, if encryption can be 'instantly broken,' does this also mean that remaining crypto-coins can be instantly discovered?"
crypto-coins? (Score:5, Insightful)
This could theoretically be the biggest breakthrough in computing since transistors, and this person is wondering about how it's going to affect Monopoly money? Jesus.
Re: (Score:2)
What I wonder is, if encryption can be 'instantly broken,' does this also mean that remaining crypto-coins can be instantly discovered? This could theoretically be the biggest breakthrough in computing since transistors, and this person is wondering about how it's going to affect Monopoly money? Jesus.
Yes. That "monopoly money" is kind of a big thing. And it uses encryption. Which is what this is about.
Re: (Score:2)
It wouldn't be instant, it would be sqrt(todays_time);
Re: (Score:2)
Surely the square root of NOW is still NOW.
Re: (Score:2, Interesting)
This could theoretically be the biggest breakthrough in computing since transistors, and this person is wondering about how it's going to affect Monopoly money? Jesus.
Yes, because the computer farms doing blockchain proof of work are devastating for the environment. If blockchain dies, there's a much better chance of there still being a habitable world for my grandchildren. The sort of person heavily into cryptocurrencies tends to be the sort of person who either doesn't believe humans have any impact on climate change or has wet dreams about helping cause widespread devastation, so it needs something external to kill them.
Re: (Score:2)
Quantum computing isn't going to kill bitcoin. It just requires upgrading the protocols.
Re: (Score:2)
Re: (Score:2, Insightful)
You have no idea what you're talking about, do you?
You've got all the right words there, but completely the wrong concepts behind them. You do realize that ALL of the data shipped around via HTTPS is encrypted with symmetric algorithms, right? And that asymmetric algorithms are used to create and agree on the symmetric keys to be used for communications, right?
Re:crypto-coins? (Score:4, Interesting)
What a strange and verbose way of saying "you're right, quantum computing will break HTTPS".
Re: (Score:2)
Some people do seem to have great difficulty in uttering the words, "You're right". Some kind of mental block...
Re: crypto-coins? (Score:1)
And you don't seem to realize that the KEYS for all that traffic being sent are vulnerable to quantum computers. The RSA algorithm is rather slow, so it's used for key exchange to cheaper crypto algorithms. And RSA is quite vulnerable to quantum computing.
Re:crypto-coins? (Score:4, Insightful)
You have no idea what you're talking about, do you?
You've got all the right words there, but completely the wrong concepts behind them. You do realize that ALL of the data shipped around via HTTPS is encrypted with symmetric algorithms, right?
It's almost as if you don't know that HTTPS relies on signed certificates for authentication...
Re: (Score:2, Insightful)
You do realize that ALL of the data shipped around via HTTPS is encrypted with symmetric algorithms, right? And that asymmetric algorithms are used to create and agree on the symmetric keys to be used for communications, right?
Except for the keys when not using Diffie-Hellman, which lets you break the whole thing. An the trust validation is done based on RSA/ECC signatures, so you could just crack the root cert and use it to sign whatever keys you want, letting you break the whole thing. If you want to try to sound smart, you should probably know what you're talking about first.
Re: (Score:2)
LOL you're agreeing with the AC, you clown.
Re: (Score:2)
Even if the algorithm was not symmetric, we do not require the public key to generate the private key. Just test with multiple streams of private test keys until the private key is discovered. You do not have to test the entire stream of data, just enough to know if it's a hit or a miss.
What has to be done is to generate a key space. Consider a NxNxNxN set of encryption ¼ key parts. Randomly select from the array, a set of 4 indices to be used to construct a key for this particular stream of data. Cre
Re: (Score:2)
The ownership of your wallet is still guarded by asymmetric encryption.
Re: (Score:2)
Re:crypto-coins? (Score:5, Informative)
To be clearer: Quantum computers break things based on number factoring, eg. certificate signing.
It doesn't break block ciphers like AES.
It might break blockchain, yes, but, like, who cares?
Re:crypto-coins? (Score:5, Insightful)
With the rate that crypto-currency mining is wasting energy, breaking blockchain might be a very good thing for our future.
Re:crypto-coins? (Score:5, Informative)
To be clearer: Quantum computers break things based on number factoring, eg. certificate signing.
It doesn't break block ciphers like AES.
It might break blockchain, yes, but, like, who cares?
Quantum computing does weaken both symmetric ciphers like AES and hashing algorithms which are the basis of blockchains (though many blockchains also make use of asymmetric digital signatures which are more deeply affected). Specifically, Grover's Algorith [wikipedia.org] is a quantum algorithm that can find the input that provides a given output for any algorithm with at most sqrt(N) applications of the algorithm. This means that with sufficiently-good quantum computers, you can find a 128-bit AES key for a known plaintext/ciphertest pair in 2^64 steps, which just might be feasible. Similarly, given a 160-bit hash, like SHA-1, you can find a pre-image for a given hash value in 2^80 steps.
Of course, if you use AES-256, Gover's algorithm will find you an answer in 2^128th steps, which is almost certainly forever out of reach Similarly for SHA-2 256. This assumes that Grover's algorithm is the best way to attack these sorts of primitives with a quantum computer, of course. We may discover other approaches that are less general, but better.
Re: (Score:2)
The sqrt(N) thing only works for known plaintext attacks.
If the message is salted with a random number then it becomes much more difficult.
Re: (Score:2)
The sqrt(N) thing only works for known plaintext attacks.
If the message is salted with a random number then it becomes much more difficult.
If a cipher is vulnerable to a known plaintext attack, it's utterly broken and unusable. This is how cryptographers see it, and for very good reasons.
Re: (Score:2)
Even for 128 bit crypto: sqrt(2^128) is still a very big number.
It's possible to brute force 2^64 using vast amounts of conventional computers but conventional computers are cheap/small/easy to power. I doubt anybody will be running anything like the same number of quantum computers in parallel. Not even sqrt(conventional).
and, b) It hasn't yet been demonstrated that Quantum computers can be programmed to efficiently crack conventional crypto. It's actually very unlikely that they can - quantum algorithms a
Re: (Score:2)
Re: (Score:2)
If a cipher is vulnerable to a known plaintext attack, it's utterly broken and unusable. This is how cryptographers see it, and for very good reasons.
And c) All algorithms are vulnerable to known plaintext attacks - even one-time-pads (which are the only provably secure crypto).
Re: (Score:2)
If a cipher is vulnerable to a known plaintext attack, it's utterly broken and unusable. This is how cryptographers see it, and for very good reasons.
And c) All algorithms are vulnerable to known plaintext attacks - even one-time-pads (which are the only provably secure crypto).
The sort of vulnerability we're discussing here is recovery of the key from some number of known plaintext/ciphertext pairs. Yes, any block cipher is "vulnerable" in the sense that given sufficient computing capacity and known plaintext and paired ciphertext exceeding the unicity distance, the key can be recovered. But cryptographers don't consider this a vulnerability unless the amount of computing capacity required is significantly less than brute force search of the key space.
Given sufficiently-fast q
Re:crypto-coins? (Score:5, Insightful)
It might break blockchain, yes, but, like, who cares?
I care. The sooner we can break blockchain the sooner we can stop the insane amount of wasted energy we are pouring into this retarded tulip and go back to reducing the world's energy consumption like we were doing before this stupidity infected us.
Re: (Score:2)
This statement is idiotic. Reducing energy consumption is a stupid goal.
Oh I assume you live in one of those planets with infinite resources. Congratulations. Also the rest of your statement is equally stupid since perfect pollution free systems don't exist and therefore shouldn't be the only target of improvements.
Demand for energy will always increase.
This is the only idiotic statement in the entire thread so far. Demand for energy is dependent on efficiency we achieve while reaching our goals. Go buy an electric car, your energy usage will almost quarter without any talk of pollution. My parents just installed a
Re: (Score:2)
Sound money is most definitely important. Bitcoin isn't it, and there's no requirement for said money to be digital.
And no, before you comment, government issued digital money is not sound
Put your tinfoil hat back on. There's nothing more "sound" than the thing which forms the basis of what has ultimately brought our current society to the place it is today. Government issued fiat currencies are the very definition of "sound" unless you think our current society is in non functioning chaos and disarray due to the US Dollar being regulated by an authority. If you think that, ...
Re: (Score:2)
Re: (Score:2)
Thank you! I was reading up on this at IBM (have great tutorial, and super cool composer to learn it.) The stuff is mind blowing, and the reality is what it's limits are are unknown...It's a new fundamental layer to computing. So imagining what brilliant cryptanalysts have done with Turing machines, what might they eventually be able to do with this new dimension of possibilities? You can't pretend to know and put limits on it beforehand.
Re: (Score:3)
Quantum computers can potentially reduce the amount of operations by the square root of the search space. So if you have a 64 bit key, it's now a 32 bit keyspace you have to search through.
Only for known-plaintext attacks.
Re: (Score:2)
Only for known-plaintext attacks.
Is <!DOCTYPE HTML><html><head> enough known plaintext to know that you have the right key for a given message?
Re: (Score:2)
Re:crypto-coins? (Score:5, Interesting)
Hashes are actually one of the best ways to stay QC-safe.
At the moment, we use our existing encryption algorithms to generate hashes. Instead, most of the quantum-safe encryption algorithms use hashes to build themselves.
The reason is quite simple if I can use an analogy. It's not 100% accurate, but good enough to make most people understand.
First - a hash.
You take an input, you generate a "mini-mash" of it - you jumble it up and cut bits out in a predictable manner until you get something that is absolutely tiny but built from that original input.
The same input will give the same hash every time, because you do the same thing every time. Yet millions of different inputs might give you that same mini-mash (because they are much fewer hashes than there are data-sets, so by chance they overlap sometimes - a hash collision) but that hardly matters in real life because the chances of those other inputs being valid Microsoft Word files, or containing the same secrets as your files are infinitesimally small.
Quantum-computers attacking conventional encryption works like this:
- you "build a circuit" that performs the same encryption that was used (e.g. AES, ECC, etc.).
- you plug in the ANSWER (the encrypted text) into the end of it.
- by some magic of physics, it instantaneously determines the only possible inputs that could have ever formed that answer. Thus, it works out the SECRET INPUT (i.e. the keys) that was originally used to encrypt it - all in one "tick".
As such, QC defeats traditional encryption entirely. Every encrypted text/web session is one tick away from compromise with zero effort required and only tiny amounts of time expended.
But when you apply that technique to hashes, there may not be only one possible input. In fact there may be an infinity of inputs that give the same hash (because the input can be any size, right? So the mini-mash of a entire novel could the same as the mini-mash of "123" or the same as the mini-mash of a dataset as large as the universe).
As such, the QC can't determine the answer - it gets all the answers and doesn't know which one's right. To know which one was right, you'd have to check them all... and you're now back from "working out the answer instantaneously" to "checking all the possible combinations one at a time".
So instead you can build QC-safe encryption by using hashes upon hashes upon hashes upon hashes. Now any possible inputs a quantum computer may determine is lost in an infinity of other inputs... and it's no longer as simple as "just give us the only input that looks like a Word file" - you have to check them all.
As such, hashes are the basis of much more security, based on their "unknown but potentially infinite amount of data" turned into "a small set of characters" property.
Crypto-currencies use hashes a lot (Bitcoin is/was basically built upon "keep hashing different things on the end of this string until you get a hash of 0 out of it") and so may be the last thing to fall to QC.
In the same way that QC turns cryptanalysis on its head, to solve the problem of QC we turn hashes and encryption on their heads.
Re: (Score:2)
I can easily see how you can sign something using a hash function (just use a secret salt). I don't see how you'd use a hash function to do asymmetric encryption though.
Re: (Score:1)
- by some magic of physics, it instantaneously determines the only possible inputs that could have ever formed that answer. Thus, it works out the SECRET INPUT (i.e. the keys) that was originally used to encrypt it - all in one "tick".
I know you said it may not be 100% accurate but as I understand it this statement's premise is completely wrong. It should read: "by some magic of physics, it instantaneously determines every possible input that could have ever formed that answer. Then you find the outcome that's not gibberish".
Ideal quantum computer factors in polynomial time (Score:5, Interesting)
More accurate would be be "if an ideal (perfect) quantum computer existed, with enough cubits, it could break some types of encryption in a reasonable time".
Ideal quantum computers don't exist, and never will. An open question how near actual, physical quantum computers will get to this theoretical perfect machine. It's kinda like doing physics approximations and starting with "ignoring air resistance and friction ...". Well yes, if there were no friction we could build machines that do a lot of things which can't actually be done, because in the real world there is friction.
In a universe that only exists in textbooks, a universe of ideal machines, ideal quantum computers could factor numbers in polynomial time. Not instantly, but it wouldn't take a billion years like it would with classical computers.
Some of the cryptographic algorithms we use today get their strength from the difficulty of factoring certain types of large numbers. Those algorithms would need to be replaced if quantum computers developed sufficiently.
Already, we deprecate cryptographic algorithms every couple of years. Part of my job is checking https, ipsec, and other systems to see that they are configured to use strong algorithms. I have to update our list of currently accepted algorithms a couple times per year. The designers of these protocols were smart in that the designed the protocols to support any algorithm you want. For example, TLS defines that "key exchange" messages should be exchanged, but doesn't define what type of key exchange. It could be RSA key exchange, it could be Diffie-Hellman, it could be elliptic curve Diffie-Hellman, or supersingular elliptic curve Diffie-Hellman. TLS (aka SSL) doesn't know or care. Classical Diffie-Hellman can be replaced with supersingular DH without changing anything about TLS.
Lol! My brain does that (Score:3)
If the quantum computer is 300 cubits in length, 50 cubits in width and 30 cubits in height - well then it's Noah's ark.
Qubits, of course. My brain does that - I spell well and all, but I tend to write homophones, words that sound identical, because I think audibly.
Re: (Score:3)
Or, you generate the block you want which produces a partial hash. Now, you have a partial hash, a desired complete hash, and an empty field to make it happen.
The blockchain doesn't care which possible solution goes in that field, just that one of them does.
Re: (Score:2)
Re: (Score:3)
Please update your response. QC does not break encryption. It breaks factoring performance. That means, all it breaks is private key discovery from a public key. It does not break the encryption performed with those keys (though obviously, discovering a private key trivially is a problem), and it does NOT BREAK SYMMETRIC ENCRYPTION, which is by far the most common and most robust encryption in use today. It's vital we stop the spread of misinformation. Start with yourself.
Re: (Score:2)
it does NOT BREAK SYMMETRIC ENCRYPTION, which is by far the most common and most robust encryption in use today.
How do you think keys for symmetric encryption are negotiated?
Re: (Score:2)
In an ideal situation they aren't "negotiated", but are established over a secure channel in advance.
Using an insecure medium to perform secure communications is absurd.
Attempting the secure that medium with math that has not been proven to be "one way" (hint - it's fucking not, no useful function is) is equally absurd.
Sometimes absurd is least bad (Score:2)
In an ideal situation they aren't "negotiated", but are established over a secure channel in advance.
The world is not ideal, and sometimes what may initially look absurd turns out to be the least bad. For example, over what secure channel would you recommend that Slashdot offer to establish a symmetric key between your browser and its server over which to send your credentials when signing in as sexconker?
Re: (Score:2)
- you "build a circuit" that performs the same encryption that was used (e.g. AES
- by some magic of physics, it instantaneously determines the only possible inputs that could have ever formed that answer.
That's a load of bollocks. A block cipher works by "remapping" a block of plaintext into ciphertext. So for a 128 bit cipher you have 2^128 possible keys and 2^128 possible plaintexts that produce 2^128 ciphertexts. So for any one ciphertext there's 2^128 equally valid key/data combos that produce that ciphertext, not one. I suppose it's possible that quantum computers could be used for a known plaintext attack by figuring out what key converts this plaintext into that ciphertext, but I haven't heard of it.
Re: (Score:3)
Quantum-computers attacking conventional encryption works like this: - you "build a circuit" that performs the same encryption that was used (e.g. AES, ECC, etc.)... As such, QC defeats traditional encryption entirely.
This is incorrect. Shor's algorithm promises one-step breaks of asymmetric algorithms (RSA, ECC), but it does not work on symmetric ciphers like AES or (as you correctly say) hash functions. However, Grover's algorithm, does work on symmetric ciphers and hash functions. Not as well; given an N-bit search space, Grover's algorithm requires sqrt(N) steps. Still that puts AES-128 at risk of sufficiently large and efficient quantum computers. AES-256 is pretty safe, though, barring some other quantum algorit
Re: (Score:2)
The transaction signing algorithm can be swapped out in an ordinary update. That's been done before and will be done again.
But Bitcoining mining relies on proof-of-work, using hashing-to-create-a-hash-of-zeroes, and it's pretty fundamental. I'm sure that other proofs-of-work are allowed but they would need pretty drastic changes to the way that all Bitcoin miners operate or are optimised, whereas transaction signing wouldn't as they are much rarer calculations only necessary for verification of the ledger
Re: (Score:2)
But Bitcoining mining relies on proof-of-work, using hashing-to-create-a-hash-of-zeroes, and it's pretty fundamental
For bitcoin hashing, quantum computing (with currently known algorithms) only offer a limited increase in performance. And even if exploited, you'd still have to weigh the complexity of the quantum computer and its power consumption against the very well optimized current solutions. Even after the first demonstration prototype, it would take years before it's simple and cheap enough to use for practical mining.
Re: (Score:2)
Not without a MUCH MUCH MUCH larger quantum computer.
We combat existing brute-force by requiring too much TIME to test all the possibilities.
Under QC, you'll combat brute-force by requiring a quantum computer of such impractical size that it would be infeasible (it's very hard to make a large QC that isn't susceptible to noise and quantum decoherence).
It's quite easy to make a prime-factorisation QC... in 2001, IBM built 7 qubits - enough to factor the number 15. It then took 12 years to advance the techn
Re: (Score:2)
P.S. For Shor's algorithm: "For a 1000-bit number, this implies a need for about 10,000 qubits without error correction." - to give you an idea of what it would take to (probabilistically, not perfectly) factor one number.
Now imagine what it takes to crack a bog-standard SSL key, say. Most websites are already using encryption which will need a quantum computer 100-1000 times larger than anything that currently exists.
Re: crypto-coins? (Score:2)
Re: (Score:2)
Re: (Score:2)
And the AC above you pointed out exactly that.
Block generation is safe. Your wallets are not.
Of course, they can simply change the algorithm protecting the transactions, and thus your wallet's balance.
Re: (Score:2)
And the AC above you pointed out exactly that: [The proof of work (mining) in bitcoin is SHA-256]. Block generation is safe.
No, SHA-256 is vulnerable to quantum computing attacks. Or are you saying it isn't vulnerable?
Of course, they can simply change the algorithm protecting the transactions, and thus your wallet's balance.
No, 'they' can't do this. (Wallets aren't a real thing, only transactions are. Wallets are an abstraction used to make things easier for users, but the blockchain is just a list of transactions.) Only the person with the key can unlock a transaction to spend it again. If SHA-256 is broken, then anyone can unlock the transaction.
Re: (Score:2)
Re: (Score:2)
RSA and other signatures (Score:2)
Re: (Score:2)
...and how about private keys? Especially in the console world, that would come in quite handy so paying for quantum computer time via crowdfunding to discover Sony's, Nintendo's, etc. private signing keys could become a thing.
The encryption only gets easier to break, not trivial. We would only have to double the number of bits.
Re: (Score:2)
We would only have to double the number of bits.
That's for a different class of problem. QC is a much bigger threat to all widely deployed asymmetric key exchange schemes and public key systems. Basically this means any conversation that is recorded now may be decrypted later, since almost nothing uses offline-pre-shared keys these days... that model just does not fit how the world wants to use cryptography.
Pilot implementations of the new post-quantum key exchanges (kex) are already starting to become available e.g. as strongswan plugins, but they mig
Crypto-coins (Score:2)
"does this also mean that remaining crypto-coins can be instantly discovered?"
No, that's not how the minting of new coins work, at all.
There are theoretical issues where someone might learn your private key from seeing a transaction, but they're mitigated for all new addresses and usage.
https://en.bitcoin.it/wiki/Qua... [bitcoin.it]
Kinda like fusion.... (Score:5, Insightful)
It's even worse than fusion... (Score:2)
For "quantum computing", on the other hand, there is no proof yet that they are ever going to perform any better than conventional computers. It is currently just a theory based on a model that predicts such.
I for one still don't believe that quantum computers will perform better at anything but emulating themselves than conventional computers - much like the analo
Re: (Score:2)
Elliptic Curve Cryptography? (Score:4, Interesting)
Wasn't elliptic curve cryptography supposed to be resistant to quantum computers?
Both (Score:5, Funny)
The original submission raises another possibility. "What I wonder is, if encryption can be 'instantly broken,' does this also mean that remaining crypto-coins can be instantly discovered?"
Yes and No.
Regarding crypto coins (Score:2, Interesting)
Yes, quantum computers will eventually allow people to crack the private keys for most cryptocurrency wallets. However, some projects are already working to address this. The best example is Quantum Resistant Ledger (QRL), which is redesigned from the ground up to use quantum proof crypto algorithms. Look it up, they have a lot of info on exactly HOW quantum computers will affect cryptocurrencies, and other related data.
Alt encryption owned by IBM (Score:5, Insightful)
Of course the alternate encryption like that which IBM recommend happens to be owned by IBM. Better buy in now!
Answer: lattice-based crypto around since 80's... (Score:3, Informative)
Article is very light on evidence of any new form of successful attack so it's a bit premature to advise the sky is falling just yet!
Better encryption methods are always being worked on and we will phase out the old encryption methods when they become stale and move onto more resistant types.
As it so happens there are already some constructions (and they have been around for some time) that can be used such as Ring-LWE and NTRU which have been shown to hold up against classic and Quantum based attacks.
I'm going back to my bowl of cereal now.
Re: (Score:2)
Blah Blah Blah They've Been Saying That for Years (Score:1)
Quantum computing has been long on promises and short on delivery for decades now. If you can break our encryption in less time than it takes to make a cup of coffee then show us the money. How about a public demonstration where in 15 minutes or less you break the private keys of all of the big certificate authorities and issue yourself fake certificates for Google, Apple, Facebook and Netflix signed with those cracked private keys?
Maybe... big maybe (Score:1)
Anything is possible here but this seems like an irresponsible prediction when we don't have a single practical example of this technology "actually" working either as a machine we designed or as some natural phenomenon that we've observed. Which is not to say we haven't studied the subject... but we don't actually know that quantum physics can be used in this manner.
Re: (Score:2)
The scaling up is probably going to take longer than five years, but on the other hand we are not aware of what the NSA is doing in secret. Funding is the big deal there and that's one thing they're
The solution is easy, folks .. (Score:3)
... when quantum computing is capable of breaking current encryption, that same computer will be providing unbreakable encryption [scitation.org].For example:
. A. Ekert, “Quantum cryptography based on Bell’s theorem,” Phys. Rev. Lett.0031-9007 https://doi.org/10.1103/PhysRe... [doi.org] 67, 661–663 (1991). Google ScholarCrossref, CAS
Re: (Score:2)
Re: (Score:2)
Chicken or egg ...
The key (pun intended) is "current encryption."
There are problems, particularly theoretical math, that quantum computers can't solve.
Encryption will be moving in that direction.
Re: (Score:2)
nope, no one knows what that would be.
that's why the statement of "alternatives" in summary about is hilarious, it is not known what alternatives at present, or if any of them, would be resistant to quantum cracking.
Instead those agencies that can afford a quantum computer will be cracking communications, finances, etc.
Maybe they'll make it illegal for us to own quantum computer, only governments get to play. Similar things have been done before, such as "encryptions x,y, and z are munitions"
Re: (Score:2)
Kinda like it's illegal for us to own Stingrays, NSA and CIA hacking tools, you mean?
Re: (Score:2)
DVD copying software was illegal. a certain number in your possession was illegal (used to copy DVD)
Question (Score:2)
If quantum computing will be able to break encryption, why can't quantum computing be used to create better encryption?
Really! (Score:2)
No news (Score:3)
It has been known for years that quantum computers will break RSA using the Shor algorithm.
The interesting question, which is not answered in TFA, is: what algorithms are resistant to quantum computers? Do we have some available in TLSv1.3?
IBM is known as (Score:4, Insightful)
The company that sheds jobs, non stop revenue door and off shoring jobs
Their insights are marketing equivalent of click bait
wait and see (Score:2)
Wrong. Wrong. Wrong. (Score:2)
Quantum computers have the potential to break some types of public key encryption like discrete log (Elgamal) and RSA because of Shor's algorithm, assuming that a large enough quantum computer can even be built.
However, there are public-key systems like lattice problem and code-based cryptography that quantum computing researchers have made virtually NO progress on in the decades since Shor published his algorithm. Various systems have a few problems, like large plaintext to ciphertext message expansion, bu
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Warning: Consultants at Work (Score:2)
Wrong on so many levels (Score:2)
Is already bypassed (Score:2)
You donâ(TM)t need to break encryption when we have the likes of the FBI and NSA doing everything they can to implement backdoors or subtley weakening the algorithms themselves.
Compromised software, active trojans and keyloggers, ISP level malware injection, etc means you canâ(TM)t trust anything network connected as it is.
When the day finally arrives, only the old school methods like the OTP via paper and pencil will remain secure.
Prediction (Score:2)
At the rate in which quantum computing is progressing, I'd bet that things like crypto-coins will implode just fine on their own long before they have to worry about quantum computing causing a problem...
Re: (Score:2)
Cool.
So all your web browsers and disk encryption programs have got a quantum-safe algorithm in them already, then, and you're using it, right? So that your data is safe for the changeover they're talking about.
I think you'll find this is IBM warning that they - as a company trying to build quantum computers at the moment - see them coming in the next five years, which means we should have moved 5 years ago.
It's a warning that is going unheeded.
No. Elliptic curves are not quantum-safe.
What we have already,
Re: (Score:2)
I believe that QC will only attack the "large number" asymmetric algorithms - RSA, ECC, etc. I believe that symmetric algorithms such as AES aren't as susceptible to QC attacks - Grover's Algorithm cuts the effective key length in half (AES-128 could be brute forced by a QC as though it had a 64 bit key; AES-256 effectively eliminates that problem).
Of course, without the asymmetric algorithms it's really tough to set up a secure session, especially with a server that you don't know.
Re:IBM salesbros and hindu slackers are not going (Score:5, Interesting)
Probably wrong on the details
But that's slightly different than dead wrong.
It does emphasize what we all sort of know. Encryption that is good enough today will probably be not good enough in a few -- five, ten, fifteen -- years. Which suggests that all your email and metadata that you and others have stashed in encrypted stores may be decodable if you (and they) keep the stores around too long.
And it doesn't matter what technology makes the data readable. Quantum computing, brute force, some clever algorithm, some flaw in common encryption algorithms or the software implementing them. Your secrets may not remain secret.
That's probably not a good thing.
Re: (Score:2)
Which suggests that all your email and metadata that you and others have stashed in encrypted stores may be decodable if you (and they) keep the stores around too long.
Worse than that: We're constantly putting sensitive information out in public because, "Hey, it's encrypted. Even if someone intercepts this or downloads this, it'll take them billions of years to crack the encryption." If someone has scooped that data up now, they might be able to get access to a whole lot of information that people thought was safe.
On the other hand, most of us can take some solace in the volume of data on the Internet. It'd be challenging just to "scoop that data up" and store it all
Re: (Score:2)
Unless you're say...Equifax and putting everyone's names, social security numbers and full financial history out in public due to gross negligence I'd say that's 90% correct. Thank you ever so much United States government for doing exactly nothing about it, along with all previous (less) m
Re: (Score:2)
Re: (Score:2)
Quantum computation doesn't guarantee NP = P.
The question of whether or not P=NP is not really relevant in the realm quantum computing, because concepts such as P-space, NP-space, etc. are defined in terms of classical computing, i.e. how many steps would a Turing machine take to solve a problem, and in particular what is the growth law of the number of steps with respect to the size of the input. Quantum computers are completely outside the realm of Turning machines. Talking about P vs. NP in the context of quantum computers would be like talking a
Re: (Score:2)
If the NSA had one, they'd be sure to show it to random ACs first.