Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Encryption Math

Quantum Computers Will Break the Encryption that Protects the Internet (economist.com) 166

An anonymous reader shares a report: Factorising numbers into their constituent primes may sound esoteric, but the one-way nature of the problem -- and of some other, closely related mathematical tasks -- is the foundation on which much modern encryption rests. Such encryption has plenty of uses. It defends state secrets, and the corporate sort. It protects financial flows and medical records. And it makes the $2trn e-commerce industry possible. Nobody, however, is certain that the foundation of all this is sound. Though mathematicians have found no quick way to solve the prime-factors problem, neither have they proved that there isn't one. In theory, any of the world's millions of professional or amateur mathematicians could have a stroke of inspiration tomorrow and publish a formula that unravels internet cryptography -- and most internet commerce with it.

In fact, something like this has already happened. In 1994 Peter Shor, a mathematician then working at Bell Laboratories, in America, came up with a quick and efficient way to find a number's prime factors. The only catch was that for large numbers his method -- dubbed Shor's algorithm -- needs a quantum computer to work. Quantum computers rely on the famous weirdness of quantum mechanics to perform certain sorts of calculation far faster than any conceivable classical machine. Their fundamental unit is the "qubit", a quantum analogue of the ones and zeros that classical machines manipulate. By exploiting the quantum-mechanical phenomena of superposition and entanglement, quantum computers can perform some forms of mathematics -- though only some -- far faster than any conceivable classical machine, no matter how beefy.

This discussion has been archived. No new comments can be posted.

Quantum Computers Will Break the Encryption that Protects the Internet

Comments Filter:
  • So what? (Score:5, Funny)

    by forkfail ( 228161 ) on Friday October 19, 2018 @11:16AM (#57504342)

    If you're not guilty, you have nothing to hide.

    And unbreakable encryption only serves the Bad Guys (tm).

    Or so we're told...

    • Re:So what? (Score:5, Insightful)

      by mark-t ( 151149 ) <markt AT nerdflat DOT com> on Friday October 19, 2018 @11:23AM (#57504416) Journal

      If you're not guilty, you have nothing to hide.

      And yet absolutely every person I've ever heard make this statement was fully clothed when they made it.

      People have things to hide not because there is anything wrong with them, but because they are private. Full stop.

      • by Anonymous Coward

        You do realize that there are practical reasons for wearing clothes, right?

        • by Anonymous Coward

          Most things can be stored in your colon. Pockets are overrated.

        • You do realize there are practical reasons for encrypting your data, right?
          • You do realize that's not a parallel, right?

            The reasons to encrypt your data are all about information hiding and non-repudiation. The reasons to wear clothing include that, and temperature modulation, shelter from elements, carrying capacity upgrades, and sanitation. And on a less practical level, self-expression (you could argue encryption as self-expression, but that's usually cyphers that humans can decode).

            The analogy is just a terrible one. We already know why "if you're not guilty, you have nothin

            • by mark-t ( 151149 )
              Oh, it's very similar.... the fact that there are so-called practical reasons for wearing clothing that have nothing to do with privacy is irrelevant, because it is still the single most overpowering reason... so much so that we even have actual laws that govern what levels of clothing are considered "decent".
            • There certainly are parallels between the two. There are some things that we don't want people to see or touch without permission, ethical and moral implications aside. If things were exactly alike then we wouldn't use an analogy to compare them.
            • by piojo ( 995934 )

              Have you never been hot and realized you would be more comfortable without a shirt, but couldn't take it off due to the setting? The analogy fits, but it is confusing due to the other reasons for clothing which are not about privacy or modesty.

      • If you're not guilty, you have nothing to hide.

        And yet absolutely every person I've ever heard make this statement was fully clothed when they made it.

        People have things to hide not because there is anything wrong with them, but because they are private. Full stop.

        Bad metaphor dude ... Slashdot has taught me that that anti-nudity thing is just an American hangup, from our bad old puritan days

      • Re:So what? (Score:5, Informative)

        by Rick Schumann ( 4662797 ) on Friday October 19, 2018 @12:31PM (#57504916) Journal

        People have things to hide not because there is anything wrong with them, but because they are private. Full stop.

        What basic psychology I ever learned said precisely this, that it's normal, natural, and healthy for people to want privacy, and to 'share' when it's their choice. This is a fact despite what so-called 'social media' corporations have been trying to indoctrinate people with over the last 20 years or so.

        • What basic psychology I ever learned said precisely this...

          Basic psychology is also clear that men want one style of job and women another, but that won't stop the tirade of 'tech hates women' and 'diversity'.

          • Basic psychology is also clear that men want one style of job and women another

            Okay, I'll bite: post links to credible, academic and/or science-based studies, preferably peer-reviewed, that back that statement up.

          • by mark-t ( 151149 )
            That's not supported by basic psychology, that is supported by anecdotal evidence.
    • by mwvdlee ( 775178 )

      Governments encrypt everything, so they would know best.

      • Sure. And as I said above, they want total access to all our stuff without delay of any kind, yet they can keep hidden whatever they want. Are we sure we have 'freedom'?
    • There is no other value to their analyses. Their track record shows that. The magazine is a nicely packaged nothing.

    • Encryption of TCP/IP traffic was always a kludge workaround to the internet problem.

    • The people who actually push that agenda also think the old saying about 'people in glass houses' is about the future of civilization, not a warning about being hypocritical. When it comes right down to it, they want to be able to break our (the common citizens) encryption -- but they (The Rich, and The Powerful) want their own unbreakable encryption. After all we're all criminals so far as they're concerned -- we just haven't been caught, tried, and incarcerated yet.

      Of course what they refuse to acknowl
  • No, they will not (Score:5, Insightful)

    by gweihir ( 88907 ) on Friday October 19, 2018 @11:17AM (#57504348)

    First, even if QCs ever work for reasonably sized problems, it will take a long, long time for them to get there. If the last 30 years are any indication, they scale decidedly sub-linear with time. And second, nobody knows whether they scale at all or are limited to low qbit numbers.

    Any panic over this is a few decades premature.

    • by Anonymous Coward

      Also, we will have poisoned ourselves with micro plastics way before this is an issue.

    • First, even if QCs ever work for reasonably sized problems, it will take a long, long time for them to get there.

      TIL 5 years is a long time.

    • Technological progress is definitely not linear in general.
      It builds on itself and thus sometimes has a geometric or exponential progress.
      Often times, advances in multiple areas can combine to make a new revolutionary solution that was impractical before.
      e.g. Theoretical advances + materials research can lead to practical quantum computing, or maybe high temperature superconductivity etc,
      which then can be a foundation for a whole new layer of practical revolutionary and unpredicted technologies.
      It tends to
      • by gweihir ( 88907 )

        Quantum computing has failed to perform for something like 40 years now. Any other technology this abysmally bad has just been scrapped. But somehow there are a lot of really clueless people that think this is magic and will suddenly scale and whatnot. There is absolutely no indication for that and a ton of indications to the contrary.

        • by Entrope ( 68843 )

          Nuclear fusion?

          • by shoor ( 33382 )

            My own favorite example of start and stop progress is aeronautics. As a kid, I remember seeing a Twilight Zone episode in which a World War I fighter pilot flew his plane into a cloud and came out in the present (which at the time the episode was made was the late 50s or maybe early 60s). So there was this scene of a World War I Biplane fighter taxing past Boeing B-52 stratofrotresses and other aircraft representing 30-40 years of progress in aviation, and the contrast was stark and amazing to my youthful

            • by gweihir ( 88907 )

              Nice example! Technologies do plateau, the question is where. For classical computing we are pretty much there now. But we had a fed decades of rapid progress before and these things are very powerful and useful. For Quantum Computers, it looks like they pretty much plateaued as well or are about too, bit at a scale were they are pretty useless and a modern pocket calculator can beat them easily.

          • by ffkom ( 3519199 )
            There is proof in the sky, visible to everyone, that nuclear fusion actually works at large scale. But there is no proof at all that quantum computers will ever scale to useful complexity.
            The belief that quantum computers will deliver complex results in an instant is like believing that you can add numbers of arbitrary precision with a slide rule. Theoretically possible, but only if a certain physical model was a complete description of the real world, which we know for sure it is not.
            • by gweihir ( 88907 )

              Exactly. Incidentally, the slide-rule example is limited pretty much by noise and measurement precision. The same is true for classical digital computers (at some scale and speed you are losing bits and digital computations become infeasible) and the huge success for classical computers comes from them having dealt very effectively with noise. It looks now like noise is the bane of QCs as well, but at a scale where they have not yet scaled to any useful size as classical computers hang that bar very high.

          • by gweihir ( 88907 )

            You are comparing apples and oranges. Nuclear fusion has at least two observable instances where it works large-scale: 1. The sun 2. Hydrogen bombs. Nothing like that exists for QC.

        • Any other technology this abysmally bad has just been scrapped.

          Low hanging fruits. We first developed the easy technologies, in which the S curve had a short slow R&D start, then a relatively steep exponential growth curve, and a slowly developing plateau. Alongside that we stumbled upon classic computation, which had (emphasis on had) the most insanely steep exponential growth of all technologies developed before and probably will never be matched again. That one has now matured and plateaued too. So now we're entering the realm of hard to develop technologies tha

          • by ffkom ( 3519199 )
            Decade-long R&D is fine, but fear-mongering by predicting improvements that are nowhere near is not welcome.
            Plus, the amount of money put into one specific research topic should not be just based on media hypes. There are plenty of research fields that promise much sooner life-improving progress than the hypothetical quantum computers.
            • by gweihir ( 88907 )

              Indeed. And that is just my point. QC is a crapshot at this time. It may at some time be valuable, it is not today and will not be for a long time. That does not mean stop all research, but that does certainly mean do not prioritize it and do not put major emphasis in decision making on what it may or may not eventually deliver. Now, it is possible that at some future time some other tech becomes available that makes higher-intensity research into QCs a good idea, but at the moment this is not the case and

        • Well you may be right of course since we don't really have it yet.
          Risk analysis (for cryptographically protected data and communications) would say:
          risk (real soon) = Medium or High because = probability=low x impact=ginormous (for now).

          Also, I can see a group of natural philosophers sitting around 600 years ago in a drinking establishment (I drink therefore I am) listening to someone in a wooden armchair griping "You people have been yammering on about figuring out how things work for 2000 years now, and I
          • by gweihir ( 88907 )

            I disagree. After 40 years of failure, the probability("real soon") is at worst "low" but realistically "very low". And the impact is not "ginormous", but rather "moderate". That makes risk = low ... very low.

            Even most encryption is not threatened. A working, scaling QC is nowhere near as magic as people believe. These things are useless except for a few tasks and even for them (factorization) they may have huge constants in their run-times.

    • https://www.google.co.uk/amp/s... [google.co.uk]

      IBM begs to differ. And IBM doesn't beg very often.

    • by Minupla ( 62455 )

      There are classes of secrets for which "decades" is a reasonable threat model. Communications can be an example. If I'm recording everything you send NOW, are you sure there's nothing in there that won't be a problem for you in 20, 30 years? Consider some person is going to be present of the US in 20, 30 years.

      If you're on the Nation State side of this, recording everything you can and decrypting later is a totally legitimate strategy, as SOMEONE will be the leader of $otherCountry then, and having all thei

      • Consider some person is going to be present of the US in 20, 30 years.

        Decryption: The inaugural unwrapping of the new US present.

  • by Anonymous Coward

    Will this break all the foundational DRM on which all our good stuff depends?!?!?

  • by Anonymous Coward

    Quantum computing is a good way to fleece investors, but that is about it.

  • No it will not (Score:1, Interesting)

    by Anonymous Coward

    The encryption is ALREADY broken, we don't have to wait for quantum machines to get there

    Additionally speed is not the ONLY factor in security/encryption. complexity is also a key factor, but if people would get rid of ridiculous ideas like "public CA's" and force everyone to perform private and variable key exchanges provided by the site itself on first visit we can rapidly increase security. [this is just one simplified example and to save time not a complete answer, so don't get your undies in a wad]

    As

    • Nobody has broken RSA.

      • by mark-t ( 151149 )
        RSA can be broken by solving the discrete logarithm problem, which QC's are also very good at... As long as the size of the quantum computer can scale linearly with the size of the key, it can still be efficiently solved with a quantum computer.
  • I seem to remember having read about a recent cryptographic algorithm that could withstand a quantum computer. Anyone remembers more detail?
    • Many of our existing algorithms, AES, ECDH, and others scale to the 2^(N-K) for N bits used in their keys with classical computers in terms of the operations to break them and that K is very small compared to the 64, 128, or 256-bits. Some of the proposed quantum attacks reduce these states by about the square root causing it to become 2^(N/2) operations. 2^32 states isn't that many for a classical computer to evaluate so 64-bit keys could reasonably break. 256-bit keys are reduced to 2^128 operations which

    • by JMZero ( 449047 )

      Lots of cryptographic algorithms are fine, or may just need longer codes. The hardest ones to replace are public-keys, where I think the front runners are lattice or error correction based (see NTRU and McEliece).

      The other possibility is public key encryption dies, and we have to build some wacky network of symmetric encryption trust rings or something.

    • There are several:
      https://en.wikipedia.org/wiki/... [wikipedia.org]

  • by Anonymous Coward

    https://csrc.nist.gov/Projects/Post-Quantum-Cryptography

    Don't panic, citizen.

  • the company offering quantum encryption.

    If QC is the latest, greatest thing that is coming "Real Soon Now" you should ignore botnets with hundreds of thousands of systems, which exist now.

    On the other hand, QC may make mining bitcoins much more economical.

    • Bitcoin mining involves doing SHA256 hashes, that's not something you can do faster with a quantum computer.

    • sure, if you don't have the slightest clue what quantum computing actually is. That botnet can theoretically hash out stuff yes, but you aren't pooling that processing power, you are distributing it which causes it's own bottlenecks and headaches. A quantum computer (they DO exist) can hash out faster than any of those combined. As well, through entanglement, the actual communication takes place over nothing, and is instant. So, i mean while we can say QC may help break our current encryption, the techno
      • sure, if you don't have the slightest clue what quantum computing actually is.

        All it does is search a space of all possible states at once. Each real qubit added doubles the search space (power) of your computer.

        QC is great for some problems that can be expressed as search problems. It doesn't do much otherwise.

        That botnet can theoretically hash out stuff yes, but you aren't pooling that processing power, you are distributing it which causes it's own bottlenecks and headaches.

        A quantum computer (they DO exist) can hash out faster than any of those combined.

        Even if you assume RSA smashing quantum computers exist there is still no evidence they could put much of a dent in 'hashing out'.

        the technology that QC can eventually provide us will literally remove the need for encryption. Unless you are at point A or point B, there's nothing to encrypt, listen to or steal. Spooky action at a distance is a real thing and it's spooky as fuck but potentially will change our entire techno-ecosphere for the better.

        "spooky action at a distance" decides outcomes rather than conducts information. It can't be used to conduct information.

        Problem with quantum en

    • by kamakazi ( 74641 )

      -On the other hand, QC may make mining bitcoins much more economical.-

      Isn't the expense of mining the only intrinsic value bitcoin has? If mining cryptocurrencies is economical then inflation in those currencies will make them valuless.

      • No, it's the other way around. The value of bitcoin determines how much effort people will put in mining.

        The word "intrinsic" is misleading. Nothing has intrinsic value. Value always depends on context.

      • No, BTC's value proposition is in the hard-limited number of coins and in the ability to verify ownership via the blockchain. Also, like any other currency its value is in the collective actions of those who support it.

    • by JMZero ( 449047 )

      If Bitcoins suddenly became easier to mine, they'd just have to increase difficulty. It's not like there's a static amount of work to be done, and this will do it faster (which is good, as otherwise Bitcoins would rapidly lose value as computing improved). If they couldn't adjust the difficulty enough to compensate, the system would need major change.

      But it would likely actually collapse for a different reason: QC could make spending other people's Bitcoins very easy - and thus make all of them worthless.

  • How often can we rehash the same thing?
    We've been saying this for how long now?

  • ...your encryption method does not use prime numbers to work?
  • Which has been on the decline on the Internet for a while. Factorising large numbers won't help with elliptic curve, Rijndael or any other post-quantum crypto.

    For the latest:

    https://www.safecrypto.eu/pqcl... [safecrypto.eu]

  • by edi_guy ( 2225738 ) on Friday October 19, 2018 @11:45AM (#57504598)
    Really...people are still worried about the front door attacks? Not too long ago, my employer w/ >10,000 employees hired a company to send out fake phish emails to see who would take the bait and click. Over 15% of the people clicked on the bogus link. Extrapolating, would indicate that there are 1,500 times from one single email, that a bad guy could pwn our Fortune 500 company. Probably already does.

    Hell, we even see news items that the NSA contractors are USB'ing data around, dropping passwords, and using their hotmail accounts at work etc. Front door breaks are for academics, interesting mathematically, but not useful day to day.

    • yep, there's enough people that continue to fall for phishes that it's profitable for ransomware crooks and spies to keep sending them.
  • Always prudent to make sure security stacks are sufficiently configurable to enable rapid phase out of broken technology as it becomes necessary. It's great to work on quantum safe key exchange and new ciphers just in case.

    What is foolish and wasteful is switching to something else from a position of fear of what can't be ruled out when no affirmative evidence to support such fears exists. At that point you are no better off hiring keyboard mashing monkeys to set policy.

  • could have a stroke of inspiration tomorrow and publish a formula that unravels internet cryptography

    They made a movie about it [imdb.com]. The problem is the "deep state" has hidden it from the public, just like they've hidden those aliens who helped us in World War II.
    • The summary says:

      In theory, any of the world's millions of professional or amateur mathematicians could have a stroke of inspiration tomorrow and publish a formula that unravels internet cryptography -- and most internet commerce with it.

      Anyone smart enough to solve this problem is smart enough to do something other than publish the proof. Patriots will probably get a large payday for delivering it to their local intelligence service. Black hats can sell it on the dark web. White hats would warn about

  • by HeckRuler ( 1369601 ) on Friday October 19, 2018 @11:49AM (#57504646)

    Encryption is a force multiplier.

    1) They'll make fast computers that are so cheap that everyone can use them (or time-share them or whatever), and therefore be resistant to quantum-computer-speed brute-force.

    2) They'll make fast computers that are so expensive only the the most powerful can crack encryption, and only selectively at that. But it's probably easier for the CIA and NSA to get around encryption other ways. I just kind of assume that they've got their fingers into most everything.

    3) Something in between.

    We live in a magical age where the poorest of poor can utilize services (that are so cheap they're free) which the most powerful of the powerful cannot thwart. They are secure in their person and papers. Despite a warrant. And that really rankles the powerful. They're typically not big fans of not having power over people. If they make a fundamentally faster computer, it'll crack the encryption of today. But it WON'T crack the encryption of tomorrow, because they'll simply use the faster computing technology. (or from factoring to ellipse curves). The transition period is where cyberpunk novels are written.

  • They will do all sorts of calculations, fast. But if you try to read the answer, it will change.

    The results of the computation depends on the observer

    And it is a QA nightmare, none of the computations are repeatable.

    All the memory states of a quantum computers can be 1 or 0 till you read it your would not know. Once you read it the memory is destroyed.

  • For RSA you don't actually have to factor the large composite number, you need to just know the period of the messages, which is what Shor's algorithm does.

    In RSA you choose two large prime numbers p and q, and then publish n=(p*q) and e. e is a smallish usually prime number. Your private key is a number d such that e*d is congruent to 1 module (p-1)(q-1). (p-1)(q-1) is the number of coprime numbers to (p*q). Given a number M less than n that is coprime to n, if you raise that number to every differen
  • You can argue about encryption algorithms and faster computers, but the real issue is time. Anything that traverses the wire becomes part of a permanent record. They copy and store every single bit, knowing that they cannot crack your encryption today, but in the future it will become trivial. So at best you're talking about mitigation. Everything you've ever said or done will have to live up to the impossible moral standard of the world communist courts of the not so distant future. There will be no devia
  • We can sign things with just a hashing function. For key agreement and other fun things there are other problems that it appears a quantum computer can't solve. https://en.wikipedia.org/wiki/... [wikipedia.org]

    However, there are a number of problems:
    1 - If the NSA records the handshake of your conversation today, they will be able to read your messages in the future when/if they build a quantum computer. I find this point very frustrating. So many people think they are safe as long as they adopt something before a
  • and it may be decades before they do.

    IBM's 5 qbit machine is coherent for 50 microseconds. It is not big enough to solve any useful problems. D-Wave isn't any faster than an ordinary computer and using quantum "annealing" it is limited in the kinds of problems it can solve.

    If someone created a 4096 GPG key it would most likely be good for their lifetime.

  • Quantum physics allows us to entangle bits (really qubits) and separate them by great distances. We can create a totally secure "quantum net" that allows instantaneous communication between one set of entangled bits and another set of entangled bits.

    Yeah, you physicists are going to say something about "information passing", "speed of light limits", yada, yada yada. That is fine in theory, but in practice 99% of all social media post have no real information.

Technology is dominated by those who manage what they do not understand.

Working...