Quantum Computers Pose a Security Threat That We're Still Totally Unprepared For (technologyreview.com) 193
An anonymous reader quotes a report from MIT Technology Review: The world relies on encryption to protect everything from credit card transactions to databases holding health records and other sensitive information. A new report from the U.S. National Academies of Sciences, Engineering, and Medicine says we need to speed up preparations for the time when super-powerful quantum computers can crack conventional cryptographic defenses. The experts who produced the report, which was released today, say widespread adoption of quantum-resistant cryptography "will be a long and difficult process" that "probably cannot be completed in less than 20 years." It's possible that highly capable quantum machines will appear before then, and if hackers get their hands on them, the result could be a security and privacy nightmare.
Today's cyberdefenses rely heavily on the fact that it would take even the most powerful classical supercomputers almost unimaginable amounts of time to unravel the cryptographic algorithms that protect our data, computer networks, and other digital systems. But computers that harness quantum bits, or qubits, promise to deliver exponential leaps in processing power that could break today's best encryption. The report cites an example of encryption that protects the process of swapping identical digital keys between two parties, who use them to decrypt secure messages sent to one another. A powerful quantum computer could crack RSA-1024, a popular algorithmic defense for this process, in less than a day. The U.S., Israel and others are working to develop standards for quantum-proof cryptographic algorithms, but they may not be ready or widely adopted by the time quantum computers arrive.
"[I]t will take at least a couple of decades to get quantum-safe cryptography broadly in place," the report says in closing. "If that holds, we're going have to hope it somehow takes even longer before a powerful quantum computer ends up in a malicious hacker's hands."
Today's cyberdefenses rely heavily on the fact that it would take even the most powerful classical supercomputers almost unimaginable amounts of time to unravel the cryptographic algorithms that protect our data, computer networks, and other digital systems. But computers that harness quantum bits, or qubits, promise to deliver exponential leaps in processing power that could break today's best encryption. The report cites an example of encryption that protects the process of swapping identical digital keys between two parties, who use them to decrypt secure messages sent to one another. A powerful quantum computer could crack RSA-1024, a popular algorithmic defense for this process, in less than a day. The U.S., Israel and others are working to develop standards for quantum-proof cryptographic algorithms, but they may not be ready or widely adopted by the time quantum computers arrive.
"[I]t will take at least a couple of decades to get quantum-safe cryptography broadly in place," the report says in closing. "If that holds, we're going have to hope it somehow takes even longer before a powerful quantum computer ends up in a malicious hacker's hands."
Re: (Score:2, Interesting)
Good thing quantum computers don't work (Score:5, Interesting)
A few days ago one of the slashdot articles explained why quantum computers of a significant size will never be possible.
Which is right?
Re: (Score:2)
Re: (Score:2)
Well, the other stories fold into ... nothing ...
Re: Good thing quantum computers don't work (Score:3, Funny)
Both... Thats the point
Quantum Warranty (Score:2)
Good until you open the box.
I await the Quantum EULA
Re: (Score:2)
That is obvious: /. is right!!
Re: (Score:3)
The one that says it's not possible. However, "post-quantum" is a really hot buzzword, possibly even hotter than "blockchain" now that that one's burning out, so there's a lot of academic kudos and, once someone figures out how to commercialise it, money to be made peddling quantum crypto anything. The hype cycle tends to be 3-5 years before disillusionment, so we've got awhile to go yet.
For my part, I predict we'll have fusion reactors and Mars colonies before we have quantum cryptanalysis, so there's pl
Re: (Score:2)
Re: (Score:2)
Re:Don't worry, we're prepared (Score:4, Insightful)
Don't forget hydrogen fuel cells! Remember those?
You should not ridicule hydrogen fuel cells. They turned out to not be the best solution, but when facing a critical need the best approach is a Flooding Algorithm [wikipedia.org], where you research every plausible solution. It is important to not only identify what works, but also what doesn't work. The cost of the research failures is negligible compared to the benefit of finding the best alternative transportation technology.
Re: (Score:2)
Re: (Score:2)
the hype that they were going to take over and replace everything can be mocked.
I must have missed the hype. I remember GWB advocating hydrogen fuel cells, but nobody believed he was serious, and he was widely ridiculed at the time. I don't remember anyone else hyping it.
Re: (Score:2)
I think the supposition that the fossil fuel industry would abandon $Trillions of infrastructure and proven petrol reserves was the greatest failing of the hydrogen revolution.
That is not why hydrogen fuel cells failed. They failed partly because the fuel cells are expensive (requiring platinum coatings), need regular maintenance to keep the membranes clean, and have very limited range because of the difficulty of storing H2.
But the main reason they failed was because of dramatic advances in the cost and storage capacity of lithium batteries.
Re:Don't worry, we're prepared (Score:4, Interesting)
Uhh... going pretty strong [europa.eu]. Prices have been gradually coming down and there is a lot of interest from industry. However, since batteries have also improved in the meantime, the focus is moving away from consumer applications (cars) to larger ones (ships, buses, trucks, trains, even regional planes), so they are not so visible to the man in the street.
I do work in hydrogen & fuel cells, and in the last 2-3 years we have seen a surge in industrial interest we can barely handle. We know that FC manufacturers are tooling for mass production, at which point prices will fall a lot faster. At this point we are where batteries were about 15 years ago, with some applications ready for deployment (buses [fuelcellbuses.eu], home CHP [h2-international.com], trucks [nikolamotor.com], trains [alstom.com]) and plenty of others in advanced development—maritime is likely the next big thing.
So just because you don't hear about it in the 9 o'clock news it does not mean it has been abandoned. It has simply dipped down from the hype peak [wikipedia.org] and started maturing.
Re: (Score:2)
Don't forget hydrogen fuel cells! Remember those? They even had a hydrogen bus in Chicago back in the 2000s. I wonder what happened to it?
What happened to it is that you can now lease hydrogen vehicles in California and GM and Honda have a joint fuel cell plant and predict that it will actually be profitable to sell FCEVs in the next generation. GM in particular is betting on Hydrogen to be the future fuel of the military. If you actually cared about this stuff, though, you'd know all of this.
Malicious hacker? (Score:3)
You mean like every hostile or competing nation state?
hope (Score:1)
Re: (Score:2)
Re: (Score:2)
Yep, this is the answer. We'll install SneakerNet along side our Electron Challenged Networks to distribute the one-time pads. Oh, and no sneaky allowing your one-time pads escape into the wild, keep them close to your body.
Re: (Score:2)
One time pads.. Totally safe against quantum computers.. There are ways of distributing those safely when your adversary is online.
Oh yea, that key distribution problem is a bear you know... Maybe we can order one time pads from Amazon now? With prime shipping it will only take a day to get them.
Re: (Score:2)
In the future, you'll go down to the market and have a box of one-times along with your soylent bars, pocket fusion recharges, and totally-tuned porn drivers for your artificial mate.
Until then, the quantum kids have spent billions and have bupkis+ to show for it, and acknowledge that even the algorithms are going to cost billions and billions, too. Quantum doesn't work like Von Neumann computing and so none of that tawdry PHP and node.js you learned is going to be useful. There are no libc-q's available.
I
Re: (Score:2)
Re: (Score:2)
I hope this will happen never. There is not need for it and changing things without need is just incredibly bad engineering because it always causes problems.
Re: (Score:2)
Re: (Score:3)
Funny story: All these systems have been broken so far. Turns out that the perfect theory does not translate to a perfect implementation.
Pure bullshit on a level with ... (Score:5, Insightful)
... scary AI.
I swim in the quantum theory waters and it's goddam near impossible to rake the jiggle out of one qubit. The temperature has to be at near-absolute zero and Heisenberg's Uncertainty Principle plus all of the laws of thermodynamics and the properties of quantum vacuum are working against us.
As the qubit count increases, the randomness multiplies at an exponential rate. It's a nice dream, as is the theory of AI killing us all, but the hurdles are too great.
In the spirit of, "never say never," a practical quantum computer is at least 100 years away.
And here's the 411 on the encryption fear, anyway: A quantum computer that could instantly break today's encryption could just as quickly create encryption that is impossible to break.
Re: (Score:3)
The difference is the NSA, and other government agencies (in various countries) will be the only ones able to afford quantum computers.
Re: (Score:3)
Your point is well taken. Cost is a factor (ignoring the fact that QC can'y get that big). As the qubit count rises, the structure necessary to combat the three evils I listed gets to be enormous. We're talking LHC large, at least.
"Nil Tl Son, do you see the large cold thing? Take it out."
Re: (Score:2)
No idea what anime/etc you're referencing either, should anyone know that?
They should.
I do.
Re: (Score:2)
And no more MRI scans and ... There is a reason that scientist worry about fritting away a limited and precious resource on party balloons when you could use a hydrogen/nitrogen mix that is no more dangerous than a Christmas cracker.
Re: (Score:2)
The difference is the NSA, and other government agencies (in various countries) will be the only ones able to afford quantum computers.
That's not clear at all. With our current level of technology, being able to build a useful general purpose quantum computer for any amount of money at all is outside of predictable reach. Perhaps some new technological breakthrough will make it more possible, but there's no particular reason to believe that breakthrough won't also bring it within reach of NGOs or even wealthy individuals.
Re: (Score:2)
The NSA, etc. are willing to pay billions for a QC that can crack RSA. Hell, they'd spend billions on a coinflip where "heads" got them that QC.That means they can sponsor research, build a giant infrastructure to keep it near absolute zero, and do other things that really are out of reach of NGOs or wealth
Re: (Score:3)
plus all of the laws of thermodynamics ... are working against us.
Actually: no!
Thermodynamics has nothing to do with quantum computers nor Heisenberg's Uncertainty Principle have anything to do with it ...
Re: (Score:2)
Care to expand and defend your remarks?
Re: (Score:2)
Sure,
what is your question regarding steam engines (thermodynamics) and measurements of movement of small particles as in electrons and photons (aka Heisenberg)?
Oh, you did not know that thermodynamics is about steam engines and heated gases and pressure and has nothing to do with "ordinary physics"? Yeah ... guessed that.
Re: (Score:2)
what is your question ...
I don't have questions. I have answers.
I'm sorry, but your knowledge of quantum and classical physics does not rise to the level where I can be of any help.
Perhaps you could concentrate on the study of pregnant squirrels eating sandwiches.
Re: (Score:2)
If you mix up thermodynamics with quantum mechanics you obviously have no big physics education. Or you forgot everything :D But no worries, there are hardly any people on /. that grasp thermodynamics. I would wager 99% of all posts where it is mentioned are wrong about it.
The hint with the squirrels is interesting ... perhaps I could get an easy PhD that way.
Re: (Score:2)
You're a lazy son of a bitch. [phys.org]
Now in a new study, physicists have shown that quantum shortcuts are subject to a trade-off between speed and cost, so that the faster a quantum system evolves, the higher the energetic cost of implementing the shortcut. In accordance with the laws of thermodynamics, an infinitely fast speed would be impossible since it would require an infinite amount of energy.
Re: (Score:2)
In accordance with the laws of thermodynamics, an infinitely fast speed would be impossible since it would require an infinite amount of energy.
You see. Wrong again.
There is no law of thermodynamic saying anything about speed of anything.
https://en.wikipedia.org/wiki/... [wikipedia.org]
No idea why you want to argue abut stuff you have no clue about, or the author you cite has no clue about.
Infinite fast speeds, require being faster than light, wich means it violates general relativity theory, not thermodynamics. And yes: i
Re: (Score:2)
And that is just the thing: Mass-hype and mass-panic that completely ignore practical aspects. Here is news for these people: Practical aspects are what makes or breaks a technology.
Incidentally, general AI has even less substance than QCs have, because there is not even a credible theory how they could work. In the few fields where we actually have theories (like automated deduction), the effort is so great that smart human beings can do things a universe-size computer could not. QCs seem to at least work
Re: (Score:2)
I enjoy reading posts by those who get it and have additional information to add. Thanks..
To explain the problem of QC (which is quantum jitters) I can offer an analogy (I'm not clever enough to make it a car one, though):
The speed of light, "c" is qualified by the value of "in a vacuum."
A vacuum is defined as a space that has nothing. Zero. Zip shit. Nada. That knowing, with certainty, as agreed, violates the Uncertainty Principle.
So, what's the deal with the fucking vacuum? It's a quantum vacuum. Some cal
Re: (Score:2)
You are ignoring another Uncertainty Principle, that is the amount of money that can be squeezed out of funding agencies by getting their bloomers in a twist over quantum: Big Bad Quantum is coming, be very afraid, very scared, and very willing to allow us to save you for a small sum, although it might seem vast from your point of view....we here at Quantum Uncertainty Enterprises assure you it is not.
Re: (Score:2)
I agree. Plenty of revenue all around. Hype a disease; hype a cure.
Laughter is the best medicine when opportunists abound.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I already assume todays encryption IS broken or key stealing is not so difficult.
What Snowden revealed is that the NSA gets FAR more traction from traditional (and not so traditional) spying and eavesdropping techniques than from trying to break encryption schemes. In most circumstances, the latter approach will be far more involved and more costly.
Re: (Score:2)
Yeah, never fear the time when NSA, CIA and all other three letter agencies have a multibillion $ quantum computer ...
You had a good reply right there and fucked it up with the "before and after," words.
Re: (Score:2)
Wow. Thank you. I have read all the quantum physics books I can find, most recently one published in 2017 by Paul Halpern (quantum fundamentalist) "The Quantum Labyrinth."
I bookmarked your reference link. It summarizes the state of the art of quantum computing very well.
Again, thanks.
Re: (Score:2)
Sorry for the down mods. As for me, I see what you did there.
Re: (Score:2)
I cleverly counter your remarks with the +10 sword of blockchain.
Re: (Score:2)
Off topic, but I'll byte.
Then you have a future where I have to walk around with a gun
You're full of shit and I can give examples.
Recall the Civil Rights Riots. Recall the Vietnam Riots. Recall the Ferguson riots. Recall the Baltimore riots.
Using those examples, and others, you won't be using guns.
No, you'll be using stone-age technology.
Re: (Score:2)
It's inherently obvious to the casual observer that you don't know bullshit from wild honey.
Re: (Score:2)
Oh yeah, that's gonna leave a mark.
Wrong, Quantum encryption. (Score:2)
Slashdot finally getting woke to the quantum scam (Score:1)
Just a way for otherwise useless academics to extract tax payer dollars from militaristic states.
quantum computing (Score:1)
I'm of the opinion that practical quantum computing is impossible (see link below for the argument). Start believing this too, and you will have one fewer things to be worried about!
https://spectrum.ieee.org/comp... [ieee.org]
Re: (Score:2)
I agree. The whole thing is both useful idiots and "scientists" without ethics that want to profit from the hype a bit longer.
The best supporting evidence for your citation is that QCs have almost not scaled at all in now something like 40 years of research.
Re: (Score:2)
I agree
Yes but you are an idiot.
. The whole thing is both useful idiots and "scientists" without ethics that want to profit from the hype a bit longer.
If one want to profit and have no ethics there are easier ways. But again you are an idiot.
The best supporting evidence for your citation is that QCs have almost not scaled at all in now something like 40 years of research.
Going from proof of concept systems to something that can be used to solve small problems.
Longer coherency times, more qubits and actually demonstrating that it works as predicted. No, nothing happening.
Starting to look how to program a realistic future quantum computer - nothing.
It's a hard problem to crack. But those that attempt to do it aren't idiots and know their stuff.
Re: (Score:2)
You seem to be completely unaware how a large part of the scientific establishment and the funding it gets works. The idiot here is you.
Isn't elliptical curve good enough? (Score:3)
I thought elliptical curve cryptography was good enough?
Also, it occurs to me they're concerned about a "20 year" timespan to get it widely deployed. Maybe a truly excellent algorithm just got patented, and they have to wait until it's unencumbered for it to spread?
Re: (Score:2)
All currently-used public-key cryptography, including ECC, is vulnerable to attacks by quantum computers because the underlying hard math problems aren't hard for quantum algorithms.
There's a technique for using elliptic curves to construct schemes that aren't vulnerable; supersingular isogeny Diffie-Hellman for example works like ECDH.
Disclosure: I work for a company producing encryption code that's safe against attacks by quantum adversaries.
Re: (Score:2)
Since it was buried either as an AC response, or an AC response to an AC:
EEC is vulnerable because "QCs can solve the abelian hidden subgroup problem, which ECC is within." However, RSA (and other prime factorization issues) are cracked by QCs using Shor's Algorithm. The same algorithm cannot be used on ECC.
Yet... (Score:1)
Re: (Score:2)
The world relies on encryption to protect everything from credit card transactions to databases yet they keep getting hacked repeatedly so what's the point?
The point is to keep making it harder for the bad guys to succeed. It's an arms race.
Of course, the good guys can turn into the bad guys, so be vigilant.
Re: (Score:2)
Getting hacked has usually nothing to do with encryption but with stupidity.
E.g. if I call you and ask for your credit card number, would you encrypt it somehow over the phone call?
Would you give it to me?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
OTP is private key / symmetric cryptography: you have to transfer the one time pad to the other party using a secure channel before you can communicate securely. That would be the equivalent of AES, and AES is still unbroken, even with a hypothetical quantum computer.
The advantage of algorithms like AES over OTP is that OTP is very inconvenient. It needs a massive amount of true random data (using a PRNG would turn it into just another stream cipher), and all of it has to be transferred securely. That incon
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Yes, that's how you use OTP. The issues are:
- You need a true RNG, i.e. specialized hardware (/dev/random may be ok). And these typically have a rather low bandwidth. That's fine for short message, less so for HD video.
- You need to transfer a lot of data using your secure (e.g. physical) channel. As much random data as all the data you intend to send. It means that it can't be memorized or told, you need a physical support, like a USB stick for instance. There is quite a lot of work involved in order to tr
Re: (Score:2)
Can we _please_ stop with this nonsense? (Score:2)
There are no QCs of sufficient size to even break amateur-crypto. Scaling is proving difficult enough that it is unclear whether it works at all. There is no threat here. No, really not.
On breaking encryption for good ends. (Score:2)
There's a lot of cryptocurrency mining hardware being dumped & can be repurposed to solve Wikileaks Insurance Files encryptons. Pursuing this direction & not knowing when solves will happen will motivate govs & banks to correct themselves. And that is a Good Thing to do.
meh (Score:3)
who cares, encryption will be broken by the time viable quantum computers are a reality anyway.
australia is just the first domino to fall, soon other nations will follow and all encryption must be breakable by law.
Re: (Score:2)
I've NOT accepted it, and i will resist, but i also think it will be a fight that will not be won.
Color me skeptical (Score:3)
20 years? (Score:2)
widespread adoption of quantum-resistant cryptography "will be a long and difficult process"
What other computer technology took 20 years to get widespread adoption? The last one I could think of was either the Internet itself or the WWW.
Why would cryptography take so long?
Or are we talking about getting quantum-resistant cryptography in our InternetOfThings devices? I'm screwed if someone's using that much resources to hack my car. It would probably be cheaper to hire a league of assassins to take me out.
Setec Astronomy (Score:2)
Encryption feels lame/stupid at this point anyway (Score:2)
I Call FUD (Score:2)
Re: (Score:2)
Most sites that actually care use either 4096-bit RSA or have switched to EC at a comparable bit-strength.
What about the sites that don't care, but should?
Re: (Score:2)
More likely the NSA has buried a lot of backdoors in ECC curves and is now running scared they could leak...
Re: (Score:2)
Yeah the NSA defines the mathematics behind elliptic curves, changing reality as they go.
Re: (Score:2)
There is no need to change reality. ECC is very easy to backdoor, by the very mathematics it uses. Have you done even minimal research?
Re: (Score:2)
Re: (Score:2)
I do not need to prove things already proven elsewhere. Look it up you lazy slob.
Re: (Score:2)
Re: (Score:2)
NSA also crippled the maths for generating unpredictable curves. Well, NIST did that, in collusion with the NSA request, resulting in FIPS 186-3.
https://crypto.stackexchange.c... [stackexchange.com]
You hint at this in your last statement. We can NEVER trust spooks. They are not here to help. Ever. Period.
Re: (Score:2)
As for Quantum Computing? Pfffft.
Pull the other one. QC is the Cold Fusion of computing technology.
Re: (Score:2)
O rly?
And what about all of their off-site backups? Have they re-encrypted them, or is it is a matter of janking some tapes from Iron Mountain, or company's on-site storage, and applying quantum decryption to them?
Quantum computing is relevant to public key, asymmetrical ciphers used in establishing online communications. Static data such as backups is encrypted using symmetrical ciphers such as AES and Twofish which are not susceptible to quantum computers.
Re: (Score:2)
Re: (Score:2)
Indeed. Some people just cannot let go of a bad idea, possibly because they have no other skills...
Re: (Score:2)
No easy connected network? Then MI6/CIA start to look at the workers on site.
The magic was a PRISM like front door into the OS, telcos.
The mathematical flaw was people had to trusted their OS crypto junk/used a telco network.
Quantum will be a cover story for more PRISM, more police ready crypto designed into products.
Quantum will
Re: (Score:2)
Can you explain how a quantum computer could work? How would one program the quantum computer if it existed? How would one inspect code for errors? How would one know truth of quantum computer output?
Ask your cat.
Schrodinger, is that you? If you'd put down the box, I have a question....
Re: (Score:2)
Re: (Score:2)
of course RSA-1024 has been considered too weak to use for a number of years now.
From an academic point of view. However, nobody has been able to break anything beyond RSA-768, at least not publicly. And chances are that nobody has been able to break anything beyond that, period: the time, effort and money involved to break such keys are not worth the while, for such keys do not protect information that is all that valuable. Most likely, it is far easier and cheaper just to steal the keys, if necessary.
Re: (Score:2)
Since cryptography depends on very large primes,
Only a small subset thereof does.
couldn't quantum computers actually be used to find very large primes that conventional computers would take years to find?
Classical computers can already find the primes of interest in cryptography very quickly and efficiently.