Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Encryption

Can the World Avoid a 'Quantum Encryption Apocalypse'? (axios.com) 71

Axios reports: "Although a quantum computer isn't expected until 2030, at the earliest, updating current encryption standards will take just as long," writes Axios, "creating a high-stakes race filled with unanswerable questions for national security and cybersecurity officials alike." As scientists, academics and international policymakers attended the first-ever Quantum World Congress conference in Washington this week, alarmism around the future of secure data was undercut by foundational questions of what quantum computing will mean for the world. "We don't even know what we don't know about what quantum can do," said Michael Redding, chief technology officer at Quantropi, during a panel about cryptography at the Quantum World Congress....

Some governments are believed to have already started stealing enemies' encrypted secrets now, so they can unlock them as soon as quantum computing is available. "It's the single-largest economic national-security issue we have ever faced as a Western society," said Denis Mandich, chief technology officer at Qrypt and a former U.S. intelligence official, at this week's conference. "We don't know what happens if they actually decrypt, operationalize and monetize all the data that they already have."

This discussion has been archived. No new comments can be posted.

Can the World Avoid a 'Quantum Encryption Apocalypse'?

Comments Filter:
  • by AlanObject ( 3603453 ) on Sunday December 04, 2022 @10:39AM (#63101410)

    Where else will we get our next "tech sci-fi" blockbuster thriller from?

    We are, after all, running out of comic book characters to animate.

    • by goombah99 ( 560566 ) on Sunday December 04, 2022 @11:01AM (#63101448)

      Republicans, 100% of them, in their hearts fantasize about hunter bidens penis photos getting decrypted and published on Twitter. Nothing will stop this apocalypse

      • Where else will we get our next "tech sci-fi" blockbuster thriller from?
        We are, after all, running out of comic book characters to animate.

        Republicans, 100% of them, in their hearts fantasize about Hunter Biden's penis photos getting decrypted and published on Twitter. Nothing will stop this apocalypse

        I'm confused. Are the comic book characters Republicans or Hunter Biden's penis? 'Cause I wouldn't want to watch animated movies about either of those... (even though the former are comical)

        • Republicans, 100% of them, in their hearts fantasize about Hunter Biden's penis photos getting decrypted and published on Twitter. Nothing will stop this apocalypse

          I'm confused. Are the comic book characters Republicans or Hunter Biden's penis? 'Cause I wouldn't want to watch animated movies about either of those... (even though the former are comical)

          Hunter Dillermand, next on Fox!

    • ToiletMan is still criminally neglected.
  • Some governments are believed to have already started stealing enemies' encrypted secrets now
    • or maybe that's been going on for over half a century, since encryption schemes have been broken by other means. yeah it's not a quantum computing issue, its a math and tech general issue

      • by Z00L00K ( 682162 )

        Not all encryption is sensitive to quantum decryption attacks, so even though there will be a shake-up it's not the end of the world.

        • by ceoyoyo ( 59147 )

          If anybody is encrypting important state secrets with RSA they probably deserve to get them stolen.

        • Actually, we have no idea which encryptions are vulnerable to quantum attacks; it is possible all digital encryption will be. We might have to use something else, and QE might be it.

    • by jmccue ( 834797 )

      Some governments are believed to have already started stealing enemies' encrypted secrets now

      Here is a thought, how about keeping critical secrets off the net ? You know, like the old days where people worked in an office without net access.

      • by gtall ( 79522 )

        Because we do not want to go back to an economy the size of what it was in the old days.

      • by ranton ( 36917 )

        Here is a thought, how about keeping critical secrets off the net ? You know, like the old days where people worked in an office without net access.

        There is always a balance between access to secrets and protection of secrets. If the secret is being stored somewhere then it should still have value to those who decided to not just destroy it. And the more restricted the data is the harder it will be to extract value from it.

        I'm sure there is plenty of air gapped data to protect against access when it really is that important. But not all protected data will be that protected.

      • Some governments are believed to have already started stealing enemies' encrypted secrets now

        Here is a thought, how about keeping critical secrets off the net ? You know, like the old days where people worked in an office without net access.

        We could always store them in a basement, closet or desk in a Florida resort. :-)

    • And they have been doing it for some time now [media.ccc.de] (long watch, but worth it)
    • I remember speculating that this would happen while wasted at a party in 2002. So I wouldn’t be surprised if governments and other entities have been stashing secrets for decades.

  • Quantum computing is not a panacea; it is not magical! There is a shit ton of noise to sort out and efforts to problem solve. This is not HAL 9000
    • by Tablizer ( 95088 ) on Sunday December 04, 2022 @11:58AM (#63101532) Journal

      The point is that in theory it may be able to do certain kinds of calculations really quickly, rendering existing encryption obsolete. But, nobody really knows how long it will take to get to that point, if ever.

      It reminds me of nuclear fusion: lots of theoretical potential, but messy to tame in practice.

      • by 93 Escort Wagon ( 326346 ) on Sunday December 04, 2022 @03:23PM (#63101962)

        The wider issue is that "tech" bloggers are apparently just starting to hear about quantum computers and what they potentially can do, and can't seem to grasp that people with actual technical knowledge have known about this for years, have been working on the solutions for just as long, and to this point are meeting the schedule they set for dealing with it. So in my mind there are two points:

        1) (as you say) we don't currently know if quantum computing is actually going to ever be useable for anything practical.
        2) The odds are we'll have the necessary quantum-resistant encryption algorithms in place well before #1 happens, if it ever does.

        Additionally, these alarmist bloggers seem unaware that not all of our currently-used encryption is even susceptible to quantum attacks.

        • Re 1) I totally agree. We have no idea if functional quantum computing is coming soon, later, or never.

          Re 2) , We've been onto that shit for a while now. The first 4 "quantum resistant" algorithms where announced this year, but we've known about quantum resistant algorithms for quite some time.

          https://www.nist.gov/news-even... [nist.gov]

      • by ceoyoyo ( 59147 )

        "rendering existing encryption obsolete"

        Some existing encryption. RSA specifically.

        • by Tablizer ( 95088 )

          > Some existing encryption. RSA specifically.

          The article mentioned it will take at least a decade to replace existing encryption infrastructure with (allegedly) quantum-proof algorithms, much of it RSA.

          • by ceoyoyo ( 59147 ) on Sunday December 04, 2022 @07:40PM (#63102660)

            The article says a lot of... interesting things.

            Most of the symmetric encryption algorithms, at least the ones you're supposed to use, are pretty quantum safe. SHA and AES, for example. You want to make your keys longer, but then they're safe. Making the keys longer for RSA helps, but no matter how long you make them you're not guaranteed safe. So RSA, and similar public key algorithms are really the problem.

            RSA is tremendously useful, but it's not all of encryption. It's mostly used for key exchange. We do have other ways of exchanging keys, and in most of the really critical applications we already use them.

        • "rendering existing encryption obsolete"

          Some existing encryption. RSA specifically.

          And ... only RSA with small keys.

          4096 bit RSA is already a typical key size and it will take a hell of a quantum computer to break it. It might not even be possible to build a quantum computer that big because of decoherence.

          • by ceoyoyo ( 59147 )

            True, but you still might not want to protect the alien hyperdrive blueprints from area 51 with it, just in case.

            Although, nobody should really be protecting sooper sekrit stuff with asymmetric encryption anyway.

          • It might not even be possible to build a quantum computer that big because of decoherence.

            At this point saying code breaking quantum computers are possible is like saying developing an anti-gravity device or an alcubierre propulsion system are possible. There is no effective difference between any of these statements. In all cases you can't rule out what you don't know and nobody has any clue how to make it work.

    • by gweihir ( 88907 ) on Sunday December 04, 2022 @03:56PM (#63102096)

      And it cannot to anything relevant at this time in addition. We do not even have a lab-demo of an universal QC that can do more than a decades-old pocket calculator. The published qbit numbers are mostly bogus, because the actual logical qbits after error correction are much, much fewer. And you can only do actual calculations with logical qbits, unless these are simplistic, very short demo-runs, that then get repeated many times until they succeed.

      It is quite telling that, for example, IBM nowhere tells you how many logical qbits their latest 433 qbits processor has and how long it can run before things decohere (which they eventually do even with error correction). The wikipedia page for logical qbits claims that it can take up to 1000 physical qbits to form one logical qbit. That would mean to break, say, RSA4096, you may need 12'000'000 physical qbits. (Shors' algortithm needs 3x the bit-length in qbits.)

  • by Viol8 ( 599362 ) on Sunday December 04, 2022 @11:02AM (#63101450) Homepage

    It may turn out that building a usable quantum computer may be impossible or so unwieldy due to the physics that they'll be huge machines only affordable to governments and large corps. Perhaps the only way us mortals will access one is via an AWS QC service or similar. IF they manage to get something practical to work.

    • And?

      Nobody really cares if Tim down on the corner can crack national security secrets, not once other governments and large corporations already have them (and you forgot large criminal organizations, which operate at a similar scale). You need Power to abuse those secrets, they (mostly) only keep them secret from you and I because if we know, then so do the other Powers.

      We don't want Tim stealing your banking information, but there are already several encryption methods that should be quantum-computer pro

      • by amorsen ( 7485 )

        The technical problem is not solved. Quantum resistant cryptography is a mess right now, and there is a high risk that any scheme deployed will be insecure against conventional computers.

        The only sensible way to do quantum resistant cryptography is to layer it either above or below conventional encryption, but that makes the already bad performance of quantum resistant cryptography even worse.

        • The technical problem is not solved. Quantum resistant cryptography is a mess right now,

          Not really. It's quite clear which cryptographic algorithms are susceptible to Shor's algorithm and which aren't.

          For block ciphers a 256-bit key will make quantum cracking as difficult as cracking a 128-bit key with conventional computers, ie. it can't be done.

  • by Fly Swatter ( 30498 ) on Sunday December 04, 2022 @11:08AM (#63101458) Homepage
    Everything needs encryption already. In other words, no one in society can be trusted, which is all the commentary on society that you need.

    Or maybe the more damning commentary is that society allows this to happen to themselves. Doing absolutely nothing to remove problem makers from society. Permanently.

    The internet has become a war zone where we all lost. And the internet is just a magnifying glass on us all.
    • Well, shit.
    • by Immerman ( 2627577 ) on Sunday December 04, 2022 @11:52AM (#63101522)

      > Doing absolutely nothing to remove problem makers from society. Permanently.

      Doesn't matter how much we do, new troublemakers always crop up. Heck, we've been trying to eliminate murderers, thieves, and rapists for thousands of years, and nobody has ever succeeded. Those who have come closest have all been ruthless authoritarians, who I would argue inevitably become a far worse problem.

      The real danger is people like yourself who think safety and security are achievable concepts. They're not, they're illusions, and always have been. There's always room for improvement, but any attempt to seriously make them a reality inevitably ends with us all locked in cages (real or metaphorical) where we don't have enough freedom to be able to abuse it.

      • by spth ( 5126797 )

        No. Relatively free, democratic countries were the most successful in eliminating murder and violent crime. Look e.g. at the List of countries by intentional homicide rate:

        https://en.wikipedia.org/wiki/... [wikipedia.org]

        Ignoring some tiny countries (which typically don't have a murder every year), we see many established democracies having the lowest rates: Japan, Switzerland, Germany, Italy, Netherlands, Norway, etc. And at the other end, we also see authoritarian countries with high rates, e.g. Venezuela, Russia.

        • Notice how those numbers are not zero? They did not eliminate it, they reduced it. I'm all for reductions, and there's a whole lot of things a free society can do to create them.

          But the only way to *eliminate* a crime is to eliminate the freedom that can be abused to commit it. There has never in the history of the world been a murder committed by a person in solitary confinement.

          It's an important distinction to keep in mind when the things a free society can do to reduce crime reach the point of diminis

  • No Shit Already? (Score:5, Informative)

    by chill ( 34294 ) on Sunday December 04, 2022 @11:19AM (#63101470) Journal

    The NSA broke ground on a massive data center -- the Intelligence Community Comprehensive National Cyber-security Initiative (CNCI) Data Center --in Bluffton, Utah back in 2011 [homelandse...wswire.com]. The widely speculated purpose was to all them to vault all they can now for anticipated cracking later as the tech advances. This isn't "news", it is "olds".

  • by rossdee ( 243626 ) on Sunday December 04, 2022 @11:25AM (#63101482)

    "Jean has a long mustache"

    Now does that mean go blow up the telephone lines, or
    Lord Lovat will be holding a party on Sword beach tomorrow morning, bring your own champagne

    (from the movie the Longest Day)

    • by Entrope ( 68843 )

      Do you think that's secure because nobody ever had security problems managing huge sets of codebooks?

      Also, what happens when you want to say "go blow up the electrical substation"? Do you send "Frank has a long mustache" or something entirely different?

      There are reasons that people moved away from using codes.

    • by techno-vampire ( 666512 ) on Sunday December 04, 2022 @02:14PM (#63101788) Homepage
      "Jean has a long mustache"

      In the months before D Day, the BBC sent hundreds of coded messages like that to the French Resistance every day in several batches. Most of them were just padding, leaving the Germans the twin problems of separating the wheat from the chaff and decrypting those messages they decided were genuine. I doubt that they tried very hard, if at all.
  • by joe_frisch ( 1366229 ) on Sunday December 04, 2022 @11:42AM (#63101510)
    Despite all the fears of technology to break encryption, and the attempts to create technologically unbreakable encryption, in real life most data breaches are due to humans. Misconfiguration, social hacking, espionage. There is always *someone * who needs access to data and there is so far no way to make sure that "someone" is not going to release the data. Doesn't matter if its an office admin, a computer sysadmin, or the president of the US.
  • Could blockchain be broken?
    This would have massive implications for *coins and anything else which uses it.

    • by Tablizer ( 95088 )

      Your worthless bitcoin will become even more worthless.

    • I don't know about breaking blockhain specifically but wallets will get decrypted. And hey, Satoshi's whale of a wallet -- 5% of all BTC ever mined -- will be broken and dumped on the market.
  • by Aliks ( 530618 ) on Sunday December 04, 2022 @12:27PM (#63101570)
    Whenever these stories surface, no-one ever speculates about the type of secret that we are supposed to care about.
    Passwords? that's already a busted flush - just look at the spread of OTP.
    In my experience, most secrets are about avoiding embarrassment over top brass misdeeds, or financial info that will be profitable only if leaked immediately.
    I struggle to think of anything that needs to stay secret for more than a few weeks before it is worthless.
    • by 0xG ( 712423 )
      Like, "Who won the English FootballCup in 1949"? Karl Marx waits in breathless anticipation...
    • Yeah the scaremongering seems based on the false premise that democratic governments will face some kind of crisis in the absence of secrecy. Exactly the opposite is true. Modern liberal democracies are intended to be open and transparent. It's keeping all the secrets in the first place that is unnatural.
  • All it means is that keeping something secure will require maintaining actual physical control. That is how the world works. You can't hides something in plain sight. It is the same as security by obscurity being a false promise. It worked until computers became fast enough to sort through all that data and find it no matter how obscure.
    • by gtall ( 79522 )

      And to requiring actual physical control means turning off a good portion of the economy. Now back to Econ 101 for you, and please pay attention this time.

    • by ceoyoyo ( 59147 )

      Worst case scenario, it means you'll have to exchange actual keys physically. Your bank might have to hand you an AES key the first time you open an account with them.

  • It's Y2K all over again but this time the problems stretch over time and are more subtle to find.

    SETEC ASTRONOMY

  • For those who don't know, quantum computers are little more than toys right now. A lot of physicists in particular are highly skeptical that they will ever be able to do anything useful. The problem is that the qbits decohere (essentially a fancy term for "stop working") and nothing right now can stop that. The best qbits decohere very quickly, but are extremely expensive to produce and cool. There are qbits that resist decoherence for longer times, but they are somewhat impractical to use at presen
  • Then we'll travel back in time through our quantum computers wormhole simulations and fix encryption. And Hitler.

    This is common knowledge among Slashdot Editors.
    Don't the rest of you guys even follow SCIENCE ?

  • Because there is ample indication that it will not happen. Or at least it will not happen anytime soon. Sure, use AES-256 (completely Quantum-Proof in this universe), use long RSA (4k or longer) and that is it for the next few decades. Shor's algorithm needs about 12k effective Qbits for that and the entanglement needs to survive a long and complex calculation. That is not even on the distant horizon and may be infeasible for centuries or forever.

    My take is all this "quantum panic" over encryption is the N

  • We don't even know what we don't know about what quantum can do

    I guess if you can't do basic linear algebra that's maybe true. Better not hire this guy's company to do anything important for you.

  • Fortunately, practical quantum computers have something in common with practical fusion power generators.
  • First, let's define the problem.

    Quantum computing promises to be able to break our current set of asymmetric (public/private key) algorithms, as well as solve other currently-intractable problems. These current asymmetric algorithms are basically never used to encrypt data directly, but instead to enable the exchange of symmetric keys or to sign hashes of data. Even when/if quantum computers become large enough and cheap enough to do this, it will probably still not be cost-effective to do it at scale, bu

    • Quantum computing promises to be able to break our current set of asymmetric (public/private key) algorithms, as well as solve other currently-intractable problems.

      There is a suite of new "post quantum" algorithms in development, testing and standardization. These are asymmetric signing and key agreement algorithms that are not expected to be so easily broken by quantum computers.

      But all of the major computer operating systems are at least in the planning stages of that transition. I work on the Android OS, and we've been planning our PQC (post-quantum cryptography) transition for at least the last two years. We haven't actually implemented anything yet, but we know how and when we're going to, and it'll be pretty soon. Everyone else is doing the same.

      Bottom line... it's going to take some work to transition to quantum-safe algorithms, but it will happen, almost certainly years before the quantum computers become practical. And there will be some lingering risks from old classical asymmetric keys. But it won't be any kind of an apocalypse.

      There is presently ZERO evidence "Quantum computing promises" will ever be realized. Behaving as if it's assumed to be inevitable when there is no evidence base to support action is irrational.

      Certainly nice to always have different key exchange algorithms available with necessary "crypto agility" baked into security stacks. This of course allows new algorithms to be deployed with minimal interruption should it ever become necessary due to unforeseen breakthroughs in mathematics and or hardware. Always n

      • There is presently ZERO evidence "Quantum computing promises" will ever be realized.

        A year ago, I'd have agreed with you, but quantum error correction has improved to the point where adding qubits actually works, which means that quantum computers are actually practical now, they're just not cost-effective. At least, this is what my colleagues who study this stuff and understand it in great detail tell me. They all went from skeptical of QC to "It's just a matter of time... though we're likely still a decade away".

        • A year ago, I'd have agreed with you, but quantum error correction has improved to the point where adding qubits actually works

          Certainly an improvement yet not a scalable improvement WRT code breaking class of quantum computers. Required fanouts of error correction circuitry for each additional qubit does not scale sustainably. Each additional qubit requires an ever increasing volume (Roughly logarithmic IIRC) of additional correction circuitry.

          The whole point of QC WRT breaking crypto is **exponential** scaling. This is the very thing at present nobody has any clue how to implement.

          which means that quantum computers are actually practical now, they're just not cost-effective.

          Quantum computers like digital computers and a

  • Without unexpected breakthroughs, there is no way quantum computers will be a threat to current encryption by 2030. In fact, without unexpected breakthroughs it is doubtful whether quantum computer will ever sufficiently scalable for the job.
  • Secret information USUALLY depreciates in value pretty rapidly. Technological advancement is a moving target, so if you don't get that information for 5 years, you are still 5 years behind. The biggest weakness to quantum computers is our dependence on asymmetric encryption (like RSA and ECC) and how hard they are to develop and prove that they are, if not unbreakable, at least extremely hard to break for the forseable future. Currently, the most common symmetric algorithms do not appear to be vulnerabil
    • I just realized I never clarified the title of my previous comment. We should already be dead because the most dangerous secrets that should NEVER have been released, you can read about on Wikipedia. I'm referring to nuclear weapons where the Soviet Union was able to steal enough information about the Manhattan project that they were only a few years behind in developing their own nukes and quickly became very good at it. If you want to talk about security of information causing the apocalypse, you are a
  • One Time Pads are perfect encryption they cannot even theoretically be cracked without the pad ... ...the reason we don't use them is distributing the pad is problematic and one way algorithms are simpler as long as they are secure ...

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...