Google Is Working To Safeguard Chrome From Quantum Computers (theverge.com) 65
Quantum computing could potentially someday be used to retroactively break any communications that were encrypted with today's standard encryption algorithms. Google realizes this, and hence, is ensuring that it doesn't happen. Today, it announced that it has begun to deploy a new type of cryptography called the New Hope algorithm in its Chrome Canary browser that is designed to prevent such decryption attacks. From a report on The Verge: Although quantum computers of this variety are only small and experimental at this stage, Google is taking precautions for the worst case scenario. "While they will, no doubt, be of huge benefit in some areas of study, some of the problems that they [quantum computers] are effective at solving are the ones that we use to secure digital communications," writes Matt Braithwaite, a Google software engineer, in a blog post. "Specifically, if large quantum computers can be built then they may be able to break the asymmetric cryptographic primitives that are currently used in TLS, the security protocol behind HTTPS." In other words, quantum computers could undermine the security of the entire internet. Quantum computers promise computational power far exceeding today's standards by taking advantage of the underpinning physics discipline. So the presence of a hypothetical future quantum computer, Braithwaite adds, puts at risk any and all encrypted internet communication past or present. It's unclear how secure New Hope (PDF) will prove to be for Chrome, and Braithwaite admits it could be less secure than its existing encryption. But Google says New Hope -- developed by researchers Erdem Alkim, Leo Ducas, Thomas Poppelmann and Peter Schwabe -- was the most promising of all post-quantum key-exchange software it looked into last year.
Quantum still around...? (Score:2, Funny)
Re: Quantum still around...? (Score:2)
I'd only buy one if it fit in a 5.25-inch bay.
Re: (Score:2)
I'd only buy one if it fit in a 5.25-inch bay.
I used to find Bigfoot drives in Compaq systems. The last 5.25" hard drive I owned was a 20MB RLL for an IBM AT.
Re: (Score:2)
security of the Internet? (Score:2, Insightful)
The author of this nugget doesn't know, apparently, that the Internet was never designed to be secure, and any attempt to make it so will inevitably fail. The Internet was designed to facilitate the OPEN exchange of information.
Wha--? (Score:3, Insightful)
Why do you feel the need to keep repeating this [slashdot.org]? Do you think doing so will suddenly make it true?
Ever hear of cryptography? Ever hear of IPSec [wikipedia.org], for example, not to mention the numerous protocols- TLS, PGP, SSH, the Signal protocol, etc. etc. etc.? What about the underlying nature of "the Internet" are you saying makes security layers on top of it "inevitably fail?"
Re: (Score:1, Flamebait)
The nature of the internet is such that communications are routed over lines you physically don't control.
That is insecure on two fronts.
You neither have control over the pipe nor what the router at the end of it does.
A secure communications network requires physical control over the transmission medium and a direct connection for each path. No dynamic routing. Switching may be used if you control and verify each switch and guarantee a single, direct, unshared path each time you communicate.
Phones used to
Re: (Score:3)
Secure enough for most things, yes. Until that encryption is broken or the implementation has back doors built into it or flaws discovered.
Yeah, alright, but by that logic, nothing is really secure, because it's only secure *until* some vulnerability is found.
When people talk about "security," they don't mean some Platonic Form that signifies some absolute and eternal protection in all cases. Practically, however, the best modern forms of encryption are reasonably secure enough that you can rely on them, moreso than any kind of physical lock-box.
Re: (Score:3)
Layering encryption on top of an unsecured line and that is dynamically routed/switched and co-mingles signals from others doesn't make the internet a secure communication medium.
I think perhaps you're conflating the transportation mechanism with the content itself. The internet was *designed* to layer different content and protocols on top of simple, insecure, and even *unreliable* transport protocols.
If you're talking about remaining anonymous on the internet, no, we don't yet have a reliable way to do that, because ultimately you need to give someone your IP address to receive content back. If you're talking about securing content transmitted over the internet, then yes, we abs
Re: (Score:1)
What defeatist nonsense. In your world, no one should even try to encrypt communications or study the math behind it, because DogDude on slashdot says the Internet wasn't designed for security. Shut the fuck up.
Re: (Score:2)
It's not defeatist, it's correct. A secure line needs to be physically secured and controlled and carry traffic directly from A to B only. This is unfeasible to do on the scale of the internet. So we rely on encryption and hope that it keeps things private enough for long enough. It does not make the connection "secure".
Re: (Score:3, Informative)
A secure line needs to be physically secured and controlled and carry traffic directly from A to B only.
Nonsense. The entire point of modern public key cryptosystems is to allow secure communication over non-secure links. This secure channel can even be established without private key exchange - hence the name.
Re: (Score:2)
I could see an argument to the point that calling a medium that can be DoSd "secure" does not meet muster if you consider reliability part of "security."
But for common use cases "secure" just means aaa, integrity, and confidentiality are protected, and modern crypto suites guarantee this against all known non-quantum attack mechanisms, and the new stuff rolling out is a first shot at killing all known quantum-computing-based mechanisms. For any use case where the security only needs to last a couple decade
Re: (Score:1)
192.168.0.1
Re: (Score:1)
Re: (Score:2)
Also, 169.254.0.0/16 and/or fe80::/10
Re:security of the Internet? (Score:4, Informative)
"security of the entire internet." The author of this nugget doesn't know, apparently, that the Internet was never designed to be secure, and any attempt to make it so will inevitably fail. The Internet was designed to facilitate the OPEN exchange of information.
Who cares about the security of the Internet per se? Peak and tamper with the tunnels as much as you want, so long as the data is encrypted and signed then it makes no difference.
Re: (Score:1)
Re: (Score:2)
encryption is just some bolted-on technique
I'm not trying to be an asshole, but this statement shows that you need to learn a lot more about cryptography. It has nothing to do with the medium. Mathematical operations are performed on the data. There is even the concept of perfect secrecy [wikipedia.org], which has been mathematically proven. The channel can be as insecure as you like, you could shout the ciphertext from the rooftops, it doesn't matter.
Haven't you ever heard of numbers stations [wikipedia.org]?
post-quantum (Score:2, Funny)
Post-Quantum cryptography, but still can't give us an option to disable middle click scrolling on Windows.
fox guarding the chicken coop (Score:2, Insightful)
somehow, I don't fully trust google to safeguard ANY privacy.
I know they have the financial ability to do major work like this, but their results are 100% untrustable, given WHO they are and WHAT they do.
damn. we could use a good ally on the freedom trail; but google will NEVER be it.
Re: (Score:3)
somehow, I don't fully trust google to safeguard ANY privacy.
I know they have the financial ability to do major work like this, but their results are 100% untrustable, given WHO they are and WHAT they do.
damn. we could use a good ally on the freedom trail; but google will NEVER be it.
You're not wrong, but Google's cash cow is that they are the exclusive broker of your personal information to advertisers. So it's in their best interest to keep their services secure, because (a) they don't want you going to some other service that's more secure, (b) they don't want your personal info leaking to somebody else [since its sole value to Google is that they hold it exclusively].
Re: (Score:2)
Google is clearly hell-bent on being as much of an Orwellian data overlord as possible; so trusting them to design products in such a way that they don't tend to leak data to Google during the course of routine use is foolish.
However, Google's approach to gathering alarming amounts of data is usually to make themselves attractive enough that they get invited in to the system(eg. gmail, google voice, 'free' go
Re: (Score:1)
google is careless and irresponsible.
I will point to a bug in the VPN code that is marked wonfix and has been for 2 years, now, on android 4.x. I can't (wont) run 5.x on my phone and I really would like to be able to run vpn's on mobile, yet google just won't fix the bug and instead tells you to 'upgrade to a new os', which has issues of its own (other things break when I try 5.x).
sorry, but google has lost my confidence in doing quality work. way too large of a company, hires too many 'children' wet behi
A New Hope? (Score:2)
[...] a new type of cryptography called the New Hope algorithm [...]
Maybe it's just me, but I have some reservations using an encryption technology with the word "Hope" in the name--as in, "We really hope this works." It's kind of like PGP, "Pretty Good Privacy." It's not great, but it's pretty good.
Granted, what's in a name? Take the same encryption and call it "Anti-Quantum Encryption" and I'd probably be on board.
Re: (Score:2)
Re:A New Hope? (Score:5, Funny)
That's because they are trying to fight The Quantum Menace.
next protection against God? (Score:1)
never mind quantum computers, shouldn't almighty goog starts working on protecting itself, and its zombies, against omniscient God too?
after all unencrypted communications from goog will indicate its pledge to 'do no evil' was a fat evil lie? especially communications between bloody scum like jared cohen, eric schmidt, ilk, with hillary/kerry run state department. plotting murderous regime change in syria by helping 'rebels'(ie in reality al nusra and isis).
Re: (Score:1)
Re: (Score:2)
A development of the 'hahaha, prime f
Re: (Score:2)
It's not computational power (Score:5, Informative)
It's not really fair to call what a quantum computer does "computational power", is it? If you factor N by trying all the integers greater than one and smaller than M= floor( square root ( N ) ), you will eventually find the answer, and the more computational power you have, the faster you can race from 2 to M. Using Shor's algorithm on a quantum machine, you don't actually end up doing all of the intervening computation, but you do get the answer. But that doesn't mean you can automatically take any set of problems and "solve them all at once", because that isn't really what is happening. It's not computational power in that sense, right?
Re: (Score:3)
According to media reports and Hollywood, quantum computers will be able to do anything normal computers do instantaneously. Find the last digit of pi, divide by 0, factor N where N = infinity, decrypt any and every unknown encryption algorithm, etc.
Re: (Score:2)
I don't know what's worse: that I don't understand what you said, or that I almost understood what you said.
Re: (Score:2)
Yep =)
What you are arguing against is a very common, and very wrong, way to explain how quantum computers work. It is notoriously hard to explain it concisely, but even Trudeau [scottaaronson.com] did better than that.
You do start by putting all the solutions of the problem in a superposition, but that in itself doesn't help, as if you just try to read it off you will get a random solution. And a random solution you could get just by running a classical computer with a random number generator.
What you have to do is make all th
Re: (Score:2)
Only calculations that consist of certain combinations of certain operations can be "solved all at once". Most specifically, you cannot read the state of a qbit and see whether it contains both a 1 and a 0, just a 1, or just a 0. You'll either get a 1 or a 0. Second you cannot copy a qbit's "state" over to another qbit to try to work around this. Because of these limitations (and probably some others I won't understand unless/until I have a long stay in a hospital bed or prison with nothing better to do
Devil you don't know (Score:3)
The core problem with pushing "post quantum" crypto into production is you are essentially making choices in the blind based exclusively on fear and *baseless* speculation. There is no affirmative evidence of any kind Quantum computers with the capability to crack crypto are even possible let alone expected in the near to medium term.
I can't help but wonder if at least some of those pushing "post quantum" crypto are intentionally making a play to nerf security more than it already is.
There are a million practical things Google could elect to do to improve real world practical security starting with not reading everyone's email to applying TLS-SRP patches to enable secure password authentication to making Android less of a security joke. Time spent on post quantum crap is time not spent addressing actual threats we know for sure exist in the real world.
Re: (Score:2, Interesting)
Perhaps, but the problem is that if those systems are in fact coming in the near to medium future (and there's "no affirmative evidence of any kind" that it *isn't* true) then they'll absolutely *destroy* most forms of encryption currently in use.
If in fact hostile space aliens (or pancake monsters from the 5th dimension) are coming in the near to medium future then they'll absolutely *destroy* most forms of encryption and everything else currently in use.
Why shouldn't Google care equally about this threat too given the consequences are much worse and there is no affirmative evidence it isn't true? Where does hedging against completely baseless nonsense end? Are there any limits? At all? Of any kind? Only when you can prove a negative?
Google decided that the high risk outweighed the low chance. Plus their work goes towards research which will, eventually, be beneficial.
Merely s
Re: (Score:2)
Why shouldn't Google care equally about this threat
Because they have no power to defend against that threat, no matter how much money they throw at it. Post-quantum cryptography just takes a handful of engineers to work on. It is basically free for a company the size of Google, and the benefits are potentially large.
Merely selecting algorithms OTHERS created is hardly what I would consider to be research.
Read the linked paper. That is not what they do. They optimize and improve security bounds on an existing scheme, making it more practical for real-world applications. Many of the most recent encryption schemes developed by academia are wi
Re: (Score:2)
According to Google's blog post [googleblog.com]:
Today we're announcing an experiment in Chrome where a small fraction of connections between desktop Chrome and Google's servers will use a post-quantum key-exchange algorithm in addition to the elliptic-curve key-exchange algorithm that would typically be used. By adding a post-quantum algorithm on top of the existing one, we are able to experiment without affecting user security. The post-quantum algorithm might turn out to be breakable even with today's computers, in which case the elliptic-curve algorithm will still provide the best security that today’s technology can offer. Alternatively, if the post-quantum algorithm turns out to be secure then it'll protect the connection even against a future, quantum computer.
If I read this correctly, they are using "New Hope" in combination with an existing algorithm.