Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Encryption Technology

Quantum Computer Not Ready To Break Public Key Encryption For At Least 10 Years, Some Experts Say (theregister.co.uk) 84

physburn writes: The Register has spoken to some experts to get a better understanding of the risk quantum computers present to the existing encryption systems we have today. Richard Evers, cryptographer for a Canadian security biz called Kryptera, argues that media coverage and corporate pronouncements about quantum computing have left people with the impression that current encryption algorithms will soon become obsolete. But they will not be ready for at least 10 years, he said. As an example, Evers points to remarks made by Arvind Krishna, director of IBM research, at The Churchill Club in San Francisco last May, that those interested in protecting data for at least ten years "should probably seriously consider whether they should start moving to alternate encryption techniques now." In a post Evers penned recently with his business partner Alastair Sweeny, he contends, "The hard truth is that widespread beliefs about security and encryption may prove to be based on fantasy rather than fact." And the reason for this, he suggests, is the desire for funding and fame.
This discussion has been archived. No new comments can be posted.

Quantum Computer Not Ready To Break Public Key Encryption For At Least 10 Years, Some Experts Say

Comments Filter:
  • That sounds optimistic - I think that we have yet to reach the point at which we can tell with certainty that that will at all be feasible. Forget when.
    • 10 years? Where have I heard that before? Oh, right, AI in the 1960s.

      Seriously though, if your security is immediately breached when someone breaks your encryption, you should rethink your security. Security is about depth - how many layers an adversary must breach before he gains access to your valuables. If you only have one layer between you and your adversary, your valuables are not very secure.

      I thinking of you, blockchain.

      • Re: (Score:2, Insightful)

        by Excelcia ( 906188 )

        Seriously though, if your security is immediately breached when someone breaks your encryption, you should rethink your security

        Ah. Spoken like a true armchair security warrior. I love the sweeping declarations. If your security is breached when someone can open all your locks then you should rethink your security.

        Here are a few points to consider for you:
        1) My electronic security isn't all (or even necessarily mostly) in my hands any more. It's in the hands of banks, government agencies, and (not me bu

        • Re:10? (Score:4, Interesting)

          by sjames ( 1099 ) on Thursday March 14, 2019 @01:41PM (#58273636) Homepage Journal

          AES is currently broken in a cryptographic sense

          That cries out for a citation much as a man lost in the desert for a week cries out for water. As far as I know, the very best known attacks of AES256 reduce it to an effective 253 bits. That is FAR from broken in any sense.

          To say it's broken is like saying you can break a 2x4 with your bare hands as long as it came from a diseased tree and you saw 90% of the way through it first.

          • That cries out for a citation much as a man lost in the desert for a week cries out for water.

            Other people might not appreciate the hyperbole but I do. Well done.

            As far as I know, the very best known attacks of AES256 reduce it to an effective 253 bits. That is FAR from broken in any sense.

            No, this is precisely what broken means. In a cryptographic sense (which I was careful to mention as being what I meant) broken is any attack which renders a result in less than brute-force time. AES's break is significant because it's not a reduced-round version that is vulnerable. It's the full version version. Rijndael's primary competitor in the AES competition was Serpent. Serpent's design philosophy was safety. Their design str

            • by sjames ( 1099 )

              Actually broken means it is possible to come up with the key in a practical timeframe. Weakness is highly variable and somewhat subjective. In this case, the weakening doesn't look like it will make more progress and notably, it cannot actually be used since even for a 128 bit key you have to store 9 petabytes of data to use the technique (and anyone serious about security is using 256 bits).

              All that and you still have to use enough guesses that your grandchildren will be dead before you get the key.

              It's a

        • Nice ad-hominem you got going there. Let me offer a point for you to consider.

          I've left my front door open before. Forget locked, I've left the door wide open intending to go back inside, changed my mind in the 20 feet to the car and driven off forgetting the door was wide open.

          My security was not breached.

          I live in a neighborhood with watchful neighbors and a healthy police presence. Strangers poking around are noticed, reported, stopped. I could leave my door unlocked every day and it's unlikely I'd be bu

      • 10 years? Where have I heard that before? Oh, right, AI in the 1960s.

        AI is all based on the ability of software, which is why predictions of reaching a specific point (which itself wasn't all that specific anyway, very nebulous) can and will be wildly inaccurate.

        When talking about quantum computing though, you aren't talking about anything nebulous or so hard to predict progress of. Generally predictions around when hardware will be developed by have been pretty accurate (if not underestimated).

      • Technology projection:
        1 year: The technology works, we are just trying to find a vendor to sell it.
        5 years: We have a proof of concept working, however we don't know how to mass produce it.
        10 years: We have a theory that a proof of concept should work, trending shows it is possible a goal.
        20 years: We have no idea, but it seems possible
        100+ years: Impossible and have no idea on where to start. But it sounds nice.

      • by gweihir ( 88907 )

        "10 years" is the time were most people making predictions hope that nobody will remember what they predicted. Here, it is obvious complete nonsense, but only experts can see that. All the others, including a large group of self-proclaimed experts that in reality do not know what they are talking about, are just going with the demented hype.

    • Re: (Score:3, Insightful)

      I've been led to thinking that it will never be feasible. We don't know yet, but there are good reasons to think it might not pan out - for breaking crypto.

      E.G. The energy required to cool a volume of space for an n-qbit machine to temps that will maintain entanglement between the qbits will scale with 2^n. So you spend just as much energy doing it in parallel on a quantum computer as you would in a classical computer serially. This isn't known to be true, but try plotting the size of fridge against n for e

      • I've been led to thinking that it will never be feasible. We don't know yet, but there are good reasons to think it might not pan out - for breaking crypto.

        E.G. The energy required to cool a volume of space for an n-qbit machine to temps that will maintain entanglement between the qbits will scale with 2^n. So you spend just as much energy doing it in parallel on a quantum computer as you would in a classical computer serially. This isn't known to be true, but try plotting the size of fridge against n for existing quantum computers and see what the curve looks like.

        Also: Increasing key size is very easy. If quantum computers look like they're getting close we can simply double the key size.

        The reality is that only old messages will be decrypted and those messages are already out there so there's nothing you can do about that anyway.
        .

        • Key size doesn't help with public key crypto. Shor's attack is a logarithmic speed up. Key size helps with the Grover attack for symmetric crypto since it's a square root speed up, but that wasn't the topic of TFA.

    • by sjames ( 1099 )

      Not only is the ability likely more than 10 years out, once it arrives it will be fantastically expensive, and fiddly as hell to keep the things running. You would have to be a very high value target (billions of dollars) to even be worth hacking for a while.

    • by gweihir ( 88907 )

      I agree. The number of entangled qbits has been scaling atrociously bad over the last few decades. A linear increase in qbits may well come with an exponential increase in effort and we may never reach even 100 of them. Also, the computations done with entangled qbits do not yet conclusively prove that quantum computing is really possible. The complexity of the computations done so far is so low that this could still be some other effect. Sure, the theory says it works, but remember that basically every phy

    • That sounds optimistic

      The latest issue of IEEE Spectrum has an article from a quantum computing expert who opines that true quantum computing for any serious task will never happen. It's an argument based on how many qubits are required to create a computing element and how precise the measurments of the wave functions have to be. That's paraphrasing it, but that's the idea.

      I tried finding an online link to it but can't.

  • The experts say... (Score:4, Insightful)

    by jlv ( 5619 ) on Thursday March 14, 2019 @11:19AM (#58272808)

    The "experts" say "not possible for 10 years".

    This means it will likely happen in the next 18 months.

    • The "experts" say "not possible for 10 years".

      This means it will likely happen in the next 18 months.

      Well, either that, or every ten years the experts will say "ten more years."

    • Comment removed based on user account deletion
    • The "experts" say "not possible for 10 years".

      There's also the aspect of, the NSA is about 10 years ahead in relation to crypto and computing related technologies so...

      Nothing to worry about! Move along!

    • by Megol ( 3135005 )

      Just as we have fusion reactors in our cars and intelligent computers.

      • by gweihir ( 88907 )

        That is our "flying" cars, of course!

        Completely agree, the whole thing is BS. There is no threat to encryption from QCs at this time. Maybe when they can break DES or factor arbitrary 512 bit numbers, we need to think about it, but that looks unlikely to happen in the next 50 years, if the last 50 years are any indication.

  • When will we see a traditional computer and quantum computer side by side, showing the quantum computer actually performing the same computation a million, or maybe just a thousand, or perhaps just ten times faster than the traditional computer?

    Let me know when, because before then it's nothing but quantum schmantum pipe-dreaming and weird research projects.

  • by Anonymous Coward

    Whether or not people should be switching to encryption methods today that will be resistant to decrypting by quantum computers in thee future depends on the expected relevance of those messages in the future. If you assume that no message sent today will be relevant 10 years from now, then there is no hurry to update encryption methods. On the other hand, if you need to ensure that an encrypted message sent today or in the near future remains unreadable 10 years from now, then maybe you should be researc

  • Quantum computers work by solving the "hard" problem of prime factorization.
    Essentially an RSA key is the product of 2 randomly selected prime numbers. One is chosen by Alice and one is chosen by Bob at which point they exchange their halves, then they multiply to construct the key. Since the key is never transmitted, only the halves, the theory is that anyone attempting to decrypt their communications needs to guess the two halves of the whole key.

    So all of RSA is based on this idea that it is very hard

    • by Anonymous Coward

      You really don't know how the numbers used in RSA are generated. I suggest becoming educated on the subject, and cryptography in general, so you don't sound like /.'s mental case who preaches local file based machine name lookups as security but with crypto instead. You are advocating switching from prime factorization based to elliptical curve based public key crypto which is really dumb when talking about quantum computers. Elliptical curve crypto is even easier to break with Shor's Algorithm than regular

    • by gweihir ( 88907 )

      RSA is not broken. Stop pushing lies.

    • there are a limited number of prime numbers currently known, roughly 2 billion

      Totally wrong.

      Look at just the approximate number of 2048-bit primes which is in the range [2^2047 ... 2^2048-1].

      Approximate number of primes less than x is x/ln(x)

      So, we have (2^2048-1)/ln(2^2048-1) - (2^2047-1)/ln(2^2047-1)

      Which is ~ 1.14 x 10^613; a truly monstrous number.

  • So if you encrypt something today, do you care if itâ(TM)s secret 10 years from now? Depending on what youâ(TM)re encrypting, yes you do.

    If your oposition is nation-states, theyâ(TM)re probably collecting things that are interesting now, for decryption later when they have the ability, so ya, you probably care now.

    Iâ(TM)ve had multiple professional conversations about âoepost-quantum cryptographyâ in the last 2 years because of exaclty this. Todayâ(TM)s emails are eviden

    • by necro81 ( 917438 ) on Thursday March 14, 2019 @12:43PM (#58273308) Journal
      To quote from Cryptonomicon:

      Randy ... has pointed out to Avi, in an encrypted e-mail message, that if every particle of matter in the universe could be used to construct one single cosmic supercomputer, and this computer was put to work trying to break a 4096-bit encryption key, it would take longer than the lifespan of the universe.

      "Using today's technology," Avi shot back, "that is true. But what about quantum computers? And what if new mathematical techniques are developed that can simplify the factoring of large prime numbers?"

      "How long do you want these messages to remain secret?" Randy asked, in his last message before leaving San Francisco. "Five years? Ten years? Twenty-five years?"

      After he got to the hotel this afternoon, Randy decrypted and read Avi's answer. It is still hanging in front of his eyes, like the after image of a strobe:
      I want them to remain secret for as long as men are capable of evil.
    • Quantum computing is useless against a one-time pad. It would just come up with all possible pads which convert the ciphertext into all possible plaintexts which makes sense. e.g. It would come up with decryption ciphers which convert the ciphertext to "one of by land, two if by sea" and "two if by land, one if by sea", leaving the code breaker no better off than not being able to break it.

      The only reason we use public key encryption is because it's a lot easier than meeting up in person to exchange a
    • Please turn off "smart" quotes in your keyboard settings.

  • Burglar just released from prison says not ready to break into houses for a least a few years. "If anyone sees a break in," he offers, "It wasn't me. No sir."

  • On the assumption they think it will take 10 years to crack existing crypto before there is a need to migrate to post-quantum algorithms, leads me to think they already have it or will very soon.

    I attended the RSA Data Security Conference In, I think it was 1993, when Diffie talked about cracking DES with dedicated hardware in a matter of hours. That same year, 512 bit RSA was cracked as one of the RSA Challenges.

  • by Anonymous Coward

    We've been told that once quantum computers reached quantum supremacy they would be able to break current encryption also known as Y2Q. Now you're saying it will be another 10 years? I don't buy it.

    https://en.wikipedia.org/wiki/Quantum_supremacy

  • If that's what they're announcing then it means they've broken it and are now trying to put our minds at ease, in order to "catch the bad guys" of course.

  • "Quantum Computer Not Ready To Break Public Key Encryption For At Least 10 Years, Some Experts Say"

    That's what they want you to believe.

    You know, the mysterious, shadowy "they" that's behind everything- chemtrails, the flat-earth, anti-vaxxers, Reptilians, C++ pointers...it's all them and they. Hopefully they won't delete this post where I blow the lid off of their nefarious activities.

    The light in your fridge burned out? They did it. One of your tires suddenly gets low? They did it. Who ate all the i

No spitting on the Bus! Thank you, The Mgt.

Working...