back to article If you're worried that quantum computers will crack your crypto, don't be – at least, not for a decade or so. Here's why

Quantum computing has been portrayed as a threat to current encryption schemes, but the ability of finicky vaporware to overthrow the current security regime looks like it's massively overstated. Richard Evers, cryptographer for a Canadian security biz called Kryptera, argues that media coverage and corporate pronouncements …

Page:

  1. Anonymous Coward
    Anonymous Coward

    Be slightly more convinced if Kryptera didn't have a big hungry dog in the fight.

    Probably just a coincidental name - but if this the same guy who wrote all the Blackberry books, Nostradamus he ain't (or is I suppose).

  2. Anonymous Coward
    Anonymous Coward

    Most encryption can be defeated by holding a hammer over the fingers of the person with the key

    I think really as individuals we don't have much to worry about until quantum computers are small and cheap enough to be bought by anyone. If you're a big multinational or subject to nation state attacks then maybe yes you do need to take some account of this.

    For the rest of us you can encrypt all you like, a bit like having the best safe in the world, but if I really want your stuff I'll get it. Probably by threatening the kids of the person who has legitimate access. Ubiquitous xkcd - https://xkcd.com/538/

    1. Charles 9 Silver badge

      Re: Most encryption can be defeated by holding a hammer over the fingers of the person with the key

      "Most encryption can be defeated by holding a hammer over the fingers of the person with the key "

      Not if he's a masochist or a wimp. The former would respond, "HARDER!" while the latter would faint before you can even get started.

      1. Jack of Shadows Silver badge

        Re: Most encryption can be defeated by holding a hammer over the fingers of the person with the key

        Or if level 10 pain (same level as torture*) makes an appearance several times a day. What with the opioid crisis they simply won't prescribe anything (fentanyl, oxycontin) that works.

        * - why yes, I have been tortured so I have a scale to measure against. Lots of screaming and begging involved. I don't have to imagine the worst possible amount of pain. I've managed to kill myself several times only to be brought back by the ambulance service despite having a DNR on file with them and the local hospitals.

        1. StuntMisanthrope Bronze badge

          Re: Most encryption can be defeated by holding a hammer over the fingers of the person with the key

          Or the concept of deadman's switch, cognitive chemistry gating and dilatory invisibilism. You may get an answer but it unlocks the wrong door..

  3. Tom 7 Silver badge

    6,681 qubits?

    I wonder, if at that level, the quantum world will just collapse into the real world? While physicists have managed to get large groups of atoms to behave 'quantumly' thats as a unit rather than a lot of things being quantumly individually which is where it becomes matter and may ignore our requests for eye popping flashes of octarine.

    1. Torben Mogensen

      Re: 6,681 qubits?

      Spontaneous collapse of the quantum state to a classical state is indeed a major problem for quantum computing. And the problem increases not only with the number of entangled qubits, but also with the number of operations performed on these. And to crack codes with longer keys, you not only need more qubits, you also need more operations on each.

      The simple way to avoid quantum computers cracking your code is just to increase the key length -- if 256 bit keys become crackable in 10 years (which I doubt), you just go to 1024 bit key length, and you will be safe for another decade or more. Unless some giant breakthrough is made that will make quantum computers scale easily, and I seriously doubt that.

      That doesn't mean that quantum computers are pointless. They can be used for things such as simulating quantum systems and for quantum annealing. But forget about cracking codes or speeding up general computation. You are better off with massively parallel classical computers, and to avoid huge power bills, you should probably invest in reversible logic, which can avoid the Landauer limit (a thermodynamic lower bound on the energy cost of irreversible logic operations).

      1. MJB7

        Re: If 256 bit keys become crackable in 10 years

        "If 256 bit keys become crackable in 10 years (which I doubt), you just go to 1024 bit key length,"

        That works for symmetric crypto. Today AES128 is secure. Gover's algorithm effectively halves the key-length - so just double it back to AES256 and you are fine.

        The problem is asymmetric crypto. Shor's algorithm doesn't halve the key length ... it square roots it. So (stupidly over-the-top) RSA4096 suddenly has 64 bits of security (which is brute-forcible). If you want to get back to 128 bits of security, you'll need to use RSA16384 (and wait a week for key generation).

      2. StuntMisanthrope Bronze badge

        Re: 6,681 qubits?

        Ahh, the old gamma ray, bit-flip memory attack from another dimension. #sillymidon

      3. Dabbb Bronze badge

        Re: 6,681 qubits?

        They stop being pointless the moment there is

        1. Explanation of nature of entanglement.

        2. Explanation of nature of wave function collapse.

        There won't be any meaningful results until you understand underlying physics of what you're doing.

        1. zuckzuckgo

          Re: 6,681 qubits?

          So, right now then?

          1. Dabbb Bronze badge

            Re: 6,681 qubits?

            Did I miss something and El Reg commentard just received Nobel for solving two fundamental issues of QM ?

            Don't think so.

    2. Black Betty

      Re: 6,681 qubits?

      Problem is not that exceeding a certain number of bits might result in the system state collapsing in the real world. The real problem is that achieving a solution requires that the system collapses into one specific CORRECT state.

  4. Duncan Macdonald Silver badge

    If you need it kept secret

    Use a one time pad. This is the only encryption that is known to be unbreakable (provided that the one time pad is kept secure).

    An alternative approach that will drastically increase decryption cost for attackers :-

    Use a three stage encryption - pad the message to a multiple of 16 bytes and insert 16 random bytes at the start of the message - first stage normal (eg AES 256) encryption and append 16 random bytes to the end of the message - second stage reverse encryption (starting at the last byte proceeding to the first byte) using a different encryption (eg Blowfish) and insert 16 random bytes at the start of the message - third stage normal forward encryption using another encryption method (eg Serpent).

    As the input to the last 2 stages looks like random noise, conventional decryption attacks (even chosen known plaintext) are highly unlikely to be able to succeed.

    (The reason for the reversed encryption in stage 2 is to make all the bytes in the encrypted message depend on all the bytes in the original message as well as on the 48 random bytes.)

    1. BebopWeBop Silver badge
      Devil

      Re: If you need it kept secret

      of course you then need to protect both copies of the one time pad (yours and your recipients)

    2. Charles 9 Silver badge

      Re: If you need it kept secret

      Wasn't stacking encryption mathematically proven to be unreliable because it can trigger common-mode faults that reduce the strength to the worst of all of them?

      1. Duncan Macdonald Silver badge

        Re: If you need it kept secret

        I suspect the "proof" to be flawed. Imagine a simple stack of 2 encryption methods - ROT13 and AES 256 - the encryption strength given by the AES 256 would not be adversely affected by the trivial ROT13.

        Assuming different encryption methods with different keys then at a minimum the strength of stacked encryptions should be the strength of the strongest encryption. If all the encryption methods are good then the effective key length should be equal to the sum of the individual key lengths.

        1. Brangdon

          Re: If you need it kept secret

          You have to make sure that, for example, your ROT13 encoder doesn't insert a header that identifies the output as being ROT13, because that can lead to known plaintext attacks.

    3. Grooke

      Re: If you need it kept secret

      For people reading this and getting fancy ideas: don't roll your own crypto unless you have a phd in a cryptography.

  5. amanfromMars 1 Silver badge

    FUD Rules in Never Never Land

    Quantum computing ... finicky vaporware .... Thomas Claburn in San Francisco

    Well, two outta three aint bad, TC, but vaporware is definitely for the odd bods left petrified and stagnating out in the cold.

    "The hard truth is that widespread beliefs about security and encryption may prove to be based on fantasy rather than fact." .... Richard Evers, cryptographer for a Canadian security biz called Kryptera

    You mean like the widespread beliefs about security and encryption being possible whenever IT Programs and Systems Analysis Programmers are always proving them to be impossible to achieve with no degree of absolute certainty?

    In any 'normal' business environment, such services would extraordinarily render themselves as likely victims and patsies liable to crippling prosecution and censure and even lengthy incarceration in a crooked penitentiary for surely such would be a Systematic Systemic Fraud.

    And is "Nevertheless, be careful" the best that systems have to offer?

    In your dreams, buster. Things have changed, .... or if you are slow and unfashionably late to parties and have missed all the foundational action, content yourself with believing, in a see of doubt and hubris, that things are a'changing.

    At least then you can maybe imagine yourself being able to do something about it with the addition of content for utilisation and realisation in Greater IntelAIgent Games Plays.

  6. NoneSuch
    Devil

    The article assumes todays crypto is secure.

    Most of the algorithms were generated by former-NSA folks or those with ties to the US gov.

    1. Arthur the cat Silver badge
      Black Helicopters

      Re: The article assumes todays crypto is secure.

      Most of the algorithms were generated by former-NSA folks or those with ties to the US gov.

      The current state of the art algorithms were pretty much all invented by one person, Daniel Berstein. Most people would not regard djb as having close ties to the US, or any other, government. If he is working for someone, they've got 99% of the entire world's secrets.

      1. G.Y.

        McEliece Re: The article assumes todays crypto is secure.

        Daniel Bernstein is a great guy; but his post-quantum crypto is a variation of McEliece crypto

  7. Charles 9 Silver badge

    What about black projects?

    Does the research take into consideration the possibility of black projects whose very existence is denied and could be much further ahead than the known state of the art? For example, what if the data center in Utah is really just a cover for a working Shor-running quantum computer using the data above to crunch away?

    1. Voyna i Mor Silver badge

      Re: What about black projects?

      That would imply an "alternate" physics community of individuals unknown to the people currently working in the field. It is to say the least unlikely. A secret quantum computer is much more difficult than a secret aeroplane.

      1. Arthur the cat Silver badge

        Re: What about black projects?

        That would imply an "alternate" physics community of individuals unknown to the people currently working in the field.

        It's worth reading this paper On the Viability of Conspiratorial Beliefs.

        TL;DR version: secret conspiracies only remain secret if there are very few people involved.

        1. amanfromMars 1 Silver badge

          Re: What about black projects?

          TL;DR version: secret conspiracies only remain secret if there are very few people involved. .... Arthur the cat

          Super secret conspiracies always remain secret and incredibly future active if the very few people involved are believed to be correct in their presumptions and prognostications ..... for such suddenly opens up Colossal Doors into Almighty New Worlds where Everything is Ideally Shown in Original Perfect Working Condition ... in Order to easily identify all Damaged and Perverted, Corrupted and Subverted Counterfeited Copycat Machines/Right Dodgy Beings.

          And with IT and AI Delivering Whole New Virtual Dimensions to Command and Control/Mentor and Administer to the Delight of Beings Knowing of Original Perfect Working Conditions.

          1. GrapeBunch Bronze badge
            Coat

            Re: What about black projects?

            Wait, may I change my membership type to "Right Dodgy Being"? Oh, yessss.

            Mine's the overcoat that may not be there. But watch it doesn't leave without me. That would be UTterly pointlaisse.

        2. wayne 8

          Re: What about black projects?

          Simple way to keep dark secrets, use social media and closely held mainstream media to ridicule and marginalize those who do not support the official narratives. Use terms like nutters, deniers, haters, anti-something or other, for anyone who questions the approved story line.

          Shaming and Shunning.

          1. CountCadaver

            Re: What about black projects?

            Publish a hammed up version to various conspiracy sites - instant plausible deniability

            "oh we know where that story came from it was on sodiumlaurylsulfatemindcontroldrug.com, you know that haven of cranks, conspiracy nuts and reputed child molesters

            (I just typed something random for that URL by the way and no it doesn't resolve at the time of posting this)

        3. Voyna i Mor Silver badge

          Re: What about black projects?

          Exactly my point in the paper.

        4. zuckzuckgo

          Re: What about black projects?

          @ Arthur the cat

          Any relation to Schrödinger's late (or not) lab assistant?

        5. Brangdon

          Re: What about black projects?

          The work done at Bletchley Park remained secret for many decades, despite thousands of people knowing about it. Maybe the existence of alternate quantum computers will leak in 40 years too.

      2. Charles 9 Silver badge

        Re: What about black projects?

        "A secret quantum computer is much more difficult than a secret aeroplane."

        Explain why given the aeroplane has to be able to fly in unfriendly skies and so on.

    2. tekHedd

      Forget that, what about time travel?

      Conspiracy theories aside, a good rule of thumb is that if you hear the military is "considering research into something", they've long since completed the research, and either have the results ready to go or have decided it's not worth the trouble. Translating "physics experiments" into useful technology can be pretty difficult, but if there is any way at all to break public key encryption with current technology, brute force or otherwise, it has already been done and is in use. If you ran a major government, what would /you/ do? So, you should probably start with the assumption that asymmetric encryption is at least somewhat transparent to certain agencies, if you are important enough to warrant the expense, regardless of the published state of quantum computing or any other research.

      And don't forget about time travel. We're all traveling forward in time at the speed of /normal time/. So, with the magic of archiving, your internet traffic can *travel through time to the future* and be decrypted using what, by then, will be cheap technology. The only thing protecting you is that archiving it is a pain, and it's really not worth the trouble. And of course you're not doing anything important enough to attract attention, right?

      1. Charles 9 Silver badge

        Re: Forget that, what about time travel?

        "The only thing protecting you is that archiving it is a pain, and it's really not worth the trouble."

        Like I said, what do you think that data center in Utah is for? Perhaps they're finding ways to make archiving less of a pain.

  8. Anonymous Coward
    Anonymous Coward

    So Google have there own Qbit system...

    ..so they are totally going to fessup when they are decrypting everyone's HTTPS? I am sure they would have no interest in profiling that sort of information whatsoever

    1. TechnicalBen Silver badge
      Facepalm

      Re: So Google have there own Qbit system...

      Hahahaha. They don't need to if you connect to their servers. Who needs man in the middle, if you own the website? XD

  9. trevorde
    Joke

    Grant application

    "Using virtual reality powered quantum computers to break blockchain powered AI in the cloud"

    Can I have my grant money now?

    1. Steve K Silver badge

      Re: Grant application

      Unfortunately you were 2 buzzwords short of the success threshold.

      Please try again....

      1. amanfromMars 1 Silver badge

        Re: Grant application

        Howdy, Steve K

        I'm wondering why anyone would use grant money for that, other than to attempt Root Breaking/System Cracking.

        Methinks that's Top Military Grade Spooky Shit. It most definitely should be if it is not.

        The Beauty there is it's a Money Pit for Churning Cash into Novel Future Projects with Almighty Programs.

        And the really good/bad ones are always best left to be invisible and rendered relatively unknown via Immaculate Bounties ...... N0 Books Slush Funding. That other crazy lottery for winning with agreed promises accepted to deliver future goods for good futures to deliver promises as agreed.

        Where there's a will, there's a way with limitless ways is true for anyone and everything everywhere is I imagine an Ancient COSMIC Truth that Fired Up ...... At the Beginning, long before there were any heavens or earths ...... you know, the Time Before Words Create All there is to See and Enjoy/Experience as often as one is able and inclined ..... which is what keep the Dark Side up at Night and Living Comfortably at the Shadows of Shade.

        1. Steve K Silver badge

          Re: Grant application

          @AManfromMars1

          Its probably easier to ask for a grant to buy zero-days to compromise end-points rather than cracking strong encryption......

          1. TechnicalBen Silver badge

            Re: Grant application

            Or a hammer. Hammers are cheap.

            1. Anonymous Coward
              Anonymous Coward

              Re: Grant application

              Its also scarily simple to cyber stalk someone and figure out who their nearest and dearest are, grab their spouse/kids.....

              (Its frightening how many military personnel in the UK have their branch of service, duty posting and job title on publicly accessible profiles, when I mentioned this might not be a good idea "Your just scaremongering" "no ones going to grab me" this continued despite pointing out that on high had already made it verboten to put this info online due to OPSEC and PERSEC, along with it would be more than simple to grab your gf or wife and use them as leverage.....no one listened and that included those with quite classified roles and serious access to stuff and who should have damned well known better.)

          2. Anonymous Coward
            Anonymous Coward

            Re: Grant application

            Its probably easier to ask for a grant to buy zero-days to compromise end-points rather than cracking strong encryption...... .... Steve K

            To deserve a grant/reward/fee for either the delivery or non-delivery of any number of catastrophic zero-days that easily and irrevocably compromise end-points rather than cracking strong encryption is one of those DaneGeld Operations/Cleaned Flash Cash AIMissions so beloved of the Mercenary Rogue and Renegade Private Pirate alike, Steve K.

            Such done remarkably well makes asking for loadsamoney unnecessary.

  10. StuntMisanthrope Bronze badge

    Two singular incidences.

    You can't clone yourself, nor supraposition. #itsnotmeitsyou

  11. Rich 10

    The ready availability of quantum computers is predicated on room temp operations - from what I can see, like superconductive materials, quantum computers need chilling to near absolute zero - not easily achieved without a big bankroll and technical capabilities well beyond the average hackophile. We've been waiting decades for room temp superconductors, and the quantum computing environment is a whole nother level beyond that. So not concerned about my stuff, or my local retailer's files for my credit cards.

    Nation-state spying is what it's going to be all about. Later than sooner.....no, wait, my 7 year old grandson has made sure he has better system security than most government agencies. Why are we worrying so much about quanta when good old silicon is still all you need to thrive in this world of failed security.

  12. Tromos
    Joke

    Glad to hear...

    ...that Rot13 is safe for another decade (but you really shouldn't have mentioned it).

    1. Allan George Dyer Silver badge
      Coat

      Re: Glad to hear...

      So, as I'm using Rot13 twice, I'm safe for two decades?

  13. Cliff Thorburn

    joueur prêt un

    Spooky Military projects indeed, with pioneering test pilots in Live Operational Virtual Environments for phantom phormed futures and trading places aplenty.

    https://www.theguardian.com/uk-news/2019/mar/13/uk-military-mod-universities-research-psychological-warfare-documents?CMP=Share_iOSApp_Other

    And as already correctly said, once pioneering crash test dummies prove prospecting promise in present projects and hush slush puppies survive then announcing such seems perfectly possible for future spread bet market revitalising revenue.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019