Reply to post: Re: Don't miss the point

Keen for much-hyped quantum computing to finally land? Don't expect it for a decade

Michael Wojcik Silver badge

Re: Don't miss the point

The data has to be resistant to quantum attack n years before a QC attack is feasible, where n is the time value of the data.

That's a naive threat model. Data has to be resistant to attack by GQC machines until that attack's cost drops below the value of the data - just as with any other attack vector.

Even if the NSA has a unicorn-powered large-scale GQC machine now (vanishingly improbable), it is orders of magnitude less likely that using it to using it to crack a large number of keys is possible, much less cheap enough to be worth doing. Given the vast number of qubits required for QEC for decent-sized problems, even a big-enough-to-be-useful GQC machine will almost certainly be applied to only a handful of extremely valuable problems.

I think research into post-quantum crypto is swell. It's nice that RLWE and similar algorithm families are becoming feasible for everyday use. But the data-lifespan arguments for PQC are mostly based on some highly unlikely assumptions.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019