Re: State of Post Quantum Cryptography?

Liste des GroupesRevenir à s crypt 
Sujet : Re: State of Post Quantum Cryptography?
De : peter (at) *nospam* tsto.co.uk (Peter Fairbrother)
Groupes : sci.crypt
Date : 09. May 2024, 22:28:49
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <v1jf6i$srv9$1@dont-email.me>
References : 1 2
User-Agent : Mozilla Thunderbird
On 06/05/2024 14:53, Jakob Bohm wrote:
On 2024-05-02 10:20, The Running Man wrote:
What is you guys take on PQC (Post Quantum Cryptography) algorithms? I know the NIST has held a contest and that there are winners, but do you guys think they're safe to use?
>
I fear they may be broken in the future thereby destroying the security and privacy of millions of unsuspecting users.
Yep, that's a risk. PQC algorithms are of necessity less mature than current cryptographic algorithms. If I may quote Schneier's law it its original form:
"Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can’t break. It’s not even hard. What is hard is creating an algorithm that no one else can break, even after years of analysis. And the only way to prove that is to subject the algorithm to years of analysis by the best cryptographers around."
The winning PQC algorithms have had some of that analysis, but perhaps not enough. I would not be surprised if, like some of the candidates, the winners were comprehensively broken.
And there is another risk: that they will broken in ways we don't know about now. Quantum computers of the needed scale still don't exist, and we don't have years of practice using them - so it is practically inevitable that new attack techniques using quantum computers will be developed.

If any bad actor has a quantum computer with just a few more Qubits
than the ones demonstrated in public, they can break most current public key algorithms using known attack algorithms written a long time ago for
such (then hypothetical) computers. 
Err, no. Just no.
You would need about 1,000 reliable entangled error-free qubits equivalent (REEFQe) to do any useful cryptanalysis of present day public key algorithms, and we are nowhere near that. Not even 100 REEFQe, more like 20.
Having 1,000 error prone qbits, which has been done in a couple of cases, is not nearly enough. Neither is D-wave's 1,200 calibrated annealing qbits.
Not even close.
And close only counts in horseshoes and hand grenades.

They can also break symmetric
encryption at the same difficulty as if the key length was half as many
bits (thus AES 128 would be as weak as IDEA, AES 256 as weak as AES
128). [..] Any PQC public key algorithm will need to be combined with double strength symmetric algorithms.
Now there we agree, in fact double strength symmetric algorithms should be de rigueur in general use as of yesterday: but I don't see why we can't double up and use classic public key algorithms *as well as* PQC public key algorithms, at least for a while.
Peter Fairbrother
who doesn't see why we need the u in qubits

Date Sujet#  Auteur
2 May 24 * State of Post Quantum Cryptography?10The Running Man
6 May 24 `* Re: State of Post Quantum Cryptography?9Jakob Bohm
7 May 24  +- Re: State of Post Quantum Cryptography?1Jan Panteltje
8 May 24  +- Re: State of Post Quantum Cryptography?1The Running Man
9 May 24  `* Re: State of Post Quantum Cryptography?6Peter Fairbrother
10 May 24   `* Re: State of Post Quantum Cryptography?5Jakob Bohm
10 May 24    `* Re: State of Post Quantum Cryptography?4Peter Fairbrother
13 May 24     `* Re: State of Post Quantum Cryptography?3The Running Man
13 May 24      `* Re: State of Post Quantum Cryptography?2Phil Carmody
14 May 24       `- Re: State of Post Quantum Cryptography?1The Running Man

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal