The thought of Quantum computing advances and Quantum computers being freely available will make our current cryptographic systems redundant. PKI will expire soon. Are there new algorithms being developed and also what is the approach. Is the NSA doing something about this? Is it something on your Organisation's radar today ?
A lot of people still dispel the myth of quantum computing, but the threat to "traditional" cryptographic algorithms is real. Even Bruce Schneier agrees. NSA has issued interim guidance (basically, use longer keys) to guide organizations prior to transitioning to quantum resistant algorithms. Notably, NIST is currently working with cryptographers on Post-Quantum Standardization. here's a link to the project: https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Post-Quantum-Cryptography-Standardization
Also, look for Quantum-Cloud-Computing as-a-service to take off. Today, you can get time on IBM Q, D-Wave, Forest, and even with Microsoft Azure integration. Hello AWS where are you in this space?
> Tiger (Viewer) posted a new topic in Tech Talk on 03-13-2019 07:57 AM in the
> The thought of Quantum computing advances and Quantum computers being freely
> available will make our current cryptographic systems redundant.
I've been studying the security implications of quantum computing for more than a dozen years, now. We are not quite at quantumpocalypse yet.
> PKI will expire
First, it's only asymmetric crypto that is under any threat. In fact, the Shor algorithm only works against RSA, so DH and ECC are still reasonably safe. In fact, even if all those *are* attackable (which is probably likely, in the long term) we can still go back to symmetric and Kerberos.
Second, it's taking a while to get full-scale quantum computers online. The largest quantum processor is only around 200 qubits, and it's not a full quantum computer so it doesn't run the Shor algorithm. The largest full-scale quantum computer is currently only about 50 qubits. We are going to need a full-scale machine of around 2,000 qubits to seriously attack current asymmetric systems. I'd estimate that is at least 5 years away. And, even then, you could make asymmetric keys bigger. (Meaning you'd need larger quantum computers.)
Third, please don't confuse the existing "quantum cryptography" with using quantum computers to crack crypto. Quantum cryptography isn't crypto at all: it's just key exchange.
> Are there new algorithms being developed and also what is the approach.
Yes, new algorithms are being researched and developed all the time, and a particular field of interest right now is quantum-proof crypto. The approach is to learn about cryptography. Seriously.
> Is the NSA doing something about this?
> Is it something on your Organisation's
> radar today ?
Actually, quantum computing will have much more serious effects on a number of areas of security besides crypto, and it might not even be the most important ...
====================== (quote inserted randomly by Pegasus Mailer)
email@example.com firstname.lastname@example.org email@example.com
Three things in human life are important. The first is to be
kind. The second is to be kind. And the third is to be kind.
- Henry James
Good points @rslade. Progress is being made on the hardware and we need more qubits to reduce the error rate. We also need to get more Comp Sci students pairing their degrees with Electrical Engineering and Physics so that they understand the technology that they are programming - think STEM but on steroids. Awesome programmers in any of the quantum languages (e.g. QCL, Q#, LIQUi|> is going to be essential because someone is going to have to program Shor's discovery and Grover's algorithm. We need people that understand the the emerging software architecture for quantum. Here's an example https://www.dwavesys.com/software
Also, look for Quantum-Cloud-Computing as-a-service to take off. Today, you can get time on IBM Q, D-Wave, Forest, and even with Microsoft Azure integration.
And, apparently, Google ...
I suggest we should look beyond Quantum Cryptography, to Post Quantum Cryptography and beyond:
Things are moving so fast, we need to deal with the speed of light developments going on in order to combat the ongoing onslaught, which bound to keep a whole bunch of us safely employed for many a year - well beyond are expected retirement ages.
"Lattice-based cryptography isn’t only for thwarting future quantum computers. It is also the basis of another encryption technology called Fully Homomorphic Encryption (FHE). FHE could make it possible to perform calculations on a file without ever seeing sensitive data or exposing it to hackers."
Quantum Computing will enable us to fully enable FHE - it is a stepping stone.
There is huge sums available for research purposes in this field.
I'd like to amend to that, the NIST Quantum crytpo competition is currently in its second round: https://csrc.nist.gov/Projects/Post-Quantum-Cryptography
Any other questions around the topic, alike how to deal with it in a professional environment, feel free to contact me. (Not for setting up quantum safe PKI's though)
Both an amusing take on the controversy and a resource for ongoing "news" is the "Quantum Bullshirt Detector" Twitter account (which the dreaded "community pr0n filter will not let me post, but which you can search for if you correct the "shirt") ...