Comments about the article in Nature: Encryption faces quantum foe

Following is a discussion about this article in Nature Vol 525 10 September 2015, by Chris Cesare
In the last paragraph I explain my own opinion.


Introduction

The article starts with the following text:
Although these devices (quantum computers) are thouht to be a decade or more away, researchers are adamant that preparations must begin now.
The first step is a clear definition what are quantum computers.
Computer-security specialists meet this week to discuss quantum-resistant replacements for today's cryptographic systems.
You can discuss security issues, but at of this moment there is no link to quantum mechanics (ie either to use or to fear) with out knowing what it is.
But on the day that the first large quantum computer comes online, some widespread and crucial encryption methods will be rendered obsolete.
The introduction of qc's will be slow. First you wil get qc's of 10 qbits, then of 100, then of 1000 etc etc. Time enough to use them yourself to do research, as an encrypting tool or to disypher encrypted messages.
Quantum computers exploit laws that govern subatomic particles, so they could easily defeat existing encryption methods.
Qc's are based on entanglement and superpositions which are very faque physical concepts. It is very difficult at of this moment to claim how they can be used for any practical problem. One proposed problem to solve is how to factorize large numbers into its two prime numbers. If qc's can do this, is still a very open question.
"I'm genuinely worried we're not going to be ready in time" says Michele Mosca, chief executive of evolutionQ, a cybersecurity consulting company.
It is at their own interest to create fear.
For more information about "evolutionQ" read this: http://www.evolutionq.com/news.html
Any proposed replacement- even if it sees impregnable at first - must withstand multitudes of real and theoretical challenges before it is considered reliable enough to protect the transfer of intellectual property etc
You put the stick much and much to high. Before you want to chalenge if any system is theoretical save, you must first build such a system and see how it performs under a controlled enviroment i.e. laboratory condition. The next step is to define its limits.
This weeks workshop, etc bringing together cryptographers, physicists and mathematicians to evaluate and develop cryptographic tools that are les vulnerable to quantum computers.
Such a workshop does not make sense. If you want to build and evaluate qc's you need only physicists.
In a scanario the Dutch General Intelligence and Security Service calls 'intercept now, decrypt later' a nefarious attacker could start intercepting and storing financial transactions, personal e-mails etc and then unscramble it all once a qc becomes avaible.
Imo such a doom day scenario is almost non existing. What is more realistic is that users use a cloud of tailored pc's and boolean logic to unscramble the data
As far back as 1994, mathematician Peter Shor showed that a qc would be able to quicky foil 'RSA encryption' one of the major safaguards used today (P.W. Shor at http://arxiv.org/abs/quant-ph/9508027v2 ;1995)
Peter Shor's work is highly theoretical. Since 1994 not much practical progress is made.
But a theoretical discovery in 1996 showed that up to a limit, a qc with some flaws could be just as effective as a perfect one.
The question is what is the definition of a perfect one?
In order to factorize large numbers on a pc the pc must be perfect.
The security of RSA depends on the difficulty of breaking up a large number into its prime factors, which serve as its secret key. In general the larger the number, the harder this problem is to solve.
Large numbers are not more difficult, they are more time consuming.
Researcher believe that it takes existing computers a long time to factorize big numbers, partly because no one has yet discovered how to do it quickly.
The practical thread by qc's is highly exagerated. the current practical limit is the number 143 = 11x13
See "Quantum Factorization of 143 on a Dipolar-Coupling NMR system" http://arxiv.org/abs/1111.3726 In this case only 4 Qubits are used.
PQCRYPTO a European consortium of quantum-cryptography researchers in academia and industry etc that are resistant to quantum computers. ( see http://go.nature.com/5kellc)
For more about PQCRYPTO read this: http://pqcrypto.org/
Next:


Reflection

The header of the article starts with the text:
Researchers urge readiness against attacks from future-generation computers.
IMO this smells to the creation of fear which is not realistic. In fact in some sense it are the same Researchers which are developping these same future-generation computers. These are the people which know everything about these new tools. It are these people who should inform us what is possible and not possible from a realistic point of view.
It is more or less equivalent with the arms race. We are building stronger and more powerfull gear to protect us. Our ennemy, in principle all the people who do not agree with us, will do the same and can do more. At the end where does it brings us.

Feedback

None


Created: 11 October 2015

Back to my home page Index
Back to Nature comments Nature Index