Re: More on the RSA crack by new quantum approach paper
I don't enjoy becoming the boy who cried quantum wolf since I was a quantum-quackery debunker for years. However - the threat is now verifiable - the threat is real - and it consists of several looming factors, this present paper making up only a tiny part. In the interests of enlightened self-intertest please consider the following . . . 1) Quantum computing advances into the realms of theoretical attacks on RSA 2) Increased will to mobilize the resources by a ' pariah alliance ' that includes Russia, the DPRK and Iran. 3) Increased value of ' the Prize ' - this used to be ME oil - now its Satoshi's stash the public keys for which may be vulnerable. I don't think allowing the enemies of all decent humanity the chance to scoop up a trillion or so dollars is a risk worth running if we don't have to. With a huge effort we can avoid this. Its worth spending hundreds of billions on internet infrastructure anyway since that has huge spin-off benefits. Quantum PKI is expensive at the moment but economies of scale make most things like this more affordable with mass adoption. I'm not saying cypherpunks should be tactical statists either - I don't plan on letting up my primary goals of abolishing all religious and nation-state systems. This is still a second order issue as far as strategy is concerned. So long as anyone looks to c-punks for leadership we're obliged to perform at our highest standard - yes? Bottom line - quantum crypto is the gold standard and the more there is of it the more cryptoanarchy.
On 09/01/2023 02:11, professor rat wrote:
I don't enjoy becoming the boy who cried quantum wolf since I was a quantum-quackery debunker for years. However - the threat is now verifiable - the threat is real - and it consists of several looming factors, this present paper making up only a tiny part. In the interests of enlightened self-intertest please consider the following . . .
1) Quantum computing advances into the realms of theoretical attacks on RSA
Not practical attacks. Give it 15 years, maybe.
2) Increased will to mobilize the resources by a ' pariah alliance ' that includes Russia, the DPRK and Iran.
More like the US, UK, EU, China etc who are pumping billions into QC research.
3) Increased value of ' the Prize ' - this used to be ME oil - now its Satoshi's stash the public keys for which may be vulnerable.
The value of Satoshi's keys would be lost in the noise of the overall value of breaking RSA. I don't actually know, are they 2048-bit RSA? [...] So long as anyone looks to c-punks for leadership we're obliged to perform at our highest standard - yes? Agreed. The same is or should be true for cryptographers and cryptologists and security people generally. And I agree that we should be advocating and using QR crypto, now. But I don't see any immediate change in the threat. Or good well-tested (by Schneier's Law) QR examples. 15 years? Some secrets (like Satoshi's keys) should last a lot longer than that, and we should all be advocating using 256-bit symmetric crypto now. But Rindjael-256 rather than AES-256, please. As for asymmetric crypto like signatures and key agreement, if it's important - well, either be aware of the danger or ... don't use it. There are no widespread supposed-to-be-QR asymmetric algorithms that I would trust right now.
Bottom line - quantum crypto is the gold standard and the more there is of it the more cryptoanarchy.
Or more and better normal archic person's crypto? Don't see why it should particularly be anarchic..? Peter Fairbrother
On Sun, Jan 8, 2023, 7:37 PM Peter Fairbrother <peter@tsto.co.uk> wrote:
There are no widespread supposed-to-be-QR asymmetric algorithms that I would trust right now.
None of the lattice based approaches? I'm curious why not? David
On 09/01/2023 06:20, David Barrett wrote:
On Sun, Jan 8, 2023, 7:37 PM Peter Fairbrother <peter@tsto.co.uk <mailto:peter@tsto.co.uk>> wrote:
There are no widespread supposed-to-be-QR asymmetric algorithms that I would trust right now.
None of the lattice based approaches? I'm curious why not?
First, recently proposed lattice-based algorithms have been falling like flies. Doesn't give one much confidence. Second, Schneier's Law: "Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break. It's not even hard. What is hard is creating an algorithm that no one else can break, even after years of analysis. And the only way to prove that is to subject the algorithm to years of analysis by the best cryptographers around." It's not just years of analysis of the algorithm which is required, years of analysis of the implementation is essential too. Tiny mistakes can lead to breaks. Lattice-based approaches have simply not had those years of analysis. Plus, there aren't enough people who understand them right now to do the analysis anyway; after adoption lots of new people will [#] be boning up on or studying lattice math. Third, a bit fuzzy, but I don't like the groups lattice-based systems use, they tend to have too much excess structure. Either that or they take too long. Compared with discreet logarithms or to a lesser extent RSA integer factorisation, whose groups (when people do not use so-called optimisations) have exactly the needed structure and no more, lattice-based groups have structure in unnecessary places, which leads to law 6 based failure: Complex systems provide more places to attack. This is at base the weakness behind three or so (I haven't been keeping close count) of the recent breaks of lattice-based systems. Fourth, none of the lattice-based approaches are as yet in widespread use. As you may gather I am of the opinion that none are as yet suitable for widespread deployment, but that doesn't change the fact that they aren't widely used right now. Which leads to law 8 based failure: A system which is hard to use will be misused, abused and underused. [#] note I say will rather than would - I suspect the tide is moving irresistibly towards some lattice-based approach. But I may be wrong. Peter Fairbrother The laws of secure system design: 0 It's all about who is in control 1 Someone or something else is after the stuff you have 2 Stuff you don't have can't be taken from you 3 Everywhere can be attacked 4 More complex systems provide more places to attack 5 Attack methods are many, varied, ever-changing and eternal 6 Only those you trust can betray you 7 Holes for good guys are holes for bad guys too 8 A system which is hard to use will be misused, abused and underused 9 Security is a Boolean from a future history point of view 10 Two things once publicly linkable cannot be unlinked
On Mon, 9 Jan 2023 16:24:57 +0000 Peter Fairbrother <peter@tsto.co.uk> quoted:
"Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break. It's not even hard. What is hard is creating an algorithm that no one else can break, even after years of analysis. And the only way to prove that is to subject the algorithm to years of analysis by the best cryptographers around."
so called 'peer review' doesn't *prove* that all. 1) an algorithm that no one else can break 2) the only way to prove that is to subject the algorithm to years of analysis by the best cryptographers around laughably dishonest and idiotic lie. The only thing that 2) 'proves' is that those people couldn't break the system, or didn't want to, or didn't publish their actual results. It doesn't prove that it hasn't been broken by, you know, the 'intelligence' 'community' mafia. so guess what, jakobo shneir 'law' is not a 'law' at all - it's a piece of propaganda coming from a pentagon jew.
Schneier's Law: What is hard is creating an algorithm that no one else can break, even after years of analysis. And the only way to prove that is to subject the algorithm to years of analysis by the best cryptographers around."
No Brucie, the only way to "prove" that no one can break an algo is with a mathematic *PROOF*... otherwise all you have is years of speculation.
The laws of secure system design: 0 It's all about who is in control 1 Someone or something else is after the stuff you have 6 Only those you trust can betray you 7 Holes for good guys are holes for bad guys too
The NSA, NIST, and GovCorps around the world have some history and missions of creating, judging, certifying, hiding, publishing, breaking, and selling snakeoil. Nor is Academia not corrupted by them. Letting them continue to do that will continue to break those laws. Yet crypto still lets those entities fill those roles, the very same entities crypto identifies and rails against as being their biggest most powerful talented resource unlimited and specifically adversarial entities in their threat model. Go figure. Best hope China breaks trad crypto tomorrow, puts a world full of old snakes out of work and on the barbecue.
Personally I feel like I can think a little more clearly about almost everything after reading Peter’s latest reply, and I’m worried our spam could tax people who say these things. I recognize those laws from when people mentioned them more frequently, years ago. It’s nice to remember their opposites are not true. I am not a cryptographer, but it sounds like it makes ideal sense to encrypt thricely in layers: asymmetrically, lattice-based, and with rijndael-256, and such that none of the cryptosystems are securing the keys of the others. I call it “multiple locks rather than multiple doors”: combining algorithms in such a way that all must be broken to get through. I remember seeing an ssl break result from stacking algorithms with dependency rather than strength.
participants (6)
-
David Barrett -
grarpamp -
Peter Fairbrother -
professor rat -
punk -
Undescribed Horrific Abuse, One Victim & Survivor of Many