[liberationtech] Quantum computation & communication

Matt Mackall mpm at selenic.com
Wed Dec 19 07:38:02 PST 2012 

On Wed, 2012-12-19 at 00:38 -0600, Gregory Foster wrote:
> After reading Assange, et. al.'s "Cypherpunks: Freedom and the Future of 
> the Internet", wherein classical encryption is presented as a panacea 
> for ensuring privacy in an age of mass surveillance, I found the 
> following article succinct in questioning the long-term viability of 
> that narrative (or at least insisting on some qualifications).  Quantum 
> computation and communication is still a long distance away, but this 
> article provides the outlines of how that technology will be used (and 
> abused) by the institutions that will be able to afford it.

Don't believe the hype.

Shor's algorithm for quantum factoring is a special case. With it,
future large quantum computers may some day be able to break today's RSA
and ECC, the two most popular schemes for public key encryption.

However, most other cryptographic schemes (including several other
public-key schemes) will NOT be rendered broken. Instead, they will
become as strong as ciphers with half the key length. For instance,
today's AES-256 will become as strong as today's AES-128. It is
considered very unlikely that there will be significant breakthroughs in
quantum computing theory to improve on that.

In short, given everything known today about the possible potential of
quantum computers, it is already possible to do all the sorts of things
we do with cryptography today in a way that is secure against future
adversaries with quantum computers. Unfortunately, "Quantum Computing
Not Really A Big Deal For Security" doesn't make for a very good
magazine article.

To give you a sense of how far there is to go for quantum computers to
be practical at breaking SSL, the largest number factored by researchers
with a "quantum computer" is the number 143 (ie 11x13), though there's
much debate about whether the approach used is actually "quantum". The
largest undisputed result is for the number 21, also this year, besting
the factoring of the number 15 in 2001. Needless to say, you don't even
need pencil and paper, let alone a quantum computer, to factor these
sorts of numbers. By comparison, today's typical SSL keys have hundreds
of digits.

The biggest risk is that the secrets you encrypt today with SSL or GPG
might be decrypted by a very rich, patient adversary 20 to 50 years from
now. That risk exists with or without quantum computers and I very much
doubt the NSA and friends see enough code-breaking potential in quantum
computing to be putting serious effort into it.

-- 
Mathematics is the supreme nostalgia of our time.


--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list