Re: The Register: IBM puts NIST’s quantum-resistant crypto to work in Z16 mainframe

Thu Jul 28 19:19:32 PDT 2022

Thanks Gym!

------- Original Message -------
On Wednesday, July 27th, 2022 at 3:52 PM, jim bell <jdb10987 at yahoo.com> wrote:

> The Register: IBM puts NIST’s quantum-resistant crypto to work in Z16 mainframe.
> https://go.theregister.com/feed/www.theregister.com/2022/07/27/z16_ibm_post_quantum_crypto/
>
> Actual quantum computers don't exist yet. The cryptography to defeat them may already be here
>
> NIST pushes ahead with CRYSTALS-KYBER, CRYSTALS-Dilithium, FALCON, SPHINCS+ algorithms
>
> [Thomas Claburn in San Francisco](https://www.theregister.com/Author/Thomas-Claburn)Tue 5 Jul 2022 // 22:36 UTC
> [43 [comment bubble on white]](https://forums.theregister.com/forum/all/2022/07/05/nist_quantum_resistant_algorithms/)
> ---------------------------------------------------------------
>
> The US National Institute of Standards and Technology (NIST) has recommended four cryptographic algorithms for standardization to ensure data can be protected as quantum computers become more capable of decryption.
>
> Back in 2015, the NSA [announced plans](https://web.archive.org/web/20150905185709/https://www.nsa.gov/ia/programs/suiteb_cryptography/) to transition to quantum-resistant cryptographic algorithms in preparation for the time when quantum computers make it possible to access data encrypted by current algorithms, such as AES and RSA.
>
> No one is quite sure when that may occur but it depends on the number of qubits – quantum bits – that a quantum machine can muster, and other factors, such as [error correction](https://www.theregister.com/2020/12/09/quantum_computing_correction/).
>
> Researchers at Google and in Sweden last year[suggested](https://quantum-journal.org/papers/q-2021-04-15-433/)it should be possible to factor a 2,048-bit integer in an RSA cryptosystem in about eight hours, given a 20 million-qubit quantum computer. Researchers in France[claim](https://arxiv.org/abs/2103.06159)it should be possible to factor 2,048-bit RSA integers in 177 days with 13,436 qubits and multimode memory.
>
> Current quantum computers have orders of magnitude fewer qubits than they need to be cryptographically relevant. IBM recently unveiled a 127-qubit quantum processor. The IT giant says it is aiming to produce [a 1,000-qubit chip](https://research.ibm.com/blog/ibm-quantum-roadmap) by the end of 2023 and its roadmap places machines of more than 1 million qubits in an unidentified time period. The Jülich Supercomputing Center (JSC) and D-Wave Systems have [a 5,000-qubit machine](https://www.fz-juelich.de/en/news/archive/press-release/2022/2022-01-17-juniq-europes-first-quantum-computer-with-5000-qubits).
>
> Not all qubits are equal however. The JSC/D-Wave machine relies on a quantum annealing processor and is adept at solving optimization problems. IBM's machine is gate-based, which is better suited for running Shor's algorithm to break cryptography.I
>
> n any event, the expectation is that quantum computers, eventually, will be able to conduct practical attacks on data protected using current technology – forcibly decrypt data encrypted using today's algorithms, in other words. Hence, the
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 8278 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20220729/3e56ea68/attachment.txt>