Because of the NSA'S ability to scoop up the most brilliant cryptographers, they're one of the few powerhouses that have the ability to put together a team effort to accomplish this.
Unfortunately, they've shown in the past a clear desire to sabotage implementations to include weaknesses that only they or perhaps other large state actors can take advantage of.
Any implementation of a quantum-resistant cryptography will face a large uphill battle in terms of trust.
A lot of poaching can be seen at crypto conferences, where attackers like to show off their GPU clusters and arrays of server racks which should have hard-drives and ethernet, but are now packed with custom PS3s for the express purpose of breaking weak keys
> clear desire to sabotage implementations to include weaknesses
I understand the sentiment here, but even the NSA has far more to lose from insecure encryption algorithms than they have to gain by having backdoor access to "secure" encryption algorithms.
-> Quantum computers, once seen as a remote theoretical possibility, are now widely expected to work within five to 30 years.
Not my field of expertise so forgive the ignorance, but am I wrong to think that "five to 30 years" seems like a large spread? How close are we really to quantum computing?
Quantum computers are well understood and prototyped by experts in the field. What most people don't understand is that Q cannot solve NP-hard problems in polynomial time.
It would be interesting to see how some crypto implementations would respond to a quantum attack. I know some implementations that give you back a different message for each key tried, so with a quantum attack there is the possibility of similar-looking messages been shown. So for example, I encrypt a picture of a sunflower, and when running a quantum attack, I get back two different images of a sunflower, and the attacker must then infer which one is the 'encrypted' one and which one is noise. Also why have time horizon solutions/attacks when we already have stego?
12 comments
[ 0.31 ms ] story [ 36.0 ms ] threadUnfortunately, they've shown in the past a clear desire to sabotage implementations to include weaknesses that only they or perhaps other large state actors can take advantage of.
Any implementation of a quantum-resistant cryptography will face a large uphill battle in terms of trust.
I understand the sentiment here, but even the NSA has far more to lose from insecure encryption algorithms than they have to gain by having backdoor access to "secure" encryption algorithms.
I was friends with someone in TCD (Ireland) who did this work >3 years ago.
Not my field of expertise so forgive the ignorance, but am I wrong to think that "five to 30 years" seems like a large spread? How close are we really to quantum computing?