The longer the key you are trying to generate, the longer this takes. Randy is trying to generate one that is ridiculously long. He has pointed out to Avi, in an encrypted e mail message, that if every particle of matter in the universe could be used to construct one single cosmic supercomputer, and this computer was put to work trying to break a 4096 bit encryption key, it would take longer than the lifespan of the universe.
"Using today's technology," Avi shot back. "that is true. But what about quantum computers? And what if new mathematical techniques are developed that can simplify the factoring of large numbers?"
"How long do you want these messages to remain secret?" Randy asked, in his last message before leaving San Francisco. "Five years? Ten years? Twenty five years?"
After he got to the hotel this afternoon, Randy decrypted and read Avi's answer. It is still hanging in front of his eyes, like the afterimage of a strobe:
I want them to remain secret for as long as men are capable of evil.*
A favorite of mine as well; I think theres a Shaftoe in a lot of us. For the uninitiated, it took me about 48 hours of reading to get through. The depth of Stephenson's side-stories and historic background are as captivating as they are numerous, to me it is emblematic of his writing style.
The article offers no explanation about how adversaries are able to get the encrypted data in the first place. I'm not saying it's unlikely or that they shouldn't invest in quantum-proof cryptography for the future, but it would be nice to hear about some plausible ways that data is being "harvested now". I assume that nuclear weapon design secrets aren't floating around as encrypted files on the web. One possible idea I had is that adversaries are intercepting and saving HTTPS traffic between "interesting" targets.
API exfiltration is a common technique. One of the downsides of public APIs is that they're usually very enumerable on purpose. This leaks into how we design private APIs as well.
Others could be more traditional, like a dragnet that infiltrates common applications or exploits, then hunts for IAM credentials or a DB server.
Users checking tokens with public endpoints into repositories is also very common.
Also, the term is post-quantum cryptography. I don't think it can be declared quantum-safe or quantum-proof just yet.
> I assume that nuclear weapon design secrets aren't floating around as encrypted files on the web. One possible idea I had is that adversaries are intercepting and saving HTTPS traffic between "interesting" targets.
They're probably targeting communications, like those diplomatic cables Manning leaked. I'd assume top secret "design secrets" aren't transmitted. My understanding of spying is it's typically focused on gleaning information from sources a laymen would consider boring and/or useless. For instance, the NSA worked until 1980 to decrypt certain Soviet messages sent between 1942 and 1945 that re-used one-time pad pages:
Ironically, the most uncrackable communications today is probably diplomatic cables to enemies (like the "red phone" which is a misnomer), which uses one-time pad (technically hard drives now) encryption, mainly because they don't trust each others' encryption (or even sharing their encryption to their sworn enemy!) and cryptologists on both sides say that OT pads are perfectly uncrackable (which is true, assuming that no-one tampered the diplomatic box between i.e. the Pentagon and the Kremlin, for example).
> diplomatic cables to enemies (like the "red phone" which is a misnomer), which uses one-time pad (technically hard drives now) encryption, mainly because they don't trust each others' encryption
I don't think that's quite accurate. The Wikipedia article makes it sounds like the issue was more that they didn't want to give their adversary access to their encryption technology. In this context, OTP has the advantage of being both secure and not secret.
> The hotline between Moscow and Washington D.C., established in 1963 after the 1962 Cuban Missile Crisis, used teleprinters protected by a commercial one-time tape system. Each country prepared the keying tapes used to encode its messages and delivered them via their embassy in the other country. A unique advantage of the OTP in this case was that neither country had to reveal more sensitive encryption methods to the other.
Anything based on RSA, factoring primes, will be vulnerable. There are lots of forms of encryption which no quantum algorithm is known to process faster -- I believe elliptic key crypto is one. I don't know whether any cryptocurrency uses such alternative encryption schemes.
That seems exceedingly unlikely. I think it's more likely someone finds an efficient classical ECDLP (Elliptic Curve Discrete Log Problem) solver in 5 years...
That's from 2016. It's wise to impute shady motives to US government encryption efforts in light of probable DES skulduggery, the Clipper chip, Dual_EC_DRBG, and all the Snowden-era revelations about "implants" and NSA intercepting and modifying hardware.
> It's wise to impute shady motives to US government encryption efforts in light of probable DES skulduggery...
Huh? Didn't DES use NSA-provided unexplained magic numbers that many people were highly skeptical of, but actually made it more secure against an attack that was not publicly known?
The NSA does a lot of things, many of them in opposition to other internal departments. The problem is that you don't know the agenda of each team there, sometimes for decades.
We should all be operating under the assumption that everything we type or say to an internet connected computer will one day be public and indexed to our name and face.
Better to assume it’s possible rather than likely. If you have motivated enemies they can do it already, you’d need to be worth the effort for them to want to attack you.
The funny thing is, I've got some data myself that was encrypted but have since lost the password, and would not mind unlocking with in however many decades that quantum key breakers are available to the general public.
What I'd like to know is what is the status of all those billions of dollars in crypto currency? That's quite an incentive to build a quantum computer if it would allow you to steal some of that money. And what's the legal status of breaking some encryption and stealing crypto currency? Is that even stealing?
For defense: They rotate to a quantum proof algorithm
For attack: custody is never provable in crypto, as in you can prove you own an account but you cant prove nobody else does. so a hacker can use that to their advantage. They can also delay rotation by carefully picking their targets and amounts, as all the victims will be victim blamed and not believed for a very long time so a quantum computer hack could exist for a long time unless a large theft was done. Its tricky because many power users will report unexpected thefts and the rumors will start quickly.
prediction markets suck with liquidity, you just have to invest in the company that would offer the ability to do it
there are just already lower tech ways to make billions getting other people’s crypto, and turning that into cash easily, assuming you even want state money
its just not worth it for the “aha! see only I could make this bet so accurately” gloat, right now
I've been thinking about this with relation to Bitcoin and Ethereum lately. I'm hopeful that a little-known Blockchain called Mochimo might have the answers--they seem to have prepared for the post-quantum computing age early by using WOTS (Winternitz One Time Signatures) in each transaction.
52 comments
[ 2.7 ms ] story [ 120 ms ] thread"Using today's technology," Avi shot back. "that is true. But what about quantum computers? And what if new mathematical techniques are developed that can simplify the factoring of large numbers?"
"How long do you want these messages to remain secret?" Randy asked, in his last message before leaving San Francisco. "Five years? Ten years? Twenty five years?"
After he got to the hotel this afternoon, Randy decrypted and read Avi's answer. It is still hanging in front of his eyes, like the afterimage of a strobe:
I want them to remain secret for as long as men are capable of evil.*
What a tasteful reference on HN. Love that book.
Here is another quote about metis, which I reread every time I need inspiration: https://markpasc.org/blog/gems/athena.html
'Q'-you-you.
That said it is slightly harder now most email isnt flying around in clear text just waiting to be scopped up.
Others could be more traditional, like a dragnet that infiltrates common applications or exploits, then hunts for IAM credentials or a DB server.
Users checking tokens with public endpoints into repositories is also very common.
Also, the term is post-quantum cryptography. I don't think it can be declared quantum-safe or quantum-proof just yet.
They're probably targeting communications, like those diplomatic cables Manning leaked. I'd assume top secret "design secrets" aren't transmitted. My understanding of spying is it's typically focused on gleaning information from sources a laymen would consider boring and/or useless. For instance, the NSA worked until 1980 to decrypt certain Soviet messages sent between 1942 and 1945 that re-used one-time pad pages:
https://en.wikipedia.org/wiki/Venona_project
I don't think that's quite accurate. The Wikipedia article makes it sounds like the issue was more that they didn't want to give their adversary access to their encryption technology. In this context, OTP has the advantage of being both secure and not secret.
https://en.wikipedia.org/wiki/One-time_pad#Historical_uses
> The hotline between Moscow and Washington D.C., established in 1963 after the 1962 Cuban Missile Crisis, used teleprinters protected by a commercial one-time tape system. Each country prepared the keying tapes used to encode its messages and delivered them via their embassy in the other country. A unique advantage of the OTP in this case was that neither country had to reveal more sensitive encryption methods to the other.
I would expect we will more likely have an error-correcting quantum machine sooner than the aforementioned. Given the pace Google et al are making.
We already have a quantum approach to solved ECC over finite fields, Shor's.
https://gcn.com/articles/2013/06/10/nsa-bumblehive-data-cent...
https://csrc.nist.gov/news/2016/public-key-post-quantum-cryp...
That's from 2016. It's wise to impute shady motives to US government encryption efforts in light of probable DES skulduggery, the Clipper chip, Dual_EC_DRBG, and all the Snowden-era revelations about "implants" and NSA intercepting and modifying hardware.
Huh? Didn't DES use NSA-provided unexplained magic numbers that many people were highly skeptical of, but actually made it more secure against an attack that was not publicly known?
For attack: custody is never provable in crypto, as in you can prove you own an account but you cant prove nobody else does. so a hacker can use that to their advantage. They can also delay rotation by carefully picking their targets and amounts, as all the victims will be victim blamed and not believed for a very long time so a quantum computer hack could exist for a long time unless a large theft was done. Its tricky because many power users will report unexpected thefts and the rumors will start quickly.
We are talking about deriving private keys from an address hash, which is already still improbable with quantum logic
There is also the idea of changing a signed transaction in flight before confirmation, which is the most probable
Or attempting to alter the state of a smart contract, which is less probable and needs consensus
there are just already lower tech ways to make billions getting other people’s crypto, and turning that into cash easily, assuming you even want state money
its just not worth it for the “aha! see only I could make this bet so accurately” gloat, right now