Discussion:
How long can we wait before we absolutely must take steps to protect against quantum computer attacks?
(too old to reply)
Benjamin Gittins
2009-01-21 06:09:48 UTC
Permalink
Raw Message
Hi,

I have written up a short article on my website which asks the
question: How long can we wait before we must take steps to protect
our selves/infrastructure from quantum computer attacks?

http://synaptic-labs.com/ecosystem/context-qc-relevant-today.html

The article has been written for an audience who are most likely not
specialists in security, cryptography or quantum physics. None-the-
less I am of the opinion that the content remains accurate and highly
relevant to the technical / scientific communities.

Based on my personal experience talking to people, there is a
widespread perception in the security and business communities that
the security risks posed by code-breaking quantum computers is a long-
term theoretical problem that can be put-aside and addressed at a
unqualified time in the future. This position argues that our
sensitive information remains secure with our conventional security
systems and that we should continue doing business as normal.

In my article I argue that the community at large needs to look more
carefully at the implications of a wide range of resourcing and
timeline issues.

Issues such as:
* RSA and ECC are both insecure against Shor's or derivatives of
Shor's algorithms, both have the known potential to abruptly fail;
* there is currently no NIST standard for post-quantum secure key
exchange or digital signatures;
* there is currently no NIST competition searching for these
primitives;
* the current NIST SHA-3 competition has a 6-year timeline, a much
longer time frame may be required for key exchange and digital
signature technologies based on Multi Variate Quadratic Systems,
Shortest Vector Problem, or the like based on the experience with
elliptic curve cryptography;
* a NIST cipher standard can take 5 to 10 years to be deployed
extensively in the field;
* once deployed sensitive data must be protected at least 5 to 10
years *before* code quantum computers capable of running Shor's
algorithm efficiently arrive. Many organisations require longer
durations of security.

Even if quantum computers are at least a decade or more away
(according to Prof Seth Llyod and others), that may not be sufficient
time to get the global independent network of communications systems
in order. If large quantum computers of the code-breaking variety
arrive in less than 16 years, it would appear that large segments of
our global communications infrastructure may be unacceptably at risk.

I am looking for constructive technical feedback on the article and
its accuracy.

Equally as important, I am looking for technical feedback from people
who can present a well thought out counter-argument on why this line
of reasoning may be flawed or is in error.

Thanks,

Benjamin Gittins

Chief Technical Officer
Synaptic Laboratories Limited
http://synaptic-labs.com
Chalky
2009-01-22 11:06:59 UTC
Permalink
Raw Message
Post by Benjamin Gittins
Hi,
I have written up a short article on my website which asks the
question: How long can we wait before we must take steps to protect
our selves/infrastructure from quantum computer attacks?
http://synaptic-labs.com/ecosystem/context-qc-relevant-today.html
The article has been written for an audience who are most likely not
specialists in security, cryptography or quantum physics. None-the-
less I am of the opinion that the content remains accurate and highly
relevant to the technical / scientific communities.
Based on my personal experience talking to people, there is a
widespread perception in the security and business communities that
the security risks posed by code-breaking quantum computers is a long-
term theoretical problem that can be put-aside and addressed at a
unqualified time in the future. This position argues that our
sensitive information remains secure with our conventional security
systems and that we should continue doing business as normal.
In my article I argue that the community at large needs to look more
carefully at the implications of a wide range of resourcing and
timeline issues.
* RSA and ECC are both insecure against Shor's or derivatives of
Shor's algorithms, both have the known potential to abruptly fail;
* there is currently no NIST standard for post-quantum secure key
exchange or digital signatures;
* there is currently no NIST competition searching for these
primitives;
* the current NIST SHA-3 competition has a 6-year timeline, a much
longer time frame may be required for key exchange and digital
signature technologies based on Multi Variate Quadratic Systems,
Shortest Vector Problem, or the like based on the experience with
elliptic curve cryptography;
* a NIST cipher standard can take 5 to 10 years to be deployed
extensively in the field;
* once deployed sensitive data must be protected at least 5 to 10
years *before* code quantum computers capable of running Shor's
algorithm efficiently arrive. Many organisations require longer
durations of security.
Even if quantum computers are at least a decade or more away
(according to Prof Seth Llyod and others), that may not be sufficient
time to get the global independent network of communications systems
in order. If large quantum computers of the code-breaking variety
arrive in less than 16 years, it would appear that large segments of
our global communications infrastructure may be unacceptably at risk.
I am looking for constructive technical feedback on the article and
its accuracy.
Equally as important, I am looking for technical feedback from people
who can present a well thought out counter-argument on why this line
of reasoning may be flawed or is in error.
Thanks,
Benjamin Gittins
Chief Technical Officer
Synaptic Laboratories Limitedhttp://synaptic-labs.com
I have already answered this question in principle at
sci.physics.research, via reference to the Vernam algorithm, but it
seems to me that there are potential political problems here too, if
you are thinking about a totally secure commercial product.

My memory in this area is fairly vague, dating from around the time of
the Reagan administration, and prior discussions about upgrading
public encryption standards around then, but, iircc, the US government
was not then prepared to permit distribution of a public encryption
standard that was sufficiently secure to prevent that government from
eavesdropping on such communications whenever it wished.

Iirc, the compromise solution (now considered standard). was itself
prohibited from distribution or use outside of the USA, for a while.

I would appreciate comments on this from others who are more up to
date/well informed in this field.
h***@gmail.com
2009-01-25 12:11:21 UTC
Permalink
Raw Message
Post by Benjamin Gittins
I am looking for constructive technical feedback on the article and
its accuracy.
We already discussed this topic earlier on Ecrypt in Bochum. I think a
more real threat is automatic deterministic program inversion methods.
See my comments op the thread you started on the ecrypt forum.

If you have a look at https://www.cosic.esat.kuleuven.be/nato_arw/program.shtml
you will see active reseach is currently undertaken to take steps for
protection against the type of attacks.

On https://www.wuala.com/freemovequantumexchange you will find a
description of an operational research system which is protected
against these attacks.

Loading...