DEF CON 33 - Post Quantum Panic: When Will the Cracking Begin, & Can We Detect it? - K Karagiannis
Due to recently published algorithmic improvements (1399 qubits @ 2048 bit key length for Shor’s) and leaps being made in quantum computing hardware (IBM Starling @ 200 logical qubits in 2029, and IBM Blue Jay @ 2000 logical quibits from 2033 and on), encryption is in danger of State-sponsored and high end-criminal attacks as soon as 2030. Particularly susceptible are crypto-currencies like Bitcoin, which rely on the Elliptic Curve Discrete Logarithm Problem (ECDLP) and are attackable by Shor’s factoring capability on a predictably feasible quantum computer.
The fact that he doesn’t talk about the current state and real world process of applying and trying out the algorithms and their improvements of the last 10 years makes me strongly believe this is more propaganda than real.
It’s all projection, and projections of projections.
I’m not going to argue against the accelerated introduction of post quantum algorithms… But this talk smells
I’ll take every opportunity I can get to share https://www.cs.auckland.ac.nz/~pgut001/pubs/bollocks.pdf
This is a brilliant presentation. I heard about his paper that demonstrated integer factorisation with an abacus, a VIC-20 and a dog, but I hadn’t seen this before.
Aside: The Quantum Supremacy Drinking Game – Open a new bottle of wine every time quantum supremacy is announced – Requires a well-stocked wine cellar
🤣
e: Oh wow I found it https://www.youtube.com/watch?v=kApzLuMw9_A
I wish I could have seen the presentation. I love the slides.
It’s what I’ve been saying for a long time, we are at the “We can easily drill to the center of the Earth, we’re simply waiting for the drilling machine to be complete” stage.
… Which is why we all should immediately switch to post-quantum encryption possibly much weaker against conventional cryptanalysis. Thank you, NIST, NSA and other such respectable official bodies. Of course I believe you.
In general the whole “everyone should use standard state-of-the-art cryptography” turned out to be a con. And somehow the more “standard state-of-the-art” things were broken, the more was the confidence that they are what should be used. In the 90s “standard state-of-the-art” things were being broken casually, and non-standardized ciphers were made and used far more often than now, and somehow that was fine.
I dunno, we’re all using AES with even hardware implementations of it, potentially backdoored, and with approved recommended S-boxes, without explanation how were these chosen (“by the criteria of peace on earth and goodwill toward men” is not an explanation, a mathematical paper consisting of actions you repeat and unambiguously get the same set would be that).
I think if you are afraid of your cryptography rotting, embracing some pluralism outside of cryptography is what you should do. Like maybe partitioning (by bits, not splitting into meaningful portions god forbid) the compressed data and encrypting partitions with different algorithms (one AES, one Kuznetchik, one something elliptic, one something Chinese).
… Which is why we all should immediately switch to post-quantum encryption possibly much weaker against conventional cryptanalysis.
There’s no need to switch, you can just layer it, and should be done asap
I was being sarcastic. An if you are layering it, you better use a different secret.
We can only hope that Bitcoin gets pwned by quantum computers. It would be absolutely glorious.
IonQ’s timeline doesn’t look realistic. Perhaps IBM’s is; idk anything about this space. I see it’s been 6 years since quantum advantage has been demonstrated, but nothing useful has been done yet. Hard to speculate on timelines when the tech is still in its infancy.
