America's National Security Agency has published an FAQ about quantum cryptography, saying it does not know "when or even if" a quantum computer will ever exist to "exploit" public-key cryptography.
In the document, titled Quantum Computing and Post-Quantum Cryptography FAQ, the NSA said it "has to produce requirements today for systems that will be used for many decades in the future." With that in mind, the agency came up with some predictions [PDF] for the near future of quantum computing and their impact on encryption.
Is the NSA worried about the threat posed by a "cryptographically relevant quantum computer" (CRQC)? Apparently not too much.
What the super-surveillance agency seems to be saying is that it's not a given that a CRQC capable of breaking today's public-key algorithms will ever emerge, though it wouldn't be a bad idea to consider coming up with new techniques that could defeat a future CRQC, should one be built.
It's almost like the NSA is dropping a not-so-subtle hint, though why it would is debatable. If it has a CRQC, or is on the path to one, it might want to warn allies, vendors, and citizens to think about using quantum-resistant technologies in case bad people develop a CRQC too. But why would the spies tip their hand, so? It's all very curious.
(Score: 2, Insightful) by JoeMerchant on Thursday September 02, @11:41AM (2 children)
When an intelligence gathering agency volunteers information, that information is suspect by default. The visible quantum computing projects don't seem terribly expensive or hard to reproduce or scale up. What are the odds that superpower intelligence programs do not have much larger and more capable quantum computers already working on decryption tasks?
(Score: 0) by Anonymous Coward on Thursday September 02, @11:53AM
The NSA has working quantum computers and all the mathematicians needed to make quantum-safe cryptographic algorithms. The military has working artificial intelligence and the robot drones to weaponize it.
(Score: 2) by looorg on Thursday September 02, @12:21PM
In that regard would it not be more likely that they actually believe that they, or someone else they can buy it from, will build one and it will work and they are now trying to downplay that fact so more and more will implement weak encryption so they can snoop on them in the future?
That said perhaps they are correct. A lot of quantum computing claims at the moment seem to be about the hype or problems that they believe that they can (or hope they can) solve in the future. Isn't the field today a bit light on actual practical problems solved right now? Some suggestions that they are solving problems we already solved but faster, which is nice but still it's not the same. Then there are the papers with very iffy claims and solutions that may or may not be real or working.
(Score: 2) by Rosco P. Coltrane on Thursday September 02, @12:22PM (1 child)
They would say that if they already had the capability.
Or they would tell the truth as a double-bluff so you think they have the capability.
The only thing you know for sure about the NSA is that you can't know anything for sure about the NSA.
(Score: 0) by Anonymous Coward on Thursday September 02, @12:34PM
They LARP as good guys who are now out in the open instead of No Such Agency and are just here to protect 'merica.
(Score: 2) by driverless on Thursday September 02, @12:24PM
Twenty years ago, the state of the art in quantum cryptanalysis was factoring the value 15 (four bits), provided you knew the factors in advance.
After twenty years of effort, we've now advanced to factoring the number 21 (five bits), provided you know the factors in advance.
Last I checked, we haven't made it to six bits yet.
A typical RSA key today is 2048 bits, and things get harder exponentially due to various effects like decoherence as you get to more bits.
Quantum cryptanalysis is the rapture for crypto geeks, the magical apocalypse they can hang out for and invent new algorithms to deal with even though it'll never actually come. And every time their boss says "why are we paying you to wank around with exotic algorithms to replace existing ones that work just fine" they can say "but the rapture is coming!".