Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Friday January 27 2023, @10:05PM   Printer-friendly
from the death-greatly-exaggerated dept.

Expert says the focus on quantum attacks may distract us from more immediate threats:

Three weeks ago, panic swept across some corners of the security world after researchers discovered a breakthrough that, at long last, put the cracking of the widely used RSA encryption scheme within reach by using quantum computing.

Scientists and cryptographers have known for two decades that a factorization method known as Shor's algorithm makes it theoretically possible for a quantum computer with sufficient resources to break RSA. That's because the secret prime numbers that underpin the security of an RSA key are easy to calculate using Shor's algorithm. Computing the same primes using classical computing takes billions of years.
[...]
The paper, published three weeks ago by a team of researchers in China, reported finding a factorization method that could break a 2,048-bit RSA key using a quantum system with just 372 qubits when it operated using thousands of operation steps. The finding, if true, would have meant that the fall of RSA encryption to quantum computing could come much sooner than most people believed.

At the Enigma 2023 Conference in Santa Clara, California, on Tuesday, computer scientist and security and privacy expert Simson Garfinkel assured researchers that the demise of RSA was greatly exaggerated. For the time being, he said, quantum computing has few, if any, practical applications.

"In the near term, quantum computers are good for one thing, and that is getting papers published in prestigious journals," Garfinkel, co-author with Chris Hoofnagle of the 2021 book Law and Policy for the Quantum Age, told the audience. "The second thing they are reasonably good at, but we don't know for how much longer, is they're reasonably good at getting funding."

Previously: Breaking RSA With a Quantum Computer


Original Submission

Related Stories

Breaking RSA With a Quantum Computer 22 comments

Quantum Computers Can Break Major Encryption Method, Researchers Claim

Quantum computers can break major encryption method, researchers claim:

A group of researchers has claimed that quantum computers can now crack the encryption we use to protect emails, bank accounts and other sensitive data. Although this has long been a theoretical possibility, existing quantum computers weren't yet thought to be powerful enough to threaten encryption.

Breaking RSA With a Quantum Computer - Schneier on Security

Breaking RSA with a Quantum Computer - Schneier on Security:

A group of Chinese researchers have just published a paper claiming that they can—although they have not yet done so—break 2048-bit RSA. This is something to take seriously. It might not be correct, but it's not obviously wrong.

We have long known from Shor's algorithm that factoring with a quantum computer is easy. But it takes a big quantum computer, on the orders of millions of qbits, to factor anything resembling the key sizes we use today. What the researchers have done is combine classical lattice reduction factoring techniques with a quantum approximate optimization algorithm. This means that they only need a quantum computer with 372 qbits, which is well within what's possible today. (The IBM Osprey is a 433-qbit quantum computer, for example. Others are on their way as well.)

The Chinese group didn't have that large a quantum computer to work with. They were able to factor 48-bit numbers using a 10-qbit quantum computer. And while there are always potential problems when scaling something like this up by a factor of 50, there are no obvious barriers.

Honestly, most of the paper is over my head—both the lattice-reduction math and the quantum physics. And there's the nagging question of why the Chinese government didn't classify this research. But...wow...maybe...and yikes! Or not.

This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 3, Insightful) by bzipitidoo on Friday January 27 2023, @10:33PM (2 children)

    by bzipitidoo (4388) on Friday January 27 2023, @10:33PM (#1288996) Journal

    One of the most certain ways to get funding is to scare people. Convincingly link an idea, research, project, or what have you, to security, and funding may well come looking for you, rather than the more usual other way around.

    However, there are huge downsides. Paranoid military sorts will want to lock everything down, keep it all super top secret, and silent. Jarheads don't fully appreciate how much scientific progress depends on communication. Worse, they constantly suspect the scientists, and will want access to everything, for purposes of assuring themselves that no treason is planned or ongoing. Even when they can't find the least bit of evidence, they're apt to threaten and bully scientists anyway, under the thinking that harsh punishment will deter it.

    • (Score: 3, Informative) by Anonymous Coward on Friday January 27 2023, @10:55PM

      by Anonymous Coward on Friday January 27 2023, @10:55PM (#1289001)

      You can talk about the psychology all you want. Rapidly changing technology is being pitted against a known potential weakness for widely used encryption. We already know that the NSA stores encrypted information in hope of decrypting it later. A state of mild fear about this topic is justified.

    • (Score: 2, Interesting) by Anonymous Coward on Saturday January 28 2023, @12:27AM

      by Anonymous Coward on Saturday January 28 2023, @12:27AM (#1289014)

      One of the most certain ways to get funding is to scare people. Convincingly link an idea, research, project, or what have you, to security, and funding may well come looking for you, rather than the more usual other way around.

      I'm guessing that researchers from China don't have the same concerns about funding as western researchers do.

  • (Score: 4, Insightful) by Mojibake Tengu on Saturday January 28 2023, @01:00AM (2 children)

    by Mojibake Tengu (8598) on Saturday January 28 2023, @01:00AM (#1289015) Journal

    At the Enigma 2023 Conference in Santa Clara, California, on Tuesday, computer scientist and security and privacy expert Simson Garfinkel assured researchers that the demise of RSA was greatly exaggerated. For the time being, he said, quantum computing has few, if any, practical applications.

    https://en.wikipedia.org/wiki/Clarke%27s_three_laws#The_laws [wikipedia.org]

    1. When a distinguished but elderly scientist states that something is possible, he is almost certainly right. When he states that something is impossible, he is very probably wrong.

    Well, so some quantum whatever is greatly exaggerated, until it is not.

    --
    Respect Authorities. Know your social status. Woke responsibly.
    • (Score: 3, Interesting) by driverless on Saturday January 28 2023, @07:58AM (1 child)

      by driverless (4770) on Saturday January 28 2023, @07:58AM (#1289052)

      Simson is a pragmatist, the cryptographers pushing PQC are almost entirely academics in search of funding and publication credit. There are actually quite a few crypto people out there who can explain in some detail why the great quantum scare is bollocks, but they're almost always drowned out by the people shouting that the sky is falling and we need to adopt this snazzy new post-quantum algorithm they've just invented.

      Surprised to see him given air time actually... oh, it was Enigma. He'd never get away with this at any of the Crypto/Eurocrypt/Asiacrypt/etc venues.

      • (Score: 3, Interesting) by maxwell demon on Saturday January 28 2023, @08:43AM

        by maxwell demon (1608) on Saturday January 28 2023, @08:43AM (#1289056) Journal

        I believe that you don't have to worry about it, nor do I. But there are people who do have to worry.

        If I were working for an intelligence agency, I'd be very worried about it. Secrets that get encrypted today may still be highly relevant in 30 years, and those who are interested in them are willing to invest a lot of money. Not to mention that a new algorithm needs time to build enough trust. Only a fool would already use an algorithm published this year to protect important secrets.

        --
        The Tao of math: The numbers you can count are not the real numbers.
  • (Score: 2) by VLM on Saturday January 28 2023, @04:41PM

    by VLM (445) Subscriber Badge on Saturday January 28 2023, @04:41PM (#1289089)

    I've done "some" research in quantum stuff, and if you ignore every technical detail its roughly the same as parallel processing from decades ago.

    So, yeah, there are specialist clusters with a zillion cores all doing the same simulation, but "in practice" 99.999999999% of the world's computation is still done on machines with less than, I donno, maybe 4 cores. Maybe only 2. Even after decades of parallel processing research. And it hasn't had much of an impact on day to day life.

    Its also kinda the old supercomputer problem, where after you fix the problem of the ALU being too slow, you don't really have a fast computer, you just have one thats a hair quicker but now limited by IO, which seems harder to fix than slow ALUs anyway. Its actually closer to the analog computing problem; sure you can "instantly" solve any problem with opamps but you have a bit of a problem with IO and resolution such that people do DSP, not analog electronics, LOL.

    There are also procedural solutions such that "most" encryption doesn't have to remain unbroken for a trillion years; an enormous amount of activity could still occur online even if you could crack SSL in "five minutes" or whatever. Just make all your business processes on the assumption it'll only be secret for a minute, then do all your transactions HFT style in ns, and the odds of being broken are rather low.

(1)