Quantum Computing Threat

From MgmtWiki
Revision as of 12:53, 5 April 2024 by Tom (talk | contribs) (Post Quantum Cryptography)

Jump to: navigation, search

Full Title or Meme

Successful Quantum Computing creates an existential threat to existing cryptographic algorithms since quantum computing algorithms exist to crack traditionally intractable problems like factoring the multiplication of two large primes used in RSA.

Context

Public key cryptography relies on certain mathematical problems that are very hard to solve, such as factoring large numbers that are the product of large prime numbers or finding the discrete logarithm of a random elliptic curve element with respect to a publicly known base point. If you know the private key components, you can sign the document or decrypt the data. If you don't have the private key and cannot solve the math, you cannot sign the document or decrypt the data.

Problems

  • Good summary by some of the giants in the field[1] have determined that Artificial Intelligence adds to the growing threat from Quantum computing to make breaks even more probable in 2024.
  • Many systems exist which depend on existing public key technology. Some of these are embedded in hardware that cannot be changed once deployed.
  • Existing signatures or encrypted files will continue to need to be processed for many years to come. Certificate keys have a life time of up to 25 years.
  • The approval process for new cryptographic algorithms takes many years of standardization and test to be sure that the work effort to brake them is sufficiently high.
  • Most of the challenges to the Quantum Computing Threat are to be found in the current reliance on Public Key Cryptography for protecting the internet. See that page for more details on this particular threat.

Solutions

Public Key Cryptography has many benefits over Secret Key Cryptography, the effort to create new algorithm to preserve the current PK protocols is underway now triggers for deprecation of RSA and some EC have already been set to the publication of new QR standards by NIST. It is now expected that the RSA and EC algorithms will be accepted by the government until 2035. These dates are subject to revision.

Here is a good summary of the solutions from Cloudflare.

Post Quantum Cryptography

This section details current efforts to address the threat to existing computing and networking infrastructures with most recent at the top of the list.

Post Quantum Status

  • Post-quantum cryptography is too damn big. 2024-03-22 "there has not been enough discussion about how what NIST has standardized is simply not good enough to deploy on the public web in most cases."
  • Mastodon picked P
  • Apple picked pq3 - PQ3 is the first messaging protocol to achieve what Apple calls “Level 3 security.”
  • NSA site is updated from time to time

References

  1. Robert Campbell, Whitfield Diffie, Charles Robinson, Advancements in Quantum Computing and AI May Impact PQC Migration Timelines (2024-02-22) https://www.preprints.org/manuscript/202402.1299/v1
  2. David Ott, +2, Where is the Research on Cryptographic Transition and Agility? CACM 66 No 4 pp 29ff. (2023-04)

Other Material

  • For more information on Quantum Information Theory see that page in this wiki.
  • It is likely that this threat was known to the NSA in Summer 2015 based on their action on Suite B.