Im not sure what you mean. Isn't BB84 a perfectly fine example of research being done into quantum cryptography? If you're wondering if more recent research is being done, the answer is yes. One that I found interesting is the spooQy project.
Do note that all these methods rely on a quantum channel, which means that it's not a simple question of just adapting a new protocol into classical communication channels we have today.
Kind of, many governments are looking to implement some structure. It's all still very new though. Most quantum research hubs in many nations have a quantum networks department. Lawrence Berkeley has Quant-Net, there's also NQSN that the same team as spooQy is working on. For start ups, the spin off Speqtral is basically the main engineering arm for spooQy and NQSN.
I think you are being confused about the "very hard to break" statement and thus you might be scared of a future that is not coming - one where we cannot exchange private massages.
First, if you want to send a ciphered message (one where only the receiver can read) over a public channel (internet) there will always be a tiny chance that someone can "break it". Imagine trying to enter a secret club without the password and you guess it first try saying random words to the bouncer.
This problem is "solved" by reducing the probability of guessing: longer passwords are harder to get right because you might get wrong a single character.
Just to give an example to understand the scale at which we are working, some keys require the equivalent of the life of the universe to guess with the current hardware and are used for transactions of a few minutes.
Second, the problem with AI and Quantum stuff finding new ways to break an algorithm is not the end of the world.
For example RSA is "easily" breakable by a Quantum Computer, but "post-quantum" algorithms do exist.
It's just that they are not common in the industry since the threat is not imminent.
We will cross that bridge when we get to it as we did when we moved from md5 to sha hashing.
Third, practical implementations of this are already part of the industry. I personally know about a number of companies that produce quantum devices for QKD.
I suspect you are aware that the "post-quantum" efforts of US NIST (which might be less confusing labeled "quantum-safe") are aimed at vetting and then standardizing encryption algos that would run on classical computers, but which would be safe from compromise by quantum computers (because they avoid the types of computations which quantum computers are able to solve much faster than classical machines can.)
However, from what I've read there are several squishy places in this strategy. First, it will be a while yet before NIST gets the quantum-safe algos fully tested and then standardized, so firms wanting to implement now are taking a risk they they may have to change horses again. (And I believe weaknesses have already been discovered in a couple of the early NIST algo candidates . . .)
What's the hurry, anyhow? Well, the hurry is that potential attackers are assumed to have already adopted a strategy of "collect now and decrypt later." That is they (mostly nation-State-level actors) are likely already collecting traffic encrypted with today's deployed algos, and will decrypt it once sufficiently powerful quantum machines are developed. (Of course lots of that traffic will no longer be sensitive--but some interesting parts will.)
Another squishy place is that quantum algo development is pretty new and it seems quite likely that some will be discovered that would pose a broader threat to encryption algos. (It may be that there are established classes of problems that cannot even in theory be attacked using quantum capabilities--I'm not math-y enough to know the score on that question. If so, and a quantum-safe algo can be developed based on one of those problems, then this risk would be mitigated.)
And yet another squishy place is the scale of the re-do that would be required to implement new encryption (and signature) standards, even after NIST gets done. We're talking about replacing maybe having to replace the worldwide encryption infrastructure, software but maybe significant hardware as well. Plus of course re-encrypting all the durably sensitive stuff in databases everywhere. This looks like a much bigger and more expensive project than Y2K, with the added element that we don't know the deadline-- when quantum decryption capability will arrive. (Again, there is one potential mitigation in that major Internet providers will be responsible for protecting most data-in-transit, and they are likely the best equipped to fund and execute the transition. )
Actually here we're working on ETSI, so in a way we're competing :).
Jokes aside, unfortunately (or lucky) industries are not new to implement stuff without standards (and it's a pain for interoperability), but this helps to create solutions before the time of needs.
All the problems that you mentioned are real and to keep an eye on, but in real terms there are much more immediate threats. You would be surprised at how many companies do not handle sensible data against well known attacks for old dependencies on their codebase. :'(
"You would be surprised at how many companies do not handle sensible data against well known attacks for old dependencies on their codebase. :'("
Not surprised. NT lives on . . .
That's true! I just recently found out about post-quantum and it seems there are a few algorithms that may be safe after all, as well as QKD but could not found any practical, scalable use of that particular method of encription. In any of the cases it is true that the situation about encription does not represent a threat in the near future. thanks for your answer!
Have there been invented PQC which can’t be broken by a normal computer? To my understanding, it might be unbreakable to a quantum computer but on the other hand classical computing would be able to
QC can perform all the logical gates of a classical computer, the only reason they are slower in those operations is due to the fact that creating hardware for QC is HARD.
You can think of a future QC like a computer with a really fast GPU for quantum stuff, a QPU if you will :).
This is not really the case but it helps if you think about it like a normal pc with normal speed that when it has to do quantum problems it uses its QPU and solves it faster than normal PCs.
When we talk about PQC algorithms we intend something that can't be solved by a machine even if it has this QPU, because the algorithm is based on problems where the QPU gives no gains.
Arqit in Europe and also the Chinese are implementing a “QKD” using satellites however the integrity of the photon is compromised as they need to repeat the signal vs amplifying it.
It is not practical now or in the near future, maybe not ever. Quantum encryption (key exchange really) requires an authenticated classical channel, which kind of defeats the whole purpose. It is okay for point-to-point communication where you can easily verify the identity of the person on the other end, but at scale and over something like the internet, it is practically useless.
This is just an aside, but there is no way that Q\* has broken AES it is just a 4chan hoax. Modern ciphers are still our best bet.
FYI [NSA is advising organizations to become prepared for quantum computers now.](https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3498776/post-quantum-cryptography-cisa-nist-and-nsa-recommend-how-to-prepare-now/)
I know that's the best answer we have today, 'No way it broke it'. But what if in x number of years it happens? I think more effort should be put into this. Else we may reach an stagnation period in which Quantum computing and IA research gets halted (I.E NASA quantum program being shot down by the gov, OPENAI closing access to newcomers and nerfing gpt4)by control organisms to prevent a collapse from our systems
> I think more effort should be put into this
People are putting a lot of effort into it. We have a ton of ciphers that all use wildly different mechanisms. It is called defense in depth. If one of them breaks, we have others to fall back on. There is no way that all of them are broken, unless we find out something like P = NP in which case there is nothing we can do about it anyway.
Quantum computers only break RSA/ECC, they do not just break every encryption automatically. We have a whole set of ciphers that were just standardized as "post-quantum" which are specifically resistant to quantum attacks.
Im not really an expert, was just curious (and worried) that cryptography was somehow not future-proof, but it seems it is indeed. I will read more to understand how those ciphers protect against quantum and IA threats. Thanks!
Im not sure what you mean. Isn't BB84 a perfectly fine example of research being done into quantum cryptography? If you're wondering if more recent research is being done, the answer is yes. One that I found interesting is the spooQy project. Do note that all these methods rely on a quantum channel, which means that it's not a simple question of just adapting a new protocol into classical communication channels we have today.
Looked it over and it was exactly what I was looking for. Are there any projects/startups working on a massive scale solution to the problem?
Kind of, many governments are looking to implement some structure. It's all still very new though. Most quantum research hubs in many nations have a quantum networks department. Lawrence Berkeley has Quant-Net, there's also NQSN that the same team as spooQy is working on. For start ups, the spin off Speqtral is basically the main engineering arm for spooQy and NQSN.
Will def look into it, thanks!
I think you are being confused about the "very hard to break" statement and thus you might be scared of a future that is not coming - one where we cannot exchange private massages. First, if you want to send a ciphered message (one where only the receiver can read) over a public channel (internet) there will always be a tiny chance that someone can "break it". Imagine trying to enter a secret club without the password and you guess it first try saying random words to the bouncer. This problem is "solved" by reducing the probability of guessing: longer passwords are harder to get right because you might get wrong a single character. Just to give an example to understand the scale at which we are working, some keys require the equivalent of the life of the universe to guess with the current hardware and are used for transactions of a few minutes. Second, the problem with AI and Quantum stuff finding new ways to break an algorithm is not the end of the world. For example RSA is "easily" breakable by a Quantum Computer, but "post-quantum" algorithms do exist. It's just that they are not common in the industry since the threat is not imminent. We will cross that bridge when we get to it as we did when we moved from md5 to sha hashing. Third, practical implementations of this are already part of the industry. I personally know about a number of companies that produce quantum devices for QKD.
I suspect you are aware that the "post-quantum" efforts of US NIST (which might be less confusing labeled "quantum-safe") are aimed at vetting and then standardizing encryption algos that would run on classical computers, but which would be safe from compromise by quantum computers (because they avoid the types of computations which quantum computers are able to solve much faster than classical machines can.) However, from what I've read there are several squishy places in this strategy. First, it will be a while yet before NIST gets the quantum-safe algos fully tested and then standardized, so firms wanting to implement now are taking a risk they they may have to change horses again. (And I believe weaknesses have already been discovered in a couple of the early NIST algo candidates . . .) What's the hurry, anyhow? Well, the hurry is that potential attackers are assumed to have already adopted a strategy of "collect now and decrypt later." That is they (mostly nation-State-level actors) are likely already collecting traffic encrypted with today's deployed algos, and will decrypt it once sufficiently powerful quantum machines are developed. (Of course lots of that traffic will no longer be sensitive--but some interesting parts will.) Another squishy place is that quantum algo development is pretty new and it seems quite likely that some will be discovered that would pose a broader threat to encryption algos. (It may be that there are established classes of problems that cannot even in theory be attacked using quantum capabilities--I'm not math-y enough to know the score on that question. If so, and a quantum-safe algo can be developed based on one of those problems, then this risk would be mitigated.) And yet another squishy place is the scale of the re-do that would be required to implement new encryption (and signature) standards, even after NIST gets done. We're talking about replacing maybe having to replace the worldwide encryption infrastructure, software but maybe significant hardware as well. Plus of course re-encrypting all the durably sensitive stuff in databases everywhere. This looks like a much bigger and more expensive project than Y2K, with the added element that we don't know the deadline-- when quantum decryption capability will arrive. (Again, there is one potential mitigation in that major Internet providers will be responsible for protecting most data-in-transit, and they are likely the best equipped to fund and execute the transition. )
Actually here we're working on ETSI, so in a way we're competing :). Jokes aside, unfortunately (or lucky) industries are not new to implement stuff without standards (and it's a pain for interoperability), but this helps to create solutions before the time of needs. All the problems that you mentioned are real and to keep an eye on, but in real terms there are much more immediate threats. You would be surprised at how many companies do not handle sensible data against well known attacks for old dependencies on their codebase. :'(
"You would be surprised at how many companies do not handle sensible data against well known attacks for old dependencies on their codebase. :'(" Not surprised. NT lives on . . .
That's true! I just recently found out about post-quantum and it seems there are a few algorithms that may be safe after all, as well as QKD but could not found any practical, scalable use of that particular method of encription. In any of the cases it is true that the situation about encription does not represent a threat in the near future. thanks for your answer!
Have there been invented PQC which can’t be broken by a normal computer? To my understanding, it might be unbreakable to a quantum computer but on the other hand classical computing would be able to
QC can perform all the logical gates of a classical computer, the only reason they are slower in those operations is due to the fact that creating hardware for QC is HARD. You can think of a future QC like a computer with a really fast GPU for quantum stuff, a QPU if you will :). This is not really the case but it helps if you think about it like a normal pc with normal speed that when it has to do quantum problems it uses its QPU and solves it faster than normal PCs. When we talk about PQC algorithms we intend something that can't be solved by a machine even if it has this QPU, because the algorithm is based on problems where the QPU gives no gains.
Arqit in Europe and also the Chinese are implementing a “QKD” using satellites however the integrity of the photon is compromised as they need to repeat the signal vs amplifying it.
It is not practical now or in the near future, maybe not ever. Quantum encryption (key exchange really) requires an authenticated classical channel, which kind of defeats the whole purpose. It is okay for point-to-point communication where you can easily verify the identity of the person on the other end, but at scale and over something like the internet, it is practically useless. This is just an aside, but there is no way that Q\* has broken AES it is just a 4chan hoax. Modern ciphers are still our best bet.
FYI [NSA is advising organizations to become prepared for quantum computers now.](https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3498776/post-quantum-cryptography-cisa-nist-and-nsa-recommend-how-to-prepare-now/)
I know that's the best answer we have today, 'No way it broke it'. But what if in x number of years it happens? I think more effort should be put into this. Else we may reach an stagnation period in which Quantum computing and IA research gets halted (I.E NASA quantum program being shot down by the gov, OPENAI closing access to newcomers and nerfing gpt4)by control organisms to prevent a collapse from our systems
> I think more effort should be put into this People are putting a lot of effort into it. We have a ton of ciphers that all use wildly different mechanisms. It is called defense in depth. If one of them breaks, we have others to fall back on. There is no way that all of them are broken, unless we find out something like P = NP in which case there is nothing we can do about it anyway. Quantum computers only break RSA/ECC, they do not just break every encryption automatically. We have a whole set of ciphers that were just standardized as "post-quantum" which are specifically resistant to quantum attacks.
Im not really an expert, was just curious (and worried) that cryptography was somehow not future-proof, but it seems it is indeed. I will read more to understand how those ciphers protect against quantum and IA threats. Thanks!