Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cryptography & the Hype Over Quantum Computing
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
8/29/2019 | 5:03:14 PM
Effects on Quantum Computing on Cryptography
Since several commentators suggested that the article and its readers could benefit from further research references, I invite everyone to look at a recent report published by the National Academy of Sciences "Quantum Computing Progress and Prospects." There is a dedicated section on Cryptography: https://www.nap.edu/catalog/25196/quantum-computing-progress-and-prospects Thank you for the article!
User Rank: Ninja
8/27/2019 | 10:37:35 AM
Re: Good for the public, but not for nation-states
This is funny.

Ok, lets address your points:
  • I have provided evidence that they have numerous patents and historical knowledge that their solution is actually a working model, again, this was an example and based on your opinion, you stated that this was not a real Quantum Computer (by all accounts, it is and based on evidence, this is the case). Instead of just offering statements of opinion, there needs to be evidence that this is not a QC, I am not sure if you provided any evidence to support assertion, so again, your statements are based on opinion and not fact (Patents and copyrights that I provided, are based on fact, next point).
  • No, I have not missed the point, earlier I gave an example, you stated that this does not address all the use cases associated with Quantum computing or to your point, the argument was not based on "Quantum Computers Breaking Classical Cryptography", this was nothing more but an example given of what organizations or nation-states are doing in regards to Quantum technology (negating the fact that it is just hype), you felt (your opinion) that this was not a valid use case. I was only giving you an idea of what other countries are in the process of doing, thus the whole point to the "Cryptography & the Hype over Quantum Computing", basically saying that there are other organizations who have catapulted beyond what we have accomplished (now it may be more than just hype, my opinion).

So the point does apply because "Quantum Cryptography" was nothing more than an example and QKD was a use case of how to do this but it is not the only method for doing this and someone (other than the US) is looking to implement this in their satellite communication program.

Seems to me that your emotions have gotten involved instead of fact (opinion as you state it), but again, we are just chatting.

Have a great day.

User Rank: Apprentice
8/27/2019 | 9:15:21 AM
Getting Quantum Ready
Many good points. IBM Research believes a system larger enough to break encryption is 10-30 years out.

But there is one point you should also point out to hedge your bets.

If your company is making a product which has a lifespan of 20,30+ years you need to start thinking about quantum safe cryptography today. Why? Well, if you are launching a satellite into space or building a new powerplant you will want them to be quantum safe today, for tomorrow, because updating the crypto on anything which has been in the field for a few decades will be challenging. So why not prepare today?

The same applies to secrets. If you have secrets which need to remain secret decades from now, you'll want to look at quantum safe crpyto today. This is also why we recently demonstrated that we are making tape drives quantum safe since they store data for many decades https://www.ibm.com/blogs/research/2019/08/crystals/

We have also donated our quantum safe cryptography called CRYSTALS to open source.
User Rank: Ninja
8/27/2019 | 9:12:18 AM
Re: Good for the public, but not for nation-states
Interesting points, let me address your points one at a time:
    • D-Wave is not a real-quantum computer
  • "D-Wave's systems are being used by some of the world's most advanced organizations, including Lockheed Martin, Google, NASA Ames, Volkswagen, DENSO, USRA, USC, Los Alamos National Laboratory, and Oak Ridge National Laboratory. D-Wave has been granted over 160 U.S. patents and has published over 100 peer-reviewed papers in leading scientific journals."
  • D-Wave's Patent  - Qubit junction between S-Wave and D-Wave Superconductors
  • Systems and Methods for Achieving Orthogonol Control

 Ok, I think enough said and the patents can be reviewed for clarity to validate that D-Wave is a Quantum computer (period).

 Quantum Key Distribution
  • In my opinion, it's solving the wrong problem for the vast majority of use cases
  • "From this standpoint, we are not looking at all the use cases, this was an example that our news reporters presented (not theirs, ours). In the statement, I brought up earlier today, this was one example of what they are doing with Quantum computing, because in order to develop a "Quantum Key Distribution" System (one must have a Quantum Computer or "QC" for short) in order to perform the calculations necessary to ensure communication across vast distances, from 2012, the chinese were able to communicate across short distances (12-15 Kilometers), now they have developed in 2016 a way to communicate with a satellite that is traveling in space (to your point, you don't have to agree, but they have a working use case that involves space flight and travel) - Enough said"
  •  Article - QKD - Does not address large parts of the security problem
    • I think you may be looking into this more than what was mentioned earlier, they are not looking to address all security issues, they are looking to address a communication encryption problem using their own form of cryptographic communication methods in which we don't have a working model and they have one going to outer space
  • QKD has a number of practical limitations
    • They expressed distance, from a distance standpoint, it seems going to outer-space, seems to address the issue
  • QKD with classical network devices
    • Nowhere in their design does it say "Classical Network Devices"
  • QKD is extremely expensive
    • In order to push the envelope, the technology will be expensive
  •  QKD must not introduce new vulnerabilities (systems using old hardware)
    • Again, who says they are using old hardware or methods that we are currently using now
  • QKD - "the best practical approach to quantum security is to evolve current security applications and packet-based communication protocols towards adopting post-quantum public-key cryptography."
    • Currently, they are testing out this solution for communication purposes but they have a working use case where they have been using this from 2016 with a satellite that is orbiting the world (you might want to repeat that just to make sure you take it all in), by the way, who said they are not using this method or have invented a method of communication that is beyond the scope of this article

Seems to me there are a lot of assumptions made about Quantum computing, remember this is a use case, however, you slice and dice it, this is one use case, they are not trying to save the world but what they are doing is taking concepts and ideas from around the world to create a solution that could change the way communication across the Internet and even in out-space to another level, and now they are making it a reality (they are game-changers to me, again, that is just me).

 And this has all to do with Quantum Computing because this involves one use case. From the statements you made earlier you said D-wave was not a real QC, ok, that has been broken down. Then you say, QKD is not a real-use case, well if communication is not, then your whole argument just fell to the ground.


User Rank: Author
8/26/2019 | 4:41:41 PM
Re: Good for the public, but not for nation-states
D-wave is not a real quantum computer. In any case, what you are referring to is quantum cryptography and not quantum computation to break (standard) cryptography. Quantum key distribution (QKD) can be done, but in my opinion it's solving the wrong problem for the vast majority of use cases. This is not just my opinion, and I recommend reading GCHQ's report on QKD; see https://www.ncsc.gov.uk/whitepaper/quantum-key-distribution. Even if you don't agree with this (and that's your prerogative of course), this has nothing to do with where quantum computing is today, which was the focus of my article.

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-09-20
The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed
PUBLISHED: 2021-09-20
The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting (XSS). Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated us...
PUBLISHED: 2021-09-20
The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and search through title and content of Draft post, ...
PUBLISHED: 2021-09-20
The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link
PUBLISHED: 2021-09-20
The Google Fonts Typography WordPress plugin before 3.0.3 does not escape and sanitise some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site Scripting attacks via blockType (combined with content), align, color, variant and fontID argument of a Gu...