Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cryptography & the Hype Over Quantum Computing
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
8/29/2019 | 5:03:14 PM
Effects on Quantum Computing on Cryptography
Since several commentators suggested that the article and its readers could benefit from further research references, I invite everyone to look at a recent report published by the National Academy of Sciences "Quantum Computing Progress and Prospects." There is a dedicated section on Cryptography: https://www.nap.edu/catalog/25196/quantum-computing-progress-and-prospects Thank you for the article!
User Rank: Ninja
8/27/2019 | 10:37:35 AM
Re: Good for the public, but not for nation-states
This is funny.

Ok, lets address your points:
  • I have provided evidence that they have numerous patents and historical knowledge that their solution is actually a working model, again, this was an example and based on your opinion, you stated that this was not a real Quantum Computer (by all accounts, it is and based on evidence, this is the case). Instead of just offering statements of opinion, there needs to be evidence that this is not a QC, I am not sure if you provided any evidence to support assertion, so again, your statements are based on opinion and not fact (Patents and copyrights that I provided, are based on fact, next point).
  • No, I have not missed the point, earlier I gave an example, you stated that this does not address all the use cases associated with Quantum computing or to your point, the argument was not based on "Quantum Computers Breaking Classical Cryptography", this was nothing more but an example given of what organizations or nation-states are doing in regards to Quantum technology (negating the fact that it is just hype), you felt (your opinion) that this was not a valid use case. I was only giving you an idea of what other countries are in the process of doing, thus the whole point to the "Cryptography & the Hype over Quantum Computing", basically saying that there are other organizations who have catapulted beyond what we have accomplished (now it may be more than just hype, my opinion).

So the point does apply because "Quantum Cryptography" was nothing more than an example and QKD was a use case of how to do this but it is not the only method for doing this and someone (other than the US) is looking to implement this in their satellite communication program.

Seems to me that your emotions have gotten involved instead of fact (opinion as you state it), but again, we are just chatting.

Have a great day.

User Rank: Apprentice
8/27/2019 | 9:15:21 AM
Getting Quantum Ready
Many good points. IBM Research believes a system larger enough to break encryption is 10-30 years out.

But there is one point you should also point out to hedge your bets.

If your company is making a product which has a lifespan of 20,30+ years you need to start thinking about quantum safe cryptography today. Why? Well, if you are launching a satellite into space or building a new powerplant you will want them to be quantum safe today, for tomorrow, because updating the crypto on anything which has been in the field for a few decades will be challenging. So why not prepare today?

The same applies to secrets. If you have secrets which need to remain secret decades from now, you'll want to look at quantum safe crpyto today. This is also why we recently demonstrated that we are making tape drives quantum safe since they store data for many decades https://www.ibm.com/blogs/research/2019/08/crystals/

We have also donated our quantum safe cryptography called CRYSTALS to open source.
User Rank: Ninja
8/27/2019 | 9:12:18 AM
Re: Good for the public, but not for nation-states
Interesting points, let me address your points one at a time:
    • D-Wave is not a real-quantum computer
  • "D-Wave's systems are being used by some of the world's most advanced organizations, including Lockheed Martin, Google, NASA Ames, Volkswagen, DENSO, USRA, USC, Los Alamos National Laboratory, and Oak Ridge National Laboratory. D-Wave has been granted over 160 U.S. patents and has published over 100 peer-reviewed papers in leading scientific journals."
  • D-Wave's Patent  - Qubit junction between S-Wave and D-Wave Superconductors
  • Systems and Methods for Achieving Orthogonol Control

 Ok, I think enough said and the patents can be reviewed for clarity to validate that D-Wave is a Quantum computer (period).

 Quantum Key Distribution
  • In my opinion, it's solving the wrong problem for the vast majority of use cases
  • "From this standpoint, we are not looking at all the use cases, this was an example that our news reporters presented (not theirs, ours). In the statement, I brought up earlier today, this was one example of what they are doing with Quantum computing, because in order to develop a "Quantum Key Distribution" System (one must have a Quantum Computer or "QC" for short) in order to perform the calculations necessary to ensure communication across vast distances, from 2012, the chinese were able to communicate across short distances (12-15 Kilometers), now they have developed in 2016 a way to communicate with a satellite that is traveling in space (to your point, you don't have to agree, but they have a working use case that involves space flight and travel) - Enough said"
  •  Article - QKD - Does not address large parts of the security problem
    • I think you may be looking into this more than what was mentioned earlier, they are not looking to address all security issues, they are looking to address a communication encryption problem using their own form of cryptographic communication methods in which we don't have a working model and they have one going to outer space
  • QKD has a number of practical limitations
    • They expressed distance, from a distance standpoint, it seems going to outer-space, seems to address the issue
  • QKD with classical network devices
    • Nowhere in their design does it say "Classical Network Devices"
  • QKD is extremely expensive
    • In order to push the envelope, the technology will be expensive
  •  QKD must not introduce new vulnerabilities (systems using old hardware)
    • Again, who says they are using old hardware or methods that we are currently using now
  • QKD - "the best practical approach to quantum security is to evolve current security applications and packet-based communication protocols towards adopting post-quantum public-key cryptography."
    • Currently, they are testing out this solution for communication purposes but they have a working use case where they have been using this from 2016 with a satellite that is orbiting the world (you might want to repeat that just to make sure you take it all in), by the way, who said they are not using this method or have invented a method of communication that is beyond the scope of this article

Seems to me there are a lot of assumptions made about Quantum computing, remember this is a use case, however, you slice and dice it, this is one use case, they are not trying to save the world but what they are doing is taking concepts and ideas from around the world to create a solution that could change the way communication across the Internet and even in out-space to another level, and now they are making it a reality (they are game-changers to me, again, that is just me).

 And this has all to do with Quantum Computing because this involves one use case. From the statements you made earlier you said D-wave was not a real QC, ok, that has been broken down. Then you say, QKD is not a real-use case, well if communication is not, then your whole argument just fell to the ground.


User Rank: Author
8/26/2019 | 4:41:41 PM
Re: Good for the public, but not for nation-states
D-wave is not a real quantum computer. In any case, what you are referring to is quantum cryptography and not quantum computation to break (standard) cryptography. Quantum key distribution (QKD) can be done, but in my opinion it's solving the wrong problem for the vast majority of use cases. This is not just my opinion, and I recommend reading GCHQ's report on QKD; see https://www.ncsc.gov.uk/whitepaper/quantum-key-distribution. Even if you don't agree with this (and that's your prerogative of course), this has nothing to do with where quantum computing is today, which was the focus of my article.

COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, Gigamon,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...