If this is genuinely worrying to you, take some solace in that post-quantum alternatives are undergoing standardization and implementation right now (Signal and iMessage, for example, have already deployed some PQC, as have others).
However, this announcement is a nothing-burger. As I mentioned down-thread, you should view any QC announcement/press-release with extreme skepticism unless it includes replicable (read: open-source targeting hardware other researchers can test on) benchmarks for progress on real-world use-cases (e.g., Shor, Grover, or a newly-identified actually-interesting use-case). OP does not. Nothing to see here.
Worth saying, I am not a cryptographer—I do cryptography-adjacent research engineering. However, given the level of hype going around this industry, I think it's fair to at least expect to see the spec-sheet as it were.
Thank you for taking the time to respond. I personally lend at least some degree of credence to their claim, given that this is Microsoft we're talking about and not some startup.
If their claim is true, then would that present an issue to RSA encryption? I find it difficult to find information on this topic that is digestible to a layman.
My understanding is that the benefit of quantum computing is parallelism, and I'm not sure how today's encryption standards would be safe from brute force attacks.
No. If their claim is true, they have a new prototype of a single qubit that they say could enable faster scaling up of qubit arrays (which means asymmetric/public-key cryptosystems like RSA will be in trouble sooner than we thought they might be). However, this work does not demonstrate that scaling potential at all. In the spirit of Betteridge's Law of headlines, if such a thing were easy for them to demonstrate, why would they announce this now, with a single logical qubit, rather than when they've demonstrated at least some scaling potential?
This understanding of QC is common, but isn't quite right. Quantum computation is actually really hard to parallelize (which is why Grover, though a bit frightening since it halves the security of symmetric primitives, is actually kind of damning for QC—because you can't parallelize that search really at all, so halving is the best a quantum adversary can get against things like AES-256).
I stand by my assertion that, until a QC announcement includes replicable benchmarks on actual use-cases, such things can be safely dismissed.
If you continue to be concerned (not necessarily unhealthy), engage cryptographers and security engineers to help your projects build know-how on hybrid (in this case, classical/PQ) cryptosystems, and get them deployed sooner rather than later.
If this is genuinely worrying to you, take some solace in that post-quantum alternatives are undergoing standardization and implementation right now (Signal and iMessage, for example, have already deployed some PQC, as have others).
However, this announcement is a nothing-burger. As I mentioned down-thread, you should view any QC announcement/press-release with extreme skepticism unless it includes replicable (read: open-source targeting hardware other researchers can test on) benchmarks for progress on real-world use-cases (e.g., Shor, Grover, or a newly-identified actually-interesting use-case). OP does not. Nothing to see here.
Worth saying, I am not a cryptographer—I do cryptography-adjacent research engineering. However, given the level of hype going around this industry, I think it's fair to at least expect to see the spec-sheet as it were.
All the best,
Thank you for taking the time to respond. I personally lend at least some degree of credence to their claim, given that this is Microsoft we're talking about and not some startup.
If their claim is true, then would that present an issue to RSA encryption? I find it difficult to find information on this topic that is digestible to a layman.
My understanding is that the benefit of quantum computing is parallelism, and I'm not sure how today's encryption standards would be safe from brute force attacks.
No. If their claim is true, they have a new prototype of a single qubit that they say could enable faster scaling up of qubit arrays (which means asymmetric/public-key cryptosystems like RSA will be in trouble sooner than we thought they might be). However, this work does not demonstrate that scaling potential at all. In the spirit of Betteridge's Law of headlines, if such a thing were easy for them to demonstrate, why would they announce this now, with a single logical qubit, rather than when they've demonstrated at least some scaling potential?
This understanding of QC is common, but isn't quite right. Quantum computation is actually really hard to parallelize (which is why Grover, though a bit frightening since it halves the security of symmetric primitives, is actually kind of damning for QC—because you can't parallelize that search really at all, so halving is the best a quantum adversary can get against things like AES-256).
I stand by my assertion that, until a QC announcement includes replicable benchmarks on actual use-cases, such things can be safely dismissed.
If you continue to be concerned (not necessarily unhealthy), engage cryptographers and security engineers to help your projects build know-how on hybrid (in this case, classical/PQ) cryptosystems, and get them deployed sooner rather than later.
All the best,
Would it be smartest for one to sell crypto right now while normies are still oblivious of what's about to happen?
No. Crypto will be safe against quantum computers.
6 replies →