Comment by halosghost
3 days ago
If this is genuinely worrying to you, take some solace in that post-quantum alternatives are undergoing standardization and implementation right now (Signal and iMessage, for example, have already deployed some PQC, as have others).
However, this announcement is a nothing-burger. As I mentioned down-thread, you should view any QC announcement/press-release with extreme skepticism unless it includes replicable (read: open-source targeting hardware other researchers can test on) benchmarks for progress on real-world use-cases (e.g., Shor, Grover, or a newly-identified actually-interesting use-case). OP does not. Nothing to see here.
Worth saying, I am not a cryptographer—I do cryptography-adjacent research engineering. However, given the level of hype going around this industry, I think it's fair to at least expect to see the spec-sheet as it were.
All the best,
Thank you for taking the time to respond. I personally lend at least some degree of credence to their claim, given that this is Microsoft we're talking about and not some startup.
If their claim is true, then would that present an issue to RSA encryption? I find it difficult to find information on this topic that is digestible to a layman.
My understanding is that the benefit of quantum computing is parallelism, and I'm not sure how today's encryption standards would be safe from brute force attacks.
No. If their claim is true, they have a new prototype of a single qubit that they say could enable faster scaling up of qubit arrays (which means asymmetric/public-key cryptosystems like RSA will be in trouble sooner than we thought they might be). However, this work does not demonstrate that scaling potential at all. In the spirit of Betteridge's Law of headlines, if such a thing were easy for them to demonstrate, why would they announce this now, with a single logical qubit, rather than when they've demonstrated at least some scaling potential?
This understanding of QC is common, but isn't quite right. Quantum computation is actually really hard to parallelize (which is why Grover, though a bit frightening since it halves the security of symmetric primitives, is actually kind of damning for QC—because you can't parallelize that search really at all, so halving is the best a quantum adversary can get against things like AES-256).
I stand by my assertion that, until a QC announcement includes replicable benchmarks on actual use-cases, such things can be safely dismissed.
If you continue to be concerned (not necessarily unhealthy), engage cryptographers and security engineers to help your projects build know-how on hybrid (in this case, classical/PQ) cryptosystems, and get them deployed sooner rather than later.
All the best,
Would it be smartest for one to sell crypto right now while normies are still oblivious of what's about to happen?
No. Crypto will be safe against quantum computers.
If by “crypto,” the grandparent meant “cryptography,” this is not true. Most widely-deployed asymmetric/public-key primitives (e.g., RSA, elliptic curve cryptography (ECC), etc.) are quite fragile against an adversary with a cryptographically-relevant quantum computer (CRQC). To clarify how fragile, the general consensus/state-of-the-art as far as I am aware, is that Shor's algorithm (which breaks asymmetric primitives) requires about 2x the number of perfect, logical qubits as the RSA key-size (e.g., ~4000 qubits for factoring RSA 2048); however, because none of our qubit designs have a low enough error rate, you need about 1000 qubits to simulate/error-correct for a single logical qubit—so, currently, it's expected you would need around 4_000_000 physical qubits to factor RSA-2048. Post-quantum cryptography (PQC) is specifically the subset of cryptography that is designed to withstand attacks from quantum-enabled adversaries; it is still being actively designed, studied, standardized, implemented, and deployed.
If instead, the reference was to “cryptocurrencies,” most cryptocurrencies I am aware of depend on non-PQ constructions, and fall into the same buckets as RSA and ECC. Some systems, like Bitcoin, are in significant danger without large overhauls—if a practical CRQC is actually realized. There are efforts underway throughout the cryptocurrency communities to try to prepare for such an eventuality, but to my knowledge, none of them have major adoption yet.
As a final note on investment advice: I don't give out investment advice. :)
All the best,
2 replies →
Can you expand on this? I find this topic difficult to find solid information on, for some reason.
2 replies →