Comment by bigfatkitten
1 day ago
If we take near term to mean “while any of the participants in this thread are still alive”, I think we’re going to be safe for a while.
1 day ago
If we take near term to mean “while any of the participants in this thread are still alive”, I think we’re going to be safe for a while.
it's worth mentioning opinions have started to shift away from this. Quantum computing has made quite concrete progress in the last ~2 years. No guarantee this continues, but among people I know it has changed their perspectives from (roughly) similar things as that essay, to thinking we really must transition now.
It’s also because harvest now decrypt later is the main concern.
This means even if you think viable quantum computers are 20 years away, in contexts where HNDL is an issue that means really you should be thinking about this now.
In contexts where that isn’t an issue you can debate whether we have 5 years, 10 years, 20 years or 50 years but in the case of the SSL key exchange we need to think about it now regardless
these have always been an issue, and were the motivation for starting the NIST standardization in ~2016. My point is more that recent developments in quantum computing have caused many cryptographers to go from "we should do this so people are secure if progress happens in the decades from now" to "this may be a near-term issue, and we should prioritize transition for user safety issues". You can read some about this in a cloudflare article from 2 months ago, which mentions some recent developments that have people concerned about possible "Q-day" being in ~2029-2030". This is much earlier than what was the consensus 5 years ago.
https://blog.cloudflare.com/post-quantum-roadmap/
Part of this is because of a 3rd reason to transition early, which is the "long tail" of deployments which will switch over (potentially very) slowly. Think embedded/iot devices that are either difficult to patch, or have vendors who are not as security-focused.
That was very unconvincing.
Like if you want to go from history - yes the make a giant artillery piece thing didn't work.
You know what did work? A surprising application of quantum physics known as nuclear bombs.
I'm not neccesarily saying quantum computers will work out the same way, but if you follow the logic of the presentation, nuclear bombs fit it so much better than the example they use. It was a step-change. People went from saying it was theoretically interesting without practical application to actually having a bomb very quickly. Basically replace everything in that presentation using nukes as the running example and suddenly the argument sounds really stupid.