Quantum crypto: Difference between revisions
memes, privacy |
published literature |
||
| Line 12: | Line 12: | ||
Quantum computers have not broken any [[strong cryptography]] to date, nor do they show any real promise of doing so any time soon. There’s science fiction, time travel and even “closed timelike curves.” There are people who are not our friends, do not mind their own business, and do not want us doing crypto for our own privacy. | Quantum computers have not broken any [[strong cryptography]] to date, nor do they show any real promise of doing so any time soon. There’s science fiction, time travel and even “closed timelike curves.” There are people who are not our friends, do not mind their own business, and do not want us doing crypto for our own privacy. | ||
== And even worse == | |||
Official government standards are here for '''post-quantum cryptography'''. | |||
* [https://www.federalregister.gov/documents/2024/08/14/2024-17956/announcing-issuance-of-federal-information-processing-standards-fips-fips-203-module-lattice-based Announcing Issuance of Federal Information Processing Standards (FIPS) FIPS 203, Module-Lattice-Based Key-Encapsulation Mechanism Standard, FIPS 204, Module-Lattice-Based Digital Signature Standard, and FIPS 205, Stateless Hash-Based Digital Signature Standard] | |||
** [https://csrc.nist.gov/pubs/fips/203/final '''FIPS 203:''' Module-Lattice-Based Key-Encapsulation Mechanism Standard] | |||
** [https://csrc.nist.gov/pubs/fips/204/final '''FIPS 204:''' Module-Lattice-Based Digital Signature Standard] | |||
** [https://csrc.nist.gov/pubs/fips/205/final '''FIPS 205:''' Stateless Hash-Based Digital Signature Standard] | |||
These are quite new. Finalized August 13, 2024 and only discovered by general search some months later. Our going assumption is that these are yet more crippled and weakened government standards for cryptography at the going rate. | |||
The published literature does not inspire confidence in claims of "post-quantum" cryptographic security of module lattice based systems. | |||
:... We find that the tightness gap in the reduction is so great as to vitiate any meaningful security guarantee, and we find reasons to doubt the feasibility in the foreseeable future of the quantum part of the reduction. In addition, when we make the reduction concrete it appears that the approximation factor in the SIVP problem is far larger than expected, a circumstance that causes the corresponding approximate-SIVP problem most likely not to be hard for proposed cryptosystem parameters. We also discuss implications for systems such as Kyber and SABER that are based on module-DLWE. ... <ref>Neal Koblitz, Subhabrata Samajder, Palash Sarkar, Subhadip Singha. “Concrete analysis of approximate ideal-SIVP to decision ring-LWE reduction.” ''Advances in Mathematics of Communications'', 2024, 18(5): 1216-1258. https://www.aimsciences.org/article/doi/10.3934/amc.2022082</ref> | |||
:... by assuming that standard lattice problems are hard to solve, the asymptotic security of cryptosystems based on the LWE problem is guaranteed. However, it has not been clear to which extent, if any, this reduction provides support for the security of present concrete parametrizations. ... <ref>Joel Gärtner. ... “Concrete Security from Worst-Case to Average-Case Lattice Reductions.” In: El Mrabet, N., De Feo, L., Duquesne, S. (eds) Progress in Cryptology - AFRICACRYPT 2023. AFRICACRYPT 2023. Lecture Notes in Computer Science, vol 14064. Springer, Cham. https://doi.org/10.1007/978-3-031-37679-5_15</ref> | |||
Latest revision as of 17:54, 19 January 2025
There are two kinds of quantum crypto claimed to exist.
Quantum entanglement
Physical methods of electromagnetic quantum entanglement are claimed [1] to make transmitted messages tamperproof “on the wire” of fiber-optic (or possibly copper wire or coaxial cable or microwave radio) and unrecoverable in the case of interception as that would cause a collapse of the wave function.
Post-quantum cryptography
Post-quantum cryptography involves classical ciphers or codes which are claimed to be resistant to attack even by quantum computers. Meanwhile the elliptic curve discrete logarithm problem on which elliptic curve cryptography is based is claimed to be vulnerable to Shor’s algorithm on quantum computers, but this has not yet been effectively demonstrated beyond trivial cases of a very few “qubits” which have not been proven to be “entangled” in any non-classical capacity beyond a “simulated annealing” which may be likened to shaking puzzle pieces around until they fall into place.
Caveat emptor
Too much of anything “quantum” as such hearkens to “blood quantum,” as if a guy has a feather in his cap with all that white supremacy, wars that were fought with various American Indian tribes in the 1800s, and more recently fraudulent DNA labs running paternity, child support and rape kit scams.
Quantum computers have not broken any strong cryptography to date, nor do they show any real promise of doing so any time soon. There’s science fiction, time travel and even “closed timelike curves.” There are people who are not our friends, do not mind their own business, and do not want us doing crypto for our own privacy.
And even worse
Official government standards are here for post-quantum cryptography.
These are quite new. Finalized August 13, 2024 and only discovered by general search some months later. Our going assumption is that these are yet more crippled and weakened government standards for cryptography at the going rate.
The published literature does not inspire confidence in claims of "post-quantum" cryptographic security of module lattice based systems.
- ... We find that the tightness gap in the reduction is so great as to vitiate any meaningful security guarantee, and we find reasons to doubt the feasibility in the foreseeable future of the quantum part of the reduction. In addition, when we make the reduction concrete it appears that the approximation factor in the SIVP problem is far larger than expected, a circumstance that causes the corresponding approximate-SIVP problem most likely not to be hard for proposed cryptosystem parameters. We also discuss implications for systems such as Kyber and SABER that are based on module-DLWE. ... [2]
- ... by assuming that standard lattice problems are hard to solve, the asymptotic security of cryptosystems based on the LWE problem is guaranteed. However, it has not been clear to which extent, if any, this reduction provides support for the security of present concrete parametrizations. ... [3]
- ↑ Patented inventions.
- ↑ Neal Koblitz, Subhabrata Samajder, Palash Sarkar, Subhadip Singha. “Concrete analysis of approximate ideal-SIVP to decision ring-LWE reduction.” Advances in Mathematics of Communications, 2024, 18(5): 1216-1258. https://www.aimsciences.org/article/doi/10.3934/amc.2022082
- ↑ Joel Gärtner. ... “Concrete Security from Worst-Case to Average-Case Lattice Reductions.” In: El Mrabet, N., De Feo, L., Duquesne, S. (eds) Progress in Cryptology - AFRICACRYPT 2023. AFRICACRYPT 2023. Lecture Notes in Computer Science, vol 14064. Springer, Cham. https://doi.org/10.1007/978-3-031-37679-5_15
