Hat tip Ray Dillinger. (I steal from the best. Been stealing from him for twenty four years.)
Nist has with great regularity issued kleptographic standards.
What is a kleptographic standard? It is a standard that ensures that NSA can read other people’s data. Snowden revealed the inside info on Nist Standards.
And, lo and behold, Nist is terribly alarmed by the terrible threat of Quantum Cryptography, the terrible terrible terrible awful horribly imminent threat, and has issued a new standard to deal with this terrible threat.
And lo and behold a whole lot of people promoting this terrible terrible threat and the new wonderful supergood solution to it, Post Quantum Cryptography, seem to be getting funding and support through the backdoor in ways that suggest that this funding and promotions is coming from the spooks.
In actual fact, the current state of Quantum Cryptography remains unchanged from what it was thirty years ago.
There are no actual quantum computers: There are “fiddly delicate machines demonstrating basic
principles that vaguely indicate a possibility that one day actual quantum computers could be constructed.”
None of these machines has actually accomplished a quantum factoring of any integer, notwithstanding numerous headlines that might lead one to believe that they have factored the numbers fifteen and and twenty one. They have not.
An actual quantum computer would need to have a lot of Tofolli gates, which would need to establish a massively entangled state over a lot of qubits. To do something interesting with that massively entangled state, you need a lot more Toffoli gates that qbits, and the massively entangled state has to remain coherent for long enough. Trouble is as soon as you put in some Toffoli gates to entangle the state, the system decoheres.
This situation just is not changing, even though from time to time we get various basic principles demonstrated in ways that are arguably more impressive than previous demonstrations, we are still back where we were in the beginning — no substantial controlled entanglement that remains coherent, and no real factorisations even of very small integers.
Ray Dillinger:
We’ve been hearing a whole lot about Quantum Cryptography lately. And considering the state of play in terms of actual quantum computers, it’s hard to justify how much fear, uncertainty, and doubt there is.
The mismatch between perceived threat and demonstrated threat is so spectacular that it looks like a FUD campaign. Which is a necessary step in a Kleptographic Standards attack. Kleptographic Standards are promulgated addressing fear of some threat, so that the fear can be used as a lever to get people to do something stupid.
Post Quantum Cryptography, “(SKEIN, KYBER, KEM) is promulgated by NIST, the same people who brought us the Dual-EC DRBG standard.” Which looked like it was designed so that it could have a hidden backdoor, and then Snowden revealed that it did have a hidden backdoor.
And, what do you know: The new Post Quantum Cryptography standard also looks like it was designed so that it can have a hidden backdoor.
https://eprint.iacr.org/2022/1681.pdf
https://link.springer.com/chapter/10.1007/978-3-031-82852-2_11
algorithms in this class may have backdoors structurally built into them!
These papers are not reassuring. These remind me of Bernstein’s paper when the Dual-EC DRBG was being standardized.
Quantum Cryptography, while intellectually neat, does not present a practical attack that we need protection against at this time.
Kleptographic Standards on the other hand are very much a practical attack that we need to protect against at this time.
When a standards body tells you that you should cast aside well-studied cryptographic algorithms which have earned their trust through dozens of years of examination, testing, and motivated attackers, for the sake of protection against Quantum Crypto? The attack you should be protecting against isn’t Quantum Crypto.
And this is why Coin Shill is now banned on this blog, as is anyone promoting Quantum Crypto Fear Uncertainty and Doubt.
[*deleted for not conforming to the moderation policy*]
If you are going to post from the frame and point of view that you are Christian and we are Christian, please first affirm that Christ is King, born in Bethlehem, died at Jerusalem, and is, is from before the beginning of the world. Through him all things were created. Fully God and fully man. God is three and God is one.
I am kind of sick of Jews who last year were trying to ban Easter pulling the “hail fellow Judeo-Christian, you should unite with us Jews against those horrid Muslims” card.
I get shills saying “Jews bad, therefore we should get with the George Soros program to defeat Orange Man Bad”, and I get shills saying “Muslims bad therefore die for Israel”, and I fairly sure both sets of shills are Jewish. (Two Jews, three factions.)
The George Soros Jews say I a Jew, and the die-for-Israel Jews say I am a Muslim.
There was never anything wrong with ‘master’ and ‘slave’, nor ‘whitelist’ and ‘blacklist’.
Forgive my ignorance of the topic, but I am curious: Is the ‘threat’ they’re talking about the idea that quantum cryptography could crack any kleptographic standard, or is the ‘threat’ that quantum cryptography would not be kleptographic and would be secure against alphabet agencies? Or perhaps both?
But there isn’t any reason we here should see any threat now is there? Better cryptography, if achieved, is just better for us. As we may be interested in saying things alphabet agencies don’t want said, but we’re not really interested in cracking other peoples codes anyway. And if current standards are already plausibly booby trapped so our enemies can decode them then more decoding doesn’t really make our position worse.
I had thought most computing had CPU level back doors for alphabet agencies, so I tend not to presume anything is secure. Perhaps I’m wrong about that, but I’ve never found erring on the side of paranoia to be erroneous.
We have compelling evidence that all existing “Post Quantum” Cryptographic algorithms are insecure against existing spy agencies and their existing classic computers.
The question of interest is: What existing algorithms could quantum computers crack.
Critical steps that make a quantum computer fundamentally different from a classical computer have to be done in something analogous to a single operation in a classical computer, so the limit is not the number of qbits and the number of steps — not memory and time, but rather the number of gates. The hard part is not keeping quantum coherence over a certain number of qbits for a certain time, which is theory soluble, and great advances have been made towards solving it, but keeping quantum coherence over a certain number of gates, a lot of gates. And essentailly zero progress has been made towards solving it. Maybe kind of sort of quantum coherence over one toffoli gate has been accomplished. So, for an algorithm to be proof against quantum computing, we require cracking the algorithm to require a non polynomial number of quantum gates, rather than a non polynomial number of steps.
We need a complexity theory that will tell us how many quantum gates are required.
Do existing elliptic curve public key algorithms require a non polynomial number of gates? It looks like they do. In which case worst case outcome is that we might, eventually, after quantum computers actually work, and have been working and getting larger and larger for decades, need larger public keys.
Post Quantum Computing algorithms are all one hundred percent snake oil, because we lack a complexity theory to tell us how many quantum gates are required, and classic complexity theory is all about the number of steps required. Which is not the significant limit for quantum computing.
[*deleted for not conforming to the moderation policy*]
There is a shilling operation in progress to create to create totally unwarranted fear, uncertainty and doubt about what code cracking quantum computers might might be able to do “ooh, they might make all your current cryptography broken — how can you prove they cannot, given that quantum is heap big magic”, and at the same time create totally unwarranted confidence about what post quantum cryptography can do. “Do you have official statements acknowledging the post quantum cryptography was created with malicious intent”.
Demonstrate you are not yet another shill.
I OP’d first and asked you to support your claim
[*deleted for not conforming to the moderation policy*]
It is the job of those threatening us with an alleged danger to provide evidence of the danger, and one semi sort of working toffoli gate, working after thirty years of supposed progress in quantum computing, is not evidence of danger, and the job of those providing an alleged protection against this alleged danger to demonstrate that it is in fact protective.
To crack the Bitcoin public keys would require a quantum computer that maintains quantum coherence over seventy million tofolli gates. Current state of the art after thirty years of progress is one tofolli gate, and it is debatable whether even that.
The number of qbits has been growing, but it is not qbits that are the limiting factor.
I see. Thank you. So it’s just a bogey of something that could be a threat to cryptography in general and crypto-currency etc…
I agree that that question is only interesting if quantum computers have working prototypes that appear scaleable.
“It looks like they do. In which case worst case outcome is that we might, eventually, after quantum computers actually work, and have been working and getting larger and larger for decades, need larger public keys.”
Makes me think of the Y2K panic. Yes Y2K did require some people to do some work to fix and yes some things did get overlooked, but nothing serious came of it. It appears that if quantum computing becomes a real threat to any particular system, there will be ways to mitigate it and time to mitigate it.
So that makes me wonder why there are people worrying about it, or rather I can see why you’re suspicious of people who promote it as a serious problem we must talk about right now.
Anyway it doesn’t appear to be a very special threat to cryptography to me. If anything the biggest threat is someone quietly coming up with a much more elegant decryption equation. I’ve seen more elegant equations do things that seem miraculous to me, cutting the complexity of tasks many orders of magnitude, transforming things from computationally impossible at the current technology to computationally trivial.
But you can’t feasibly protect against such an unknown as that, so there isn’t any reason to worry about it.
____
Do you think the purpose of the shilling is just to try to undermine crypto? Or is there some other agenda?