Not really...? Quantum stuff is real, there are real quantum computers that have been demonstrated to really do quantum operations. They're not close to being usable to break crypto yet, but it certainly makes sense to get ahead of it.
> There wouldn't be so much effort going into bridging air gapped systems if even traditional encryption could be trusted...
These are completely different problems. Encryption just keeps information confidential. By itself, it offers no _security_ guarantees. Even the strongest encryption would be moot against a keylogger. Crypto can be (and is being) used to provide some security, like via signed code, secure processors, and the such, but security is a multi-tiered thing -- you want all the protection you can get, and like keeping data encrypted at rest, air-gapping is just yet another layer of protection.
I'm not a believer (I'm not qualified to have an opinion but neither is almost anyone else here) in PQC, but to be clear, the logic behind moving forward on PQC is straightforward: everybody acknowledges that there are no known useful QC attacks on cryptography, nor really any on the horizon, but adversaries can easily stockpile terabytes of recorded network conversations today and keep them around to break when QC attacks do work.
If you think QC attacks are 20 years away from real-world demonstrations, then conventional cryptography has a 20-year ceiling, which would be a hair-on-fire analysis in any other context. How long are you willing to bet conventional cryptography will hold out? 50 years is also too short by cryptographic standards. And 50 years is a long time. You willing to bet 100 years? I am, but, like, nobody should listen to me on this.
This is also why KEMs are a priority over signatures for PQC deployment.
A larger number of qubits allows us to do effective quantum error correction. The idea is to group multiple physical qubits into one logical qubit, think of it as redundancy.
And assuming there exists math that can't be solved easily by quantum computers that solve all math solution finding problems easily.
Surely it makes no sense to adopt encryption no one but a few individuals of questionable motives understand, to protect against a technology that is a long way from even proven yet. IMHO.
Anything else requires several leaps of faith that should be no where near "in use" encryption - research is of course a very different story, but stories like this are hardly confidence inspiring.
Wait, isn't the point of post-quantum crypto to be as good as existing crypto but also be secure against known quantum attacks like Shor's algorithm and factoring. I don't think the goal is to trade off anything for defenses against quantum attacks.
If anything these stories should be more confidence inducing. They show that the rollout is conservative and that the system works. PQC algorithm has a flaw and it is found. FWIW the way existing traditional crypto is proven safe is pretty much the same -- get a bunch of people to work on attacks and weed out the bad stuff.
The problem they are trying to solve is how to do encryption in a world when finding solutions to any and all math problems is quick and easy.
And this article only reinforces the idea that the solutions they are coming up with are just obfuscation that is at best no harder than existing problems.
Even theoretically, quantum doesn't make _all_ math problems easy... Can't they just avoid the things (like factoring) that are potentially vulnerable and just use other math?
> My super cynical view is that the whole genre of "quantum safe" cryptography is being promoted to try and encourage adoption of weak encryption
Not a cryptographer, but surely if you're worried about this then you could first encrypt your data using classical algorithms and then encrypt the output of that via the PQC algorithms, to produce a ciphertext that is at least no less safe than the classical encryption alone.
Quantum safe crypto isn’t FUD, NIST’s steadfast refusal to specify a dual system, especially given their historical laundering of NSA back doors is super questionable, but there exist (at least one that I know of) crypto systems that have no exploitable bias. The problem is the impractically large key sizes. Afaict a lot of pqc work is trying to reduce the key sizes to something reasonable.
Horseshit. It's literally not NIST's job to design a "dual system"; the project was to standardize PQC constructions, not whole protocols. Everybody that deploys PQC anywhere is going to deploy "dual systems". This complaint is like claiming NIST is corrupt because they didn't standardize an authenticated key exchange along with SHA-3.
It is literally NIST’s job to define the standards that people are meant to use.
What you’re saying is that NIST not considering a dual system standard is fine because no one would consider relying solely on the standardized PQC algorithms and would obviously implement their own version of a dual system, only with less understanding of potential pitfalls or analysis for weaknesses.
No. Once again: the NIST PQC competition is a project to standardize post-quantum cryptography constructions. It's not a protocol competition, any more than the AES and SHA-3 competitions were.
This is literally spelled out on the competition page. I'm having trouble how anyone could have any confusion about this. It literally says: do hybrid systems if you want, that's outside the scope of this competition.
How would it even have made sense to pursue hybrid systems in this competition? Like how would that have actually worked?
It really isn't, when the annual budget for states crippling cryptographic standards dwarfs the salaries and tuition of everyone in the global academics maths community combined.
There is seemingly random interconnectedness in math, meaning that governments probably can't just throw money at some problem and force themselves much deeper than academia. For example you can hire 100 number theorists and ask of them to solve factorization (stupid example, i know), but it just might happen that the key insight to solving it comes from some random dude working in some seemingly disconnected problem in combinatorial algebra or something.
Its felt like FUD based on FUD for a while.
Not that I really trust traditional encryption that much either.
There wouldn't be so much effort going into bridging air gapped systems if even traditional encryption could be trusted...
Hate making cynical comments tho, they always seem to get down voted :( like being cynical when it comes to encryption is a bad thing.....