Hacker News new | ask | show | jobs
by kerkeslager 462 days ago
I agree with you based on my following QC that we're still pretty far away from QC attacks on current crypto.

The problem is, this sort of question suffers from a lot of unknown unknowns. How confident are you that we don't see crypto broken by QC in the next 10 years? The next 20? Whatever your confidence, the answer is probably "not confident enough" because the costs of that prediction being wrong are incalculable for a lot of applications.

I'd say I'm 99% confident we will not see QC break any crypto considered secure now in the next 20 years. But I'll also say that the remaining 1% is more than enough risk that I think governments and industry should be taking major steps to address that risk.
1 comments
MidnightRider39 462 days ago
You don’t need any QC attacks if you can far easier find exploits in the same top10 vulns that were used 20 years ago… Industry should first address that very real and serious risk that is present _right now_ before thinking about QC.
link
kerkeslager 461 days ago
It's a fallacy that multiple companies and governments need to be working on one thing at a time. We absolutely should be patching current vulnerabilities and implementing quantum-safe cryptography. There's no conflict between these goals.
link
MidnightRider39 461 days ago
The reality is that resources are constrained and there is definitely conflict between different goals - if you invest in one thing you can’t invest as much in another. For me it looks like the investment in QC is way bigger than its real life impact - which is 0. Sure it can be a niche field for some more esoteric research - but it shouldn’t be the no1 topic for security researchers. But I get that QC brings in the grant money so naturally research gravitates toward it.
link
kerkeslager 460 days ago
The reality is that resources needed to pursue research are measured in hundreds of thousands and national security budgets are measured in billions in many countries, so your "constrained" claim is pretty much nonsense. That's not even talking about US national security budgets, which are another order of magnitude larger. The US intelligence budget in 2022 was $65.7 billion[1], and there's ample political will to fund whatever intelligence agencies such as the NSA request.

A generous CS PhD salary vs NSA 2013 estimated budget:

           300,000
    10,800,000,000
We can argue over exact allocation amounts but if you're really claiming the NSA can't spare even one researcher salary to research QC security I'm calling bullshit.

[1] https://en.wikipedia.org/wiki/United_States_intelligence_bud...

link