alt Hacker NewsWill you heed my warnings now?
Comments
Many people in this thread are skeptical about quantum computers, and that's fair. This migration is a big part of my current job, and even I think that there's a non negligible chance that we won't see commercially available quantum computers anytime soon.
The problem is that we're not trying to predict the exact future, we're hedging against possible developments. If there's a 50/50 chance of quantum computers being widely deployed for cryptoanalysis, then there's a 50% chance of this migration being useless. But you don't want to bet your security on a coin toss! So, we migrate.
That's the unfortunate truth of security, sometimes the protections are never triggered. But you still need them.
"The Shor of Damocles" - what a metaphor.
I thought it was a typo at first but wikipedia explained:
The Sword of Damocles is an ancient Greek moral anecdote, an allusion to the imminent and ever-present peril faced by those in positions of power.
Shor's algorithm is a quantum algorithm for finding the prime factors of an integer
Ok, maybe I'm missing something here.
So we know that quantum computers hold a real risk of being able to break a lot of encryption. We also know that changing cyphers is hard (because reasons)
But what I don't see is what I can practically do now, as either someone who is a CTO/Big Cheese™ or a lowly engineer?
> Shor of Damocles
What is the biggest number factored using Shor's algorithm?
Last time I looked it was very unimpressive.
Edit: It's gotten worse. 21 from 2012. "Replication of Quantum Factorisation Records with an 8-bit Home Computer, an Abacus, and a Dog" say the factorization of 35 in 2019 actually failed.
As a software engineer with a good amount of freedom to choose what tools I want to use, what can I do presently to move towards post-quantum cryptography? AFAIK the hashes and symmetric cyphers that are in wide use are already resistant, leaving mainly public-key cryptography as the problem. Is there, for instance, a drop in replacement for `ssh-keygen -t ed25519`?
People are starting to catch on to the AI scare mongering, let the quantum computer scare mongering begin. We should probably start giving these companies lots of money lest other countries beat us to it.
I'm sure eventually i'll eat my words - but Quantum still seems like a massive marketing gimmick. The technology itself is incredibly interesting, but it feels as if CERN began advertising itself as a marketing stunt - there's just something about the way I see quantum marketed + advertised right now that doesn't seem to align with reality.
> the Shor of Damocles
Perfect.
Aaronson know his stuff but I am not sure he hasn’t considered the fact that, in this current hype cycle, the quantum researchers breathlessly reporting to him on a breakthrough just around the corner are just lying to him and themselves.
I have been hearing about one more technical hurdle to solve before quantum algorithms become feasible since before I graduated. That was in 1996.
Sounding the alarm while presenting no data or science, as a member of the National academy of sciences, is doing a disservice to the position, to science, to the self.
Show the data, the charts, let people decide for themselves.
Does djb ever frequent HN? Can we summon him with the correct incantations?
I'd really like to know what his current work on the subject entails, but when I try googling his stuff all I find are years-old papers, more recent meta discussion, and him making a few comments about other peoples' work.
I was sure that by now he'd have at least collaborated on some avant-garde PQ algo that was as different from the NSA approved stuff as chacha20-poly1305 was from AES. I was hoping for a PQ-NaCl folks would be using soon, not the libpqcrypto that seems to lack traction among devs (for reasons I do not understand). I am disappoint.
(It's probably all tucked away in some corner of the web that a layman like me will never find. Sigh.)
Edit: Hah! I gave up on looking for papers or repos and decided to just read his blog instead. Well would'ya look at that! It's non-stop PQ ranting of the kind we've come to love and cherish from DJB. No new repos or code with his imprimatur that I can see so far but better than I was expecting. Looks like I've got some reading to do....
I should have subscribed to his rss feed years ago. And his "microblog" too! https://microblog.cr.yp.to/
Tl;dr:
> if quantum computers start breaking cryptography a few years from now, don’t you dare come to this blog and tell me that I failed to warn you. This post is your warning.
[dead]
Re the "Manhattan project in 1944" argument - I am very cautious about the "modulo engineering scaling" carve-out -- unlike the uranium manufacturing pipeline of World War 2, that involved massively scaling up a known process, on the face of it there's no uncontroversial process/architecture to scale up in this case.
On the face of it, even relatively "point-target" goals of this kind could take many decades if at all; GaN for blue diodes come in mind as an example of a field that was stuck for a generation -- until it wasn't.