Hacker News new | past | comments | ask | show | jobs | submit login
Post-quantum cryptography (wikipedia.org)
20 points by krzysiek on Nov 12, 2018 | hide | past | favorite | 14 comments

You know, I'm actually looking forward to the day that we can break existing cryptography. There's a lot of devices that are consumer unfriendly due to their security. Most famously, video game consoles. If we could break their security, it would open them wide to running custom code without tricky hacks that are inaccessible to the average end user. It would also allow enthusiast devs to release new games on disc and have them just boot on an unmodified console. This is something that happens already on older retro consoles like the NES where there security has already been broken.

But the next generation will then switch to state of the art encryption that isn't readily broken. Unless we end up breaking all known encryption before coming up with viable replacements. Which I think would be far worse than any gains in console hacking could possibly offset.

IMHO it's not a matter of security vs the lack of it, but more around: easy, documented, accessible security vs security through obscurity.

I think the better solution is a steep tax on the end product for any product containing at least one microprocessor which executes instructions from a mutable (even if "burned in") memory source, which totally and completely doesn't allow the owner to modify this memory with code of the owner's choice or authorship, with either physical or cryptographic mechanisms. All such devices should be treated as "rented" and not owned, and should have unlimited warranty which must be honored in perpetuity so long as a company exists (including future buyers of the company's assets).

It is a national security risk to allow commercial device makers to lock down the software on these devices and then abandon them in a few years. If in twenty years today's SmartTV has a network vulnerability discovered, the manufacturer (or whoever buys or merges with it) should be liable for updating the SmartTVs, unless it has made the device such that the owner can write and change the code at will.

This law should apply to cars, microwaves, smartphones, computers, washing machines, tractors, game consoles, etc. A twenty percent or more sales tax and perpetual warranty for "closed" platforms. Make it no longer economical to do business the way it currently is done!

What is the largest integer factorized on quantum computer to this day?

I assume you mean the largest integer factorized: factorizing a prime is pretty pointless.

376289 per https://crypto.stackexchange.com/a/59796, depending what you count and don't count.

Even better would be to ask what is the largest integer that has two large prime factors that was factored, since factoring e.g. a large power of 2 is easy

I saw that NIST was considering a new breed of post-quantum PKI functions. Which would you recommend to use, if we wanted to make quantum resistant private key signing and encryption today?

For Cyph[1], we went with SPHINCS[2] for signing and a combination of McEliece (specifically McBits[3]), NTRU[4], and SIDH[5] for public key encryption.

We also considered QcBits[6] as a more space-efficient alternative to McEliece, but it just seemed too new / not well understood for our tastes, and last I saw there was a recent attack on it that hadn't been mitigated yet. Definitely keeping an eye on it for the future though.


1: https://www.cyph.com/castle

2: https://sphincs.cr.yp.to

3: https://tungchou.github.io/mcbits

4: https://github.com/NTRUOpenSourceProject/ntru-crypto

5: https://github.com/Microsoft/PQCrypto-SIDH

6: https://tungchou.github.io/qcbits

Note: there's a few dozen NTRU entries in the post quantum comp.

We're using the implementation I linked with parameter set EES743EP1.

Is Bitcoin quantum resistant? Just asking for a friend. It would be embarrassing if Bitcoin's crypto was undermined in the near future.

Bitcoin transactions are only breakable by quantum computation once you reveal the public key behind an account's fingerprint (for example, by signing a transaction).

So you can avoid quantum attacks by making every transaction split your funds between the recipient and a new address which you control (this is also a good practice to avoid having your payments being tracked).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact