NIST Starts Planning for Post-Quantum Cryptography – Schneier on Security

Quantum computers will break easily many popular encryption systems, so we need something new.


  1. Tomi Engdahl says:

    Google Is Working To Safeguard Chrome From Quantum Computers

    Quantum computing could potentially someday be used to retroactively break any communications that were encrypted with today’s standard encryption algorithms. Google realizes this, and hence, is ensuring that it doesn’t happen. Today, it announced that it has begun to deploy a new type of cryptography called the New Hope algorithm in its Chrome Canary browser that is designed to prevent such decryption attacks.

    Google is working to safeguard Chrome from quantum computers
    Using software called the New Hope algorithm

    Google is working on safeguarding Chrome against the potential threat of quantum computers, the company announced today. It’s doing so by implementing post-quantum cryptography in an experimental version of the browser. While there exist hardware defenses against the vastly superior computing power of quantum machines, Google is using a new so-called post-quantum key-exchange algorithm. This software, called the New Hope algorithm, is enabled in Chrome Canary, a kind of testing ground for new browser technology, on only a small number of connections between the browser and Google servers.

    Although quantum computers of this variety are only small and experimental at this stage, Google is taking precautions for the worst case scenario. “While they will, no doubt, be of huge benefit in some areas of study, some of the problems that they [quantum computers] are effective at solving are the ones that we use to secure digital communications,” writes Matt Braithwaite, a Google software engineer, in a blog post. “Specifically, if large quantum computers can be built then they may be able to break the asymmetric cryptographic primitives that are currently used in TLS, the security protocol behind HTTPS.” In other words, quantum computers could undermine the security of the entire internet.

    Google Tests New Crypto in Chrome to Fend Off Quantum Attacks

    For anyone who cares about Internet security and encryption, the advent of practical quantum computing looms like the Y2K bug in the 1990s, a countdown to an unpredictable event that might just break everything. The concern: hackers and intelligence agencies could use advanced quantum attacks to crack current encryption techniques and learn, well, anything they want. Now Google is starting the slow, hard work of preparing for that future, beginning with a web browser designed to keep your secrets even when they’re attacked by a quantum computer more powerful than any the world has seen.

    No Quantum Secrets?

    “The reason we’re doing this experiment is because the possibility that large quantum computers could be built in the future is not zero. We shouldn’t panic about it, but it could happen,” says Google security engineer Adam Langley. Google’s also considering the possibility that sophisticated eavesdroppers could record scrambled secrets now and then crack them with techniques developed years or even decades later. For many ubiquitous forms of crypto including many forms of the TLS or SSL encryption protecting our web browsing, that would mean “any information encrypted today could be decrypted in the future by a quantum computer,” Langley says.

    Post-quantum key exchange – a new hope

  2. Tomi Engdahl says:

    Quantum Computing’s Threat to Current Cryptosystems

    The computers and communication systems we use today rely on cryptographic systems commonly based on factoring large numbers or finding discrete logarithms. Both these methods are secure because conventional computers lack the sheer computational power needed to break them. For example, a recent factoring for RSA with a long key was RSA-220 (220 decimal digits, or 729 bits), which took an estimated 370 CPU years. The largest published factoring to date was 768 bits long, equivalent to only 64-bits of security, slightly better security than single-DES. With conventional computers, efforts to break these systems will continue to take a significant amount of time and energy.

    A sufficiently powerful quantum computer will easily defeat modern encryption systems through known attacks, nearly instantly. The National Institute of Standards and Technology (NIST) reported in April 2016 that researchers estimate that in the near future, it would be possible to build a quantum computer capable of breaking a 2048-bit RSA cryptosystem in a matter of hours.

    It’s generally agreed that quantum computers promise to render current cryptographic systems obsolete. What’s worse, the period in which this promise might be realized is relatively short.

    Report on Post-Quantum Cryptography


Leave a Comment

Your email address will not be published. Required fields are marked *