The Register: IBM puts NIST’s quantum-resistant crypto to work in Z16 mainframe. https://go.theregister.com/feed/www.theregister.com/2022/07/27/z16_ibm_post_quantum_crypto/
Actual quantum computers don't exist yet. The cryptography to defeat them may already be here NIST pushes ahead with CRYSTALS-KYBER, CRYSTALS-Dilithium, FALCON, SPHINCS+ algorithms Thomas Claburn in San FranciscoTue 5 Jul 2022 // 22:36 UTC43 The US National Institute of Standards and Technology (NIST) has recommended four cryptographic algorithms for standardization to ensure data can be protected as quantum computers become more capable of decryption. Back in 2015, the NSA announced plans to transition to quantum-resistant cryptographic algorithms in preparation for the time when quantum computers make it possible to access data encrypted by current algorithms, such as AES and RSA. No one is quite sure when that may occur but it depends on the number of qubits – quantum bits – that a quantum machine can muster, and other factors, such as error correction. Researchers at Google and in Sweden last year suggested it should be possible to factor a 2,048-bit integer in an RSA cryptosystem in about eight hours, given a 20 million-qubit quantum computer. Researchers in France claim it should be possible to factor 2,048-bit RSA integers in 177 days with 13,436 qubits and multimode memory. Current quantum computers have orders of magnitude fewer qubits than they need to be cryptographically relevant. IBM recently unveiled a 127-qubit quantum processor. The IT giant says it is aiming to produce a 1,000-qubit chip by the end of 2023 and its roadmap places machines of more than 1 million qubits in an unidentified time period. The Jülich Supercomputing Center (JSC) and D-Wave Systems have a 5,000-qubit machine. Not all qubits are equal however. The JSC/D-Wave machine relies on a quantum annealing processor and is adept at solving optimization problems. IBM's machine is gate-based, which is better suited for running Shor's algorithm to break cryptography.I n any event, the expectation is that quantum computers, eventually, will be able to conduct practical attacks on data protected using current technology – forcibly decrypt data encrypted using today's algorithms, in other words. Hence, the
