Thanks Gym! ------- Original Message ------- On Wednesday, July 27th, 2022 at 3:52 PM, jim bell <[email protected]> wrote:
> The Register: IBM puts NIST’s quantum-resistant crypto to work in Z16 > mainframe. > https://go.theregister.com/feed/www.theregister.com/2022/07/27/z16_ibm_post_quantum_crypto/ > > Actual quantum computers don't exist yet. The cryptography to defeat them may > already be here > > NIST pushes ahead with CRYSTALS-KYBER, CRYSTALS-Dilithium, FALCON, SPHINCS+ > algorithms > > [Thomas Claburn in San > Francisco](https://www.theregister.com/Author/Thomas-Claburn)Tue 5 Jul 2022 > // 22:36 UTC > [43 [comment bubble on > white]](https://forums.theregister.com/forum/all/2022/07/05/nist_quantum_resistant_algorithms/) > --------------------------------------------------------------- > > The US National Institute of Standards and Technology (NIST) has recommended > four cryptographic algorithms for standardization to ensure data can be > protected as quantum computers become more capable of decryption. > > Back in 2015, the NSA [announced > plans](https://web.archive.org/web/20150905185709/https://www.nsa.gov/ia/programs/suiteb_cryptography/) > to transition to quantum-resistant cryptographic algorithms in preparation > for the time when quantum computers make it possible to access data encrypted > by current algorithms, such as AES and RSA. > > No one is quite sure when that may occur but it depends on the number of > qubits – quantum bits – that a quantum machine can muster, and other factors, > such as [error > correction](https://www.theregister.com/2020/12/09/quantum_computing_correction/). > > Researchers at Google and in Sweden last > year[suggested](https://quantum-journal.org/papers/q-2021-04-15-433/)it > should be possible to factor a 2,048-bit integer in an RSA cryptosystem in > about eight hours, given a 20 million-qubit quantum computer. Researchers in > France[claim](https://arxiv.org/abs/2103.06159)it should be possible to > factor 2,048-bit RSA integers in 177 days with 13,436 qubits and multimode > memory. > > Current quantum computers have orders of magnitude fewer qubits than they > need to be cryptographically relevant. IBM recently unveiled a 127-qubit > quantum processor. The IT giant says it is aiming to produce [a 1,000-qubit > chip](https://research.ibm.com/blog/ibm-quantum-roadmap) by the end of 2023 > and its roadmap places machines of more than 1 million qubits in an > unidentified time period. The Jülich Supercomputing Center (JSC) and D-Wave > Systems have [a 5,000-qubit > machine](https://www.fz-juelich.de/en/news/archive/press-release/2022/2022-01-17-juniq-europes-first-quantum-computer-with-5000-qubits). > > Not all qubits are equal however. The JSC/D-Wave machine relies on a quantum > annealing processor and is adept at solving optimization problems. IBM's > machine is gate-based, which is better suited for running Shor's algorithm to > break cryptography.I > > n any event, the expectation is that quantum computers, eventually, will be > able to conduct practical attacks on data protected using current technology > – forcibly decrypt data encrypted using today's algorithms, in other words. > Hence, the
