On Fri, Nov 10, 2017 at 1:45 PM, Yuraeitha <[email protected]> wrote:
> Either way, cryptography protected by "structure", should be safe against a > quantum computer, no? while all encryption without structure, would be > extremely vulnerable to quantum computers? I am not sure what you mean by "structure" in this context. If any of my guesses are correct, then I do not think that is the issue. > Basically, long story short, is Qubes at risk in the near future of real > quantum computing decryption attacks? For example, has there already gone > thoughts or even development into securing Qubes against type of attacks like > these? I'm on several crypto mailing lists & follow the field fairly closely, though I would not claim to understand everything I read, let alone everything going on. As far as I can see, more-or-less everyone in the field agrees quantum computers are a serious threat in the long term, but no-one is much worried about threats in the next few years. Of course they could be wrong; neither AI researchers nor Go players thought a program that could win against top human players would turn up for decades, but then Google produced Alpha Go which did just that. A real paranoid would worry about whether some government lab already had a quantum computer capable of breaking a lot of crypto; my guess is that is not a realistic fear, but who knows? The most worrisome threat is that a large enough (a few thousand q-bits) quantum machine breaks RSA public key encryption. RSA relies on sufficiently large semi-primes (products of two primes) being hard to factor. See https://en.wikipedia.org/wiki/Integer_factorization for background. There are about a dozen known methods for finding the factors, but on classical computers none that are efficient in the general case. On a quantum computer, though, there is a known efficient algorithm https://en.wikipedia.org/wiki/Shor%27s_algorithm so a big enough quantum machine breaks RSA. That is a huge threat since RSA is very widely used. PGP, IPsec, Secure DNS, SSL & SSH (or at least most variants) all fall if RSA does. There are other public key methods that might replace RSA, but it is not clear they are safe either. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CACXcFmkqCY1tPn21bnKKYGnzVBrUyOpFshKutJxg%2BswMWn97Tg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
