Hash. Any digital message can be transformed to a 32-byte hash. It is believed that no one will ever find two messages with the same hash.
Public key pairs. A 32-byte private key can be converted to a 32-byte public key. No one can invert the operation.
Signature. A private key and a message hash can be signed to a 64-byte signature. The public key can verify the signature. No one can forge the signature without the private key.
Encryption. A 32-byte secret key can encrypt an arbitrary digital message. No one can decrypt without the secret key.
Key agreement. Two public key pairs can be combined to give a 32-byte shared secret, using the private key of one and the public key of the other. Both ways give you the same shared secret. No one can get it from just the public keys.
These functions are quite efficient and underlie the security of nearly everything on the internet today, notably https and ssh. They also underlie Bitcoin. There is broad agreement that they cannot be cracked with conventional Turing computers for the foreseeable future. There are widely available free libraries to do all these things.
Quantum computers threaten the public keys, making it possible to deduce the private key. Google predicts this will happen on what they call Q-Day, maybe as early as 2029. I doubt it will ever happen.
There are post-quantum public key pairs that are resistent to quantum algorithms, but they are much bigger and not as well tested.
Microsoft and Google are hard at work replacing their public key pairs with post-quantum ones. Some high-value targets want to switch now, because of the possibility that transmissions are being recorded now so that the Chinese can decrypt ten years from now. For a typical user ordering an online product, this is not a concern.
This reminds me a little about how IPv6 was designed to replace IPv4 internet protocol in 1998. Most of you reading this are probably still using IPv4. The reasons for change are different, but it shows how the networks are slow to change, if the old system is working just fine.
Roger,
ReplyDeleteWhen I studied telecommunications in college we quickly encountered the entire IPv4 vs IPv6 internet protocol dilemma. Our teacher was a wise gentleman who allowed us to foolishly rush in with out technological progressive zeal, then asked us to pause before he revealed the underlying reality holding IPv6 back.
IPv6 has many many more IP addresses which is what everyone wants, but the cost of that address space is the size of your data packets. IPv4 is 32 bits. IPv6 is 128 bits, so it requires four times as many bits to encode the exact same amount of information. Think about this, it is a calculus problem that everyone in computer science learns. The more address space (memory) you want, the larger the data bit size becomes, so there is a point where your data size overtakes your increased memory capacity and you actually start shrinking how much data you can store. At the time we were studying this, the internet had many places where there were not optic fiber cables laid yet. The reality of network speed is always determined by the slowest link in the chain, so if you had parts of your infrastructure that were much slower, you were limited to that rate of data transfer. Until more of the data networks were fiber optic, IPv6 was simply not possible, as to quadruple the data throughput being pushed around on the old networks would completely overload them to a stand still, the equivalent of a Denial of Service cyber attack.
Instead of IPv6, I think it would have made more sense to make a minor extension on IPv4. Maybe an ip address could be an IPv4 4-byte address, or one with an optional extra byte. I think they wanted every object on Earth to be independently addressable.
ReplyDeleteThat is the case Roger, the manufacturers at the time wanted every last toaster, oven, refrigerator, and coffee pot to have an IP address.
ReplyDeleteI think some of the zeal in online appliances has dimmed somewhat since then.
The plain fact remains that Hidden Subgroup problems(integer factorization, discrete logarithm, etc) remain some of the most secure algorithms to provide a basis for ciphers known and have a long track record of security. This headlong rush to some ill-conceived "post quantum" cipher might sound good, but carries with it substantial risk of unknown flaws, as all new ciphers do. In light of this, the proper thing to do is to do a risk-benefit analysis. The risk posed by a fundamentally unrealizeable "quantum computer" is far outweighed by the risk of rushing to replace solid ciphers with a stellar track record with totally unproven ciphers. I bet that THIS is what it's all about, when it's all said and done. They KNOW quantum computers area hoax,they just want to push backdoored "post quantum" ciphers to replace ciphers the powers that be have difficulty breaking right now (only side channel and MiTM attacks work).
ReplyDelete