quantum chip built

[John Denker]

alex at alten.org wrote:
> From what I understand simple quantum computers can easily brute-force attack RSA keys or other
> types of PK keys.  

My understanding is that quantum computers cannot "easily" do anything.

As the saying goes:
     "We can factor the number 15 with quantum computers. We can also
      factor the number 15 with a dog trained to bark three times."
                 --- Robert Harley, 5/12/01, Sci.crypt.

Scaling up a quantum computer to handle numbers much larger than 15 will
not be done "easily".

> Is ECC at risk too?  And are we at risk in 10, 20 or 30 years from now?

I can't say for sure.  There /might/ be a radical breakthrough in
quantum cryptanalysis tomorrow.  But I doubt it.  There is a comparably
small likelihood of a breakthrough in _classical_ (i.e. non-quantum)
cryptanalysis tomorrow.

To put this in context:  In the world there are incomparably more RSA
keys that are vulnerable to classical cryptanalytic attack than are
vulnerable to quantum attack.  As a specific example, a 30-digit RSA
key could be easily brute-forced by classical methods, but will not
be vulnerable to quantum-computer chips for many years.  (Of course
I exclude the case where you attach a quantum-computer chip to the
front of your PC using crazy glue and market the combination as a
quantum computer.)

To put cryptanalysis in context:  A person skilled in the art should
be able to create RSA keys and/or ECC keys with a 10-year lifetime
such that the risk of mathematical cryptanalysis is negligible compared
to the risk of "practical" cryptanalysis, e.g. bribery, rubber-hose
techniques, etc. applied to authorized keyholders.  I'm not saying
the risk is zero, just negligible compared to other risks.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com