quantum chip built
John Denker
jsd at av8n.com
Fri Jan 13 10:17:55 EST 2006
alex at alten.org wrote:
> From what I understand simple quantum computers can easily brute-force attack RSA keys or other
> types of PK keys.
My understanding is that quantum computers cannot "easily" do anything.
As the saying goes:
"We can factor the number 15 with quantum computers. We can also
factor the number 15 with a dog trained to bark three times."
--- Robert Harley, 5/12/01, Sci.crypt.
Scaling up a quantum computer to handle numbers much larger than 15 will
not be done "easily".
> Is ECC at risk too? And are we at risk in 10, 20 or 30 years from now?
I can't say for sure. There /might/ be a radical breakthrough in
quantum cryptanalysis tomorrow. But I doubt it. There is a comparably
small likelihood of a breakthrough in _classical_ (i.e. non-quantum)
cryptanalysis tomorrow.
To put this in context: In the world there are incomparably more RSA
keys that are vulnerable to classical cryptanalytic attack than are
vulnerable to quantum attack. As a specific example, a 30-digit RSA
key could be easily brute-forced by classical methods, but will not
be vulnerable to quantum-computer chips for many years. (Of course
I exclude the case where you attach a quantum-computer chip to the
front of your PC using crazy glue and market the combination as a
quantum computer.)
To put cryptanalysis in context: A person skilled in the art should
be able to create RSA keys and/or ECC keys with a 10-year lifetime
such that the risk of mathematical cryptanalysis is negligible compared
to the risk of "practical" cryptanalysis, e.g. bribery, rubber-hose
techniques, etc. applied to authorized keyholders. I'm not saying
the risk is zero, just negligible compared to other risks.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list