quantum chip built

John Denker jsd at av8n.com
Fri Jan 13 10:17:55 EST 2006

alex at alten.org wrote:
> From what I understand simple quantum computers can easily brute-force attack RSA keys or other
> types of PK keys.  

My understanding is that quantum computers cannot "easily" do anything.

As the saying goes:
     "We can factor the number 15 with quantum computers. We can also
      factor the number 15 with a dog trained to bark three times."
                 --- Robert Harley, 5/12/01, Sci.crypt.

Scaling up a quantum computer to handle numbers much larger than 15 will
not be done "easily".

> Is ECC at risk too?  And are we at risk in 10, 20 or 30 years from now?

I can't say for sure.  There /might/ be a radical breakthrough in
quantum cryptanalysis tomorrow.  But I doubt it.  There is a comparably
small likelihood of a breakthrough in _classical_ (i.e. non-quantum)
cryptanalysis tomorrow.

To put this in context:  In the world there are incomparably more RSA
keys that are vulnerable to classical cryptanalytic attack than are
vulnerable to quantum attack.  As a specific example, a 30-digit RSA
key could be easily brute-forced by classical methods, but will not
be vulnerable to quantum-computer chips for many years.  (Of course
I exclude the case where you attach a quantum-computer chip to the
front of your PC using crazy glue and market the combination as a
quantum computer.)

To put cryptanalysis in context:  A person skilled in the art should
be able to create RSA keys and/or ECC keys with a 10-year lifetime
such that the risk of mathematical cryptanalysis is negligible compared
to the risk of "practical" cryptanalysis, e.g. bribery, rubber-hose
techniques, etc. applied to authorized keyholders.  I'm not saying
the risk is zero, just negligible compared to other risks.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list