[Cryptography] quantum computers & crypto

[Phillip Hallam-Baker]

On Thu, Oct 28, 2021 at 1:21 PM Joshua Marpet <Joshua.Marpet at guardedrisk.com>
wrote:

> Not a comment on the engineering aspects, but the social aspects here. I
> literally just (yesterday) had a conversation with a financial institution
> about this. They have a firm that does periodical updates to them of
> "what's coming", and they were told that in 2022, they better have budget
> for quantum decryption defense. Otherwise, they're behind the curve!!
>
> I straight up facepalmed, and gave them my best understanding of the whole
> picture. I told them until NIST finishes with at least the third round of
> Post Quantum Cryptography (PQC) algorithms, don't freak out. We went over
> IBM, D-Wave, et al. I explained their priority should be much more focused
> on ransomware, rather than PQC, for at least the next year or so.
>

I am seeing the exact same argument being made with respect to 'Small
Modular Reactors', that is fission reactors as the 'solution' to global
warming. Only people have been designing those things since I was doing
nuclear physics in the 1980s.

I am pretty sure that the sudden resurgence of what is not a new idea is
due to intense lobbying from the oil and gas companies. Because the best
way to delay action on global warming is to insist on diverting as much
effort as possible into a technology that won't be ready for deployment
until 2035 at the earliest and there is absolutely no reason to believe
they are going to be cheaper than existing alternatives [*].

Even back in the DES days, we used to point out that if 56 bit DES was in
fact the weakest link in your system, your systems were
exceptionally secure. Quantum cryptanalysis is going to be something to
worry about at some point. But it is not a show stopper today unless you
are dealing with really sensitive documents and face a nation state level
adversary.

I am not even sure the NIST competition is relevant either since even if we
had an encryption algorithm, we still need the key infrastructure to
support it. It doesn't look like we are getting a signature scheme out of
that either.

If someone gives me $5 mil a year for five years, I think I could extend
the Mesh to do the necessary. But that would be basic research and I think
I would be focusing largely on using symmetric schemes to reinforce PKI and
using as little quantum secure key exchange as possible.



[*] Digression, the problem with small modular reactors is that the
designers didn't build the reactors big on a whim. There are economies of
scale. Certain costs scale linearly with the diameter of the reactor, other
costs and power output scales with the square of diameter. So when you do
the cost breakdown, the one off cost per MW of a 2.3 GW reactor like
Hinkley C ends up being substantially less than the cost for a 60MW reactor
like pebble bed.

Ah! but! shrieks the proponent, production costs decrease with scale!!!

Yes they do but nowhere near as quickly enough as needed to make small
reactors affordable. Each reactor is still an incredibly complicated
machine with many different sub systems. A 15MW Haliade-X Wind turbine is
just an electric motor with blades on a stick. It is a really big motor on
a really big stick but there is already an order book for a thousand of
them and competition between multiple manufacturers.

Bottom line is that there will be a 60MW wind turbine before the first
small modular reactor design is ready to start production and it will have
vastly fewer moving parts, and be much cheaper to build, install and
operate than the small modular reactor.

But France and the UK are both pouring money into building Small
Modular Reactors and you can see the palatial headquarters planned for the
UK effort on the Web. Building a palatial headquarters before a single
product design is complete...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20211028/f203f5cc/attachment.htm>