[Cryptography] quantum computers & crypto

Joshua Marpet Joshua.Marpet at guardedrisk.com
Fri Oct 29 16:27:05 EDT 2021 

>
>
>
>
> >What “known good” would you roll back to in the face of QC?  Manual
> processing of paper checks?  Going to the teller window whenever you need
> cash?  We haven’t done that in 50 years.  Do you really think we could
> spool those >processes back up in a timely manner and scale them to the
> present world economy?
>

No, the tape backup from last week. quantum decryption does not destroy
technology. I think you are conflating quantum decryption and a solar
flare.

>
> >And how long do you think it would take to implement and deploy PQC if
> the industry was not already prepared for it?  How long do you think it
> would take to roll back the millions upon millions of fraudulent
> transactions that likely would >have been executed before someone pulled
> the breaker?  Remember, the scenario we are talking about here is a
> potential global compromise of all banking credentials.  The attack would
> take the form of transactions that are >indistinguishable from legitimate
> ones except by humans and the only way to stop it would be to shut down the
> entire system.  That decision would have to be made by humans.
>
> About a week. Deploying new algorithms happens on a regular basis now.
It's a bit of a PITA, but really, it's not a big deal. That's to deploy PQC
resistant algorithms. To roll back transactions? About a week. And the
breakers would get pulled in a day, not a week.

>
> >Just look at what is happening to the supply chain right now as a result
> of the pandemic.  If QC takes us by surprise it will be vastly worse.  The
> entire world economy be brought to an instant screeching halt.  ATMs and
> credit cards will >stop working.  Grocery store and gas station lines will
> come to an instant halt.  Bank accounts will be drained by the millions.
>

 cash will be a problem. Very few transactions, from a global perspective,
are cash used in. The bits will be fixed by means of these things we are
using now, Keyboards. It will be a problem. a BIG problem. I said that, I
believe. I don't think it is world-ending, or nearly so, and I don't think
it is the same type of issue as PHYSICAL goods being caught because truck
drivers are not available to move goods.

>
> >If you don’t think that has the potential to end civilization then I
> don’t think you have grasped the magnitude of the threat.
>

And I think you're hysterically funny. :) Sorry, I just don't believe it.
And I'm normally the paranoid one. Maybe I'm wrong. I hope I'm right, and
you're wrong. I guess we'll find out.

>
> >(Of course, the most likely scenario is not doomsday but global
> extortion, but that assumes that the QC is in the hands of a rational
> actor.  And I personally don’t take a lot of comfort from that.)
>
This is a plausible scenario, the extortion thing.  We deal with extortion
all the time now. Frankly, it's normal course of business these days.
Soooo. No biggie.

>
>
> >3-5 years is not very long when it comes to infrastructure on the scale
> of the world’s banking system.  Swipe authorization is still in use today,
> over 25 years after chip cards were first deployed.  Paper checks are still
> in use 2000 years >after they were first invented.  The financial industry
> moves very, very slowly, mostly with good reason.
>
> Now this I agree on. But the good news is that banks don't have to do a
damn thing. Their vendors, of HSM's, and routers, and PKCS#11 modules, etc
etc etc, will have to work pretty hard to make sure that their stuff uses
the NIST standard algorithms that are going to come out of the work already
being done. All the banks and financial institutions will have to do?
Update their systems and test them. This is not a banking issue. This is a
technology issue, wherein banks will just have to lean on and depend on
their vendors.

Ron, I'm not trying to argue with you. But I think you're really freaked
out about this, and I don't think it's worth freaking out about right now.
Breathe, and let's see what happens over the next say, three years?  If
you're right, I owe you a steak dinner. If I'm right, dinner's on you, ok?
(Mind you, I win either way!!! If I'm wrong, and you're 100% right, there
will be no good steakhouses left in the vast wastelands!!!) :D
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20211029/7c8b5625/attachment.htm>

More information about the cryptography mailing list