[Cryptography] quantum computers & crypto

Henry Baker hbaker1 at pipeline.com
Fri Oct 29 18:48:55 EDT 2021

-----Original Message-----
From: Phillip Hallam-Baker
Sent: Oct 28, 2021 2:18 PM
To: Joshua Marpet
Cc: Rodney Van Meter , cryptography at metzdowd.com List
Subject: Re: [Cryptography] quantum computers & crypto
On Thu, Oct 28, 2021 at 1:21 PM Joshua Marpet wrote:
Not a comment on the engineering aspects, but the social aspects here. I literally just (yesterday) had a conversation with a financial institution about this. They have a firm that does periodical updates to them of "what's coming", and they were told that in 2022, they better have budget for quantum decryption defense. Otherwise, they're behind the curve!! 
I straight up facepalmed, and gave them my best understanding of the whole picture. I told them until NIST finishes with at least the third round of Post Quantum Cryptography (PQC) algorithms, don't freak out. We went over IBM, D-Wave, et al. I explained their priority should be much more focused on ransomware, rather than PQC, for at least the next year or so.
I am seeing the exact same argument being made with respect to 'Small Modular Reactors', that is fission reactors as the 'solution' to global warming. Only people have been designing those things since I was doing nuclear physics in the 1980s.
I am pretty sure that the sudden resurgence of what is not a new idea is due to intense lobbying from the oil and gas companies. Because the best way to delay action on global warming is to insist on diverting as much effort as possible into a technology that won't be ready for deployment until 2035 at the earliest and there is absolutely no reason to believe they are going to be cheaper than existing alternatives [*].
Even back in the DES days, we used to point out that if 56 bit DES was in fact the weakest link in your system, your systems were exceptionally secure. Quantum cryptanalysis is going to be something to worry about at some point. But it is not a show stopper today unless you are dealing with really sensitive documents and face a nation state level adversary.
I am not even sure the NIST competition is relevant either since even if we had an encryption algorithm, we still need the key infrastructure to support it. It doesn't look like we are getting a signature scheme out of that either.
If someone gives me $5 mil a year for five years, I think I could extend the Mesh to do the necessary. But that would be basic research and I think I would be focusing largely on using symmetric schemes to reinforce PKI and using as little quantum secure key exchange as possible.
[*] Digression, the problem with small modular reactors is that the designers didn't build the reactors big on a whim. There are economies of scale. Certain costs scale linearly with the diameter of the reactor, other costs and power output scales with the square of diameter. So when you do the cost breakdown, the one off cost per MW of a 2.3 GW reactor like Hinkley C ends up being substantially less than the cost for a 60MW reactor like pebble bed.
Ah! but! shrieks the proponent, production costs decrease with scale!!!
Yes they do but nowhere near as quickly enough as needed to make small reactors affordable. Each reactor is still an incredibly complicated machine with many different sub systems. A 15MW Haliade-X Wind turbine is just an electric motor with blades on a stick. It is a really big motor on a really big stick but there is already an order book for a thousand of them and competition between multiple manufacturers.
Bottom line is that there will be a 60MW wind turbine before the first small modular reactor design is ready to start production and it will have vastly fewer moving parts, and be much cheaper to build, install and operate than the small modular reactor.
But France and the UK are both pouring money into building Small Modular Reactors and you can see the palatial headquarters planned for the UK effort on the Web. Building a palatial headquarters before a single product design is complete...
Henry Baker replies:
This is completely off-topic, but I've wondered for years why no one has been building
small *floatable*, *towable* nuclear power stations. The biggest costs are *custom*
construction, so having an *assembly line* to build small nukes that can be ocean-towed
to location, and where they have a ready supply of cooling water in the form of ocean access.
If these things are small enough, they could even be towed up many rivers, so they could
be installed in almost everywhere where one might want to have a nuclear power plant.
If electricity isn't the major interest, one could 'store' electricity in the form of metallic
aluminum, metallic magnesium, compressed hydrogen, desalinated water, or (gasp!)
The other advantage is that when the power plant becomes obsolete, one simply tows
it somewhere else to dismantle or scuttle it, so that we don't have to look at it for the
next 1,000 years.

More information about the cryptography mailing list