this post was submitted on 13 Oct 2024

103 points (80.8% liked)

Technology

58678 readers

3904 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

[email protected]

103

Chinese scientists hack military grade encryption on quantum computer: paper (www.scmp.com)

submitted 3 days ago by [email protected] to c/[email protected]

32 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 60 points 3 days ago (5 children)

I love how it did not at all explain what they broke. It mentioned "rectangle"? Whats that? How does it have any relation to AES? Because AES is NOT vulnerable to quantum computing. Did they get the key by knowing the ciphertext and the original data?

[–] [email protected] 24 points 3 days ago (1 children)

It'd be nice if it, you know, linked to the actual paper. The article reads like it was written by someone who knows cryptography words but had no clue what they mean.

[–] [email protected] 10 points 3 days ago

It was probably written by these fancy autocomplete things.

[–] [email protected] 17 points 3 days ago* (last edited 3 days ago) (4 children)

Because AES is NOT vulnerable to quantum computing.

I have not been following the quantum computing attacks on cryptography, so I'm not current here at all.

I can believe that current AES in general use cannot be broken by existing quantum computers.

But if what you're saying is that AES cannot be broken by quantum computing at all, that doesn't seem to be what various pages out there say.

https://crypto.stackexchange.com/questions/6712/is-aes-256-a-post-quantum-secure-cipher-or-not

Is AES-256 a post-quantum secure cipher or not?

The best known theoretical attack is Grover's quantum search algorithm. As you pointed out, this allows us to search an unsorted database of n entries in n−−√ operations. As such, AES-256 is secure for a medium-term against a quantum attack, however, AES-128 can be broken, and AES-192 isn't looking that good.

With the advances in computational power (doubling every 18 months), and the development of quantum computers, no set keysize is safe indefinitely. The use of Grover is just one of the gigantic leaps.

I would still class AES as quantum resistant, so long as the best-known attack is still some form of an exhaustive search of the keyspace.

[–] [email protected] 8 points 3 days ago (1 children)

All we need to do to make AES secure is double the size of the key. That's it.

[–] [email protected] 4 points 2 days ago

And fix the fact that it’s really hard to implement without gaping side channel vulnerabilities, but that’s not really a quantum computer problem.

[–] [email protected] 6 points 3 days ago (2 children)

Bump AES to a min 1024 and you buy time.

[–] [email protected] 7 points 3 days ago

Technically correct. You would buy time well past the end of the universe. Advances in either quantum or conventional computers would not change this. There are theoretical limits at play.

Now, maybe you can find a way to substantially reduce the difficulty of breaking it over brute force. Cryptographers have been trying to break AES for 30 years now and haven't found one that does more than marginal improvement. But it's possible.

[–] [email protected] 0 points 2 days ago* (last edited 2 days ago)

How big are your packets at that point? Seems like you're steadily clogging up your web traffic and setting yourself up for disruption vulnerability down the line if your only response is to inflate the size of every message.

It's not enough to simply have your data be secure. You need it to be reliable. And larger packets require more bandwidth which means more robust hardware and more reliable transmission equipment. Also cuts into the viability of stealthy communications if you know the minimum transmission size of your adversary.

[–] [email protected] 1 points 2 days ago

Interesting. I know things like SimpleX use padding to force each message block to be a multiple of 16KB

[–] [email protected] 3 points 3 days ago (3 children)

Then why are hashes secure?

[–] [email protected] 3 points 2 days ago

Hahses don't use encryption

[–] [email protected] 6 points 3 days ago* (last edited 3 days ago) (1 children)

I'm not sure I follow. Could you expand on that?

EDIT: Wikipedia says this:

https://en.wikipedia.org/wiki/Post-quantum_cryptography

In contrast to the threat quantum computing poses to current public-key algorithms, most current symmetric cryptographic algorithms and hash functions are considered to be relatively secure against attacks by quantum computers.[2][11] While the quantum Grover's algorithm does speed up attacks against symmetric ciphers, doubling the key size can effectively block these attacks.[12] Thus post-quantum symmetric cryptography does not need to differ significantly from current symmetric cryptography.

The citation there is from a 2010 paper, which is old and is just saying that this is believed to be the case.

This page, a year old, says that it is believed that the weakening from use of Grover's algorithm is not sufficient to make AES-128 practically breakable, and that at some point in recent years it was determined that the doubling was not necessary.

https://crypto.stackexchange.com/questions/102671/is-aes-128-quantum-safe

Keeping in mind that I am about twenty years behind the current situation and am just skimming this, it sounds like the situation is that one cannot use an attack that previously had been believed to be a route to break some shorter key length AES using quantum computing, so as things stand today, we don't know of a practical route to defeat current-keylength AES using any known quantum computing algorithm, even as quantum computers grow in capability.

[–] [email protected] 2 points 3 days ago (1 children)

Oh so both hashes and synmetric cryptography are secure entirely by doubling up the key size. Interesting.

You know way more than I do.

[–] [email protected] 3 points 3 days ago* (last edited 3 days ago)

Oh so both hashes and synmetric cryptography are secure entirely by doubling up the key size.

That's not my understanding, which is that it's more-secure than that and doesn't require the doubling. Assuming the pages I linked are correct and that the understanding of them from my skim is correct, both of which may not be true:

About a decade-and-a-half ago, it was believed that AES of existing key lengths could be attacked via a known quantum algorithm -- Grover's algorithm -- using future quantum computers. However, the weakness induced was not sufficient to render AES of all key lengths practically vulnerable. it would be viable to simply increase key lengths, not redesign AES, sufficient to make it not attackable via any kind of near-future quantum computers.
At some point subsequent to that, it was determined that this attack would not be practical, even with the advance of quantum computers. So as things stand, we should be able to continue using AES with current keylengths without any kind of near-future quantum computer posing a practical risk.

Take all that with a huge grain of salt, as I'm certainly not well-versed in the state of quantum cryptography, and I'm just summarizing a few webpages which themselves may be wrong. But if it's correct, you were right originally that there aren't going to be near-term practical attacks on AES from the advance of quantum computing, not from any presently-known algorithm, at least.

[–] [email protected] 1 points 3 days ago (2 children)

Because you cannot reverse a hash. Information is lost from the result.

[–] [email protected] 4 points 3 days ago* (last edited 3 days ago)

So, I haven't read up on this quantum attack stuff, and I don't know what Kairos is referring to, but setting aside quantum computing for the moment, breaking a cryptographic hash would simply require being able to find a hash collision, finding another input to a hash function that generates the same hash. It wouldn't require being able to reconstitute the original input that produced the hash. That collision-finding can be done -- given infinite conventional computational capacity, at any rate -- simply from the hash; you don't need additional information.

[–] [email protected] 2 points 3 days ago

Nobody is wanting to make a magical algorithm that gets the input to the hash.

I mean, there's provably at least one person who does, but there are infinite inputs that lead to the same hash.

Breaking a hash is being able to easily create new input data that leads to the same hash (with or without the constraint of needing the original input data)

[–] [email protected] 13 points 3 days ago (2 children)

Yeah, appears propaganda-y, they even mention that "Despite the slow progress in general-purpose quantum computing, which currently poses no threat to modern cryptography", very weird. Supposedly used Canadian technology.

[–] [email protected] 7 points 3 days ago

Canadian technology? So they politely asked for the private key then

[–] [email protected] 5 points 3 days ago (1 children)

Perhaps it's: military grade (40 years ago)

[–] [email protected] 2 points 2 days ago

They asked AI to crack DES lol

[–] [email protected] 2 points 2 days ago (1 children)

There's Grover's algorithm which can help in cracking the key.

https://crypto.stackexchange.com/questions/6712/is-aes-256-a-post-quantum-secure-cipher-or-not#7869

Regardless, everything sane uses 256 bit AES. Should be ok for now.

[–] [email protected] 2 points 2 days ago (1 children)

AES works with a shared key. This won't work when you want to have an encrypted connection with a webshop (how would you get the key over there in a secure way?). For this you have asynchronous key algorithms such as RSA en ECDH. These algorithms can make a secure connection without anything preshared. Usually this is used to compute a shared key and then continue over AES. These asynchronous algorithms are at risk of being cracked with quantum computers.

[–] [email protected] 1 points 1 day ago

My point is that AES isn't untouched by quantumn computing. We now have quantumn safe asymmetric key encryption, too.

Grover's algorithm gives broad asymptotic speed-ups to many kinds of brute-force attacks on symmetric-key cryptography.

Source: https://en.m.wikipedia.org/wiki/Grover's_algorithm#Cryptography

[–] [email protected] 1 points 3 days ago* (last edited 3 days ago) (1 children)

You attack kex, so dh or rsa (ie shors) , which we're moving away from (very slowly).

Ecc is better for similar keylengths, but you need lattice to really resist quantum.

My guess they hit old rsa, still a standard but being deprecated everywhere.

You can't really hit the sboxes, they're just this side of otp.

Key exchange is mostly discrete logarithm, ie you use modulo to hide/destroy data making it hard for anyone to figure it out without guessing wildly.

[–] [email protected] 1 points 3 days ago (1 children)

The article says they hit AES, which doesn't make much sense. Block ciphers aren't vulnerable to QC in the same way as public key crypto. Even so far as Grover's Algorithm would help at all, it's far from being practical.

[–] [email protected] 1 points 2 days ago

In many cases the key exchange (kex) for symmetric ciphers are done using slower asymmetric ciphers. Many of which are vulnerable to quantum algos to various degrees.

So even when attacking AES you'd ideally do it indirectly by targeting the kex.