I don’t know what he’s talking about, but maybe he’s saying that the US already has quantum computers capable of breaking modern cryptography, and that it’s time to move to Post Quantum Cryptography (PGC). The process is pretty far along:
Both sites mention “harvest now, decrypt later.” That’s an attack where someone could scoop up all the encrypted traffic/files/whatever, and just store it until quantum computers are effective at breaking it. Because of the nature of the topic nobody who knows for sure is going to say, but it’s not going to be cheap to replace all the crypto out there with PGC so there’s a reason to think there’s a need even if nobody will confirm anything. I personally think just the possibility of the attack is enough reason to move if the algorithms are already in place. If you’ve got encrypted data and you expected it to stay unreadable for hundreds of years, then there’s reason to think that’s not achievable right now.
Apparently the debate was more spirited than I thought. The argument appears to revolve around whether it’s OK to jump to the new stuff directly, or use a combination of the old and new.
Is any of these algorithms somewhat battle tested? Otherwise there is the risk of adopting an insecure algorithm. So I guess there is some risk both ways.
They’ve been beaten on enough that industry is moving forward. The advantage of knowing and being able to prove that the algorithms are insecure would be incalcuable, so groups who want to be able to break into systems aren’t going to volunteer the information. It’s to the benefit of everyone else that the algorithms be secure. The third section of that paper I linked does a pretty good job explaining the why and why now.
tl;dr: Smart people have dug into it, and we know what we’re going to know for now.
I don’t know what he’s talking about, but maybe he’s saying that the US already has quantum computers capable of breaking modern cryptography, and that it’s time to move to Post Quantum Cryptography (PGC). The process is pretty far along:
Both sites mention “harvest now, decrypt later.” That’s an attack where someone could scoop up all the encrypted traffic/files/whatever, and just store it until quantum computers are effective at breaking it. Because of the nature of the topic nobody who knows for sure is going to say, but it’s not going to be cheap to replace all the crypto out there with PGC so there’s a reason to think there’s a need even if nobody will confirm anything. I personally think just the possibility of the attack is enough reason to move if the algorithms are already in place. If you’ve got encrypted data and you expected it to stay unreadable for hundreds of years, then there’s reason to think that’s not achievable right now.
https://nist.pqcrypto.org/foia/20250114/djb pqc paper.pdf
Replying to myself here and including a link that just dropped:
Apparently the debate was more spirited than I thought. The argument appears to revolve around whether it’s OK to jump to the new stuff directly, or use a combination of the old and new.
I think this is how I can message people…
Is any of these algorithms somewhat battle tested? Otherwise there is the risk of adopting an insecure algorithm. So I guess there is some risk both ways.
They’ve been beaten on enough that industry is moving forward. The advantage of knowing and being able to prove that the algorithms are insecure would be incalcuable, so groups who want to be able to break into systems aren’t going to volunteer the information. It’s to the benefit of everyone else that the algorithms be secure. The third section of that paper I linked does a pretty good job explaining the why and why now.
tl;dr: Smart people have dug into it, and we know what we’re going to know for now.