美國正在如何為量子未來作準備
How the U.S. is Preparing for a Quantum Future
How the U.S. is Preparing for a Quantum Future
JULY 25, 2018
One of the groups that contacted me was the National Institute of Standards and Technology. The agency wanted to assure me that right now, as far as it is known, AES-256 should be enough to protect government data even as quantum computers evolve. NIST has been studying this issue, and released their findings in the NISTIR 8105 report. NIST’s paper breaks down cryptographic systems into two main types, the public key systems used to protect things like webpages, and the symmetric key systems, like AES, which protects much of the government’s data.
The paper states that “the construction of a large-scale quantum computer would render many of these public key cryptosystems insecure. In particular, this includes those based on the difficulty of integer factorization, such as RSA, as well as ones based on the hardness of the discrete log problem. In contrast, the impact on symmetric key systems will not be as drastic.”
The reason why symmetric key systems should remain secure is that it may not be possible to speed up tools like Grover’s algorithm used to crack encryption. The report specifies that, “We don’t know that Grover’s algorithm will ever be practically relevant, but if it is, doubling the key size will be sufficient to preserve security. Furthermore, it has been shown that an exponential speedup for search algorithms is impossible, suggesting that symmetric algorithms and hash functions should be usable in a quantum era.”
In other words, even if quantum computers are able to speed up the cracking process for symmetric encryption, doubling the size of the key is always an option to reset the playing field.
A public-sector scientist working on quantum computers also contacted me, and although he was not authorized to speak publicly on the subject, he said that it’s well-known among quantum scientists when encryption levels will be broken, as it’s based on the size of the quantum machine. “So far, quantum computers have not produced a dramatic change in the crypto situation,” he said. “However, when we get to 110-qbit machines, reading DES will be as easy as reading plain text. The 192-qbit machines will do the same thing to AES-128, and so on.”
沒有留言:
發佈留言