Research in quantum computers is advancing quickly and researchers recently claimed to have reached quantum supremacy, in other words, the ability of quantum computers to perform a calculation out of reach of even the most powerful classical supercomputers.

However, any claims that quantum computers are close to cracking any practically used cryptosystems are highly exaggerated. Such powerful quantum computers are very likely several decades away, if indeed they will ever be built. Many significant technical advances are still required before a large-scale, practical quantum computer can be achieved, and some commentators even doubt whether such a scenario will ever be possible.

What we do know, however, is that large-scale cryptography-breaking quantum computers are highly unlikely to develop during the next decade. Yet, in spite of this, systems which need very long-term protection such as government systems with classified information or root certificates with very long lifetimes must nevertheless start preparing to replace todays asymmetric algorithms.

In traditional cryptography, there are two forms of encryption: symmetric and asymmetric.

Most of today's computer systems and services such as digital identities, the Internet, cellular networks, and crypto currencies use a mixture of symmetric algorithms like AES and SHA-2 and asymmetric algorithms like RSA (Rivest-Shamir-Adleman) and elliptic curve cryptography.

The asymmetric parts of such systems would very likely be exposed to significant risk if we experience a breakthrough in quantum computing in the coming decades.

In anticipation of such a quantum computing paradigm, cryptography is being developed and evolved by using so-called quantum-safe algorithms. They run on classical computers and are believed to withstand attacks from powerful quantum computers.

When we compare post-quantum cryptography with the currently used asymmetric algorithms, we find that post-quantum cryptography mostly have larger key and signature sizes and require more operations and memory. Still, they are very practical for everything except perhaps very constrained Internet of Things devices and radio.

Large-scale cryptography-breaking quantum computers are highly unlikely to develop during the next decade

The US National Institute of Standards and Technology (NIST) is currently standardizing stateless quantum-resistant signatures, public-key encryption, and key-establishment algorithms and is expected to release the first draft publications between 20222024. After this point, the new standardized algorithms will likely be added to security protocols like X.509, IKEv2, TLS and JOSE and deployed in various industries. The IETF crypto forum research group has finished standardizing two stateful hash-based signature algorithms, XMSS and LMS which are also expected to be standardized by NIST. XMSS and LMS are the only post-quantum cryptographic algorithms that could currently be considered for production systems e.g. for firmware updates.

The US government is currently using the Commercial National Security Algorithm Suite for protection of information up to top secret. They have already announced that they will begin a transition to post-quantum cryptographic algorithms following the completion of standardization in 2024.

Why should the industry be taking note of this decision? Top secret information is often protected for 50 to 75 years, so the fact that the US government is not planning to finalize the transition to post-quantum cryptography until perhaps 2030 seems to indicate that they are quite certain that quantum computers capable of breaking P-384 and RSA-3072 will not be available for many decades.

When we turn our focus to symmetric cryptography as opposed to asymmetric cryptography, we see that the threat is even more exaggerated. In fact, even a quantum computer capable of breaking RSA-2048 would pose no practical threat to AES-128 whatsoever.

Grovers algorithm applied to AES-128 requires a serial computation of roughly 265 AES evaluations that cannot be efficiently parallelized. As quantum computers are also very slow (operations per second), very expensive, and quantum states are hard to transfer from a malfunctioning quantum computer, it seems highly unlikely that even clusters of quantum computers will ever be a practical threat to symmetric algorithms. AES-128 and SHA-256 are both quantum resistant according to the evaluation criteria in the NIST PQC (post quantum cryptography) standardization project.

In addition to post-quantum cryptography running on classical computers, researchers in quantum networking are looking at quantum key distribution (QKD), which would theoretically be a provably secure way to do unauthenticated key exchange.

QKD is however not useful for any other use cases such as encryption, integrity protection, or authentication where cryptography is used today as it requires new hardware and is also very expensive compared to software-based algorithms running on classical computers.

In a well-written white paper, the UK government is discouraging use of QKD stating that it seems to be introducing new potential avenues for attack, that the hardware dependency is not cost-efficient, that QKDs limited scope makes it unsuitable for future challenges, and that post-quantum cryptography is a better alternative. QKD will likely remain a niche product until quantum networks are needed for non-security reasons.

Standardization of stateless quantum-resistant signatures, public-key encryption and key-establishment algorithms is ongoing and first draft publications are expected no earlier than 2022

The calculation recently used to show quantum supremacy was not very interesting in itself and was contrived to show quantum supremacy. The claim was also criticized by competing researchers who claim that the corresponding classical calculation could be done over a million times faster. Quantum computers able to solve any practical problems more cost-effectively than classical computers are still years away.

The quantum supremacy computer consists of 54 physical qubits (quantum bit), which after quantum error correction corresponding to only a fraction of a single logical qubit. This is very far away from quantum computers able to break any cryptographic algorithm used in practice which would require several thousand logical qubits and hundreds of billions of quantum gates. Scaling up the number of qubits will not be easy, but some researchers believe that the number of qubits will follow a quantum equivalent of Moores law called Nevens law. We will likely see undisputed claims of quantum supremacy in the coming years.

Since our earlier post in 2017 about post-quantum cryptography in mobile networks, the hype around quantum computers and the worries about their security impacts have been more nuanced, aligning with our previous analysis.

Recent reports from academia and industry now says that large-scale cryptography-breaking quantum computers are highly unlikely during the next decade. There has also been general agreement that quantum computers do not pose a large threat to symmetrical algorithms. Standardization organizations like IETF and 3GPP and various industries are now calmly awaiting the outcome of the NIST PQC standardization.

Quantum computers will likely be highly disruptive for certain industries, but probably not pose a practical threat to asymmetric cryptography for many decades and will likely never be a practical threat to symmetric cryptography. Companies that need to protect information or access for a very long time should start thinking about post-quantum cryptography. But as long as US government protects top secret information with elliptic curve cryptography and RSA, they are very likely good enough for basically any other non-military use case.

Read our colleagues earlier blog series on quantum computing, beginning with an introduction to quantum computer technology.

Read our earlier technical overview to cryptography in an all encrypted world in the Ericsson Technology Review.

Visit our future technologies page to learn how tomorrows world is evolving.

Link:
What next in the world of post-quantum cryptography? - Ericsson

The Defense Advanced Research Projects Agency is pursuing an effort to develop hardware that allows for computing on encrypted data with continuous protection.

DARPA said Monday its Data Protection in Virtual Environments or DPRIVE program aims to accelerate computations done with fully homomorphic encryption or FHE, an approach that protects encrypted data while still allowing for processing.

FHE uses lattice cryptography to block cyber attacks via complex, nearly unsolvable mathematical barriers. However, FHE computations generate noise that would eventually corrupt the data at a certain point, and addressing this noise results in a large amount of computational overhead.

The DPRIVE program aims to reduce this overhead and accelerate FHE computations.

"Today, DARPA is continuing to invest in the exploration of FHE, focusing on a re-architecting of the hardware, software and algorithms needed to make it a practical, widely usable solution," said Tom Rondeau, a program manager at DARPA.

The agency hosted a proposer's event on Monday to further inform interested parties on the program. DARPA also launched a presolicitation for DPRIVE and will continue to accept responses through June 2.

Follow this link:
DARPA to Explore Fully Homomorphic Encryption in New Program - ExecutiveBiz

Gilles Brassard, a professor in the Department of Computer Science and Operations Research at Universit de Montral, along with Charles Bennett of IBM's New York State Research Center and Peter Shor of the Massachusetts Institute of Technology, has been awarded the BBVA Foundation's Frontiers of Knowledge Award in the basic sciences category for "outstanding contributions to the areas of computing and quantum communication."

Thee three researchers will receive the award June 2 in Bilbao, Spain, and will share the 400,000 that comes with it.

Professor Brassard is the seventh Canadian to receive the prize and the first ever in the basic sciences category (physics, chemistry, mathematics).

In 1984, Brassard and Bennett devised the first quantum cryptography technique, which makes it possible to encode messages in order to exchange information with absolute confidentiality. Then, in 1993, they laid the foundations for quantum teleportation in collaboration with four other researchers. The group proved that it was possible to transport information in subatomic particles, such as photons, from one place in the galaxy to another, without physically moving them. This principle is based on the rules of quantum theory, according to which a particle can simultaneously exist in several states.

Industry is currently investing billions of dollars in quantum technologies, particularly in China and Europe, and the theoretical work of Brassard, Bennett and Shor has helped put this discipline on track.

This is the third major award that Brassard and Bennett have jointly won on the international scene. In 2018, the duo received the Wolf Prize in Physics from the President of Israel, a prize often seen as leading to a Nobel Prize in Physics. Last year in China, they were awarded the Micius Prize for their breakthroughs in quantum theory.

Read the rest here:
Gilles Brassard honoured by the BBVA Foundation for his work in quantum computing - Quantaneo, the Quantum Computing Source

Amir Taaki was one of Bitcoins first-ever dedicated developers and perhaps the one most infamously focused on maintaining privacy and freedom from authority.

In 2014, Forbes listed Taaki on its 30 Under 30 list of technology stars for creating Dark Wallet, the first privacy-focused Bitcoin wallet to include a CoinJoin mixer. That same year, Taaki received even more notoriety as Dark Wallet was twice named in the Financial Action Task Forces (FATF) report on the potential money-laundering and terrorist-financing risks posed by cryptocurrencies.

In 2015, Taaki traveled to Rojava, Syria, to serve with the YPG Military, a component of the Syrian Democratic Forces fighting the Islamic State of Iraq and Syria (ISIS). After months of fighting on the front, he spent more than a year working with Rojavas economics committee.

Taaki also created Libbitcoin and Bitcoins BIP proposal system as well as DarkMarket, the prototype for what eventually became OpenBazaar, an open-source protocol for e-commerce. Outside of his development work, Taaki also founded the anarchist group UnSystem, which included Cody Wilson, creator of a 3D-printable gun, and Mihai Alisie, co-founder of Bitcoin Magazine and Ethereum.

Now, Taaki has returned as a contributor to multiple projects, many of which have not yet been revealed to the public. Although he is not ready to completely reveal his hand, the dissident technologist expressed a strong appreciation for the people in the crypto community, as well as a loss of confidence in its leadership and overarching direction.

For Taaki, what became a lifelong dedication to building technology free from authoritarian intervention started with an interest in what draws many people to Bitcoin: the promise of open-source development for breaking from authority.

I happened to be 16 when I discovered the open-source movement, which, for me, was absolutely incredible that there are people around the world who build this technology which plays a foundational role in our infrastructure and our internet, Taaki told Bitcoin Magazine. I kind of decided, Im going to devote my life to make this dream happen. And it was something that captured my mind for the next decade.

From his open-source involvement, Taaki found other technologists who were deeply concerned with politics. Of the many ideologies he was exposed to, he found anarchy especially interesting. It led him to ask questions about the nature of society and hierarchy and how a richer and more sophisticated society could be created. He saw Bitcoin as an unstoppable force to this end.

[At] my first talk about Bitcoin in Amsterdam, it was the EPCA conference I said, look guys, this is a radical technology. Now were here, you cant stop us, Taaki recalled. This is what were going to do for you.

Sometimes, his strong anti-middleman stance put him in direct conflict with other early Bitcoin developers another group he saw as a roadblock to free and open development as he defined it.

Gavin Andressen reached out to me and said, I didnt really like how you were talking at the conference. I think you should stop talking about Bitcoin publicly, Taaki said. Gavin preceded to put up roadblocks for me to participate in developing Bitcoin to sideline me from Bitcoin. Every time I tried to commit code to the Bitcoin Core project, it was blocked and I realized it was impossible for me to work with those people. Thats why I started working on Libbitcoin, to rewrite Bitcoin source code to have alternative implementation.

Taakis work on the BIP review system was originally intended to establish some standardization for implementations and public review of changes to the code. But he now sees the system as a hindrance on development in Bitcoin that favors the status quo over technological progress.

The problem is that the culture we initiated in those early days has completely overtaken the mindspace of Bitcoin, explained Taaki. That was not the original intent. Originally, the intent was to have Bitcoin be a conservative against changes. But it wasnt to stop any kind of progress from happening inside of Bitcoin. Its very poorly engineered. Its very inefficient. The developments in cryptography that are happening now are going to lead to a system thats eventually going to supersede Bitcoin.

Looking back at the Bitcoin community he had been a part of in the early 2010s, Taaki sees distance between the philosophies that first drew him to the technology and the philosophical camps that have been established today.

What weve seen happen since then is that those simplistic ideologies, which initially converged around Bitcoin, havent really been able to guide us, he said. And so weve seen a diversification from these ideologies Theres this weird, regressive or reactionary Bitcoin culture ... and its opposed to any kind of change or progress or development or advancement.

Taaki also noted concerns about the cryptocurrency space he had been a part of years ago now being co-opted by outsiders business- or authority-focused groups who want to take technology out of the hands of the idealistic cypherpunks who worked with Satoshi to usher in the era.

Were in this very strange place inside of crypto culture where were facing significant challenges to the technology, of it being co-opted by external actors, by actors who dont necessarily have a philosophical vision or goal we originally had in mind, he said. Maybe Im talking about people like ConsenSys, or maybe Im talking about central bank digital currencies or Facebook Bottom line: The only way that were going to overcome these challenges is by having coherent analysis, a system of organization and some kind of narrative so that we can develop something thats coordinated.

After leading the technological development and ideological conversation around Bitcoin for nearly five years, Taaki traveled to Rojava, an autonomous region in Northern Syria where forces were trying to build and defend a direct democracy based on Libertarian, socialist and anarchist principles that promoted decentralization, gender equality, environmental sustainability as well as religious, political and cultural tolerance and diversity.

Despite seeking a technology development role, Taaki spent his first year in Rojava serving on the front lines of a war with ISIS.

It was mad, Taaki explained. I was literally shipped to war, handed a kalashnikov as we were driving to the frontlines and told, Dont worry, if youre not dead in two weeks, youll know everything there is to know about fighting in a war. It was a mad time. It was chaos, but I managed to get out of that position after a few months.

Taaki returned to Syria in 2019, this time in a role reviewing technical projects for the region.

I was looking at open-source solutions, like how to build a mobile phone network, he said. I also looked at how we could deploy cryptocurrencies. The so-called leaders I reached out to were very limited in their thinking and did not offer much support Theres so much to consider and if your goal is to create the infrastructure for five million people, its so different from making individual accounts for an app-based marketplace you can download.

If this seems like an opportunity for one of Bitcoins most prominent developers to implement the technology in a region that could clearly benefit from it, Taaki emphasized that it wasnt.

The reality is if any administration in the world were to say that they wanted to deploy Bitcoin in a region of their country, there is no group that has the software infrastructure ready to set up a reliable financial network, Taaki explained. For example, if in Hong Kong, theres a guy who has Bitcoin, he can extend a line of credit to Syria, and he can cash out to a local pool of dollars. Or people in Syria who have assets like oil can issue futures or upper-finance instruments on that asset so that they can get investment to build their infrastructure. Theres a really great application of this technology, but were just not thinking on that level.

Taaki lists oft-lauded use cases in places like Venezuela, Cyprus and Iran as distractions that keep the Bitcoin community from truly preparing the technology to help distressed places around the world before they are too far gone.

Those were lost opportunities, he said. Its sad, thats our failure as a community. And those future opportunities should be what we choose to face and engage in our market so we can develop better technology. But were not doing that right now. Instead, its a bunch of technologists playing around with blockchain technology. I see no practical basis in reality to what were doing right now.

In addition to his work promoting a freer society in Syria, Taaki is establishing an academy in Barcelona that incubates new technology projects and offers training in cryptocurrency development. Hes also working on Nym, which he described as an alternative to Tor. Of course, his mission to strengthen the privacy and freedom from authority inherent in technologies like Bitcoin is an ongoing focus as well.

Im also working on anonymization of cryptocurrencies and products, Taaki said. The same same technology I am building out will be a platform or a library that we can use to build other products like decentralized exchanges, marketplaces and also a generalized platform for issuing anonymous smart contracts and other financial instruments A lot of people are asking for a new release of Dark Wallet, but Im not going to release a bad product. CoinJoin is broken but I will develop something thats better.

Ultimately, Taakis is a working life dedicated to strengthening tools in the hands of dissidents those who seek to communicate and transact without interference from political authorities, who hope to establish a better and freer society.

The legacy of the civilization that we live in is a state-based civilization based off of a hierarchical system of control and specialization of labor, which leads to all of the modern problems we have, Taaki said. We want to create a different kind of society, which is free, where people have liberty and the natural wealth of peoples creative energies is developed and nurtured. The emerging field of cryptography offers us a power that we can use to create new financial instruments and networks that can be used as a tool to stop state power and control, and create space where marginalized communities can operate outside of state control.

An expanded version of this conversation will be released on the Bitcoin Magazine Podcast.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

See the rest here:
Amir Taaki on Bitcoin and Building Dissident Technology in 2020 - Nasdaq