Oddbean new post about | logout
Jason Ansley | Fractional COO | $GUARD WDWP#31 $BT... | 14 days ago (raw) | export | reply | flag +4 
 This #asknostr won’t be for everyone.

It’s targted to the super geeks out there!

In particular any #Cybersecurity #cypherpunk #Cryptography experts.

(For context I’m a former IT Director so I’m not completely ignorant, just I excelled at leading at people and teams while being able to get my hands dirty enough to implement vision coming down from the C-Suite at 30k feet.)

#asknostr

I recall reading research on Quantum Computing almost 20 years ago. And if I was reading it then, we know it was in development prior to that.

Recently I saw a brief documentary on IBM’s Quantum 2 computer (R&D Lab).

One of the things mentioned is it’s potential (not yet realized but expected by 2035) ability to decrypt in seconds due to the super position state of Qubits.

As such, this has a real conflict with #privacy and even potential impacts for #bitcoin #btc and other #proofofwork (for example $KAS #KAS #KASPA comes to mind with its algo prepped for Optical Computing… and perhaps Monero and another #pow ) 

But even #nostr can be impacted.

My question:

1. Is there any future proof, Quantum Computing resistant encryption out there or in development?

2. If in the #future Qubits can hold a super position long enough to decrypt, how might we combat that?

 (I guess that’s the same question as Q1…but in my mind we have to re-envision the #math …the approach to #encryption once optical computing is mainstream and especially controlled by nation states which is what it is at this point as most “world leaders” view it as a strategic national #security imperative which is why they are heavily researching it)

—-
My point being, I’m interested in this conversation and perhaps some of you experts in this field can point me to where that convo is occurring.
₿eni₿idi₿ici | 14 days ago (raw) | root | parent | reply | flag 
 For Q number one:  https://csrc.nist.gov/Projects/post-quantum-cryptography/events
Jason Ansley | Fractional COO | $GUARD WDWP#31 $BT... | 13 days ago (raw) | root | parent | reply | flag 
 Wow there is a lot there. #thanks

I’ll add those to my watch list.

My first reaction is: It’s all theory until it’s not…meaning, we can do all the math but don’t yet know the capabilities of Qubits in full and therefore the math we work out now may not be strong enough…we won’t know until we can actually test it…

By chance do you know if NIST has an optical computer it is using to test the theories?
espn | 14 days ago (raw) | root | parent | reply | flag 
 Quick query using LMs

Q1:

Several post-quantum cryptography schemes and algorithms are being developed and implemented to resist potential attacks from future quantum computers. Some notable examples include:

1. Open Quantum Safe (OQS) project: Aims to integrate current post-quantum schemes in one library, including algorithms like Ring Learning with Errors (LWE) key exchange (BCNS15 and NewHope) and Module Learning With Error (ML-KEM) (CRYSTALS-Kyber).
2. Frodo: A learning-with-errors (LWE) based key exchange algorithm.
 NTRU Encrypt: A lattice-based encryption algorithm with a relatively small public key size (766.25 B) and private key size (842.875 B).
3. Random Linear Code based encryption (RLCE): A scheme with a larger public key size (115 kB) and smaller private key size (3 kB).

>Note
Additionally, the National Institute of Standards and Technology (NIST) has announced its first quantum-resistant algorithms, based on structured lattices and hash functions, which could resist quantum computer attacks.
espn | 14 days ago (raw) | root | parent | reply | flag 
 Q2:

Post-Quantum Cryptography: One approach to combat quantum attacks on classical encryption is to transition to post-quantum cryptography (PQC). PQC algorithms rely on mathematical problems that are believed to be hard for both classical and quantum computers, such as lattice-based, code-based, and multivariate cryptography. Implementing PQC standards and protocols would ensure continued security even if quantum computers become powerful enough to break classical encryption.

Key Exchange and Rekeying: Another strategy is to focus on key exchange and rekeying mechanisms. In the event of a quantum computer breaking classical encryption, rekeying with fresh, post-quantum secure keys would mitigate the impact. This approach would require frequent key updates and efficient key management systems.

Hybrid Approach: A hybrid approach combines classical and post-quantum cryptography. This involves using classical encryption for initial communication and then transitioning to post-quantum encryption for sensitive data or long-term storage. This hybrid approach would provide a temporary buffer against quantum attacks while PQC standards are widely adopted.

Error-Correcting Codes: Improving error-correcting codes for quantum computers could also help combat quantum attacks. By reducing the number of physical qubits required for logical qubits, error-correcting codes could make it more difficult for quantum computers to achieve a sufficient number of qubits to break classical encryption.

Quantum-Resistant Hash Functions: Developing quantum-resistant hash functions would provide an additional layer of security. Hash functions are used in digital signatures and message authentication codes, and quantum-resistant variants would ensure the integrity of data even if quantum computers become powerful enough to break classical hash functions.

Monitoring and Adaptation: Finally, it's essential to continuously monitor the development of quantum computing and adapt cryptographic protocols and algorithms accordingly. This would involve staying informed about advancements in quantum computing, assessing their potential impact on cryptography, and updating cryptographic standards and practices as needed.
Jason Ansley | Fractional COO | $GUARD WDWP#31 $BT... | 13 days ago (raw) | root | parent | reply | flag 
 Thsnks for this.

I saw where HCSB (bank) has created an optical key hardware. 

The assumption is that once a Qubit (sent as a proton) is observed, its state changes and therefore becomes unreadable (decryptable) as what it once was it no longer is.

Might work for a bank but not seeing how the average person will combat decryption
espn | 13 days ago (raw) | root | parent | reply | flag 
 There are services that have implemented already some of these solutions,  check them out,  one is Mullvad VPN,  someone sent me this snapshot while discussing the same subject in a CyberSec forum

https://image.nostr.build/e49ee8407cca0cfb97da343f060441a229935b468a541d807087c1f79a700575.jpg
Jason Ansley | Fractional COO | $GUARD WDWP#31 $BT... | 13 days ago (raw) | root | parent | reply | flag 
 IT is so fascinating to me.

Back in the ‘80’s I “knew it all”.

Sheesh…now even Google Analytics is so advanced one benefits from certification in that LOL

Simply amazing to me🥸
espn | 13 days ago (raw) | root | parent | reply | flag 
 And yet,  most IT current workforce needs to reinvent themselves and fast,  AI is taking already all low entry level jobs,  but that will come soon to medium and high level,  very few niches will still require the human labor
drgo | 14 days ago (raw) | root | parent | reply | flag 
 Encryption and hashing are two different things. Lots of hashing is quantum resistant. Ever wonder why bitcoin public keys are hashed into addresses?
mleku | 14 days ago (raw) | root | parent | reply | flag 
 part of the purpose of doing that is the public key of a UTXO is not revealed until it's spent, this requires a different signature construction where you find the key by verifying the signature against the txid (hash) rather than having the key and verifying it validates against the signature (like bip-340 schnorr signatures)

essentially this means the cat is out of the bag before anyone knows who had the bag
drgo | 13 days ago (raw) | root | parent | reply | flag 
 Because your public key isn’t revealed until you spend, quantum computers can’t just hack away at your public key at their leisure. If your transaction will be in the next block, there’s a time limit on finding the private key.
Jason Ansley | Fractional COO | $GUARD WDWP#31 $BT... | 13 days ago (raw) | root | parent | reply | flag 
 Fair point,

But the claim of quantum computing is what would take the current (best) super computer thousands of years to brute force, qubits can do in mere seconds.

If it takes #bitcoin 10 mins to first confirmation…that is a lot of seconds gone by.
Jason Ansley | Fractional COO | $GUARD WDWP#31 $BT... | 13 days ago (raw) | root | parent | reply | flag 
 Thanks for the reply!  I came across this article and read it: https://www.thesslstore.com/blog/difference-encryption-hashing-salting/

From my IT Director days I understand the concepts and the theory that hashing is quantum resistant.  I suppose that’s because the hashing is comparing authenticity vs actual data?

However like the article points out, even Google broke SHA-1

Theoretically SHA-2(56) is significantly less hackable…but if “256 bit encryption” becomes vulnerable via Quantum Computing, why wouldn’t 256 bit hashing also be vulnerable?
SaberhagenTheNameless | 13 days ago (raw) | root | parent | reply | flag 
 Currently I believe the Signal protocol and SimpleX messengers have quantum resistant encryption

Monero's privacy for amounts are quantum proof because it uses pedersen commitment which are "perfectly hiding". It's receiver privacy is also quantum proof if an adversary doesn't have access to the original address that was given to someone in person or over secure comms (adversary only has access to the blockchain)
https://docs.grin.mw/wiki/miscellaneous/switch-commitments/#properties-of-commitment-schemes

I've briefly heard Amir Taaki speak on quantum resistant "lattice-based" cryptography
https://en.wikipedia.org/wiki/Lattice-based_cryptography