You can cross 'Quantum computers to smash crypto' off your list of existential fears for 30 years
RSA's Adi Shamir thinks we're safe for a generation, but more gnarly keys are still a good idea
RSA Conference Adi Shamir, the cryptographer whose surname is the "S" in "RSA", thinks folks need to stop worrying about quantum computing breaking encryption algorithms.
Speaking on the annual cryptographers' panel at the RSA Conference in San Francisco this week, he opined that in the 1990s he saw three big issues appear on the security industry's radar: AI, cryptography, and quantum computing. Two out of three had delivered, he said, and quantum computing has yet to show promise and won't for decades to come.
99 percent of encrypted messages are junk, he opined. Requests for lunch meetings or banal chat; waste of time to decrypt, and there's so much of it.
The idea that such missives would be a top cracking priority isn't realistic, he reminded the audience. And while important messages might be decoded decades on, the signal-to-noise ratio is going to make throwing a quantum machine at the job a poor way to find real secrets.
He wasn't alone in his skepticism. British mathematician Cliff Cocks, who developed public-key cryptography years before session host Dr Whitfield Diffie and his colleagues came up with the same idea, was somewhat cutting about stories that the Chinese have developed quantum systems to crack current encryption systems.
The Chinese system may work well on very small data sets, he opined, but there's "no evidence whatsoever" that it would work on a larger scale. That said, Anne Dames, IBM zSystems Distinguished Engineer and Cryptographic Technology Architect, argued China's efforts are as good a reason as any to update your public-private keys just to be on the safe side. The longer and more secure the keys the better she opined. There's no harm in using quantum-resistant algorithms, either, we note.
"Quantum computers, even if they don't exist today, will do in the next 30-40 years, so we will need to switch keys," she advised, saying the current concerns over quantum cryptography reminded her a lot of blockchain hype.
- India gives itself a mission to develop a 1000-qubit quantum computer in just eight years
- Assume the superposition: Intel emits SDK to simulate quantum computers
- Bosch-backed VCs pour more funds into Brit quantum silicon chips
- What Mary, Queen of Scots, can teach today's cybersec royalty
That said, all the encryption in the world isn't going to help you defend against insider threats. It's been ten years since an IT contractor called Edward Snowden managed to walk off with the NSA's crown jewels, and the latest Pentagon leak is alleged to have involved a guy showing off classified information on Discord to impress friends. This showed the systems we use are still critically weak, Diffie argued.
Shamir argued Snowden was a short-term and long-term disaster for the NSA, and diminished America's influence by exposing directly long-suspected practices - such as the presence of backdoors in commercial products - for which no evidence had previously been available. Quantum computers breaking encryption could deliver similar revelations, Shamir opined, but it's a way off doing so. ®