Ján Trenčanský
CassandrichFolks do realize the people telling you QC will be a thing and break RSA and EC are exactly the same folks who were telling you AGI will be a thing, who were the exact same folks telling you the metaverse is the next big thing, who are the exact same folks telling you NFTs would take off, who were the exact same folks telling you bitcoin would replace Visa, who were....
Jackie@dalias quantum computing will not take off because quantum physics makes it almost impossible
cyberia@burnoutqueen @dalias how come? I'm about to embark on a PhD in PQC so would be good to know this!
There is no known way to create the quantum superpositions at the scale required in an economical way. For all I know, you would need extreme cooling and a vacuum chamber to minimize any and all interference with the outside environment.
Even a little vibration in the system can ruin the whole thing
@burnoutqueen @dalias I mean sure, it's not on the cards right now. But my supervisor's justification is that if it's coming in 30 years we need to start preparing for it now.
@cyberia @burnoutqueen I don't think that's at all realistic. There have been a lot of very much exaggerated or outright fraudulent claims by people publishing results in QC, doing things like handwaving away precision/error-correction needs and using idealized QC simulators running on classical GPUs rather than actual QC, ignoring the exponential scaling.
@cyberia @burnoutqueen This paper seems to be a fairly sober look at the state of things: https://arxiv.org/html/2410.14397v1
@cyberia @burnoutqueen In particular, skimming through it for instances of the word "exponential" seems enlightening.
"Exponential" means "this is impossible, forever, with the current approach". It doesn't mean there's not some other approach we don't know exists, but it does mean that continuing on the same path will never get you there.
David Chasteen@burnoutqueen @cyberia @dalias NSA doesn't care about economical. Didn't Snowden reveal that NSA already had an outsized investment in this a decade ago? If they're making progress they'll keep it secret as long as possible. The fact that USG is moving to PQE seems like an indicator of how legitimate they think the threat is.
@Chasteen @burnoutqueen @cyberia There's $10 trillion "not economical", there's all-of-the-earth's energy-reserves-for-100-years "not economical", and there's millions-of-dyson-spheres "not economical".
LisPi@cyberia @burnoutqueen FWIW: I still think building expertise in PQC is valuable. Because regardless of whether it's justified, hype for QC scams will pressure adoption of PQC, and we need to ensure that the systems adopted are actually safe and that the people adopting them understand how to use them correctly.
Jernej Simončič �@cyberia @burnoutqueen @dalias You might find this interesting: https://www.youtube.com/watch?v=xa4Ok7WNFHY
Peter Gutmann - Why Quantum Cryptanalysis is Bollocks
sam@dalias Gutmann's talk on this is great as well: https://www.youtube.com/watch?v=xa4Ok7WNFHY
Peter Gutmann - Why Quantum Cryptanalysis is Bollocks
@thesamesam LOL the record is still 35? I figured there would have been at least one new non-fraudulent claim in the past few years but apparently no. 🤣
@thesamesam Some of the talk is bs though. Like at 15:30, the part about repeating the experiment until you get the result you want. If you can do that, you *did* successfully factor, because it's trivial to test classically if a factorization is correct. Of course nobody has ever used this form of (non-)cheating, as he notes. The reason is that the number of retries you need grows exponentially.
Epic Null@dalias I certainly notice how people going off about QC are almost entirely uninterested in the very real issues with MFA and device beased authentication. In fact... I have noticed it seems almost exclusively used to either distract from more present security problems or to advertise passkeys.
@Epic_Null Hot take: all of the interesting infosec problems at present are social problems, particularly the normalization of scam/deceptive behavior by parties we're expected/told to trust and the lack of respect for consent, autonomy, and privacy.
We know all the technological solutions but they don't work when antisocial behavior by everyone with power is undermining shit.
tyzbit@dalias you can tell what will be a thing by a simple indicator of if regular people (like, people making less than 4X minimum wage) actually try hard to get it.
refrigerators: as soon as they could afford one, people did. some people bought one before they could afford them.
nfts: no one knew what they were and half of the people that did laughed their asses off at them.
smartphones: the world collectively lost its mind at the iphone.
chatbots: most people don't like them, the people that do sit there and build pointless things that connect to other pointless things to make cathedrals of crap that uses 40% of all buzzwords ever invented but when pressed for what value it has they say some vague bullshit about workflows.
Dave Wilburn 
I don't know if that's strictly true. The earliest and most persistent voices on quantum computing and PQC have been NSA and NIST, who are not generally regarded as suckers for hype trains and grifters.
Do I trust either of them completely? Absolutely not, especially after the Dual_EC_DRBG debacle and other major scandals.
Do I think that practical quantum computing is an eminent threat or emerging major advance in technology? My current sense is "probably not" but not "definitely not."
But I don't think it's fair to say that all of the voices urging us to take this potentially disruptive tech seriously are of the same cloth as the AGI and cryptocurrency con men.
Don't get me wrong here. It's not in my top 10 or even top 100 list of priorities given <waves arms around> everything else going on. I'm not going to invest much of my time, money, or energy into it. I'll adopt PQC as others do, but I'm not sprinting for the exits on conventional crypto, and won't be hanging breathlessly on every word from the tech press on the subject.
@DaveMWilburn For the NSA and NIST, PQC is a huge opportunity to backdoor everything. Observe that all of their recommendations are for pure-PQ, not hybrid. They're salivating over the possibility of getting us to drop classical crypto that actually works and replace it with PQ clownery that has not stood the test of time/motivated-attack and for which they probably already know dozens of undisclosed vulns.
I get that it's possible that NSA is pushing PQC with an ulterior motive. But NIST was pretty pissed off about misled by NSA's con job during the Dual_EC_DRBG fallout, and there are a lot of eyes on the PQC algorithms. So my personal sense is that it is very unlikely that PQC is a backdoor.
@DaveMWilburn Anyone who is pushing non-hybrid PQC is either incredibly stupid or attempting to backdoor stuff. There is no other possibility.
Oh, to have the luxury of confidently viewing everything in life in absolute terms with no possibility of being mistaken...
@DaveMWilburn Look, it has been well established for decades that you do not rely on newly-introduced cryptography that has not stood the test of time successfully protecting things of high value.
I don't see how you can interpret folks just throwing that principle out the window and saying "here let's all trust this new thing!" as anything but foolishness or malice.
This is not absolutism or overconfidence in my opinion. It's a fundamental principle of how *not* to be overconfident when the stakes are high.
@dalias @DaveMWilburn Adding new unproven thing in addition to old proven thing? Reasonable. Failure of new thing is not catastrophic.
Being expect to only trust new unproven thing and discard the proven thing entirely? That's sus.
Not very hard to compute.
Laurent Bercot@dalias There's a difference though; the theory is not bullshit, the obstacles to QC are practical. Given infinite time to work on this (which we don't have, fossil fuel and rare metal reserves will depleted in ~20 years and we'll be lucky to still have a civilization in 50) a real quantum computer could be built; whereas the foundation for the other bubbles was pure hype built on wind and astroturfing.
But it doesn't change anything in practice, QC won't happen. We'll reach cold fusion first. 😔
@ska There is no reason to believe that a working QC could be built even given infinite resources. As an abstract mathematical construct it exists, yes, but that's very different. So does a Turing machine with an infinite tape.
@dalias If we had infinite resources, we could build a Turing machine with an arbitrary long tape. I don't think that's qualitatively different here.
But that's pure hypotheticals.
@ska But you still wouldn't be able to do any meaningful computations with that in human-scale time, thanks to relativistic limits and Planck limits and Bekenstein bound and stuff.
@ska What I'm in particular suggesting is likely impossible, regardless of how much money you throw at it, is a QC that can factor arbitrary numbers without either space or time blowing up exponentially.
Ariadne Conill 🐰
@dalias @ska i think the thing people need to understand is that you need enough qubits to hold enough state to factor the key.
right now they are factoring 22-bit RSA keys with like 150 qubits or whatever.
i'm not going to lose any sleep over this, we can just migrate to 4096-bit RSA keys and be fine for the next decade at least.
mirabilos
maya_b 🇨🇦sounds like these people are just selling snake oil and bullshit - and realized they have a customer base regardless of sanity (or perhaps in spite of sanity)