RE: quantum chip built
> 1) Are there quantum encryption algorithms that we will use on quantum > computers to prevent quantum cryptanalysis? Not just key > distribution; ID Quantique is commercially selling units for that > already. There are existing quantum encryption algorithms that require a physical link between the communicators (and don't provide authentication) -- these are used in the products sold by ID Quantique. But it hasn't been established that an encryption algorithm needs to be based on quantum mechanisms to survive the introduction of quantum computers. So I'd take issue with your phrasing of the question. In so far as you're wondering about what algorithms will be used in the post-quantum computing world, the ECRYPT project has organized a workshop on postquantum cryptography -- see http://postquantum.cr.yp.to/ for details. The report of that workshop should be interesting reading. Chers, William - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: long-term GPG signing key
Travis H. wrote: > I must admit, I just had a "duh" moment. > > Why the heck am I expiring encryption keys each year? Anyone who > records the email can crack it even if the key is invalid by then. > All it really does is crudely limit the quantity of data sent under > that key, which is little to none anyway. So that you can't be legally required to produce the private key (which you destroyed, right?). Perhaps this is time to remind people of "Security Against Compelled Disclosure": http://www.apache-ssl.org/disclosure.pdf. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Pre-call for submissions for IEEE Std 1363-2000 revision
Hi lists, The IEEE standards Std 1363-2000 and Std 1363a-2004 provide standard specifications for public-key cryptography for use by electrical and electronics engineers. Std 1363-2000 is due for revision this year, which will involve merging Std 1363a with the base Std 1363. As part of this revision and merger process the working group will be considering submissions for additions and amendments to the existing documents. These submissions can include anything from notifications of new security results to requests that techniques in the standard be added, modified or deleted. This mail is a pre-call for submissions for the revised document. An official call for submissions will follow in the new year. We anticipate that the submissions period will last till approximately July 31st, 2006, so we can start discussing submissions at the working group meeting that traditionally follows Crypto. To buy a copy of Std 1363 and 1363a, follow the links at the 1363 Working Group website, http://grouper.ieee.org/groups/1363. To follow discussions, please subscribe to the mailing list by mailing [EMAIL PROTECTED] with the message body subscribe stds-p1363-discuss. Submissions should be sent to me directly for posting on the website. We're also looking for a volunteer to serve as technical editor: anyone interested should contact me directly. Best wishes, William William Whyte, Chair, IEEE P1363 NTRU Cryptosystems, 35 Nagog Park, Acton, MA 01720 ph: +1 978 264 1901 fx: +1 978 264 0103 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: quantum chip built
- Original Message - From: "Michael Cordover" <[EMAIL PROTECTED]> Subject: Re: quantum chip built John Denker wrote: My understanding is that quantum computers cannot "easily" do anything. Probably one of the best statements so far, certainly QC and easy don't go together very well at this time. Alex said Is ECC at risk too? And are we at risk in 10, 20 or 30 years from now? At this time pretty much everything is potentially at risk from QC mostly because we know so little about how they really behave. Will ECC-160 fall to QC within 20 years? Probably not, but I wouldn't offer insurance against it. Right now we can safely assume that for our lifetime QC will be less of a threat than classical computation, but my standard recommendation of checking your security in depth at least every 6 months (depending on the safety buffer you have less decrease this) along with some continual critical point examination (e.g. check every paper on cryptanalysis of AES if you use AES) should be more than sufficient. Joe - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: quantum chip built
| I'm fairly ignorant of quantum computers, I'm no expert myself. I can say a few things, but take them with a grain of salt. | having had the opportunity | to see Schor lecture at a local university but unfortunately finding | myself quickly out of my depth (I still don't understand the weird | notation they use for representing [superpositions of?] "states" in | Bell inequalities and his lecture was full of diagrams that I didn't | grok at all). So, I have a few questions: | | 1) Are there quantum encryption algorithms that we will use on quantum | computers to prevent quantum cryptanalysis? Not just key | distribution; ID Quantique is commercially selling units for that | already. I don't recall seeing any quantum encryption algorithms proposed. Someone may have done so, of course - the field is moving quickly. Our understanding of quantum computation is very limited so far. Quantum key exchange is one pretty well-developed area. The main other algorithms are variations of search. A number of years down the road, I'm sure both will be seen as "obvious" applications of ideas that had been around for years. (Quantum key exchange is the practical application of ideas from thought experiments going back to the birth of quantum mechanics. Search algorithms are pretty straightforward applications of the basic idea of quantization. There was never a reason to look at these things as computational mechanisms until recently.) | 2) Can't they superimpose more than two states on an particle, such | that the precision of the equipment is the limiting factor and not the | number of entangled particles? There is actually a limit to the number of distinct quantum states that any system can have, based mainly on the *area*, not volume, of the system. (In some sense, we seem to have a 2-space-dimensional universe!) The limit for an elementary particle is pretty small. BTW, this has some interesting implications. We usually argue that some computation, while beyond our current reach, is "in principle" possible. But in fact one can compute a bound on the number of primitive computational events that could have taken place since the creation of the universe. If a computation required more than that number of computations - think bit flips, if you like - then "in principle" it would seem to be impossible, not possible! One can flip this around: Suppose you wanted to do a brute-force attack against a 128-bit key. OK, that requires at least 2^128 computational steps. Suppose you wanted the result in 100 years. Then the computation can't require a volume of space more than 100 light-years across. (Well, really 50.) You can compute how many bit flips could take place in a volume of space-time 100 light-years by 100 years across. If it's less than 2^128, then even "in principle", no such attack is possible. I did some *very* rough calculations based on some published results - I didn't have enough details or knowledge to do more than make a very rough estimate - and it turns out that we are very near the "not possible in principle" point. If I remember right, a 128-bit key is, in principle, just barely attackable in 100 years; but a 256-bit key is completely out of bounds. So much for the snake-oil "my 1500-bit key is much more secure than your 256-bit key" claims! | 3) Does anyone remember the paper on the statistical quantum method | that uses a large source of molecules as the computing device? I | think it was jokingly suggested that a cup of coffee could be used as | the computing device. What became of that? All this delicate mucking | about with single atoms is beyond my means for the forseeable future. | I still have hopes of progress on the classical system but if that | doesn't work out my second bet is on computation en masse. There are some very recent - last couple of weeks - results on creating entangled systems of 100's of thousands of particles. (Hence my suggestion that we are doing quantum "transistors", but will eventually do quantum "IC's".) -- Jerry - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: quantum chip built
I'm fairly ignorant of quantum computers, having had the opportunity to see Schor lecture at a local university but unfortunately finding myself quickly out of my depth (I still don't understand the weird notation they use for representing [superpositions of?] "states" in Bell inequalities and his lecture was full of diagrams that I didn't grok at all). So, I have a few questions: 1) Are there quantum encryption algorithms that we will use on quantum computers to prevent quantum cryptanalysis? Not just key distribution; ID Quantique is commercially selling units for that already. 2) Can't they superimpose more than two states on an particle, such that the precision of the equipment is the limiting factor and not the number of entangled particles? 3) Does anyone remember the paper on the statistical quantum method that uses a large source of molecules as the computing device? I think it was jokingly suggested that a cup of coffee could be used as the computing device. What became of that? All this delicate mucking about with single atoms is beyond my means for the forseeable future. I still have hopes of progress on the classical system but if that doesn't work out my second bet is on computation en masse. -- "If I could remember the names of these particles, I would have been a botanist" -- Enrico Fermi (apropos, no?) -><- http://www.lightconsulting.com/~travis/ GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]