9mo ago

Chinese scientists hack military grade encryption on quantum computer: paper

www.scmp.com

Cybersecurity @sh.itjust.works

floofloof @lemmy.ca

9mo ago

Chinese scientists hack military grade encryption on quantum computer: paper

www.scmp.com /news/china/science/article/3282051/chinese-scientists-hack-military-grade-encryption-quantum-computer-paper

31 comments

I love how it did not at all explain what they broke. It mentioned "rectangle"? Whats that? How does it have any relation to AES? Because AES is NOT vulnerable to quantum computing. Did they get the key by knowing the ciphertext and the original data?
- It'd be nice if it, you know, linked to the actual paper. The article reads like it was written by someone who knows cryptography words but had no clue what they mean.
  
  It was probably written by these fancy autocomplete things.
- Because AES is NOT vulnerable to quantum computing.
  I have not been following the quantum computing attacks on cryptography, so I'm not current here at all.
  I can believe that current AES in general use cannot be broken by existing quantum computers.
  But if what you're saying is that AES cannot be broken by quantum computing at all, that doesn't seem to be what various pages out there say.
  https://crypto.stackexchange.com/questions/6712/is-aes-256-a-post-quantum-secure-cipher-or-not
  Is AES-256 a post-quantum secure cipher or not?
  The best known theoretical attack is Grover's quantum search algorithm. As you pointed out, this allows us to search an unsorted database of n entries in n−−√ operations. As such, AES-256 is secure for a medium-term against a quantum attack, however, AES-128 can be broken, and AES-192 isn't looking that good.
  With the advances in computational power (doubling every 18 months), and the development of quantum computers, no set keysize is safe indefinitely. The use of Grover is just one of the gigantic leaps.
  I would still class AES as quantum resistant, so long as the best-known attack is still some form of an exhaustive search of the keyspace.
  
  All we need to do to make AES secure is double the size of the key. That's it.
  
  Bump AES to a min 1024 and you buy time.
  
  Then why are hashes secure?
  
  Interesting. I know things like SimpleX use padding to force each message block to be a multiple of 16KB
- Yeah, appears propaganda-y, they even mention that "Despite the slow progress in general-purpose quantum computing, which currently poses no threat to modern cryptography", very weird. Supposedly used Canadian technology.
  
  Canadian technology? So they politely asked for the private key then
  
  Perhaps it's: military grade (40 years ago)
- AES works with a shared key. This won't work when you want to have an encrypted connection with a webshop (how would you get the key over there in a secure way?). For this you have asynchronous key algorithms such as RSA en ECDH. These algorithms can make a secure connection without anything preshared. Usually this is used to compute a shared key and then continue over AES. These asynchronous algorithms are at risk of being cracked with quantum computers.
- You attack kex, so dh or rsa (ie shors) , which we're moving away from (very slowly).
  Ecc is better for similar keylengths, but you need lattice to really resist quantum.
  My guess they hit old rsa, still a standard but being deprecated everywhere.
  You can't really hit the sboxes, they're just this side of otp.
  Key exchange is mostly discrete logarithm, ie you use modulo to hide/destroy data making it hard for anyone to figure it out without guessing wildly.
  
  The article says they hit AES, which doesn't make much sense. Block ciphers aren't vulnerable to QC in the same way as public key crypto. Even so far as Grover's Algorithm would help at all, it's far from being practical.
I spent a few minutes looking for the research paper, no luck. But it doesn't sound like something to worry about for now. D-wave isn't a general purpose quantum computer anyway. You can't run anything like Grover search on it.
Like others, I was not able to access the original article. However, I think I have found some other article of this author. I am not a quantum computing expert, thus, I did not understand much of the article. Maybe other can comment of these works:
https://onlinelibrary.wiley.com/doi/abs/10.1002/que2.12
https://ieeexplore.ieee.org/abstract/document/10339820
https://ieeexplore.ieee.org/abstract/document/9645445
https://ieeexplore.ieee.org/abstract/document/8954869
Here's a more informative article with a link to the paper, which is in a Chinese journal. The link doesn't open for me rn but it's a start.
https://thequantuminsider.com/2024/10/11/chinese-scientists-report-using-quantum-computer-to-hack-military-grade-encryption/
Oh fuck me, I'm still studying to red team basic computing.

31 comments