Can post-quantum algorithms be run on commercial devices?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
5
down vote

favorite












Noob alert! Can we run quantum safe algorithms on commercial devices (like phones, laptops, etc)? I've seen some messaging apps and vpn providers marketing themselves as quantum-proof. How likely is that all these claims are bogus for marketing (imo, very)?










share|improve this question

















  • 2




    "Post-Quantum" commonly refers to algorithms that are secure against classical computers and quantum computers. They can run on classical computers. We are searching for practical PQC algorithms that we can use in place of classical asymmetric key algorithms. There is also "Quantum Cryptography" which refers to communication that exploits quantum mechanics for security. QC can't be done with the classical internet. Nor does QC include algorithms you can use offline (for tasks like encrypting a hard-drive.) They sound similar but are only related by the "quantum" part (in name and theory).
    – Future Security
    Aug 31 at 17:23







  • 4




    It's extremely likely that apps that use post-quantum in their descriptions are bogus. They could be scams, or they could be implemented incorrectly, or use a weak algorithm. Apps that claim to use quantum cryptography (not post-quantum) are definitely lying, since phones don't have the necessary hardware.
    – Future Security
    Aug 31 at 17:30






  • 1




    Are you asking if it is physically possible, or if the algorithms are light-weight enough to be used practically on a commercial device?
    – forest
    Sep 1 at 0:35














up vote
5
down vote

favorite












Noob alert! Can we run quantum safe algorithms on commercial devices (like phones, laptops, etc)? I've seen some messaging apps and vpn providers marketing themselves as quantum-proof. How likely is that all these claims are bogus for marketing (imo, very)?










share|improve this question

















  • 2




    "Post-Quantum" commonly refers to algorithms that are secure against classical computers and quantum computers. They can run on classical computers. We are searching for practical PQC algorithms that we can use in place of classical asymmetric key algorithms. There is also "Quantum Cryptography" which refers to communication that exploits quantum mechanics for security. QC can't be done with the classical internet. Nor does QC include algorithms you can use offline (for tasks like encrypting a hard-drive.) They sound similar but are only related by the "quantum" part (in name and theory).
    – Future Security
    Aug 31 at 17:23







  • 4




    It's extremely likely that apps that use post-quantum in their descriptions are bogus. They could be scams, or they could be implemented incorrectly, or use a weak algorithm. Apps that claim to use quantum cryptography (not post-quantum) are definitely lying, since phones don't have the necessary hardware.
    – Future Security
    Aug 31 at 17:30






  • 1




    Are you asking if it is physically possible, or if the algorithms are light-weight enough to be used practically on a commercial device?
    – forest
    Sep 1 at 0:35












up vote
5
down vote

favorite









up vote
5
down vote

favorite











Noob alert! Can we run quantum safe algorithms on commercial devices (like phones, laptops, etc)? I've seen some messaging apps and vpn providers marketing themselves as quantum-proof. How likely is that all these claims are bogus for marketing (imo, very)?










share|improve this question













Noob alert! Can we run quantum safe algorithms on commercial devices (like phones, laptops, etc)? I've seen some messaging apps and vpn providers marketing themselves as quantum-proof. How likely is that all these claims are bogus for marketing (imo, very)?







post-quantum-cryptography






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Aug 31 at 16:32









Ana-Maria

283




283







  • 2




    "Post-Quantum" commonly refers to algorithms that are secure against classical computers and quantum computers. They can run on classical computers. We are searching for practical PQC algorithms that we can use in place of classical asymmetric key algorithms. There is also "Quantum Cryptography" which refers to communication that exploits quantum mechanics for security. QC can't be done with the classical internet. Nor does QC include algorithms you can use offline (for tasks like encrypting a hard-drive.) They sound similar but are only related by the "quantum" part (in name and theory).
    – Future Security
    Aug 31 at 17:23







  • 4




    It's extremely likely that apps that use post-quantum in their descriptions are bogus. They could be scams, or they could be implemented incorrectly, or use a weak algorithm. Apps that claim to use quantum cryptography (not post-quantum) are definitely lying, since phones don't have the necessary hardware.
    – Future Security
    Aug 31 at 17:30






  • 1




    Are you asking if it is physically possible, or if the algorithms are light-weight enough to be used practically on a commercial device?
    – forest
    Sep 1 at 0:35












  • 2




    "Post-Quantum" commonly refers to algorithms that are secure against classical computers and quantum computers. They can run on classical computers. We are searching for practical PQC algorithms that we can use in place of classical asymmetric key algorithms. There is also "Quantum Cryptography" which refers to communication that exploits quantum mechanics for security. QC can't be done with the classical internet. Nor does QC include algorithms you can use offline (for tasks like encrypting a hard-drive.) They sound similar but are only related by the "quantum" part (in name and theory).
    – Future Security
    Aug 31 at 17:23







  • 4




    It's extremely likely that apps that use post-quantum in their descriptions are bogus. They could be scams, or they could be implemented incorrectly, or use a weak algorithm. Apps that claim to use quantum cryptography (not post-quantum) are definitely lying, since phones don't have the necessary hardware.
    – Future Security
    Aug 31 at 17:30






  • 1




    Are you asking if it is physically possible, or if the algorithms are light-weight enough to be used practically on a commercial device?
    – forest
    Sep 1 at 0:35







2




2




"Post-Quantum" commonly refers to algorithms that are secure against classical computers and quantum computers. They can run on classical computers. We are searching for practical PQC algorithms that we can use in place of classical asymmetric key algorithms. There is also "Quantum Cryptography" which refers to communication that exploits quantum mechanics for security. QC can't be done with the classical internet. Nor does QC include algorithms you can use offline (for tasks like encrypting a hard-drive.) They sound similar but are only related by the "quantum" part (in name and theory).
– Future Security
Aug 31 at 17:23





"Post-Quantum" commonly refers to algorithms that are secure against classical computers and quantum computers. They can run on classical computers. We are searching for practical PQC algorithms that we can use in place of classical asymmetric key algorithms. There is also "Quantum Cryptography" which refers to communication that exploits quantum mechanics for security. QC can't be done with the classical internet. Nor does QC include algorithms you can use offline (for tasks like encrypting a hard-drive.) They sound similar but are only related by the "quantum" part (in name and theory).
– Future Security
Aug 31 at 17:23





4




4




It's extremely likely that apps that use post-quantum in their descriptions are bogus. They could be scams, or they could be implemented incorrectly, or use a weak algorithm. Apps that claim to use quantum cryptography (not post-quantum) are definitely lying, since phones don't have the necessary hardware.
– Future Security
Aug 31 at 17:30




It's extremely likely that apps that use post-quantum in their descriptions are bogus. They could be scams, or they could be implemented incorrectly, or use a weak algorithm. Apps that claim to use quantum cryptography (not post-quantum) are definitely lying, since phones don't have the necessary hardware.
– Future Security
Aug 31 at 17:30




1




1




Are you asking if it is physically possible, or if the algorithms are light-weight enough to be used practically on a commercial device?
– forest
Sep 1 at 0:35




Are you asking if it is physically possible, or if the algorithms are light-weight enough to be used practically on a commercial device?
– forest
Sep 1 at 0:35










2 Answers
2






active

oldest

votes

















up vote
11
down vote



accepted










Post-quantum cryptography addresses the problem of developing public-schemes whose underlying assumptions are (believed to be) quantum resilient, i.e., the assumptions hold even in the presence of quantum computers.



There are many proposals for the underlying assumption and this leads to several branches like lattice-based cryptography, multivariate cryptography, code-based cryptography, hash-based cryptography or isogeny-based cryptography, among others.
The cool thing about these assumptions and techniques is that they can be implemented in classical computers.
In fact, many of these are already implemented and there is a competition driven by NIST to standardize some of these.



So, yes, these primitives are usable nowadays. Maybe these companies use a scheme of this nature, that may be the case.






share|improve this answer



























    up vote
    4
    down vote













    Yes you can.



    Post-quantum algorithms do not require a quantum computer to run. In fact, symmetric ciphers are quantum-proof, i.e. remains secure even quantum computers exsit. Many lattice-based cryptographic schemes (including, for example, some Fully homomorphic encryption schemes) have been implemented. They can be run on a normal PC or laptop.






    share|improve this answer


















    • 1




      As I recall, quantum computers get a significant speedup when attacking symmetric algorithms, amounting to a halving of bit strength (eg. a quantum computer can attack AES-128 as if it were a 64-bit cipher). The fix, of course, is simply to double your key lengths (use AES-256 instead of AES-128).
      – Mark
      Aug 31 at 19:58










    Your Answer




    StackExchange.ifUsing("editor", function ()
    return StackExchange.using("mathjaxEditing", function ()
    StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
    StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
    );
    );
    , "mathjax-editing");

    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "281"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f61936%2fcan-post-quantum-algorithms-be-run-on-commercial-devices%23new-answer', 'question_page');

    );

    Post as a guest






























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    11
    down vote



    accepted










    Post-quantum cryptography addresses the problem of developing public-schemes whose underlying assumptions are (believed to be) quantum resilient, i.e., the assumptions hold even in the presence of quantum computers.



    There are many proposals for the underlying assumption and this leads to several branches like lattice-based cryptography, multivariate cryptography, code-based cryptography, hash-based cryptography or isogeny-based cryptography, among others.
    The cool thing about these assumptions and techniques is that they can be implemented in classical computers.
    In fact, many of these are already implemented and there is a competition driven by NIST to standardize some of these.



    So, yes, these primitives are usable nowadays. Maybe these companies use a scheme of this nature, that may be the case.






    share|improve this answer
























      up vote
      11
      down vote



      accepted










      Post-quantum cryptography addresses the problem of developing public-schemes whose underlying assumptions are (believed to be) quantum resilient, i.e., the assumptions hold even in the presence of quantum computers.



      There are many proposals for the underlying assumption and this leads to several branches like lattice-based cryptography, multivariate cryptography, code-based cryptography, hash-based cryptography or isogeny-based cryptography, among others.
      The cool thing about these assumptions and techniques is that they can be implemented in classical computers.
      In fact, many of these are already implemented and there is a competition driven by NIST to standardize some of these.



      So, yes, these primitives are usable nowadays. Maybe these companies use a scheme of this nature, that may be the case.






      share|improve this answer






















        up vote
        11
        down vote



        accepted







        up vote
        11
        down vote



        accepted






        Post-quantum cryptography addresses the problem of developing public-schemes whose underlying assumptions are (believed to be) quantum resilient, i.e., the assumptions hold even in the presence of quantum computers.



        There are many proposals for the underlying assumption and this leads to several branches like lattice-based cryptography, multivariate cryptography, code-based cryptography, hash-based cryptography or isogeny-based cryptography, among others.
        The cool thing about these assumptions and techniques is that they can be implemented in classical computers.
        In fact, many of these are already implemented and there is a competition driven by NIST to standardize some of these.



        So, yes, these primitives are usable nowadays. Maybe these companies use a scheme of this nature, that may be the case.






        share|improve this answer












        Post-quantum cryptography addresses the problem of developing public-schemes whose underlying assumptions are (believed to be) quantum resilient, i.e., the assumptions hold even in the presence of quantum computers.



        There are many proposals for the underlying assumption and this leads to several branches like lattice-based cryptography, multivariate cryptography, code-based cryptography, hash-based cryptography or isogeny-based cryptography, among others.
        The cool thing about these assumptions and techniques is that they can be implemented in classical computers.
        In fact, many of these are already implemented and there is a competition driven by NIST to standardize some of these.



        So, yes, these primitives are usable nowadays. Maybe these companies use a scheme of this nature, that may be the case.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Aug 31 at 16:40









        Daniel

        2,018824




        2,018824




















            up vote
            4
            down vote













            Yes you can.



            Post-quantum algorithms do not require a quantum computer to run. In fact, symmetric ciphers are quantum-proof, i.e. remains secure even quantum computers exsit. Many lattice-based cryptographic schemes (including, for example, some Fully homomorphic encryption schemes) have been implemented. They can be run on a normal PC or laptop.






            share|improve this answer


















            • 1




              As I recall, quantum computers get a significant speedup when attacking symmetric algorithms, amounting to a halving of bit strength (eg. a quantum computer can attack AES-128 as if it were a 64-bit cipher). The fix, of course, is simply to double your key lengths (use AES-256 instead of AES-128).
              – Mark
              Aug 31 at 19:58














            up vote
            4
            down vote













            Yes you can.



            Post-quantum algorithms do not require a quantum computer to run. In fact, symmetric ciphers are quantum-proof, i.e. remains secure even quantum computers exsit. Many lattice-based cryptographic schemes (including, for example, some Fully homomorphic encryption schemes) have been implemented. They can be run on a normal PC or laptop.






            share|improve this answer


















            • 1




              As I recall, quantum computers get a significant speedup when attacking symmetric algorithms, amounting to a halving of bit strength (eg. a quantum computer can attack AES-128 as if it were a 64-bit cipher). The fix, of course, is simply to double your key lengths (use AES-256 instead of AES-128).
              – Mark
              Aug 31 at 19:58












            up vote
            4
            down vote










            up vote
            4
            down vote









            Yes you can.



            Post-quantum algorithms do not require a quantum computer to run. In fact, symmetric ciphers are quantum-proof, i.e. remains secure even quantum computers exsit. Many lattice-based cryptographic schemes (including, for example, some Fully homomorphic encryption schemes) have been implemented. They can be run on a normal PC or laptop.






            share|improve this answer














            Yes you can.



            Post-quantum algorithms do not require a quantum computer to run. In fact, symmetric ciphers are quantum-proof, i.e. remains secure even quantum computers exsit. Many lattice-based cryptographic schemes (including, for example, some Fully homomorphic encryption schemes) have been implemented. They can be run on a normal PC or laptop.







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Sep 1 at 20:05

























            answered Aug 31 at 16:44









            Changyu Dong

            2,508712




            2,508712







            • 1




              As I recall, quantum computers get a significant speedup when attacking symmetric algorithms, amounting to a halving of bit strength (eg. a quantum computer can attack AES-128 as if it were a 64-bit cipher). The fix, of course, is simply to double your key lengths (use AES-256 instead of AES-128).
              – Mark
              Aug 31 at 19:58












            • 1




              As I recall, quantum computers get a significant speedup when attacking symmetric algorithms, amounting to a halving of bit strength (eg. a quantum computer can attack AES-128 as if it were a 64-bit cipher). The fix, of course, is simply to double your key lengths (use AES-256 instead of AES-128).
              – Mark
              Aug 31 at 19:58







            1




            1




            As I recall, quantum computers get a significant speedup when attacking symmetric algorithms, amounting to a halving of bit strength (eg. a quantum computer can attack AES-128 as if it were a 64-bit cipher). The fix, of course, is simply to double your key lengths (use AES-256 instead of AES-128).
            – Mark
            Aug 31 at 19:58




            As I recall, quantum computers get a significant speedup when attacking symmetric algorithms, amounting to a halving of bit strength (eg. a quantum computer can attack AES-128 as if it were a 64-bit cipher). The fix, of course, is simply to double your key lengths (use AES-256 instead of AES-128).
            – Mark
            Aug 31 at 19:58

















             

            draft saved


            draft discarded















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f61936%2fcan-post-quantum-algorithms-be-run-on-commercial-devices%23new-answer', 'question_page');

            );

            Post as a guest













































































            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?