Can post-quantum algorithms be run on commercial devices?
Clash Royale CLAN TAG#URR8PPP
up vote
5
down vote
favorite
Noob alert! Can we run quantum safe algorithms on commercial devices (like phones, laptops, etc)? I've seen some messaging apps and vpn providers marketing themselves as quantum-proof. How likely is that all these claims are bogus for marketing (imo, very)?
post-quantum-cryptography
asked Aug 31 at 16:32
Ana-Maria
283
add a comment |Â
up vote
5
down vote
favorite
Noob alert! Can we run quantum safe algorithms on commercial devices (like phones, laptops, etc)? I've seen some messaging apps and vpn providers marketing themselves as quantum-proof. How likely is that all these claims are bogus for marketing (imo, very)?
post-quantum-cryptography
asked Aug 31 at 16:32
Ana-Maria
283
2
"Post-Quantum" commonly refers to algorithms that are secure against classical computers and quantum computers. They can run on classical computers. We are searching for practical PQC algorithms that we can use in place of classical asymmetric key algorithms. There is also "Quantum Cryptography" which refers to communication that exploits quantum mechanics for security. QC can't be done with the classical internet. Nor does QC include algorithms you can use offline (for tasks like encrypting a hard-drive.) They sound similar but are only related by the "quantum" part (in name and theory).
– Future Security
Aug 31 at 17:23
4
It's extremely likely that apps that use post-quantum in their descriptions are bogus. They could be scams, or they could be implemented incorrectly, or use a weak algorithm. Apps that claim to use quantum cryptography (not post-quantum) are definitely lying, since phones don't have the necessary hardware.
– Future Security
Aug 31 at 17:30
1
Are you asking if it is physically possible, or if the algorithms are light-weight enough to be used practically on a commercial device?
– forest
Sep 1 at 0:35
add a comment |Â
up vote
5
down vote
favorite
up vote
5
down vote
favorite
Noob alert! Can we run quantum safe algorithms on commercial devices (like phones, laptops, etc)? I've seen some messaging apps and vpn providers marketing themselves as quantum-proof. How likely is that all these claims are bogus for marketing (imo, very)?
post-quantum-cryptography
asked Aug 31 at 16:32
Ana-Maria
283
Noob alert! Can we run quantum safe algorithms on commercial devices (like phones, laptops, etc)? I've seen some messaging apps and vpn providers marketing themselves as quantum-proof. How likely is that all these claims are bogus for marketing (imo, very)?
post-quantum-cryptography
post-quantum-cryptography
asked Aug 31 at 16:32
Ana-Maria
283
asked Aug 31 at 16:32
Ana-Maria
283
asked Aug 31 at 16:32
Ana-Maria
283
asked Aug 31 at 16:32
Ana-Maria
283
asked Aug 31 at 16:32
Ana-Maria
283
283
2
"Post-Quantum" commonly refers to algorithms that are secure against classical computers and quantum computers. They can run on classical computers. We are searching for practical PQC algorithms that we can use in place of classical asymmetric key algorithms. There is also "Quantum Cryptography" which refers to communication that exploits quantum mechanics for security. QC can't be done with the classical internet. Nor does QC include algorithms you can use offline (for tasks like encrypting a hard-drive.) They sound similar but are only related by the "quantum" part (in name and theory).
– Future Security
Aug 31 at 17:23
4
It's extremely likely that apps that use post-quantum in their descriptions are bogus. They could be scams, or they could be implemented incorrectly, or use a weak algorithm. Apps that claim to use quantum cryptography (not post-quantum) are definitely lying, since phones don't have the necessary hardware.
– Future Security
Aug 31 at 17:30
1
Are you asking if it is physically possible, or if the algorithms are light-weight enough to be used practically on a commercial device?
– forest
Sep 1 at 0:35
add a comment |Â
2
"Post-Quantum" commonly refers to algorithms that are secure against classical computers and quantum computers. They can run on classical computers. We are searching for practical PQC algorithms that we can use in place of classical asymmetric key algorithms. There is also "Quantum Cryptography" which refers to communication that exploits quantum mechanics for security. QC can't be done with the classical internet. Nor does QC include algorithms you can use offline (for tasks like encrypting a hard-drive.) They sound similar but are only related by the "quantum" part (in name and theory).
– Future Security
Aug 31 at 17:23
4
It's extremely likely that apps that use post-quantum in their descriptions are bogus. They could be scams, or they could be implemented incorrectly, or use a weak algorithm. Apps that claim to use quantum cryptography (not post-quantum) are definitely lying, since phones don't have the necessary hardware.
– Future Security
Aug 31 at 17:30
1
Are you asking if it is physically possible, or if the algorithms are light-weight enough to be used practically on a commercial device?
– forest
Sep 1 at 0:35
2
2
"Post-Quantum" commonly refers to algorithms that are secure against classical computers and quantum computers. They can run on classical computers. We are searching for practical PQC algorithms that we can use in place of classical asymmetric key algorithms. There is also "Quantum Cryptography" which refers to communication that exploits quantum mechanics for security. QC can't be done with the classical internet. Nor does QC include algorithms you can use offline (for tasks like encrypting a hard-drive.) They sound similar but are only related by the "quantum" part (in name and theory).
– Future Security
Aug 31 at 17:23
"Post-Quantum" commonly refers to algorithms that are secure against classical computers and quantum computers. They can run on classical computers. We are searching for practical PQC algorithms that we can use in place of classical asymmetric key algorithms. There is also "Quantum Cryptography" which refers to communication that exploits quantum mechanics for security. QC can't be done with the classical internet. Nor does QC include algorithms you can use offline (for tasks like encrypting a hard-drive.) They sound similar but are only related by the "quantum" part (in name and theory).
– Future Security
Aug 31 at 17:23
4
4
It's extremely likely that apps that use post-quantum in their descriptions are bogus. They could be scams, or they could be implemented incorrectly, or use a weak algorithm. Apps that claim to use quantum cryptography (not post-quantum) are definitely lying, since phones don't have the necessary hardware.
– Future Security
Aug 31 at 17:30
It's extremely likely that apps that use post-quantum in their descriptions are bogus. They could be scams, or they could be implemented incorrectly, or use a weak algorithm. Apps that claim to use quantum cryptography (not post-quantum) are definitely lying, since phones don't have the necessary hardware.
– Future Security
Aug 31 at 17:30
1
1
Are you asking if it is physically possible, or if the algorithms are light-weight enough to be used practically on a commercial device?
– forest
Sep 1 at 0:35
Are you asking if it is physically possible, or if the algorithms are light-weight enough to be used practically on a commercial device?
– forest
Sep 1 at 0:35
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
11
down vote
accepted
Post-quantum cryptography addresses the problem of developing public-schemes whose underlying assumptions are (believed to be) quantum resilient, i.e., the assumptions hold even in the presence of quantum computers.
There are many proposals for the underlying assumption and this leads to several branches like lattice-based cryptography, multivariate cryptography, code-based cryptography, hash-based cryptography or isogeny-based cryptography, among others.
The cool thing about these assumptions and techniques is that they can be implemented in classical computers.
In fact, many of these are already implemented and there is a competition driven by NIST to standardize some of these.
So, yes, these primitives are usable nowadays. Maybe these companies use a scheme of this nature, that may be the case.
answered Aug 31 at 16:40
Daniel
2,018824
add a comment |Â
up vote
4
down vote
Yes you can.
Post-quantum algorithms do not require a quantum computer to run. In fact, symmetric ciphers are quantum-proof, i.e. remains secure even quantum computers exsit. Many lattice-based cryptographic schemes (including, for example, some Fully homomorphic encryption schemes) have been implemented. They can be run on a normal PC or laptop.
answered Aug 31 at 16:44
Changyu Dong
2,508712
1
As I recall, quantum computers get a significant speedup when attacking symmetric algorithms, amounting to a halving of bit strength (eg. a quantum computer can attack AES-128 as if it were a 64-bit cipher). The fix, of course, is simply to double your key lengths (use AES-256 instead of AES-128).
– Mark
Aug 31 at 19:58
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
11
down vote
accepted
Post-quantum cryptography addresses the problem of developing public-schemes whose underlying assumptions are (believed to be) quantum resilient, i.e., the assumptions hold even in the presence of quantum computers.
There are many proposals for the underlying assumption and this leads to several branches like lattice-based cryptography, multivariate cryptography, code-based cryptography, hash-based cryptography or isogeny-based cryptography, among others.
The cool thing about these assumptions and techniques is that they can be implemented in classical computers.
In fact, many of these are already implemented and there is a competition driven by NIST to standardize some of these.
So, yes, these primitives are usable nowadays. Maybe these companies use a scheme of this nature, that may be the case.
answered Aug 31 at 16:40
Daniel
2,018824
add a comment |Â
up vote
11
down vote
accepted
Post-quantum cryptography addresses the problem of developing public-schemes whose underlying assumptions are (believed to be) quantum resilient, i.e., the assumptions hold even in the presence of quantum computers.
There are many proposals for the underlying assumption and this leads to several branches like lattice-based cryptography, multivariate cryptography, code-based cryptography, hash-based cryptography or isogeny-based cryptography, among others.
The cool thing about these assumptions and techniques is that they can be implemented in classical computers.
In fact, many of these are already implemented and there is a competition driven by NIST to standardize some of these.
So, yes, these primitives are usable nowadays. Maybe these companies use a scheme of this nature, that may be the case.
answered Aug 31 at 16:40
Daniel
2,018824
add a comment |Â
up vote
11
down vote
accepted
up vote
11
down vote
accepted
Post-quantum cryptography addresses the problem of developing public-schemes whose underlying assumptions are (believed to be) quantum resilient, i.e., the assumptions hold even in the presence of quantum computers.
There are many proposals for the underlying assumption and this leads to several branches like lattice-based cryptography, multivariate cryptography, code-based cryptography, hash-based cryptography or isogeny-based cryptography, among others.
The cool thing about these assumptions and techniques is that they can be implemented in classical computers.
In fact, many of these are already implemented and there is a competition driven by NIST to standardize some of these.
So, yes, these primitives are usable nowadays. Maybe these companies use a scheme of this nature, that may be the case.
answered Aug 31 at 16:40
Daniel
2,018824
Post-quantum cryptography addresses the problem of developing public-schemes whose underlying assumptions are (believed to be) quantum resilient, i.e., the assumptions hold even in the presence of quantum computers.
There are many proposals for the underlying assumption and this leads to several branches like lattice-based cryptography, multivariate cryptography, code-based cryptography, hash-based cryptography or isogeny-based cryptography, among others.
The cool thing about these assumptions and techniques is that they can be implemented in classical computers.
In fact, many of these are already implemented and there is a competition driven by NIST to standardize some of these.
So, yes, these primitives are usable nowadays. Maybe these companies use a scheme of this nature, that may be the case.
answered Aug 31 at 16:40
Daniel
2,018824
answered Aug 31 at 16:40
Daniel
2,018824
answered Aug 31 at 16:40
Daniel
2,018824
answered Aug 31 at 16:40
Daniel
2,018824
2,018824
add a comment |Â
add a comment |Â
up vote
4
down vote
Yes you can.
Post-quantum algorithms do not require a quantum computer to run. In fact, symmetric ciphers are quantum-proof, i.e. remains secure even quantum computers exsit. Many lattice-based cryptographic schemes (including, for example, some Fully homomorphic encryption schemes) have been implemented. They can be run on a normal PC or laptop.
answered Aug 31 at 16:44
Changyu Dong
2,508712
1
As I recall, quantum computers get a significant speedup when attacking symmetric algorithms, amounting to a halving of bit strength (eg. a quantum computer can attack AES-128 as if it were a 64-bit cipher). The fix, of course, is simply to double your key lengths (use AES-256 instead of AES-128).
– Mark
Aug 31 at 19:58
add a comment |Â
up vote
4
down vote
Yes you can.
Post-quantum algorithms do not require a quantum computer to run. In fact, symmetric ciphers are quantum-proof, i.e. remains secure even quantum computers exsit. Many lattice-based cryptographic schemes (including, for example, some Fully homomorphic encryption schemes) have been implemented. They can be run on a normal PC or laptop.
answered Aug 31 at 16:44
Changyu Dong
2,508712
1
As I recall, quantum computers get a significant speedup when attacking symmetric algorithms, amounting to a halving of bit strength (eg. a quantum computer can attack AES-128 as if it were a 64-bit cipher). The fix, of course, is simply to double your key lengths (use AES-256 instead of AES-128).
– Mark
Aug 31 at 19:58
add a comment |Â
up vote
4
down vote
up vote
4
down vote
Yes you can.
Post-quantum algorithms do not require a quantum computer to run. In fact, symmetric ciphers are quantum-proof, i.e. remains secure even quantum computers exsit. Many lattice-based cryptographic schemes (including, for example, some Fully homomorphic encryption schemes) have been implemented. They can be run on a normal PC or laptop.
answered Aug 31 at 16:44
Changyu Dong
2,508712
Yes you can.
Post-quantum algorithms do not require a quantum computer to run. In fact, symmetric ciphers are quantum-proof, i.e. remains secure even quantum computers exsit. Many lattice-based cryptographic schemes (including, for example, some Fully homomorphic encryption schemes) have been implemented. They can be run on a normal PC or laptop.
answered Aug 31 at 16:44
Changyu Dong
2,508712
edited Sep 1 at 20:05
answered Aug 31 at 16:44
Changyu Dong
2,508712
answered Aug 31 at 16:44
Changyu Dong
2,508712
answered Aug 31 at 16:44
Changyu Dong
2,508712
2,508712
1
As I recall, quantum computers get a significant speedup when attacking symmetric algorithms, amounting to a halving of bit strength (eg. a quantum computer can attack AES-128 as if it were a 64-bit cipher). The fix, of course, is simply to double your key lengths (use AES-256 instead of AES-128).
– Mark
Aug 31 at 19:58
add a comment |Â
1
As I recall, quantum computers get a significant speedup when attacking symmetric algorithms, amounting to a halving of bit strength (eg. a quantum computer can attack AES-128 as if it were a 64-bit cipher). The fix, of course, is simply to double your key lengths (use AES-256 instead of AES-128).
– Mark
Aug 31 at 19:58
1
1
As I recall, quantum computers get a significant speedup when attacking symmetric algorithms, amounting to a halving of bit strength (eg. a quantum computer can attack AES-128 as if it were a 64-bit cipher). The fix, of course, is simply to double your key lengths (use AES-256 instead of AES-128).
– Mark
Aug 31 at 19:58
As I recall, quantum computers get a significant speedup when attacking symmetric algorithms, amounting to a halving of bit strength (eg. a quantum computer can attack AES-128 as if it were a 64-bit cipher). The fix, of course, is simply to double your key lengths (use AES-256 instead of AES-128).
– Mark
Aug 31 at 19:58
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f61936%2fcan-post-quantum-algorithms-be-run-on-commercial-devices%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
2
"Post-Quantum" commonly refers to algorithms that are secure against classical computers and quantum computers. They can run on classical computers. We are searching for practical PQC algorithms that we can use in place of classical asymmetric key algorithms. There is also "Quantum Cryptography" which refers to communication that exploits quantum mechanics for security. QC can't be done with the classical internet. Nor does QC include algorithms you can use offline (for tasks like encrypting a hard-drive.) They sound similar but are only related by the "quantum" part (in name and theory).
– Future Security
Aug 31 at 17:23
4
It's extremely likely that apps that use post-quantum in their descriptions are bogus. They could be scams, or they could be implemented incorrectly, or use a weak algorithm. Apps that claim to use quantum cryptography (not post-quantum) are definitely lying, since phones don't have the necessary hardware.
– Future Security
Aug 31 at 17:30
1
Are you asking if it is physically possible, or if the algorithms are light-weight enough to be used practically on a commercial device?
– forest
Sep 1 at 0:35