The research team, led by Wang Chao from Shanghai University, found that D-Wave’s quantum computers can optimize problem-solving in a way that makes it possible to attack encryption methods such as RSA.
  • sandman2211English
    5·
    17 hours ago

    I think Schneier wrote this well before quantum computers were a reality - did he miss something fundamental in regards to them? Quantum computers are relatively new but the theory behind them is nearly a century old.

    *One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)

Given that k = 1.38×10-16 erg/°Kelvin, and that the ambient temperature of the universe is 3.2°Kelvin, an ideal computer running at 3.2°K would consume 4.4×10-16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.

Now, the annual energy output of our sun is about 1.21×1041 ergs. This is enough to power about 2.7×1056 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2192. Of course, it wouldn't have the energy left over to perform any useful calculations with this counter.

But that's just one star, and a measly one at that. A typical supernova releases something like 1051 ergs. (About a hundred times as much energy would be released in the form of neutrinos, but let them go for now.) If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.

These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.*

    I’m not a physicist but quantum particles were still considered to be matter the last time I checked.

    • WolfLinkEnglish
      2·
      4 hours ago

      So two things that are not accounted for here:

      1. This covers only brute force attacks, meaning you try every different combination. Shor’s Algorithm exploits patterns in RSA keys and is much, much more efficient than brute force.
      2. There actually is an algorithm (Grover’s search algorithm) that can speed up brute force search. However, this speedup is only quadratic, so brute forcing something like a 256 bit key is still infeasible. The discrepancy is quantum information doesn’t flow the same way that classical information does. A related concept is the idea of reversible classical computing: this derivation relies on the assumption that you change set a bit, thereby erasing the information of what that bit was before. If your operation doesn’t erase that information (e.g. if it’s specifically a bit flip, you know what the original bit was, it’s the opposite), then this argument about the minimum required energy falls apart. Most operations in a quantum computer are inherently reversible.
    • carpelbridgesyndromeEnglish
      5·
      17 hours ago

      The issue here is that Schneier is discussing brute force forward computation of cryptography (IIRC of AES). Quantum computers don’t iteratively attack primes by attempting to compute all possible primes. The current conventional computer attacks against RSA also aren’t brute force hence why the advised size of an RSA key right now is 4096 bits.

      This calculation only holds if there is no faster way than brute force iterating the entire key space.