Friday questions

Security

  1. When might post-quantum cryptography become a regulatory requirement in banking?

  2. Is it possible for a pigeon to enter a full-stack bank account?

3 Likes

+1 for George and his monies.

2 Likes

Hi Saveen,

There’s a lot of misinformation about post-quantum-crypto about. I’m not an expert, but i am a bit of a crypto-nerd. Here’s my understanding.

1/ There are no current quantum computers in existence (at least publicly). The D-Wave device that Google uses is more correctly an adiabatic quantum process using calculating machine. Its not a general purpose device and cant be used to run the “factor multiple prime numbers” algorithms that would be needed to break symmetric crypto.

2/ Symmetric Crypto, Hashes, and Elliptic key crypto are already resistant to quantum attacks [https://en.wikipedia.org/wiki/Post-quantum_cryptography#Symmetric_key_quantum_resistance]

3/ There are other ways to attack crypto that are much more dangerous. Examples: Government introduced weakness (Dual-ECC-PRNG), Government introduced backdoors (Juniper, clipper chip), Rogue employees, 0-day hacks against phones and computers, etc

4/ Confidentiality that crypto serves to protect is only one aspect of security. Integrity and Availability are equally important.

5/ Setec astronomy :wink:

7 Likes

Thanks for the awesome answer, Simon. I can imagine the response if I called my existing bankasaur with the same question!

I’m not an expert either, but I read in Quanta Magazine that “Quantum computers, once seen as a remote theoretical possibility, are now widely expected to work within five to 30 years.”

And China is set to launch the world’s longest (2,000km) quantum communication network from Beijing to Shanghai this year using quantum key distribution (QKD).

You are entirely correct about confidentiality being only one part of the puzzle.

Kudos for the Sneakers reference. Great film! :blush:

1 Like