1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Google launches post-quantum crypto experiment

Discussion in 'Article Discussion' started by Gareth Halfacree, 8 Jul 2016.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,834
    Likes Received:
    2,043
  2. Wwhat

    Wwhat Member

    Joined:
    2 Oct 2005
    Posts:
    263
    Likes Received:
    1
    There are 3 immediate issues:

    1. You need to trust Google..
    2. You need to trust something privacy related from the US..
    3. You need to trust any new algorithm released this day and age to protect your privacy..
     
  3. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,834
    Likes Received:
    2,043
    Google didn't create the algorithm, but I'll grant you they did create the Chrome implementation thereof. If you don't trust Google, though, you wouldn't be using Chrome so there's no problem there.
    Rivest. Shamir. Adleman. Two Americans, one Israeli. Together, responsible for the RSA cryptosystem, which given you're on the internet I'm assuming you trust. I also assume you trust AES, the Advanced Encryption Standard put together by a pair of Belgians but selected and standardised by NIST - that'd be the US National Institute of Standards and Technology. Oh, and the New Hope key exchange algorithm itself? Created by Erdem Alkim of Ege University in Turkey, Léo Ducas of the Centrum voor Wiskunde en Informatica in Amsterdam, Thomas Pöppelmann of Munich-based Infineon Tech, and Peter Schwabe of Radboud University in the Netherlands. What was that you were saying about the US again?
    Now we get to the meat of it. Yes, an unproven algorithm is not to be trusted for anything of vital importance - but without widespread use it's hard to fully prove an algorithm. When Rivest, Shamir, and Adleman proposed a public-key cryptosystem instead of the traditional shared-private-key systems in prior use, they were laughed at and told to go read a book; now, RSA forms the backbone of the internet - and a lot more beside.

    As RSA hasn't been (publicly) broken yet, we need to be investigating successors now - not when we wake up one morning to find that it's been broken and we suddenly can't communicate privately any more. That's what Google's doing, based on publicly-published work created by people outside Google (and, indeed, outside the US.)
     
  4. Wwhat

    Wwhat Member

    Joined:
    2 Oct 2005
    Posts:
    263
    Likes Received:
    1
    @Gareth Halfacree
    You are right about chrome users trusting Google already
    As for the existing algorithms; First of all those were made in another age. Secondly it has already been revealed that the NSA messed with them, or rather the implementation of them.
    And not only that they also found that a vast number of sites use the exact same seed, meaning you are halfway there in cracking it, which the Five Eyes of course did. So no I do not trust it to be safe from the US/UK/NZ/AU/CA spooks, I merely hope the web encryption is safe enough to protect me from the thieves.

    As for point 3, my worry is that if someone now starts work on a new safe algorithm that person/group is immediately both hacked and leaned upon by many government groups, and if they life in the realm of US control or one of the other big spy nations then I have little hope they can fight it off.
    We all know about the secret letters forcing companies to hand over stuff and not tell anybody or alternatively to go broke. But if it's a uncrackable encryption I fear closing down the company won't be enough for the spooks.

    I already knew it were Belgian mathematicians BTW, and in fact there is also a Chinese guy who gave us part of the modern encryption standards I think. But that's just the point, Belgians and Dutch and other Europeans created what we got now, in a time when there was less pressure too, but US researcher will be pressured a lot these days. And in fact I'm not even sure Europeans are safe from such effects now. So that's what I meant.

    Plus if Google adds something like that to chrome damn mozilla will just copy their code and not bother themselves, so then suddenly non chrome users have to trust. Especially if it then becomes a standard that everybody has to support.
    And even open source doesn't help, nobody ever bothers going over all code, and if it requires higher maths to even see shenanigans it becomes even easier to slip stuff in.
     

Share This Page