![[Available Now!] Book Report: Q3 2024 - GenAI Safety and Security](https://substackcdn.com/image/fetch/w_140,h_140,c_fill,f_webp,q_auto:good,fl_progressive:steep,g_auto/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F789f986a-4e77-4889-8d33-8d82c944c46d_950x707.png)
Chinese researchers successfully used a quantum computer to crack an AES-256 encryption. (Publication is still under a peered review.)
The first claimed effective attack.
Millitary-grade encryption:
5760-qbit D-Wave Advantage.
In 2019, researchers showed that it was possible to use a quantum computer broke 2048-bit RSA encryption in 8 hours.
Previously, experts thought it would take …. to creack banking & military grade encryption by quantum computer.
30-40 years by A. Shamir, Co-inventor of RSA in 2023.
5-7 years, Dr. A. Shields answering an Bloomberg interview in 9/ 2024.
Next 10 years by the Monetary Authority of Singapore (MSA) 20/2/2024.
Already happened claimed by NIST.
This moment has been predicted, but surpassed than all most expectations.
Encryption broken? Big problem.
Here's why:
No more secrets: Everything encrypted —your bank info, emails, medical records, corporate data —could be read & stolen by hackers.
Fake news and tampered software: Attackers could easily change information without anyone knowing.
Digital signatures useless: Impossible to know if software updates or emails are actually from who they say they are.
"Harvest now, decrypt later" is a simple but scary idea:
Bad guys steal encrypted data *today*.
Just steal. Don't have the power to decrypt it yet.
They store the stolen data.
Quantum computers become powerful enough to break encryption.
Bad guys decrypt the stolen data.
Secrets are revealed, potentially years after the initial theft.
This means even data you encrypt today might not be safe in the future. It highlights the urgency of switching to quantum-resistant encryption now.
The Quantum-Resistant Race is On
October 14, 2024, there was multiple reports on the Chinese research whose work spurred much of the recent discussion, claimed to have broken a AES-256 (specifically Present, Rectangle, and Gift-64).
Thankfully, the cybersecurity world isn't standing still.
VPN companies are taking proactive steps, implementing PQC in their Linux app as a testing ground. This is encouraging, highlighting a proactive approach to mitigating future risks. For example: NordVPN
NIST (National Institute of Standards and Technology, US) has released three finalized post-quantum cryptography (PQC) standards – FIPS 203, 204, and 205 – designed to withstand quantum attacks.
August 13, 2024, NIST releases finalized PQC standards.
Specifically, NIST has standardized the following PQC algorithms:
FIPS 203: CRYSTALS-Kyber (now called ML-KEM): For general encryption, similar to how RSA is used.
FIPS 204: CRYSTALS-Dilithium (now called ML-DSA): For digital signatures, similar to how RSA is used for signing.
FIPS 205: SPHINCS+ (now called SLH-DSA): Another digital signature algorithm, serving as a backup to CRYSTALS-Dilithium.
FIPS 206: FALCON (to be standardized as FN-DSA): Expected to be standardized soon in late 2024/ early 2025, also for digital signatures.
FIPS: the official Federal Information Processing Standards publications
What else can we do?
Use new, quantum-proof encryption (PQC): This is the most important fix.
Be "crypto-agile": Make it easy to switch to newer, better encryption in the future.
Mix old and new encryption (for now): Added safety while we transition to PQC.
Longer keys (temporary fix): Like a stronger lock, but eventually, quantum computers will break it.
Listen to this episode with a 7-day free trial
Subscribe to Secure GenAI to listen to this post and get 7 days of free access to the full post archives.
