<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>quantum computing &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/tag/quantum-computing/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Tue, 28 Oct 2025 19:17:21 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>Signal’s Post-Quantum Cryptographic Implementation</title>
		<link>https://noise.getoto.net/2025/10/29/signals-post-quantum-cryptographic-implementation/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 29 Oct 2025 11:09:57 +0000</pubDate>
				<category><![CDATA[Cryptography]]></category>
		<category><![CDATA[encryption]]></category>
		<category><![CDATA[quantum computing]]></category>
		<category><![CDATA[signal]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=71097</guid>

					<description><![CDATA[<p>Signal has <a href="https://signal.org/blog/spqr/">just rolled out</a> its quantum-safe cryptographic implementation.</p>
<p><i>Ars Technica</i> has a <a href="https://arstechnica.com/security/2025/10/why-signals-post-quantum-makeover-is-an-amazing-engineering-achievement/">really good article</a> with details:</p>
<blockquote><p>Ultimately, the architects settled on a creative solution. Rather than bolt KEM onto the existing double ratchet, they allowed it to remain more or less the same as it had been. Then they used the new quantum-safe ratchet to implement a parallel secure messaging system.</p>
<p>Now, when the protocol encrypts a message, it sources encryption keys from both the classic Double Ratchet and the new ratchet. It then mixes the two keys together (using a cryptographic key derivation function) to get a new encryption key that has all of the security of the classical Double Ratchet but now has quantum security, too...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Cheating on Quantum Computing Benchmarks</title>
		<link>https://noise.getoto.net/2025/07/31/cheating-on-quantum-computing-benchmarks/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 31 Jul 2025 11:00:37 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[cheating]]></category>
		<category><![CDATA[quantum computing]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70534</guid>

					<description><![CDATA[<p>Peter Gutmann and Stephan Neuhaus have a <a href="https://eprint.iacr.org/2025/1237.pdf">new paper</a>—I think it’s new, even though it has a March 2025 date—that makes the argument that we shouldn’t trust any of the quantum factorization  benchmarks, because everyone has been cooking the books:</p>
<blockquote><p>Similarly, quantum factorisation is performed using sleight-of-hand numbers that have been selected to make them very easy to factorise using a physics experiment and, by extension, a VIC-20, an abacus, and a dog. A standard technique is to ensure that the factors differ by only a few bits that can then be found using a simple search-based approach that has nothing to do with factorisation…. Note that such a value would never be encountered in the real world since the RSA key generation process typically requires that &#124;p-q&#124; &#62; 100 or more bits [9]. As one analysis puts it, “Instead of waiting for the hardware to improve by yet further orders of magnitude, researchers began inventing better and better tricks for factoring numbers by exploiting their hidden structure” [10]...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>No, The Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer</title>
		<link>https://noise.getoto.net/2024/10/22/no-the-chinese-have-not-broken-modern-encryption-systems-with-a-quantum-computer/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 22 Oct 2024 11:03:09 +0000</pubDate>
				<category><![CDATA[china]]></category>
		<category><![CDATA[encryption]]></category>
		<category><![CDATA[quantum computing]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69520</guid>

					<description><![CDATA[The headline is pretty scary: &#8220;China&#8217;s Quantum Computer Scientists Crack Military-Grade Encryption.&#8221;
No, it&#8217;s not true.
This debunking saved me the trouble of writing one. It all seems to have come from this news article, which ...]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Microsoft Is Adding New Cryptography Algorithms</title>
		<link>https://noise.getoto.net/2024/09/12/microsoft-is-adding-new-cryptography-algorithms/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 12 Sep 2024 15:42:49 +0000</pubDate>
				<category><![CDATA[Cryptography]]></category>
		<category><![CDATA[microsoft]]></category>
		<category><![CDATA[quantum computing]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69357</guid>

					<description><![CDATA[<p>Microsoft is updating <a href="https://github.com/microsoft/SymCrypt">SymCrypt</a>, its core cryptographic library, with new quantum-secure algorithms. Microsoft’s details are <a href="https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-s-quantum-resistant-cryptography-is-here/ba-p/4238780">here</a>. From a <a href="https://arstechnica.com/security/2024/09/microsoft-adds-quantum-resistant-algorithms-to-its-core-crypto-library/">news article</a>:</p>
<blockquote><p>The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards <a href="https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards">formalized last month</a> by the National Institute of Standards and Technology (NIST). The KEM in the new name is short for key encapsulation. KEMs can be used by two parties to negotiate a shared secret over a public channel. Shared secrets generated by a KEM can then be used with symmetric-key cryptographic operations, which aren’t vulnerable to Shor’s algorithm when the keys are of a sufficient size...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>NIST Releases First Post-Quantum Encryption Algorithms</title>
		<link>https://noise.getoto.net/2024/08/15/nist-releases-first-post-quantum-encryption-algorithms/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 15 Aug 2024 15:37:42 +0000</pubDate>
				<category><![CDATA[Cryptography]]></category>
		<category><![CDATA[encryption]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[nist]]></category>
		<category><![CDATA[quantum computing]]></category>
		<category><![CDATA[security standards]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69264</guid>

					<description><![CDATA[<p>From the <a href="https://www.govinfo.gov/content/pkg/FR-2024-08-14/pdf/2024-17956.pdf">Federal Register</a>:</p>
<blockquote><p>After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+.</p></blockquote>
<p>These algorithms are part of three NIST standards that have been finalized:</p>
<ul>
<li>FIPS 203: <a href="https://csrc.nist.gov/pubs/fips/203/final">Module-Lattice-Based Key-Encapsulation Mechanism Standard</a></li>
<li>FIPS 204: <a href="https://csrc.nist.gov/pubs/fips/204/final">Module-Lattice-Based Digital Signature Standard</a></li>
<li>FIPS 205: <a href="https://csrc.nist.gov/pubs/fips/203/final">Stateless Hash-Based Digital Signature Standard...</a></li></ul>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Lattice-Based Cryptosystems and Quantum Cryptanalysis</title>
		<link>https://noise.getoto.net/2024/05/28/lattice-based-cryptosystems-and-quantum-cryptanalysis/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 28 May 2024 11:09:28 +0000</pubDate>
				<category><![CDATA[Cryptography]]></category>
		<category><![CDATA[essays]]></category>
		<category><![CDATA[quantum computing]]></category>
		<category><![CDATA[quantum cryptography]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68959</guid>

					<description><![CDATA[<p>Quantum computers are probably coming, though we don’t know when—and when they arrive, they will, most likely, be able to break our standard public-key cryptography algorithms. In anticipation of this possibility, cryptographers have been working on quantum-resistant public-key algorithms. The National Institute for Standards and Technology (NIST) has been <a href="https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization">hosting a competition</a> since 2017, and there already are several <a href="https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022">proposed standards</a>. Most of these are based on lattice problems.</p>
<p>The mathematics of lattice cryptography revolve around combining sets of vectors—that’s the lattice—in a multi-dimensional space. These lattices are filled with multi-dimensional periodicities. The ...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Apple Announces Post-Quantum Encryption Algorithms for iMessage</title>
		<link>https://noise.getoto.net/2024/02/26/apple-announces-post-quantum-encryption-algorithms-for-imessage/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 26 Feb 2024 12:04:34 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[Apple]]></category>
		<category><![CDATA[cryptanalysis]]></category>
		<category><![CDATA[encryption]]></category>
		<category><![CDATA[nist]]></category>
		<category><![CDATA[quantum computing]]></category>
		<category><![CDATA[security standards]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68476</guid>

					<description><![CDATA[<p>Apple announced <a href="https://security.apple.com/blog/imessage-pq3/">PQ3</a>, its post-quantum encryption standard based on the <a href="https://pq-crystals.org/kyber/">Kyber</a> secure key-encapsulation protocol, one of the post-quantum algorithms <a href="https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022">selected</a> by NIST in 2022.</p>
<p>There’s a lot of detail in the Apple <a href="https://security.apple.com/blog/imessage-pq3/">blog post</a>, and more in Douglas Stabila’s <a href="https://security.apple.com/assets/files/Security_analysis_of_the_iMessage_PQ3_protocol_Stebila.pdf">security analysis</a>.</p>
<p>I am of two minds about this. On the one hand, it’s probably premature to switch to any particular post-quantum algorithms. The mathematics of cryptanalysis for these lattice and other systems is still rapidly evolving, and we’re likely to break more of them—and learn a lot in the process—over the coming few years. But if you’re going to make the switch, this is an excellent choice. And Apple’s ability to do this so efficiently speaks well about its algorithmic agility, which is probably more important than its particular cryptographic design. And it is probably about the right time to worry about, and defend against, attackers who are storing encrypted messages in hopes of breaking them later on future quantum computers...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Improving the Cryptanalysis of Lattice-Based Public-Key Algorithms</title>
		<link>https://noise.getoto.net/2024/02/14/improving-the-cryptanalysis-of-lattice-based-public-key-algorithms/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 14 Feb 2024 12:08:03 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[cryptanalysis]]></category>
		<category><![CDATA[Cryptography]]></category>
		<category><![CDATA[nist]]></category>
		<category><![CDATA[quantum computing]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68429</guid>

					<description><![CDATA[The winner of the Best Paper Award at Crypto this year was a significant improvement to lattice-based cryptanalysis.
This is important, because a bunch of NIST&#8217;s post-quantum options base their security on lattice problems.
I worry about standard...]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Quantum Computing Skeptics</title>
		<link>https://noise.getoto.net/2024/01/25/quantum-computing-skeptics/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 25 Jan 2024 12:04:15 +0000</pubDate>
				<category><![CDATA[quantum computing]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68339</guid>

					<description><![CDATA[Interesting article. I am also skeptical that we are going to see useful quantum computers anytime soon. Since at least 2019, I have been saying that this is hard. And that we don&#8217;t know if it&#8217;s &#8220;land a person on the surface of the mo...]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Improving Shor’s Algorithm</title>
		<link>https://noise.getoto.net/2024/01/05/improving-shors-algorithm/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 05 Jan 2024 12:07:35 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[cryptanalysis]]></category>
		<category><![CDATA[Cryptography]]></category>
		<category><![CDATA[quantum computing]]></category>
		<category><![CDATA[rsa]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68250</guid>

					<description><![CDATA[<p>We don’t have a useful quantum computer yet, but we do have quantum algorithms. Shor’s algorithm has the potential to factor large numbers faster than otherwise possible, which—if the run times are actually feasible—could break both the RSA and Diffie-Hellman public-key algorithms.</p>
<p>Now, computer scientist Oded Regev has a significant speed-up to Shor’s algorithm, at the cost of more storage.</p>
<p>Details are in <a href="https://www.quantamagazine.org/thirty-years-later-a-speed-boost-for-quantum-factoring-20231017/">this article</a>. Here’s the result:</p>
<blockquote><p>The improvement was profound. The number of elementary logical steps in the quantum part of Regev’s algorithm is proportional to ...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>You Can’t Rush Post-Quantum-Computing Cryptography Standards</title>
		<link>https://noise.getoto.net/2023/08/08/you-cant-rush-post-quantum-computing-cryptography-standards/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 08 Aug 2023 11:13:22 +0000</pubDate>
				<category><![CDATA[Cryptography]]></category>
		<category><![CDATA[encryption]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[nist]]></category>
		<category><![CDATA[quantum computing]]></category>
		<category><![CDATA[security standards]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=67648</guid>

					<description><![CDATA[<p>I just read <a href="https://www.esecurityplanet.com/trends/nist-encryption-standards/">an article</a> complaining that NIST is taking too long in finalizing its post-quantum-computing cryptography standards.</p>
<blockquote><p>This process has been going on since 2016, and since that time there has been a huge increase in quantum technology and an equally large increase in quantum understanding and interest. Yet seven years later, we have <a href="https://www.esecurityplanet.com/trends/quantum-safe-cryptography-standards/">only four algorithms</a>, although last week NIST <a href="https://csrc.nist.gov/news/2023/additional-pqc-digital-signature-candidates">announced</a> that a number of other candidates are under consideration, a process that is expected to take “several years.</p>
<p>The delay in developing quantum-resistant algorithms is especially troubling given the time it will take to get those products to market. It generally takes four to six years with a new standard for a vendor to develop an ASIC to implement the standard, and it then takes time for the vendor to get the product validated, which seems to be taking a troubling amount of time...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>NIST Draft Document on Post-Quantum Cryptography Guidance</title>
		<link>https://noise.getoto.net/2023/05/02/nist-draft-document-on-post-quantum-cryptography-guidance/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 02 May 2023 14:10:30 +0000</pubDate>
				<category><![CDATA[algorithms]]></category>
		<category><![CDATA[Applied Cryptography]]></category>
		<category><![CDATA[nist]]></category>
		<category><![CDATA[quantum computing]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=67297</guid>

					<description><![CDATA[NIST has released a draft of Special Publication1800-38A: &#8220;Migration to Post-Quantum Cryptography: Preparation for Considering the Implementation and Adoption of Quantum Safe Cryptography.&#8221; It&#8217;s only four pages long, and it doesn&#38;#821...]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Side-Channel Attack against CRYSTALS-Kyber</title>
		<link>https://noise.getoto.net/2023/02/28/side-channel-attack-against-crystals-kyber/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 28 Feb 2023 12:19:15 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[Cryptography]]></category>
		<category><![CDATA[encryption]]></category>
		<category><![CDATA[machine learning]]></category>
		<category><![CDATA[quantum computing]]></category>
		<category><![CDATA[quantum cryptography]]></category>
		<category><![CDATA[side-channel attacks]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=66976</guid>

					<description><![CDATA[<p><a href="https://pq-crystals.org/kyber/">CRYSTALS-Kyber</a> is one of the public-key algorithms currently <a href="https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4">recommended</a> by NIST as part of its post-quantum cryptography <a href="https://csrc.nist.gov/projects/post-quantum-cryptography">standardization process</a>.</p>
<p>Researchers have <a href="https://eprint.iacr.org/2022/1713.pdf">just published</a> a side-channel attack—using power consumption—against an implementation of the algorithm that was supposed to be resistant against that sort of attack.</p>
<p>The algorithm is not “broken” or “cracked”—despite <a href="https://www-securityweek-com.cdn.ampproject.org/c/s/www.securityweek.com/ai-helps-crack-a-nist-recommended-post-quantum-encryption-algorithm/amp/">headlines</a> to the contrary—this is just a  side-channel attack. What makes this work really interesting is that the researchers used a machine-learning model to train the system to exploit the side channel...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Breaking RSA with a Quantum Computer</title>
		<link>https://noise.getoto.net/2023/01/03/breaking-rsa-with-a-quantum-computer/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 03 Jan 2023 17:38:12 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[china]]></category>
		<category><![CDATA[cryptanalysis]]></category>
		<category><![CDATA[Cryptography]]></category>
		<category><![CDATA[quantum computing]]></category>
		<category><![CDATA[rsa]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=66439</guid>

					<description><![CDATA[<p>A group of Chinese researchers have <a href="https://arxiv.org/pdf/2212.12372.pdf">just published</a> a paper claiming that they can—although they have not yet done so—break 2048-bit RSA. This is something to take seriously. It might not be correct, but it’s not obviously wrong.</p>
<p>We have long known from Shor’s algorithm that factoring with a quantum computer is easy. But it takes a big quantum computer, on the orders of millions of qbits, to factor anything resembling the key sizes we use today. What the researchers have done is combine classical lattice reduction factoring techniques with a quantum approximate optimization algorithm. This means that they only need a quantum computer with 372 qbits, which is well within what’s possible today. (The ...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>NIST’s Post-Quantum Cryptography Standards</title>
		<link>https://noise.getoto.net/2022/08/08/nists-post-quantum-cryptography-standards/</link>
		
		<dc:creator><![CDATA[Schneier.com Webmaster]]></dc:creator>
		<pubDate>Mon, 08 Aug 2022 11:20:29 +0000</pubDate>
				<category><![CDATA[algorithms]]></category>
		<category><![CDATA[cryptanalysis]]></category>
		<category><![CDATA[Cryptography]]></category>
		<category><![CDATA[nist]]></category>
		<category><![CDATA[quantum computing]]></category>
		<category><![CDATA[quantum cryptography]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65754</guid>

					<description><![CDATA[<p>Quantum computing is a completely new paradigm for computers. A quantum computer uses quantum properties such as superposition, which allows a qubit (a quantum bit) to be neither 0 nor 1, but something much more complicated. In theory, such a computer can solve problems too complex for conventional computers.</p>
<p>Current quantum computers are still toy prototypes, and the engineering advances required to build a functionally useful quantum computer are <a href="https://www.schneier.com/essays/archives/2018/09/cryptography_after_t.html">somewhere between</a> a few years away and impossible. Even so, we already know that that such a computer could potentially factor large numbers and compute discrete logs, and break the RSA and Diffie-Hellman public-key algorithms in all of the useful key sizes...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>SIKE Broken</title>
		<link>https://noise.getoto.net/2022/08/04/sike-broken/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 04 Aug 2022 11:56:22 +0000</pubDate>
				<category><![CDATA[algorithms]]></category>
		<category><![CDATA[cryptanalysis]]></category>
		<category><![CDATA[Cryptography]]></category>
		<category><![CDATA[encryption]]></category>
		<category><![CDATA[nist]]></category>
		<category><![CDATA[quantum computing]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65750</guid>

					<description><![CDATA[<p><a href="https://sike.org/">SIKE</a> is one of the new algorithms that NIST <a href="https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4">recently added</a> to the post-quantum cryptography competition.</p>
<p>It was just <a href="https://eprint.iacr.org/2022/975.pdf">broken</a>, really badly.</p>
<blockquote><p>We present an efficient key recovery attack on the Supersingular Isogeny Diffie­-Hellman protocol (SIDH), based on a “glue-and-split” theorem due to Kani. Our attack exploits the existence of a small non-scalar endomorphism on the starting curve, and it also relies on the auxiliary torsion point information that Alice and Bob share during the protocol. Our Magma implementation breaks the instantiation SIKEp434, which aims at security level 1 of the Post-Quantum Cryptography standardization process currently ran by NIST, in about one hour on a single core...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>NIST Announces First Four Quantum-Resistant Cryptographic Algorithms</title>
		<link>https://noise.getoto.net/2022/07/06/nist-announces-first-four-quantum-resistant-cryptographic-algorithms/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 06 Jul 2022 16:49:42 +0000</pubDate>
				<category><![CDATA[Cryptography]]></category>
		<category><![CDATA[encryption]]></category>
		<category><![CDATA[nist]]></category>
		<category><![CDATA[quantum computing]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65628</guid>

					<description><![CDATA[<p>NIST’s post-quantum computing cryptography standard process is entering its final phases. It <a href="https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms">announced</a> the first four algorithms:</p>
<blockquote><p><strong>For general encryption,</strong> used when we access secure websites, NIST has selected the <a href="https://pq-crystals.org/kyber/index.shtml">CRYSTALS-Kyber</a> algorithm. Among its advantages are comparatively small encryption keys that two parties can exchange easily, as well as its speed of operation.</p>
<p><strong>For digital signatures,</strong> often used when we need to verify identities during a digital transaction or to sign a document remotely, NIST has selected the three algorithms <a href="https://pq-crystals.org/dilithium/index.shtml">CRYSTALS-Dilithium...</a></p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>The NSA Says that There are No Known Flaws in NIST’s Quantum-Resistant Algorithms</title>
		<link>https://noise.getoto.net/2022/05/16/the-nsa-says-that-there-are-no-known-flaws-in-nists-quantum-resistant-algorithms/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 16 May 2022 11:34:24 +0000</pubDate>
				<category><![CDATA[encryption]]></category>
		<category><![CDATA[nist]]></category>
		<category><![CDATA[NSA]]></category>
		<category><![CDATA[quantum computing]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65429</guid>

					<description><![CDATA[<p>Rob Joyce, the director of cybersecurity at the NSA, <a href="https://www.bloomberg.com/news/articles/2022-05-13/nsa-says-no-backdoor-in-new-encryption-scheme-for-us-tech">said so</a> in an interview:</p>
<blockquote><p>The NSA already has classified quantum-resistant algorithms of its own that it developed over many years, said Joyce. But it didn’t enter any of its own in the contest. The agency’s mathematicians, however, worked with NIST to support the process, trying to crack the algorithms in order to test their merit.</p>
<p>“Those candidate algorithms that NIST is running the competitions on all appear strong, secure, and what we need for quantum resistance,” Joyce said. “We’ve worked against all of them to make sure they are solid.”...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Breaking 256-bit Elliptic Curve Encryption with a Quantum Computer</title>
		<link>https://noise.getoto.net/2022/02/09/breaking-256-bit-elliptic-curve-encryption-with-a-quantum-computer/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 09 Feb 2022 12:25:33 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[Cryptography]]></category>
		<category><![CDATA[ibm]]></category>
		<category><![CDATA[quantum computing]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65018</guid>

					<description><![CDATA[<p>Researchers have <a href="https://avs.scitation.org/doi/10.1116/5.0073075">calculated</a> the quantum computer size necessary to break 256-bit elliptic curve public-key cryptography:</p>
<blockquote><p>Finally, we calculate the number of physical qubits required to break the 256-bit elliptic curve encryption of keys in the Bitcoin network within the small available time frame in which it would actually pose a threat to do so. It would require 317 × 10<sup>6</sup> physical qubits to break the encryption within one hour using the surface code, a code cycle time of 1 <em>μ</em>s, a reaction time of 10 <em>μ</em>s, and a physical gate error of 10<sup>-3</sup>. To instead break the encryption within one day, it would require 13 × 10...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 32/269 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached

Served from: noise.getoto.net @ 2025-12-11 08:40:11 by W3 Total Cache
-->