Internet Secrets estimated to survive for 15 years

[.Scott]

TL;DR Summary

A Canadian Phycisist has estimated that encrypted information sent over the internet today will be crackable about 15 years from now.

According to an article in Science News, Canadian Phycisist Michele Mosca has estimated that encrypted information sent over the internet today will be crackable in about 15 years from now.

So, if you send valuable information today using the normal encryption methods used today, and someone has the foresight to save your encrypted dialog, that someone will likely have the tools available in 15 tears to read your information.

Here's a quote with the main point:

Mosca estimates that in the next 15 years, there’s about a 50 percent chance of a quantum computer powerful enough to break standard public-key encryption. That may seem like a long time, but experts estimate that previous major cryptography overhauls have taken around 15 years. “This is not a Tuesday patch,” Mosca says.

The threat is even more pressing because the data we send today could be vulnerable to quantum computers that don’t exist yet. Hackers could harvest encrypted information now, and later decode it once a powerful quantum computer becomes available, Mosca says. “It’s just bad news if we don’t get ahead of this.”

 

[berkeman]

So you're saying we should change our passwords and Social Security Numbers about every 10 years, to stay ahead of these hackers?

 

[topsquark]

Heck, my Google password is more secure than my bank account...

-Dan

 

[berkeman]

Heck, my Google password is more secure than my bank account...

Oh no it's not...!

Spoiler

Made you look!

 

[topsquark]

Oh no it's not...!

Spoiler

Made you look!

Actually, neither are terribly hard to figure out, but you have to know me.

Of course, I have no money, so it doesn't really matter all that much!

-Dan

 

[PeterDonis]

So you're saying we should change our passwords and Social Security Numbers about every 10 years, to stay ahead of these hackers?

Won't help. The hypothesized hackers are storing your communication data now, with whatever passwords/credentials you are using now. And if you change them, they'll just spot the change and re-break your new credentials. At least, that's what the claim in the article implies. You would have to be using quantum unbreakable encryption (e.g., a reservoir of pairs of entangled qubits, one of each pair for you and one for the person at the other end) now in order to have your communications safe from this claimed attack.

 

[russ_watters]

Mosca estimates that in the next 15 years, there’s about a 50 percent chance of a quantum computer powerful enough to break standard public-key encryption.

This is just yanked out of thin air idle speculation....and the OP discards the coin flip part in summarizing the quoted summary.

Someone should ask that guy when we'll get nuclear fusion power.

 

[.Scott]

This is just yanked out of thin air idle speculation....and the OP discards the coin flip part in summarizing the quoted summary.

Someone should ask that guy when we'll get nuclear fusion power.

The issue is not whether his estimate is accurate but whether it is valuable.
The key point is that if it is important for you to keep secrets by encryption for decades, you need to use methods that will stand up to future threats - not just current threats.
So your decisions about how much effort you need to devote to encryption today requires an estimate of how fast the adversary technology will develop.

Mosca is as much in the know about the developing technology as anyone. So his opinion is potentially valuable.

There is a broader and very important point here. What constitutes a valuable answer to a question is completely dependent on the purpose of the question. As an extreme example, consider this question posed in 2003: "Based on available intelligence, is Iraq still developing chemical weapons". In an "order of battle" context, you might say "Yes, foreign troops operating in Iraq should be trained and equipped for chemical warfare". But within the context of UN Security Council Resolution 1441, you might say "No, we have nothing that would support such an indictment.".

 

[russ_watters]

The issue is not whether his estimate is accurate but whether it is valuable.
The key point is that if it is important for you to keep secrets by encryption for decades, you need to use methods that will stand up to future threats - not just current threats.
So your decisions about how much effort you need to devote to encryption today requires an estimate of how fast the adversary technology will develop.

It's not valuable because such speculation/prediction is inherently extremely difficult to do accurately. 25 years ago people used to wildly speculate about what computing power would look like in the future (or today's recent past) and most of the time that speculation was based on the false assumption that Moore's law would continue unabated. Such speculations were wildly optimistic - even though they were based on a very well established existing technological progression, projected out for a relatively short period of time.

But quantum computing is like fusion, but worse. It's an entirely new technology and we simply don't even know if it will ever work. And unlike fusion, it isn't just an engineering challenge (we think), it's still highly theoretical, so we don't really even know what it will look like if/when it does get invented. 15 years is an awfully short period of time for something that's still a lab experiment.

 

[.Scott]

It's not valuable because such speculation/prediction is inherently extremely difficult to do accurately.

Unlike hard science, risk management often involves evaluating factors with no discernable mean and standard deviation. That doesn't mean you don't do anything. It only means that you proceed with caution.

 

[pbuk]

The key point is that if it is important for you to keep secrets by encryption for decades, you need to use methods that will stand up to future threats - not just current threats.

But that is a tautology, it is not a valuable piece of information that requires dissemination by a professor of Quantum Physics.

 

[russ_watters]

But that is a tautology, it is not a valuable piece of information that requires dissemination by a professor of Quantum Physics.

So, I've had a read of most of the article now. It's quite long and with a lot of interesting information. It's just....unfortunate piece to highlight as a teaser IMO. In the article it's basically a throw-away line.

 

[Rive]

The key point is that if it is important for you to keep secrets by encryption for decades, you need to use methods that will stand up to future threats - not just current threats.

Purely by safety reasons you are expected to maintain and update any data storage at a much smaller timeframe.
Of course it's possible that somebody forgets to update the protection but by my experience it's more frequent to throw (and forget) the old data in some small corner of the new storage, supposedly with up-to-date protection.

I understand the concern but have some doubts about the practical value.

Ps.: what are 'internet secrets', actually? Does somebody expected to publicly distribute encoded sensitive information, or what? Feels really a weird, non-sense thing.

 

[f95toli]

This is just yanked out of thin air idle speculation....and the OP discards the coin flip part in summarizing the quoted summary.

Someone should ask that guy when we'll get nuclear fusion power.

Yes and no. I have no idea how this particular number was calculated; but it does roughly agree with the estimates from various security agencies from around the world (NSA, GCHQ etc).
Putting percentages on these kinds of things is indeed a bit silly; but it is quite literally what some people do for a living When done well, it is in an quantified informed guess.
It is no different than the methods used in finance.

Also, yes this is definitely taken very seriously. There is a reason for why QSC (quantum safe cryptography, also called PQC or post-quantum cryptography) is being rolled out and some organisations (including, apparently, Google) have already switched to using this for information they want to keep secret for a long time. International standards are in the process of being created and should be ready quite soon.

See e.g..,

https://csrc.nist.gov/projects/post-quantum-cryptography

 

[.Scott]

Ps.: what are 'internet secrets', actually? Does somebody expected to publicly distribute encoded sensitive information, or what? Feels really a weird, non-sense thing.

I am using the term "internet secrets" to refer to "private" information transmitted over the internet.
For example, a message may refer to information that the SEC considers "insider information" and both the sender and receiver are under a legal obligation to keep to themselves. Since the privacy of that type of information usually expires when it is divulged in a public corporate report - for example, an annual report to the stockholders - the 15-year estimate suggests that, for those internet users, there is no urgency.

In contrast, if you are exchanging political information with a relative in North Korea, you should be concerned that your encrypted messages might be intercepted and stored. Then some decades in the future, those messages will be decrypted using the future technology and those relatives identified.