QaD's: The Quantum Resistance
QaD's: The Quantum Resistance
the quantum hype bandwagon is rolling out - awful.systems
(This is an expanded version of a comment I made, which I've linked above.)
Well, seems the tech industry’s prepared to pivot to quantum if and when AI finally dies and goes away forever. If and when the hucksters get around to inflating the quantum bubble, I expect they’re gonna find themselves facing some degree of public resistance - probably not to the extent of what AI received, but still enough to give the hucksters some trouble.
The Encryption Issue
One of quantum’s big selling points is its purported ability to break the current encryption algorithms in use today - for a couple examples, Shor’s algorithm can reportedly double-tap public key cryptography schemes such as RSA, and Grover’s algorithm promises to supercharge brute-force attacks on symmetric-key cryptography.
Given this, I fully expect its supposed encryption-breaking abilities to stoke outcry and resistance from privacy rights groups. Even as a hypothetical, the possibility of such power falling into government hands is one that all-but guarantees Nineteen Eighty-Four levels of mass surveillance and invasion of privacy if it comes to pass.
Additionally, I expect post-quantum encryption will earn a lot of attention during the bubble as well, to pre-emptively undermine such attempts at mass surveillance.
Environmental Concerns
Much like with AI, info on how much power quantum computing requires is pretty scarce (though that’s because they more-or-less don’t exist, not because AI corps are actively hiding/juicing the numbers).
The only concrete number I could find came from IEEE Spectrum, which puts the power consumption of the D-Wave 2X (from 2015) at “slightly less than 25 kilowatts”, with practically all the power going to the refrigeration unit keeping it within a hair’s breadth of absolute zero, and the processor itself using “a tiny fraction of a microwatt”.
Given the minimal amount of info, and the AI bubble still being fresh in the public’s mind, I expect quantum systems will face resistance from environmental groups. Between the obscene power/water consumption of AI datacentres, the shitload of pollution said datacentres cause in places like Memphis, and the industry’s attempts to increase said consumption whenever possible, any notion that tech cares about the environment is dead in the (polluted) water, and attempts to sell the tech as energy efficient/environmentally friendly will likely fall on deaf ears.
Dealing with an implementation of Grover’s algorithm just means that you need to double the key length of your symmetric ciphers (because it only provides a root-2 speed up over brute force search). Given that the current recommended key length for eg. AES is 128 bits and we have off-the-shelf implementations that can already handle 256 bit keys, this isn’t really a serious problem.
A working implementation of Shor’s algorithm would be significantly more problematic, but we’ve already had plenty of work done on post-quantum cryptography, eg. NISTPQC which has given us some standards, and there are even ML-KEM implementations in the wild.
Even for the paranoid sort who might think that NIST approving a load of new cryptographic algorithms is not because quantum computers are a risk, but because the NSA has already backdoored them, there are things like X-Wing and PQXDH (used in signal) that combine conventional cryptography like ed25519 with ML-KEM, such that even if ML-KEM turn out to be backdoored or vulnerable to a new attack the tried-and-tested elliptic curve algorithm will still have done its job and your communications should remain secure, and if ML-KEM remains effective then your communications will remain secure even if a working quantum computer can implement shor’s algorithm for large enough numbers.
Honestly though, if a state-level actor wants access to your encrypted secrets, they’ve got plenty of mechanisms to let them do that and don’t need a quantum computer to do it. The classic example might be xkcd (2009) or Mickens (2014):
Quantum decryption is a little bit like the y2k problem, in that we have all the tools needed to deal with the issue well in advance of it actually happening. Except that unlike y2k it may never happen, but it is nice not to have to worry about it in either case.
in a closer to home example, El Salvador deploying Pegasus on the phones of journalists who were already using Signal
Good point. I should probably start including some real world stuff in future versions of this argument… the Wikipedia page on the Pegasus spyware has a depressingly long list of publically-known deployments.
https://en.wikipedia.org/wiki/Pegasus_(spyware)#By_country
Cellebrite is another big one, because whilst its tools generally require physical access, they’re regularly used by law enforcement and border staff and it is tricky to say “no” when the latter demands access to your phone. They specifically seek to crack grapheneos (see this old capabilities list) and signal, the latter leading to this wonderful bit of trolling by moxie.
Avoiding phone exploits is considerably more hassle than changing cipher suites (grapheneos and iOS in lockdown mode require a bunch of compromises, for example).
iirc, spain too (~2022?)