Obviously there are encryption forums out there, and the encryption tools Qubes uses are developed and supported by third parties specializing in the field. However I'd like to see a discussion with Qubes in mind.
From a developers perspective, with insight into cryptography, what is your take on this? Would the types of encryption Qubes uses be at risk of being brute-forced by a quantum computer?
The way I understood it,
Quantum computers cannot replace traditional computers, because the many simultaneous multiple state between 1/0 leaves no structure in the code, therefore it's impossible to make programs or code with it without structure. Quantum computers strive for entropy or "chaos", while traditional computing machine code strive for order and frameworks. So that supposedly means quantum computers are limited to solving large number problems, but cannot "create" or "decrypt" anything that is a large "structured" computing calculation. I may have gotten this wrong, but that's how I currently see it. I still do not perceive how encryption immune to quantum computers should work, i.e. how to implement structure into a large encryption calculation without giving it predictability or non-near-perfect / non-perfect entropy. It just seems contradictory, how is that even possible.
Either way, cryptography protected by "structure", should be safe against a quantum computer, no? while all encryption without structure, would be extremely vulnerable to quantum computers?
Basically, long story short, is Qubes at risk in the near future of real quantum computing decryption attacks? For example, has there already gone thoughts or even development into securing Qubes against type of attacks like these?
My bad, I made an important typo in the text above with the word possible/impossible, first two lines in second paragraph.
"SO, by structure, I mean, what if the labyrinth is full of closed doors, where you need to solve puzzles that are possible to solve with numbers?"
Should be,
"So, by structure, I mean, what if the labyrinth is full of closed doors, where you need to solve puzzles that are impossible to solve with numbers to get past it?"
That's an interesting twist, and seems like a very good point.
Though does that mean asymmetric is more vulnerable due to it's nature of having two key systems (Private/Public) rather than a single private key? Lower entropy with two keys perhaps?
or is it because asymmetry is typically used more when send over the internet compared to symmetry which is more often used offline?
So then, asymmetric internet protocols going in and out of Qubes, or encrypted packages or whole encrypted files send over the internet, is the bigger concern? or the more immediate between the two one I assume. The question left to me, out of curiosity, is just "why is it the asymmetric security a bigger concern". Are any of the two guesses the right reason?
Also about another aspect, are there by any chance any kind of encryption between the ioslated qubes in Qubes? If true, then internet based attacks cannot attack dom0 no matter what happens in the area of encryption cracking? but it may be able to attack whatever is using encryption in the VM itself? But offline physical encryption crack attacks, albeit seemingly requiring stronger cracking capability, can reach dom0?
Specifically, if I understood this correctly, there is no immediate concern right now to protect with encryption in an offline physical machine, unless a copy is made of the data and stolen, or the entire drive is stolen, to be cracked in the future. So if a drive, or copy thereof, is stolen, it may be a future risk, but otherwise not a current risk.
Eventually all this seems to boil down to theft of data, or surveillance, which is left to be cracked in the future, instead of now. But internet encrypted data is significantly easier to steal.
This could be solved with the quantum network China made a big move towards recently though? One of the articles here about Quantum networks that goes into the pros and cons, as well as the feasibility and possible directions with the technology can take in the future. It seems this short brief article covers a bit of everything regarding this complex area https://www.wired.com/story/quantum-internet-is-13-years-away-wait-whats-quantum-internet/
Assuming quantum internet ever becomes a full scale replacement of our internet, perhaps this is the game changer we need to fix asymmetric encryption? After all, it wouldn't be a matter of hacking mathematics, it'd be increased to a level of hacking physics and the circumventing the laws of the universe. Anyone trying to read the signal, would apparently scramble it and make it unreadable.
But in contrast, this cannot be used in symmetric encryption of i.e. local files and drives? and it requires a proper medium, like light fiber cables or similar, to carry the quantum signals, which would mean a lot of our modern infrastructure is not usable for quantum networking.
It seems promising though, especially if it would arrive sooner rather than later to Linux/Qubes.
For example, the implications of combining quantum networking with the Tor network? It'd be potentially unhackable network/internet private connections?
Tor's weakness, one of the bigger ones, is traffic sniffting at the end nodes. A quantum based internet could fix that issue on Tor, making it impossible to both know what is send, as well as to whom it was from or to.
Would there be any loose ends though? For example the joint between Qubes OS itself, and a future quantum based Tor based network? The weakness could be the joints and exploiting these with malware/surveillance?
If the unit expected to receive the quantum signal itself is infected, then it could still surveillance any data/connections going through it?
https://futurism.com/17-qubit-chips-begins-quantum-revolution/?src=featured
It also seems like the first one to reach quantum computers that can do resonably more than a super server, or even desktops, appears very lucrative. There is probably a race going on here, which seems evident too by Intel's quick reponse to IBM only a day after too.
I gotta say though, looking in the article, that youtube video released by Intel developers seems interesting. The chip pretty much looks like a standard cliassic CPU unit, with some differences.
Presumeably, the only problem with throwing such a baby into a phone/laptop/stationary would be the cooling issue. But on the servers it should be less of an issue, exept for the cooling cost.
Now a 17 Qubit small sized commercial product from Intel, and a 50 Qubit experimental early test Quantum computer from IBM. If we imagine it doubles every year, say 40 in commercial next year, and 100 or maybe even more in experiments, then it won't be long till we see some pretty scaleable quantum computing.
Also, correct me if I'm wrong, but aren't there here two exponential effects, one ontop of the other? Which may be overlooked by us too. I mean, imagine the scale-ability of doubling the Qubits every day, it's not linier, it's exponential. But the Qubits themselves are exponential too.
So if these chips are double the size next year, and double again the year after, we'd start to see some pretty decent quantum computing already?
So what it all boils down to, is to find ways to try better predict how many Qubits these chips will grow every year (similar to how Moor's law tries to predit classic computing growth), and also to predict how many Qubits are needed, to surpass a standard classic computing chip on varies factors, for example hoew many Qubits to surpgass similar computing by power useage, or by solving issues, and so on.
And it may become more than just doubling every year, especially if there is a race going on between competitors to establish market share dominance, which may prompt companies to throw in bigger development expenses if they believe they can win over the other, and thereby take risk by speeding up development. After all, winning, or just getting a sizeable market-share, would be quite lucrative, a risk these companies very well may go and take, it already starts to look like they have, but its too early to say for sure.
So, how many quantum Qubits will these chips have in one year time?
Also if these become cheaper, both buying and operation (cooling costs) like similar pricing to that of CPU's, then there is also the worry that normal everyday hackers can get their hands on these quantum chips, never-mind businesses or governments easily making super quantum computers, substantially stronger than today's super computers.
This may not happen today or tomorrow, but it really does seem scary close now.
Perhaps a more realistic prediction would be to figure out how many Qubits we need to surpass the current CPU's? and how much until they can crack various standard encryption schemes? At the very least then we can compare the new Qubit release statements by Intel/IBM/etc. and know how far they've gotten.