Can post-quantum algorithms be run on commercial devices?
Can post-quantum algorithms be run on commercial devices?
Noob alert! Can we run quantum safe algorithms on commercial devices (like phones, laptops, etc)? I've seen some messaging apps and vpn providers marketing themselves as quantum-proof. How likely is that all these claims are bogus for marketing (imo, very)?
It's extremely likely that apps that use post-quantum in their descriptions are bogus. They could be scams, or they could be implemented incorrectly, or use a weak algorithm. Apps that claim to use quantum cryptography (not post-quantum) are definitely lying, since phones don't have the necessary hardware.
– Future Security
Aug 31 at 17:30
Are you asking if it is physically possible, or if the algorithms are light-weight enough to be used practically on a commercial device?
– forest
Sep 1 at 0:35
2 Answers
2
Post-quantum cryptography addresses the problem of developing public-schemes whose underlying assumptions are (believed to be) quantum resilient, i.e., the assumptions hold even in the presence of quantum computers.
There are many proposals for the underlying assumption and this leads to several branches like lattice-based cryptography, multivariate cryptography, code-based cryptography, hash-based cryptography or isogeny-based cryptography, among others.
The cool thing about these assumptions and techniques is that they can be implemented in classical computers.
In fact, many of these are already implemented and there is a competition driven by NIST to standardize some of these.
So, yes, these primitives are usable nowadays. Maybe these companies use a scheme of this nature, that may be the case.
Yes you can.
Post-quantum algorithms do not require a quantum computer to run. In fact, symmetric ciphers are quantum-proof, i.e. remains secure even quantum computers exsit. Many lattice-based cryptographic schemes (including, for example, some Fully homomorphic encryption schemes) have been implemented. They can be run on a normal PC or laptop.
As I recall, quantum computers get a significant speedup when attacking symmetric algorithms, amounting to a halving of bit strength (eg. a quantum computer can attack AES-128 as if it were a 64-bit cipher). The fix, of course, is simply to double your key lengths (use AES-256 instead of AES-128).
– Mark
Aug 31 at 19:58
Thanks for contributing an answer to Cryptography Stack Exchange!
But avoid …
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
But avoid …
To learn more, see our tips on writing great answers.
Required, but never shown
Required, but never shown
By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.
"Post-Quantum" commonly refers to algorithms that are secure against classical computers and quantum computers. They can run on classical computers. We are searching for practical PQC algorithms that we can use in place of classical asymmetric key algorithms. There is also "Quantum Cryptography" which refers to communication that exploits quantum mechanics for security. QC can't be done with the classical internet. Nor does QC include algorithms you can use offline (for tasks like encrypting a hard-drive.) They sound similar but are only related by the "quantum" part (in name and theory).
– Future Security
Aug 31 at 17:23