You'll note they don't actually specify any asymmetric quantum-resistant algorithms. I'd guess if they did, NTRU or a derivative would be one they'd consider first: Security Innovation were trying to sell them that at about the same time Certicom were pushing elliptic curves. (I'm not as convinced about ideal lattices, but that's an artifact of my not being as familiar with the field.)
Pre-shared keys, as they suggest there, have no forward secrecy - which makes them great for those who really like stealing, say, IPsec keys… like the NSA. It may work with the kind of old military key infrastructure they and GCHQ have, that regularly distributes random keys from centralised, organisationally-trusted sources on specialised hardware; it is a terrible recommendation for civilians.
Interesting that they're still married to P-384 (probably the most annoying curve to implement correctly). Properly-implemented Ed448-Goldilocks is safer, and that's what CFRG are going with for the "paranoid" level.
> You'll note they don't actually specify any asymmetric quantum-resistant algorithms. I'd guess if they did, NTRU or a derivative would be one they'd consider first...
My bet would be on McEliece. It's been around longer, so has been subjected to more rigorous cryptanalysis than NTRU, and is not patented.
The way it does that is by using Diffie-Hellman or ECDH, which both rely on the hardness of the discrete logarithm problem that quantum computers would break.
I have next to zero understanding of how quantum computers are supposed to work. Does anyone have something like an intro into QC "for dummies"? I want to grasp this subject.
"For those partners and vendors that have not yet made the transition to Suite B algorithms, we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum resistant algorithm transition."
Wait, do working quantum computers actually exist today? D-Wave is the one I heard about, but the wiki page says it's no faster than ordinary computers and not even sure it works as advertised.
There are indeed "quantum computers" that work on a few qubits (less than 10), but without what is called "error protection". They are useless for running factorization of practical sizes (i.e. they do break small keys, but you can break those by hand on paper as well).
This is hard to answer because many quantum algorithms useful for cryptanalysis have probably not been discovered yet. See, for example, the debacle surrounding Soliloquoy [1], an algorithm that despite being based on the hardness of lattice reduction has a fast quantum algorithm.
Anyway, a quantum-resistant algorithm is usually meant to be one that resists the exponential speedup given by Shor's algorithm and its variants. In other words, a quantum-resistant algorithm can't be based on the hardness of integer factorization, discrete logarithms on any abelian group, class groups, and so on (i.e. all instances of the Abelian hidden subgroup problem).
The leading candidates for such hard problems are decoding a random linear code (McEliece), shortest/closest vector finding in a lattice (NTRU, GGH, [R]LWE, ...), multivariate equation system solving (HFE and friends), and in the specific case of digital signatures one-way functions (Merkle Tree signatures).
1) Public key cryptography relies on difficulty of factoring products of large primes.
2) Non-quantum computers can factor these numbers, it is just that the nature of the problem seems to require an expensive (non-polynomial to size of input) algorithm on classical computers. With quantum computers a polynomial time algorithm exists (Shor's algorithm).
For every prime p, we have p = 1 * p (clearly a factoring of p, though a trivial one). So rather "Prime numbers can't be factored in a nontrivial way.",
Even if we ignore units (i.e. 1, -1 in the ring Z), the prime number is a factorization of itself (one factor).
Otherwise the famous theorem that any integer >= 1 can be factored uniquely (up to order of the factors) into prime numbers would not hold (it even holds for 1, since 1 is defined as the product of zero factors).
Prime number guesses cannot be fully determined as prime fast and easily...however WE CAN brute force guess big prime numbers easily..for example 1/4 to 15 RSA keys can be brute forced guessed..not full brute force break as you still have the session keys to brute force but you get the idea
Prime numbers, not semi primes. A prime number by definition has only two factors, one and itself. The deleted post said something to the effect of "factoring prime numbers".
To expand a bit on this quite correct "no": There are many interpretations of quantum mechanics, like Bohm Mechanics, Multiverse, Copenhagen, but they all are mathematically equivalent and indistinguishable. They are of purely philosophical interest, not scientific (people will argue about this last sentence, but this would be an argument over semantics, not science).
So please do not call it "Multiverse theory", rather "Multiverse interpretation" :)
Uh, no. MWI and Copenhagen make different predictions. It just requires a reversible quantum computer to test. It is possible to distinguish which is true but it may take a few generations of experiment.
Could you elaborate on that? I have hard time believing it without a reference.
Edit: Probably you were referring to the need for "wavefunction collapse" in the Copenhagen theory. Practically, this can be addressed with the Master equations (or other approaches) for open quantum systems. Philosophically it might be unpleasant, but mathematically it is no different from what the Many World/Multiverse requires.
Maybe it's reverse psychology -- they've got quantum cryptanalysis, and the surest way to keep us all vulnerable is them telling us we should upgrade. ;)
I hope nobody here is actually considering using the proposed NSA algorithms - right?
The NSA today is a very different beast from the pre-2000 one. The focus seems to have drastically changed from securing stuff to mostly introducing vulnerabilities in stuff.
However, in reviewing the actual recommendations, if you trusted RSA 2048 before, it would be hard to argue the NSA has now backdoored RSA 3072 as a part of recommending it.
This comment (along with many of this author's other comments) seems to take a form which strongly reminds me of the output of SCIgen[1] and I wonder if anyone more versed in quantum cryptography or any related fields of mathematics can make more sense of it than I can.
I could, of course, be unfairly interpreting the unusually simple [2] grammatical structures as being computer generated rather than as an artifact of not being a native English speaker. If that is the case, I do apologize and hope that I have not caused any offence.
> Server load balancing is a dynamic process which may actually induces vulnerabilities to distributed denial of service attacks, whether or not the maintenance occurs regularly. Especially dangerous DDoS is statistically timed to gain root access by damaging the infrastructure.
I understand the topics that the words are referring to. The sentences seem like garbage that almost makes sense, but in the end doesn't. Presumably phrases or sentence fragments written by real humans but strung together in a nonsense way.
One giveaway here is the phrase "whether or not the maintenance occurs regularly". What maintenance? There is no "the maintenance" in this paragraph, and maintenance has no connection to the sentence or topic.
It's clever though and sophisticated enough to make you doubt yourself for a moment. I think it's both human and machine working together. This comment is too on topic to be random: https://news.ycombinator.com/item?id=10058574 I'm almost enjoying it as a kind of puzzle. Pretty sure it's some kind of performance art or trolling, so I've flagged it. I'm inclined to follow Poe's Law on this one ("Any sufficiently advanced troll is indistinguishable from a genuine kook")
Edit: The user's subsequent replies distinguish their contribution as mean-spirited trolling.
And shame on you for saying (in an edit, no less) that this man is not a bot, but merely a troll. Address his original post, or comment on something you are qualified on.
Are you prepared to explain this content and defend its meaning and sensibility? Please do not argue that I'm being unfair unless you are.
If you think it makes sense, and I'm misreading, then I'd challenge you to pick a paragraph, dig into each sentence, and try to explain to yourself what it means; and how the sum of the sentences in the paragraph communicates an idea. It doesn't. It's just a string of generated statements. If you haven't seen this kind of material before, then I'd encourage you to check out papers generated by SciGen:
You will probably be able to identify this content for what it is after reading other (well-done) machine-generated content.
I'm qualified to comment on the content. The paragraphs do not make sense. You're being taken in by a troll. If anyone wants to seriously discuss this content, start by trying to understanding how "load balancing [...] may actually induces [sic] vulnerabilities to DDOS", and how that connects in any way to the topic which is cryptography.
> Irreversible destruction of the hardware [...] atomic decay processes which are incited by zeta normalization of the attack timing.
When is "destruction of the hardware" ever reversible? How will an Internet attack incite atomic decay? (That's ridiculous.)
The words and phrases are strung together in a way that communicates no cogent idea. They're far enough away from making real sense that they can't actually be rebutted or discussed in a direct way. All you're left with being able to say is, "That doesn't make sense", "Those concepts have nothing to do with each other", "The ideas don't follow".
Try to take the paper I linked above and, selecting any paragraph, attempt to assess the accuracy of its claims, discuss what it's saying, or rebut the claims. Example:
> Any unproven synthesis of introspective methodologies will
clearly require that the well-known reliable algorithm for the investigation of randomized algorithms by Zheng is in Co-NP; our application is no different
Does that look like obvious nonsense to you? It's written in a way to appear meaningful but it's not. It's just randomly generated content using statistical techniques to select words and phrases that appear nearby in a corpus of real content. Nevertheless I'm sure you can pull some kind of meaning out of that and argue about it. That's what we'd be doing by discussing this user's posts.
I'm not trying to be mean. I thought the original posts were an interesting, clever performance with better generated material than I'd seen before. That's misleading in the way that a magician is misleading. It can be fun. The subsequent replies appearing to seriously defend the content (which by the way are not at all convincing), and attack users who pointed out its nature, are something different.
I really don't want to contribute to trolling on HN by discussing this content further, but since you're accusing me of being unfairly dismissive: I will be glad to read and critique a short essay about how "load balancing [...] may actually induces [sic] vulnerabilities to DDOS [...] whether or not the maintenance occurs regularly" and how that relates to cryptography. All I can say now is that that claim doesn't make sense on its own, or the context of the paragraph, and has no apparent connection to the topic. If the sentence was expanded into several paragraphs justifying its claims and elucidating the topic, then we'd actually be able to discuss it.
Well put. Also, it is important to point out that the about text (now blanked) in the user profile page could have induced other users to suspect trolling.
>Are you prepared to explain this content and defend its meaning and sensibility? Please do not argue that I'm being unfair unless you are.
You should ask questions more often. Remember that the burden of proof is generally on the accuser in this language.
>If you think it makes sense, and I'm misreading, then I'd challenge you to pick a paragraph, dig into each sentence, and try to explain to yourself what it means; and how the sum of the sentences in the paragraph communicates an idea.
Why have you not done that yet?
You keep getting close, but you only talk trash instead of asking questions.
>It doesn't. It's just a string of generated statements.
You have assumed that I am either multiple people, or a content generator. Since I am only one dude at a keyboard, you are seriously underestimating the amount of power used to write these messages. Either way, you are asserting that I am very, very efficient at writing.
>It's just a string of generated statements. If you haven't seen this kind of material before, then I'd encourage you to check out papers generated by SciGen:
http://pdos.csail.mit.edu/scigen/rooter.pdf (generated nonsense intended to fool the reader - it was even accepted by a journal for publication!)
At this point it is clear to me that you do not have any notion of how these programs work; instead you have: a singular reference, reiterated insult, and ignorance of how those algorithms relate to the subject matter at hand.
>You will probably be able to identify this content for what it is after reading other (well-done) machine-generated content.
On the contrary, your content appears as such because of how often you repeat phrases which are low entropy and off-topic.
>I'm qualified to comment on the content.
I disagree, you would be able to ask questions in that case.
>The paragraphs do not make sense. You're being taken in by a troll.
Repeating yourself does not make your words more true.
>If anyone wants to seriously discuss this content, start by trying to understanding how "load balancing [...] may actually induces [sic] vulnerabilities to DDOS", and how that connects in any way to the topic which is cryptography.
You almost asked a question again. You should just rephrase that sentence and add the relevant punctuation mark, because you are admitting ignorance either way. It is very strange to me that you do not accept that cyberattacks and cryptography are in the same category as system administration.
>When is "destruction of the hardware" ever reversible?
In thermodynamics we have irreversible and reversible processes. Sometimes things can be fixed with solder, other times new parts are required. Vadim Markarov has made at least a little money from the difference.
>How will an Internet attack incite atomic decay? (That's ridiculous.)
I do not know of your background in ceramics engineering or particle physics, so I cannot teach you explicitly.
>The words and phrases are strung together in a way that communicates no cogent idea.
Your observation indicates that you are ignorant of the subject matter. It is only fair to ask questions when that happens.
>They're far enough away from making real sense that they can't actually be rebutted or discussed in a direct way. All you're left with being able to say is, "That doesn't make sense", "Those concepts have nothing to do with each other", "The ideas don't follow".
You should rewrite that using only the first person pronoun as a subject. It would only be factual in that case. It is malicious trolling to use the second person pronoun so as to accuse the arbitrary reader of being unable to understand. I use it to respond to the user Pyxl101 directly.
>Try to take the paper I linked above and, selecting any paragraph, attempt to assess the accuracy of its claims, discuss what it's saying, or rebut the claims.
Example:
> Any unproven synthesis of introspective methodologies will clearly require that the well-known reliable algorithm for the investigation of randomized algorithms by Zheng is in Co-NP; our application is no different
I can rebut that at face value. The phrase "well-known" is completely subjective and therefore unsuitably counterfactual for a scientific publication. The abstract reference to "algorithms...of...algorithms" is a reducto ad absurdum fallacy.
>Does that look like obvious nonsense to you?
Yes, but I know how to explain why.
>It's written in a way to appear meaningful but it's not.
You do not have a firm rationale to say so unless you can point out the fallacy, like I have.
>It's just randomly generated content using statistical techniques to select words and phrases that appear nearby in a corpus of real content.
The phrases "randomly generated", and "statistical techniques", are not precise enough for criticism in this context. I use much, much less power than you are proposing; unless you want to count the greenhouse gases emitted by farms which produce my food.
>Nevertheless I'm sure you can pull some kind of meaning out of that and argue about it.
Then you could definitely pull some meaning out and ask a legitimate question so as to further the discussion.
>That's what we'd be doing by discussing this user's posts.
WE would be doing so if you were not simply repeating the same insults.
>I'm not trying to be mean.
Then you should recognize my humanity, if only because I have a better sense of humor than you.
>I thought the original posts were an interesting, clever performance with better generated material than I'd seen before.
That harkens back to my original joke about your interest in recycled content.
>That's misleading in the way that a magician is misleading.
Magicians are usually just good chemists who are fascinated by special effects in stagecraft. You picked the wrong subject, again, referring to your own sentence through a Freudian slip.
>It can be fun.
You admit to finding dehumanization fun. That is malicious trolling at best, and psychopathy at worst.
>The subsequent replies appearing to seriously defend the content (which by the way are not at all convincing)
I can tell that you are being persuaded from the co-occurence of your insults with direct references to the subject matter.
>and attack users who pointed out its nature, are something different.
I am not attacking your person, you began by rejecting my human nature; and I only respond by being flippant and forgiving. The difference is that you repeat insults while I encourage you to ask specific questions.
>I really don't want to contribute to trolling on HN by discussing this content further, but since you're accusing me of being unfairly dismissive
Then you should avoid the use of pejoratives.
>I will be glad to read and critique a short essay about how "load balancing [...] may actually induces [sic] vulnerabilities to DDOS [...] whether or not the maintenance occurs regularly" and how that relates to cryptography.
Instead of asking me for a written abstract, you should just ask a specific question. If you cannot realize how database programming, cyberattacks, and cryptography occur together; then I cannot realize you have any background in applying those things in the real world.
>All I can say now is that that claim doesn't make sense on its own, or the context of the paragraph, and has no apparent connection to the topic.
Do I need to write another Google search query for you?
>If the sentence was expanded into several paragraphs justifying its claims and elucidating the topic, then we'd actually be able to discuss it.
Maybe I will make that into an academic paper and submit it for discussion. Until then, you should understand that it is extremely rude to slander someone as a bot when you fail to understand their writing.
Don't have too much faith; I'm often downvoted for disagreeing with the hive mind. I have enough karma now that hellbanning is less likely, so the chilling effect on free thought/software is reduced enough to post.
I merely had karma to burn, and the fact that I had to consciously weigh defending you against my karma point balance makes me a little nauseous.
I did not have enough faith restored in order to continue using this website; I just think of it as redundant. The karmic counters here seem susceptible to fraudulence and malicious groupthink. The most chilling effect on free thought and social software is when the hive mind calls for a lynching.
The fact that I am still in negative karma here discourages me from any further participation whatsoever. There are certain foods that go well with web browsing and heavy computer usage: in general you want soups and stews with a high fat content for their digestibility and neuronal bioavailability. My preference is green lentils with bone marrow, because the iron catechol acts as a cellular shield against ionizing radiation.
May you enjoy your browsing with a renewed sense of purpose!
>One giveaway here is the phrase "whether or not the maintenance occurs regularly". What maintenance? There is no "the maintenance" in this paragraph, and maintenance has no connection to the sentence or topic.
Good job! You almost asked a question.
This google search might help you in your quest to define the word 'maintenance':
>I understand the topics that the words are referring to.
This is an incomplete sentence. The correct phrase would be:
"I understand the topics to which the words are referring"
>The sentences seem like garbage that almost makes sense, but in the end doesn't.
This is a Freudian slip where you are actually talking about your own sentences. Since when does garbage make sense?
I hazard a guess that you are heavily invested in recycling content!
>Presumably phrases or sentence fragments written by real humans but strung together in a nonsense way.
This is another sentence fragment which is solely a predicate, lacking a subject. There is only one language in the world where that is valid grammar; and it is also the only one in which: being able to do the work of several humans- is an insult rather than a compliment.
A moronic RUSE uses derogatives subjectively and assumes everyone else must agree.
>It's clever though and sophisticated enough to make you doubt yourself for a moment.
If you could veritably speculate on what type of computation was ongoing, then you too could be clever and sophisticated.
Instead, you are simply being a dull sophist.
>I think it's both human and machine working together.
Correct! I am indeed using a computer, and so are you.
If this is some kind of algorithmic puzzle, then I am technically a 'wizard'; and you can only progress by asking questions to inform your own ignorance.
>Pretty sure it's some kind of performance art or trolling, so I've flagged it.
Another grammatical error! If you cannot think of a question to ask, or a related topic to discuss, then you are most likely the troll (or performance artist).
>I'd argue that it's indecipherably dense and not appropriate for HN.
I can now argue that in fact that you are indecipherably dense and HN is not appropriate for VC funding.
Shame on you for calling this man a Bot. You have created much controversy, and his original reply was buried/discredited as a result. Ideas were not heard.
I am concerned about how this type of misbehavior could be moderated in the future.
Sometimes posting on internet forums reminds me too much of Blade Runner. Then, anonbanker chimed in and the scene started to feel more like this song:
>This comment (along with many of this author's other comments) seems to take a form which strongly reminds me of the output of SCIgen[1]
Whilst a context-free grammar is used to generate sentences; the preferred output is typically the sequence of words with the lowest entropy. That has the effect of sounding extremely concise, idiomatically as: a man of few words. I veritably assure you that you are indeed in communication with a real, live human being who has written software for Natural Language Processing; so I attribute your confusion to that point, mostly.
>and I wonder if anyone more versed in quantum cryptography or any related fields of mathematics can make more sense of it than I can.
Here is where you are being offensive. If you become confused by words which you cannot fathom, then you need to admit your own ignorance and ask a question directly. Otherwise, as in this case, you are engaging in fallacious excommunication or at least rude duplicity!
>I could, of course, be unfairly interpreting the unusually simple [2] grammatical structures as being computer generated rather than as an artifact of not being a native English speaker.
Here is where you espouse two falsehoods: that my grammatical structures are in any way simple; or that native English speakers have any specific level of complexity in their language. It is easy to show how certain grammatical constructions are indicative of a person's native language; but those are usually grammatical errors such as: run-on sentences, misplaced plurals, or redundant hyphenation. There is no homogenous measure of complexity for the English spoken by people born in England, so that topical premise is entirely wrong.
>If that is the case, I do apologize and hope that I have not caused any offence.
If you feel the need to apologize in advance, then you have probably written something rude; and you should revise the message before sending it.
The fact that this wall of text is being greyed is a striking anti-intelligence mindset, and I'm shocked to see it coming to HN, frankly. This man was accused of being a bot for speaking to Ms. Rowan at a level she could address, and the replies are being greyed for pointing out rudeness.
Pre-shared keys, as they suggest there, have no forward secrecy - which makes them great for those who really like stealing, say, IPsec keys… like the NSA. It may work with the kind of old military key infrastructure they and GCHQ have, that regularly distributes random keys from centralised, organisationally-trusted sources on specialised hardware; it is a terrible recommendation for civilians.
Interesting that they're still married to P-384 (probably the most annoying curve to implement correctly). Properly-implemented Ed448-Goldilocks is safer, and that's what CFRG are going with for the "paranoid" level.