this post was submitted on 04 Dec 2023
142 points (98.0% liked)

Technology

59106 readers
3944 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
142
Physicists May Have Found a Hard Limit on The Performance of Large Quantum Computers (www.sciencealert.com)
submitted 11 months ago by btp@kbin.social to c/technology@lemmy.world
18 comments fedilink hide all child comments
 

A newly discovered trade-off in the way time-keeping devices operate on a fundamental level could set a hard limit on the performance of large-scale quantum computers, according to researchers from the Vienna University of Technology.

you are viewing a single comment's thread
view the rest of the comments
[–] cypherpunks@lemmy.ml 17 points 11 months ago* (last edited 11 months ago) (2 children)

I really hope that there isn't a cryptographically-relevant quantum computer built in our lifetimes, but we should still assume that there likely will be and accordingly should switch everything to use (hybrid) post-quantum cryptography ASAP.

[–] ryannathans@aussie.zone 4 points 11 months ago

There probabry already is in NSA basement

[–] jayrhacker@kbin.social 3 points 11 months ago (2 children)

Why not? I've got a hard drive which I lost the keys to I'd like to recover, and having all the old secrets out in the open would be really interesting.

[–] cypherpunks@lemmy.ml 3 points 11 months ago

It isn't expected that a quantum computer will be able to instantly break symmetric encryption, as is used in full disk encryption. It will give an enormous advantage (halving the number of bits of security) but attacking that will still require a large amount of time and energy. What a CRQC will very quickly break is the asymmetric primitives, as used in TLS, encrypted email and chats, etc.

On the other hand, using default parameters from not so long ago, it is cheaper than you might expect to brute-force your disk passphrase already today without a quantum computer... which is why you should use a stronger key derivation function (in addition to a strong passphrase, of course).

[–] Plopp@lemmy.world 2 points 11 months ago

Isn't that symmetrical encryption? Quantum computers aren't really that beneficial for symmetrical encryption iirc, due to it being a process that can't be parallelized very efficiently (and quantum computers are kinda slow per operation).