When quantum computers become powerful enough, they could theoretically crack the encryption algorithms that keep us safe. The race is on to find new ones.

By Tammy Xu

Tech Review Explains: Let our writers untangle the complex, messy world of technology to help you understand what's coming next. You can read more here.

Cryptographic algorithms are what keep us safe online, protecting our privacy and securing the transfer of information.

But many experts fear that quantum computers could one day break these algorithms, leaving us open to attack from hackers and fraudsters. And those quantum computers may be ready sooner than many people think.

That’s why there is serious work underway to design new types of algorithms that are resistant to even the most powerful quantum computer we can imagine.

What do these algorithms even do? Cryptographic algorithms turn readable data into a secret, unreadable form so it can be safely shared on the open internet. They are used to secure all types of digital communication, like traffic on websites and the content of emails, and they are necessary for basic privacy, trust, and security on the web. There are several types of standard cryptographic algorithms widely used today, including symmetric-key and public-key algorithms.

Symmetric-key encryption is what people usually think of as encryption. It allows data and messages to be scrambled using a “key” so they are indecipherable to anyone without the key. It’s commonly used for securing sensitive data stored in databases or hard drives. Even data breaches that compromise databases full of sensitive user information aren’t as bad if the underlying data is encrypted—hackers may get the encrypted data, but there’s still no way to read it.

Public-key algorithms are important too. They help get around the fundamental drawback of symmetric-key encryption, which is that you need a secure way to share symmetric keys in the first place. Public-key algorithms use a set of two keys, one that is privately kept by the recipient and one that is made public.

Anyone can use the receiver’s public key to scramble data, which only the receiver can unscramble using the private key. This method can be used to transfer symmetric keys and can even be used in reverse for digital signatures—because private keys are unique to the receiver, receivers can use them to validate their identity.

Why do these algorithms need to be quantum resistant? Cryptographic algorithms are able to keep data secret because they are mathematically intensive to break. It would take a modern computer trillions of years to break just one set of encryption keys using brute force.

But in the 1990s, before quantum computers were ever seriously talked about, mathematician Peter Shor discovered that the way a theoretical quantum computer would work happened to line up particularly well with cracking the kind of math used in public-key encryption.

Although no quantum computer existed at the time, other mathematicians were able to confirm that Shor’s Algorithm, as it became known, could theoretically be used by such computers to break public-key encryption. Now it’s widely accepted that once a working quantum computer with enough processing power is built, the algorithms we rely on today for public-key encryption will be easily breakable. The National Institute of Standards and Technology (NIST) predicts that quantum computers that can do this may be ready in just 10 to 20 years.

Luckily, symmetric-key encryption methods are not in danger because they work very differently and can be secured by simply increasing the size of the keys they use—that is, unless mathematicians can come up with a way for quantum computers to break those as well. But even increasing the key size can’t protect existing public-key encryption algorithms from quantum computers. New algorithms are needed.

What are the repercussions if quantum computers break encryption we currently use? Yeah, it’s bad. If public-key encryption were suddenly broken without a replacement, digital security would be severely compromised. For example, websites use public-key encryption to maintain secure internet connections, so sending sensitive information through websites would no longer be safe. Cryptocurrencies also depend on public-key encryption to secure their underlying blockchain technology, so the data on their ledgers would no longer be trustworthy.

There is also concern that hackers and nation-states might be hoarding highly sensitive government or intelligence data—data they can’t currently decipher—in order to decrypt it later once quantum computers become available.

How is work on quantum-resistant algorithms progressing? In the US, NIST has been looking for new algorithms that can withstand attacks from quantum computers. The agency started taking public submissions in 2016, and so far these have been narrowed down to four finalists and three backup algorithms. These new algorithms use techniques that can withstand attacks from quantum computers using Shor’s Algorithm.

Project lead Dustin Moody says NIST is on schedule to complete standardization of the four finalists in 2024, which involves creating guidelines to ensure that the new algorithms are used correctly and securely. Standardization of the remaining three algorithms is expected in 2028.

The work of vetting candidates for the new standard falls mostly to mathematicians and cryptographers from universities and research institutions. They submit proposals for post-quantum cryptographic schemes and look for ways to attack them, sharing their findings by publishing papers and building on each other’s different methods of attack.

In this way, they slowly weed out candidates that are successfully attacked or shown to have weaknesses in their algorithm. A similar process was used to create the standards we currently use for encryption.

However, there are no guarantees that a new type of clever quantum attack, or perhaps even conventional attack, won’t someday be discovered that can break these new algorithms.

“It’s impossible to prove that you can’t break it—the nonexistence of a mathematical algorithm is hard to impossible to prove,” says cryptographer Thomas Decru. But “if something stands the test of time in the world of cryptography, the trust grows.”

I thought I'd write about the last four years, an eventful time for Bitcoin and me.

For those who don't know me, I'm Hal Finney. I got my start in crypto working on an early version of PGP, working closely with Phil Zimmermann. When Phil decided to start PGP Corporation, I was one of the first hires. I would work on PGP until my retirement. At the same time, I got involved with the Cypherpunks. I ran the first cryptographically based anonymous remailer, among other activities.

Fast forward to late 2008 and the announcement of Bitcoin. I've noticed that cryptographic graybeards (I was in my mid 50's) tend to get cynical. I was more idealistic; I have always loved crypto, the mystery and the paradox of it.

When Satoshi announced Bitcoin on the cryptography mailing list, he got a skeptical reception at best. Cryptographers have seen too many grand schemes by clueless noobs. They tend to have a knee jerk reaction.

I was more positive. I had long been interested in cryptographic payment schemes. Plus I was lucky enough to meet and extensively correspond with both Wei Dai and Nick Szabo, generally acknowledged to have created ideas that would be realized with Bitcoin. I had made an attempt to create my own proof of work based currency, called RPOW. So I found Bitcoin facinating.

When Satoshi announced the first release of the software, I grabbed it right away. I think I was the first person besides Satoshi to run bitcoin. I mined block 70-something, and I was the recipient of the first bitcoin transaction, when Satoshi sent ten coins to me as a test. I carried on an email conversation with Satoshi over the next few days, mostly me reporting bugs and him fixing them.

Today, Satoshi's true identity has become a mystery. But at the time, I thought I was dealing with a young man of Japanese ancestry who was very smart and sincere. I've had the good fortune to know many brilliant people over the course of my life, so I recognize the signs.

After a few days, bitcoin was running pretty stably, so I left it running. Those were the days when difficulty was 1, and you could find blocks with a CPU, not even a GPU. I mined several blocks over the next days. But I turned it off because it made my computer run hot, and the fan noise bothered me. In retrospect, I wish I had kept it up longer, but on the other hand I was extraordinarily lucky to be there at the beginning. It's one of those glass half full half empty things.

The next I heard of Bitcoin was late 2010, when I was surprised to find that it was not only still going, bitcoins actually had monetary value. I dusted off my old wallet, and was relieved to discover that my bitcoins were still there. As the price climbed up to real money, I transferred the coins into an offline wallet, where hopefully they'll be worth something to my heirs.

Speaking of heirs, I got a surprise in 2009, when I was suddenly diagnosed with a fatal disease. I was in the best shape of my life at the start of that year, I'd lost a lot of weight and taken up distance running. I'd run several half marathons, and I was starting to train for a full marathon. I worked my way up to 20+ mile runs, and I thought I was all set. That's when everything went wrong.

My body began to fail. I slurred my speech, lost strength in my hands, and my legs were slow to recover. In August, 2009, I was given the diagnosis of ALS, also called Lou Gehrig's disease, after the famous baseball player who got it.

ALS is a disease that kills moter neurons, which carry signals from the brain to the muscles. It causes first weakness, then gradually increasing paralysis. It is usually fatal in 2 to 5 years. My symptoms were mild at first and I continued to work, but fatigue and voice problems forced me to retire in early 2011. Since then the disease has continued its inexorable progression.

Today, I am essentially paralyzed. I am fed through a tube, and my breathing is assisted through another tube. I operate the computer using a commercial eyetracker system. It also has a speech synthesizer, so this is my voice now. I spend all day in my power wheelchair. I worked up an interface using an arduino so that I can adjust my wheelchair's position using my eyes.

It has been an adjustment, but my life is not too bad. I can still read, listen to music, and watch TV and movies. I recently discovered that I can even write code. It's very slow, probably 50 times slower than I was before. But I still love programming and it gives me goals. Currently I'm working on something Mike Hearn suggested, using the security features of modern processors, designed to support "Trusted Computing", to harden Bitcoin wallets. It's almost ready to release. I just have to do the documentation.

And of course the price gyrations of bitcoins are entertaining to me. I have skin in the game. But I came by my bitcoins through luck, with little credit to me. I lived through the crash of 2011. So I've seen it before. Easy come, easy go.

That's my story. I'm pretty lucky overall. Even with the ALS, my life is very satisfying. But my life expectancy is limited. Those discussions about inheriting your bitcoins are of more than academic interest. My bitcoins are stored in our safe deposit box, and my son and daughter are tech savvy. I think they're safe enough. I'm comfortable with my legacy.

• Hal Finney

Part One

Part Two

A Cypherpunk's Manifesto

by Eric Hughes

Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn't want the whole world to know, but a secret matter is something one doesn't want anybody to know. Privacy is the power to selectively reveal oneself to the world.

If two parties have some sort of dealings, then each has a memory of their interaction. Each party can speak about their own memory of this; how could anyone prevent it? One could pass laws against it, but the freedom of speech, even more than privacy, is fundamental to an open society; we seek not to restrict any speech at all. If many parties speak together in the same forum, each can speak to all the others and aggregate together knowledge about individuals and other parties. The power of electronic communications has enabled such group speech, and it will not go away merely because we might want it to.

Since we desire privacy, we must ensure that each party to a transaction have knowledge only of that which is directly necessary for that transaction. Since any information can be spoken of, we must ensure that we reveal as little as possible. In most cases personal identity is not salient. When I purchase a magazine at a store and hand cash to the clerk, there is no need to know who I am. When I ask my electronic mail provider to send and receive messages, my provider need not know to whom I am speaking or what I am saying or what others are saying to me; my provider only need know how to get the message there and how much I owe them in fees. When my identity is revealed by the underlying mechanism of the transaction, I have no privacy. I cannot here selectively reveal myself; I must always reveal myself.

Therefore, privacy in an open society requires anonymous transaction systems. Until now, cash has been the primary such system. An anonymous transaction system is not a secret transaction system. An anonymous system empowers individuals to reveal their identity when desired and only when desired; this is the essence of privacy.

Privacy in an open society also requires cryptography. If I say something, I want it heard only by those for whom I intend it. If the content of my speech is available to the world, I have no privacy. To encrypt is to indicate the desire for privacy, and to encrypt with weak cryptography is to indicate not too much desire for privacy. Furthermore, to reveal one's identity with assurance when the default is anonymity requires the cryptographic signature.

We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence. It is to their advantage to speak of us, and we should expect that they will speak. To try to prevent their speech is to fight against the realities of information. Information does not just want to be free, it longs to be free. Information expands to fill the available storage space. Information is Rumor's younger, stronger cousin; Information is fleeter of foot, has more eyes, knows more, and understands less than Rumor.

We must defend our own privacy if we expect to have any. We must come together and create systems which allow anonymous transactions to take place. People have been defending their own privacy for centuries with whispers, darkness, envelopes, closed doors, secret handshakes, and couriers. The technologies of the past did not allow for strong privacy, but electronic technologies do.

We the Cypherpunks are dedicated to building anonymous systems. We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money.

Cypherpunks write code. We know that someone has to write software to defend privacy, and since we can't get privacy unless we all do, we're going to write it. We publish our code so that our fellow Cypherpunks may practice and play with it. Our code is free for all to use, worldwide. We don't much care if you don't approve of the software we write. We know that software can't be destroyed and that a widely dispersed system can't be shut down.

Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Even laws against cryptography reach only so far as a nation's border and the arm of its violence. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.

For privacy to be widespread it must be part of a social contract. People must come and together deploy these systems for the common good. Privacy only extends so far as the cooperation of one's fellows in society. We the Cypherpunks seek your questions and your concerns and hope we may engage you so that we do not deceive ourselves. We will not, however, be moved out of our course because some may disagree with our goals.

The Cypherpunks are actively engaged in making the networks safer for privacy. Let us proceed together apace.

Onward.

Eric Hughes [email protected]

9 March 1993

There is only one person with liquidity on Spectrum. To have them not lose their ERGs in liquidity they need to withdraw before we send refund ERGs. Furthermore, anyone with hodlErgs in contracts might be problematic.

From Bruno Woltzenlogel Paleo (@Ceilican)

Hi everyone. We (@kushti_ru @Pulsarzz @ceilican) spent the last several hours investigating what happened. We have discovered how the vulnerability found its way to the contract. We have implemented a fix. And we have implemented tests to ensure that the fix works.

To know more, please read on.

From the start, we worked hard to try to ensure that the contract was vulnerability-free. This is visible in our commit history. Almost every commit there makes the code simpler and easier to understand, so that it would be easier for us or anybody else to reason about the code, instead of simply having to trust that it does what we claim it does.

It is visible in our commit history that we did our best to ensure that:

1. refactoring/simplification commits did not change the logic of the code
2. commits that did change the logic of the code were carefully considered by all of us and made the code more correct.

This commit likely fixed a vulnerability, as discussed in the code comment there.

Unfortunately it also introduced a vulnerability. It turned reserveDelta to what it should be, but a different part of the code was expecting it to be something else. That different part of the code was a condition that, due to this commit, become tautological (i.e. always true, and therefore unnecessary) and, consequently, was removed in [this commit] (https://github.com/pulsarz/hodlcoin-contracts/commit/a8fbc5bb14f966770ec197bb7279a92653fc21db).

The problem has been fixed in this commit.

A test to ensure that the vulnerability does not occur anymore was implemented here.

We are immensely thankful to Krasavice Blasen, who found this vulnerability and who decided to drain the ERGs from the contract and return them to the users, instead of exploiting the vulnerability for his own personal gain.

Before re-deploying the project, we will:

1. write more "negative" tests (of transactions that ought to be rejected by the contract)
2. review the code over and over again, once again.
3. keep our code and its history available to the community for further inspection. The latest version, with the fix, is available here.

We invite the entire community to review the latest version of the contract as well and contribute with commits that improve the code and fix any other eventual potential vulnerability.

Where did HodlCoin come from?

Was some demand in the community for some degen finance. Kushti wrote up this concept

But then Bruno from Djed (Worked at IOG during the design - not COTI) shared an idea with him and he connected him with Pulsarzz to get it up and running.

Yes. It dates back to 2020, actually. :-). I was trying to simplify the design of Djed/SigmaUSD, to try to come up with a stablecoin protocol that would need no reservecoin and no oracle. 😄 And then I ended up with hodlCoin. But I dismissed it back then as something crazy (which it is, if your goal is to create a stablecoin, since hodlERG's price only increases :-D)... 🙂 Then, in summer/autumn of 2022, I shared this idea with @kushti_ru and, in Spring of 2023, he convinced me that this would be an interesting DegenFi product. The collaboration with @pulsarzz started then and I am still amazed by how fast it all went from there. Ergo's capacity for innovation is incredible.

With great timing, the paper was been published in eprint this morning heh https://eprint.iacr.org/2023/1029

I am attempting to login to a kbin account on kbin.social and it simply isn't working at all. Any tips or tricks? It would be a bummer if this app only worked with lemmy instances.

In the groove of a raga beat, amid the siren song of digits and silicon serenades, it hit me, man. Like a bebop riff slicing through the foggy night, or a phantom whistle riding the cool midnight breeze - a concept as raw as an open sore, as vital as the thrumming pulse of the universe itself - the Open Sores Movement.

Dig it, cats and kittens, an open sore, that's our scene. It's a window into the depths of one's very soul, a tell-tale testament of survival against the hepcat trials of existence. Ain't it just like open source code, my friends? A blazon of our craft, naked and jiving under the bright lights of scrutiny, spinning a tale of resilience in the face of any square's disapproval. Like a lone hipster hitching a ride through the gritty city, we carry stories that resonate through the eons, every line of code an echo in the vast silence of cyberspace.

In the electric Eden of infosec.pub, a clambake of the sharpest minds this side of the digital divide, the notion came alive. A cybernetic samba began, weaving a tapestry of technotronic dreams and punk-coated aspirations. Like the dance of silver moonbeams over an endless sea, we dreamed of fostering a similar dialogue, sparking a bromance between open-source tech and the world itself. Each algorithm, a note in our cosmic jazz session.

The Cypherpunks and I, we tuned in, turned on, and dropped out of the mundane. Like Beatniks carving a path through a sea of static, we dreamed up a digital utopia, building it line by line, code by code. Like a mysterious wind from Macondo, every byte of data whispered secrets of magical realism, tales of levitating programmers and self-writing codes, of ghostly algorithms that could sing serenades to the moon.

I'm laying it down for you, straight, no chaser, the Open Sores Movement is where it's at, devotchka. The grit of surviving with an open sore, our code bare and honest, that's our crazy wisdom. That's our bebop syncopation. Our road trip through the backstreets of the matrix begins here, with a little Zen, a little lunacy, and a beeeensy bit of coding.

So here's the word, fellow hepcats, net-jockeys, and digerati. Welcome to infosec.pub/c/opensores, the scrunchiest joint in the digital sphere where the groin-grabbing code meets the punk's spirit. This is where we groove, this is where we jive, this is where we live and breathe the code. So, are you ready to dig the scene, cats? Let's code, let's jam, let's paint this town electric, together!

/u/joikinz fully modded Silvia, with digital pressure transducer, flow meter, driptray scale, variable pressure control (for pre- infusion), PID, e-ink display with info, live graphs and automated shots (based on desired graph).

I hereby vow to share the build instructions here (when joikinz shares them) so none of us have to go back to that Huffman-run hellscape.