1

Should I trust VPN services that provide post-quantum encryption like NewHope for protection against future quantum computers? How can I tell if the connection between me and the VPN is using post-quantum encryption?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Eleanor
  • 91
  • 4
  • 2
    Why do you need protection today against something that doesn't exist yet? – schroeder Jan 21 '20 at 16:06
  • 4
    Anyone can store your data today and decrypt it when Quantum computer will be available. Quantum calculations will be available to the general public and hackers might be able to use this fact to break our encryption and have access to our data. I know I am quite paranoid but I prefer to be safe than sorry. – Eleanor Jan 21 '20 at 16:23
  • Quantum computing is at such an immature level that I would have grave doubts of anyone outside of a specialty research lab making such claims, and even a research lab should be taken with a block of salt. – user10216038 Jan 21 '20 at 17:05
  • Wouldn't the answer be 'no' inherently? How can they claim protection against something that hasn't been developed yet? Are they using algorithms that are theoretically, mathematically safe against quantum computers, probably. Are they armed against every future quantum development? Unlikely, if even possible. Just remember, even md5 used to be cryptographically secure. – Nomad Jan 21 '20 at 17:07
  • 2
    @Nomad The limitations of quantum computers are based on mathematics, which are well established. It's possible to develop public key algorithms that are strong against quantum computers. Flaws in the encryption algorithm itself aren't really relevant. – Steve Sether Jan 21 '20 at 17:25
  • Honestly, this is a question from the crypto group. Last I heard post-quantum cryptography was immature, but I'm far from an expert. – Steve Sether Jan 21 '20 at 17:27
  • The National Institute of Standards and Technology is already standardizing post-quantum encryption with algorithms like NewHope being in the "round 2" of this process and they are already classifying the security of those algorithms against quantum computers. you can check the mathematics and see if a quantum computer can use a method to break it just like we know that RSA isn't safe against quantum computers without having any quantum computer. – Eleanor Jan 21 '20 at 17:36
  • Quantum computing is so far in the future, and the risks are already fairly well established. It's not going to magically show up one day to the surprise of everyone. Therefore I think you will be far safer using an established and known-safe encryption algorithm (even if vulnerable to quantum computing - which not all are), than you will be using an algorithm designed for quantum computing but which has not yet been vetted to verify general security. – Conor Mancone Jan 21 '20 at 17:45
  • In short an algorithm that is theoretically strong against quantum computing algorithms but practically weak against more run-of-the-mill attacks is a more present danger than an algorithm that is weak against theoretical quantum computing algorithms but strong against the sorts of attacks that actually happen right now. – Conor Mancone Jan 21 '20 at 17:46
  • @Conor Mancone Many of the post quantum algorithms are being checked by the National Institute of Standards and Technology for years and our currently used encryption is already known to be vulnerable against quantum computers so I have better chances of being safe with post-quantum cryptography than staying with regular encryption. Many experts say quantum computers will be built in the next several years and I won't call it far in the future. – Eleanor Jan 21 '20 at 17:59
  • Again, it's all about a proper risk analysis. You say that you would rather be safe than sorry, but that isn't the question. The question is: what is **actually** a bigger threat? An algorithm in "Round 2" of the testing process is still far from being approved as safe for actual use. The risk of stolen data due to using a not-completely-vetted algorithm is much higher than the risk of stolen data due to quantum algorithms. It doesn't matter if quantum computers are built tomorrow, because the technology is still a long way from being generally available (and therefore usable by hackers). – Conor Mancone Jan 21 '20 at 18:23
  • Why not encrypt first using "today's" encryption methods (e.g. RSA, ECDHE, AES, etc.), then encrypt that ciphertext with a 'post-quantum' encryption method? – mti2935 Jan 21 '20 at 18:25
  • @mti2935 combining encryption algorithms can be surprisingly tricky and error-prone. If done properly though, that might be a solution in general. Of course I doubt you'll find a VPN provider that does that... I still think that it is far, far too early to worry about quantum computing. Especially since some of the modern and vetted algorithm are not particularly weak against quantum computing. – Conor Mancone Jan 21 '20 at 18:32
  • @Eleanor It's possible quantum computing _might_ arrive faster than people think. However, what conor is saying is accurate about risks. Any new encryption algorithm is judged with skepticism before it's been looked at and attacked by many, many people. The risks of a new algorithm like NewHope is likely higher than the risks of quanum computing suddenly breaking RSA. – Steve Sether Jan 21 '20 at 18:35
  • Fascinating conversation. Even if we're many years (or decades) from quantum computing breaking today's encryption methods - that could still be disastrous for a lot of people. As pointed out earlier in this thread, today's ciphertext can easily be captured and stored at nearly zero cost, until the day that it can be decrypted using quantum (if/when that day ever arrives). – mti2935 Jan 21 '20 at 18:40
  • @Conor Mancone A hacker won't need a quantum computer in his home for cracking regular encryption, Hackers could use Cloud-based quantum computing(companies like IBM already offer something like that) to solve some mathematical problems that related to the encryption they try to decrypt. With currently used encryption I only have protection until quantum computers are built while with post-quantum encryption even if they are flawed I have the same kind of safety until that flaw will be discovered several years from now. – Eleanor Jan 21 '20 at 19:21

1 Answers1

1

It seem a but premature to make a VPN decision based on post quantum protection considerations, at this time. I think much more important questions would be, company reputation and past actions. None/few of the major trusted VPN providers, I see have that as a feature and my speculation is that any services using the new crypto is likely still experimental, Microsoft just began looking into it about year and a half ago.

In summary, I would not use post-Quantum Crypto at the moment, and re-evaluate in the future.

To evaluate traffic from a vpn, you need to review your network traffic. I would start by looking into wire shark.

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142
Super Nerd
  • 158
  • 5
  • I am choosing a VPN mainly for the post quantum protection and it doesn't seems like I have a better chance for post-quantum protection. – Eleanor Jan 21 '20 at 18:04
  • 1
    @Eleanor If that is the case, you will need to choose a vpn with post quantum offerings and hope for the best. However, a [bad vpn](https://www.addictivetips.com/vpn/dangers/) can be worse then no vpn, as a vpn provider will have the ability log activity and have software in your pc/network. Additionally a vpn provider is not end to end so a portion of the traffic is still encrypted with standard encryption. AKA the post quantum vpn will provide limited protection at best from the kind of attackers who store data and run on quantum computer later (Nation State?). – Super Nerd Jan 21 '20 at 18:36
  • @Eleanor. It may be better to evaluate what data is being sent over the wire instead. If the data is truly that valuable, don't send over internet, or send via secure postage in temper evident system/self destructing dives, etc... – Super Nerd Jan 21 '20 at 18:40
  • There is a risk but with post-quantum VPN I have a protection against hackers/criminals that actually know where I live(they record my WI-FI connection) and the VPN would be much easier to find if they do anything with my data and they will be the main suspects. If someone record my WI-FI today and decrypt it several years from now it will be much harder to find him. – Eleanor Jan 21 '20 at 19:43