Quantum Cracking Counter Measures?

I have to store high value data in the cloud.

It is encrypted with several layers with the highest available open source encryption. But, with quantum cracking over the horizon, I need a solution against brute force cracking.

Sharding the files & splitting them over a host of cloud repositories and/or p2p storage networks (like Sia) comes to mind.

Security experts:
A) Will this prevent quantum cracking?
B) Are there any viable open source tools for sharding files?
C) Has anyone come up with the equivalent of sharding + p2p storage network, that would keep the sharded pieces from sharing the same repository?


You don’t need to worry using symmetric encryption, e.g. AES256 is believed to be quantum resistant. Just use a high key size if possible, within VeraCrypt there shouldn’t be any security flaw.
Asymmetric algorithms like RSA on the other hand are easy to break with high performance quantum computers. But afaik and just publically there don’t exist any which are fast enough.

1 Like

There are algorithms in development to counter quantum computing under the term “post quantum cryptography”. I guess some algorithms are already good but undergo peer review, but I don’t know for sure as I did not dive into this area, yet.

1 Like

@Emily ,

After about 13 years of development, this is about to go live:


  • better than blockchain stuff and I think I remember it being quoted as “quantum-safe” on the forum . .
1 Like

Question this assumption?

Publicly at least, quantum cracking is not a thing - so it is difficult to specify its capability.

Who needs access to this data? You? Other trusted parties? Untrusted parties?

Is this a commercial project? or a private exercise that you are doing?

Where is your threat coming from? Your government? A foreign government? Criminals? Hacktivists?

I think there are some things that we can be sure of anyway.

For example, no kind of “cracking”, quantum or otherwise, can decrypt a message without knowledge of the encryption key, provided that a big enough key is used.

I think this can be understood in the following way. Let’s say the two of us are about to exchange some messages, knowing that others can snoop on our messages in transit. Before starting our communication we meet physically and exchange encryption keys. We have 1000 different keys, and each key is long enough to cover a whole message. The encryption scheme could be simply that the key tells us how each byte in the message should be scrambled (e.g. an XOR cipher), but each byte in the key is only used to decipher one byte of the message, no part of the key is ever reused. Apparently this is called a One-time pad.

If we met physically and exchanged 1000 such keys, we can later send 1000 encrypted messages without ever reusing any of the keys. We could prefix each message with a clear-text number telling the receiver which key to use.

If we did it like that, it would not be possible to “crack” our encryption no matter how cool and powerful quantum computers the snooping people have access to.

The point is that cracking encryption using computing power (quantum or not) is about exploiting the weakness that comes from reusing the same key many times to encrypt a lot of data. If encryption keys are never reused, computing power does not help.

Anyway this is what I think as an amateur cryptographer, please correct me if I’m wrong! :slight_smile:

1 Like

Sorry, but how can you be so sure ?
If someone was using quantum computing to breach actual security, I’m not sure it would be claimed publicly

The Shor’s algorithm is specific to find out the prime factors, which is the base of the asymetric security (used in TLS handshake, RSA keys, …)

The algorithm is very public, what is not is the disponibility of quantum computer for anyone but the big compagnies using this kind of computer

I thought he meant that there are no publically known quantum computers which are (now) capable of practically cracking asymmetric encryption. The wiki page of Shor’s algorithm you linked also mentions that.


Before anyone skims the post and thinks they can keep using RSA, I’ll make this a bit more specific:

“provided that the key is as long as the message and never used again”.

1 Like

how would you even manage 1000 different keys ? are we talking exchanging these keys as one-round sniper bullet ? basically after you ‘fire’ one round you must manually insert one on the ‘chamber’ ? or can that be automated like an AR ?

As a likewise amateur cryptographer (in order words, take with more than a pinch of salt), I disagree with

As a thought experiment to test the above quoted claim, imagine that I (as receiver) generate 1000 RSA key pairs and I meet in person with the sender (Alice) to hand over the 1000 public keys.

Each time Alice wants to send me a message, she picks any available public key, sends the public key, encrypts the message with the public key, sends the result. She then discards the public key (so that she can never reuse it).

So this (slightly artificial example) meets the condition of never reusing a key but if a quantum computer can break RSA (dependent on the difficulty of factoring a large number that is the product of two large prime numbers) then clearly the above scheme is broken.

It is not reuse that is the problem. It is just that the algorithm is (hypothetically) quantum broken.

The message itself may even be shorter than the length of the public key. (Alternatively, you can break the message up into submessages and ensure that each submessage is not longer than the key and use as many keys, one per submessage, as needed.)

I don’t know about RSA, probably I should learn more about that but for the moment let me just say that I still believe what I wrote above to be correct as long as we stick to the “XOR Cipher” case.

The XOR Cipher is actually very simple and easy to understand. There are no prime numbers involved in any way. Probably easiest to think about it at the bit level: each bit in the key tells us whether or not the corresponding bit in the message should be flipped when encrypting/decrypting the message. That’s it.

This means it is theoretically impossible to crack such encryption if the key is never reused.

We could also use a Caesar cipher – that is also theoretically impossible to crack as long as we use a new key for each single character we encrypt. :slight_smile:

To illustrate the point, I have a single-character message here that I will now encrypt. I have used a Caesar cipher, the key is a number that I know but you don’t know (the number of places to move down the alphabet). Here is the encrypted message:


Now I challenge you to decrypt the message. Use all the quantum computers you want!


I think you are right in the above quoted statement for that case. Since all possible keys can be tried (by the quantum computer) but all possible keys will also yield all possible outputs (including mostly meaningless outputs but also all meaningful outputs and including the actual plaintext).

The quantum computer will have no way of deciding which is the actual plaintext.

However even small changes to the algorithm could alter the balance. For example, many crypto protocols like to include integrity protection and/or replay protection - and those issues would need to be thought about. (I think replay protection is somewhat covered.)

Hence: with no integrity protection at all, an attacker can alter your data (AND do so in a predictable way e.g. flip a bit, one of the weaknesses of such a simple encryption algorithm). As soon as you put in integrity protection, that may weaken your resistance to QC attack, although it will depend on whether the integrity protection is inside the encryption or some kind of supplementary data outside the encryption (like a HMAC on the encrypted stream but that requires work of its own).

1 Like