"Harvest Now, Decrypt Later" Requires Protective Measures before Q-Day

Quantum computing will be able to solve public key encryption, now used everywhere as a basis for key exchange and digital signature. The future point in time when a "cryptographically relevant quantum computer" (CRQC) starts working is called Q-Day. Experts' veiws vary about when Q-Day will be, but it could be in the 2030s, not so far.

Moreover, threats are already in motion. It's called: Harvest Now, Decrypt Later (HNDL).

Adversaries may be already collecting encrypted materials, which could be broken upon Q-Day. Suppose Q-Day is ten years from now. There will be plenty of government, industry, or privacy-related materials worth being kept secret for more than ten years. HNDL means all these are now in jeopardy.

Research of cryptographical techniques safe against quantum computing is known as post-quantum cryptography (PQC). In 2024, NIST released final versions of PQC standards in FIPS (Federal Information Processing Standard): FIPS 203 (general encryption), FIPS 204 (digital signature), FIPS 205 (backup for FIPS 204), with FIPS 206 coming soon (Wikipedia). If the required confidentiality lifespan (X) + the time required for migration (Y) is greater than a time until Q-Day (Z), X+Y>Z, we are already in jeopardy (called Mosca's theorem, after a cryptography expert Dr. Michele Mosca.) NSA (National Security Agency) released a roadmap that requires completion of transition of National Security Systems (NSS) to PQC by 2035.

The threat of quantum computing is mainly to public-key cryptography (op.cit.). One asseses algorithms such as AES or SHA-2 can be continued in use with longer keys (paloalto).

Power of quantum computing stems from exploiting quantum mechanical properties whereby one qubit (a unit of information corresponding to a classical bit) may represent a superposition of both states 0 and 1. It allows parallel processing. Solving a problem in a quantum computer requires formulating the problem to be handled with such qubits. Integer factorization is one task which can be efficiently solved by using superposition states (Shor's algorithm). Thus, the RSA encryption, the basis of public key encryption, will be broken. Elliptic curve encryption is vulnerable as well.

Such a quantum computing algorithm is not known for, for example, AES, the standard symmetric-key encryption algorithm, though according to SecurityWeek, Grover's algorithm can reduce AES 256 to AES 128, halving the length of the key.

Vigenere's Description of Scytale Not as a Transposition Cipher

Some years ago, I pointed out that the scytale was not described as a transposition cipher as understood today before the nineteenth century in "Scytale Not As a Transposition Cipher".

Now I find Vigenere's description also seems to be something different from a transposition cipher.

Blaise de Vigenere, Traicte des chiffres (1586), describes the scytale (f.11). His source is Aulus Gellius' Noctes Atticae.

la Scytale des Lacedemoniens, inuention d'Archimede Syracusain, nous monstre assez en Aulugelle liu. 17. chap. 9. l'antiquité de ces occultes & desrobbees fortes d'escrire. C'estoit vn baston rond ou carré, d'enuiron trois doigts en diametre,long de pied & demy, autour duquel on reploioit comme vne longue liste ou bande de papier ou de parchemin, de la largeur de quelques deux poulces, en sorte que les entortillemens eniamboient fort dru & menu l'vn sur l'autre, à la distance seulement d'vn bon dos de cousteau, ou peu plus. Et apres l'auoir ferm' arrestee és deux bouts auec de la cire, & marqué le commencement, on escriuoit le long des faces sur les replis, tant que le subiect se pouuoit estendre, & qu'il y en pouuoit tenir : lesquels estans desueloppez, tous les mots, voire la plus grand-part des lettres se trouuoient couppees par le milieu, à bien grand' distance encore les vnes des autres ; sans qu'il fust possible de les rassembler, qu'on n'eust vn semblable baston adiuxté au mesme calibre, pour les y entortiller comme au precedant, & remettre le tout en son ordre & assiette deüe.

"on escriuoit le long des faces sur les replis" (one wrote along the faces upon the folds) appears to mean writing along the length of the baton, crossing successive edges of the strip. As a result, words are broken, with many letters cut in the middle. Given also that the width of the strip is as large as about two pouces (5.4 cm), this would not have been intended as a transposition cipher. It appears to be close to a scheme illustrated by Hulme [1898]:

 

Prince of Condé's Simple Substitution Cipher (1792-1800)

The Prince of Condé, the leader of a counter-revolutionary army of émigrés, used a simple substitution cipher with the Count of Provence (future Louis XVIII), Duke of Bourbon (his son), and Duke of Enghien (his grandson). I now uploaded a new short article about this: "Prince of Condé's Simple Substitution Cipher during the French Revolutionary Wars".