You don’t need any QC attacks if you can far easier find exploits in the same top10 vulns that were used 20 years ago… Industry should first address that very real and serious risk that is present _right now_ before thinking about QC.

It's a fallacy that multiple companies and governments need to be working on one thing at a time. We absolutely should be patching current vulnerabilities and implementing quantum-safe cryptography. There's no conflict between these goals.

The reality is that resources are constrained and there is definitely conflict between different goals - if you invest in one thing you can’t invest as much in another. For me it looks like the investment in QC is way bigger than its real life impact - which is 0. Sure it can be a niche field for some more esoteric research - but it shouldn’t be the no1 topic for security researchers. But I get that QC brings in the grant money so naturally research gravitates toward it.

The reality is that resources needed to pursue research are measured in hundreds of thousands and national security budgets are measured in billions in many countries, so your "constrained" claim is pretty much nonsense. That's not even talking about US national security budgets, which are another order of magnitude larger. The US intelligence budget in 2022 was $65.7 billion[1], and there's ample political will to fund whatever intelligence agencies such as the NSA request.

A generous CS PhD salary vs NSA 2013 estimated budget:

           300,000
    10,800,000,000

We can argue over exact allocation amounts but if you're really claiming the NSA can't spare even one researcher salary to research QC security I'm calling bullshit.

[1] https://en.wikipedia.org/wiki/United_States_intelligence_bud...

The problem is more that people concentrate a lot of energy on hypothetical future quantum attacks when the actual threats have been the same since the 00s: unvalidated input, buffer overflow, bad auth, xss, injection etc.

All the big important systems are again and again vulnerable to these attacks (Cisco, M$, fortinet, etc.) - but of course those aren’t “sexy” problems to research and resolve, so we get the same stuff over and over again while everyone is gushing to protect against some science fiction crypto attacks that are and have been for the last 30 years complete fantasy. It’s all a bit tiring to be honest.

It's a mistake to conflate cryptography, with application logic errors.

Your argument is akin to,

> The problem is that a lot of physicians concentrate on diabetes, or hypertension, when there's people who have been stabed, or shot. Constantly hearing about how heart disease is a big problem is tiring to be honest.

Also, I'm not sure what circles you run in, but if you had to ask any of my security friends if they wanted to spend time on a buffer overflow, or xss injection, or upgrading crypto primitives for quantum resistance... not a single one would pick quantum resistance.

> The problem is more that people concentrate a lot of energy on hypothetical future quantum attacks when the actual threats have been the same since the 00s

Just so I can be sure... you meant having the qbits to deploy such an attack, right? Because really the only thing stopping some of the quantum computing based attacks is number of stable qbits. They're not hypothetical attacks, they've been shown to work.

> any of my security friends if they wanted to spend time on … quantum

I commend your friends but many people in these HN threads seem to be ready to implement post-quantum encryption right now to protect against some future threats.

> you meant having the qbits to deploy such an attack, right

Yes - last time I checked it was like 3 stable qbits. It’s just so far off from being a reality i really can’t take that research seriously. I feel like a lot of resources are wasted in this kind of research when we are still dealing with very basic problems that aren’t just as sexy to tackle.

Edit: heart disease is a real thing so your analogy is lacking - there have been 0 security risks because of quantum in the real world. It’s more like “physicians concentrating on possible alien diseases from when we colonise the universe in the future while ignoring heart disease”

I think one reason people want to take it seriously is that to the non-expert it just looks like a scale engineering problem, and people have proven to be shockingly good at scale engineering over the past century.

Basically zero.

Great talk by Peter Gutman why this whole quantum topic is bollocks: https://www.cs.auckland.ac.nz/~pgut001/pubs/bollocks.pdf

hn thread about this (with some interesting comments): https://news.ycombinator.com/item?id=43046631

Going back on shutting down nuclear would cost more money and energy than building out sustainable energy - just see how well UKs or Frances most recent nuclear experiments went - tens of billions over budget and nothing to show for it after a decade

More competition is good though - people are just going to be much more picky and if your content is not distinguishable from AI slop then it deservedly will perish.

This ignores the volume problem. Human written content can be copied and rewritten via AI in a bunch of different ways, instantly. Human content will go away not because it's bad, but because it's immediately drowned out in a way that is unfixable.

I just think people will instead choose to just…disengage instead.

“IRL experiences are the new luxury status indicator” is only the tip of this iceberg.

There will be people paying for premium content and people writing it. A new technology doesn't suddenly remove human demand.

A lot of content has been written by Indian content farms anyway. I prefer the AI written content. It gets right to the information you want without restating it's purpose 4 or 5 times and having to scroll down the first 500 words of the article.