China issues new encryption import control

[pointless speculation deleted]<p>Added: A bit of searching revealed that this policy has been oversimplified to the point of nonsense in the linked article. A relevant article:<p>* <a href="https:&#x2F;&#x2F;www.hldataprotection.com&#x2F;files&#x2F;2019&#x2F;11&#x2F;The-Grand-Finale-of-Chinas-Encryption-Law-November-2019.pdf" rel="nofollow">https:&#x2F;&#x2F;www.hldataprotection.com&#x2F;files&#x2F;2019&#x2F;11&#x2F;The-Grand-Fin...</a><p>This seems to be more about checking to see if imported stuff that might affect national security has any backdoors.

The title on HN is a bit misleading. You should use the original title of the article. According to the article, what requires an import permit is the &quot;foreign &#x27;data encryption technology employing a key length greater than 256 bits&#x27;&quot;. In reality, the encryption standards (SM1, SM2, SM3, SM4, etc) in China allows strong encryption. I don&#x27;t see any clues stating that China forbids encryption technology with a key greater than 256 bits.

Thought experiment: if I use 512-bit encryption from cleartext to intermediate blob, and then encrypt that with 256-bit encryption, is there a way to determine, by looking only at the final ciphertext, that 512-bit encryption keys were used in the intermediate step?

There must be something I&#x27;m missing here. As far as I know, the state of the art is to use 256 bits for encryption keys, both for symmetric (AES-256, Chacha20) and asymmetric (Curve25519, the 256-bit NIST curves), and they are considered both fast and safe. Are they trying to ban some kind of post-quantum cryptography which uses larger keys?

To be clear, the article states that such tech is not forbidden, but that is requires an import permit. Certainly the process of getting a permit opens things up to political interference, but nothing in the article talks about anything that &quot;forbids&quot; the imports, so this headline is not accurate, and does not match the article.

Some say China is recording encrypted traffic today, to decrypt it in the future when quantum computers will be a thing.<p><a href="https:&#x2F;&#x2F;www.bankinfosecurity.com&#x2F;report-china-to-target-encrypted-data-as-quantum-tech-advances-a-17979" rel="nofollow">https:&#x2F;&#x2F;www.bankinfosecurity.com&#x2F;report-china-to-target-encr...</a>

I take this is a form of propaganda. To make opposing nations consider the possibility that they have technology to break &quot;data encryption using a key greater than 256 bits&quot;.

So basically the same old story like US with PGP in the mid-1990&#x27;s.

Does this mean that they already are able to crack 256 bit encryption?

Does it mean that latest chrome&#x2F;firefox will not be available there?<p>ssh also would need permission?

So, send some random noise to somebody you don&#x27;t like and claim that it&#x27;s encrypted with some foreign algorithm?

so US is controlling exporting encryptions, and China is controlling importing encryptions. Apparently two governments can work together &#x2F;

Is there a reason not to jack up the bit count significantly just in case?<p>Or put differently would 10x even have a noticeable performance &#x2F; UI wise hit?

Anyone got the original link in Chinese?

The title is misleading, but it gave me a good time. Imagine all companies are sending sensitive documents encrypted with 256-bit keys. Oh, shit, that&#x27;s a true gold mine. Park near a corporate HQ, scoop up some WiFi traffic, decrypt, and profit.

Great CCP always saving us! They&#x27;re trying to prevent our CPUs to be overwhelmed. Glory to chairman Xi

How could this be possibly enforced with regard to software?

Just encrypt every letter in a message with 256 bits, ad infinitum.