NSA Trying To Build Quantum Computer

New submitter sumoinsanity writes "The Washington Post has disclosed that the NSA is trying to build a quantum computer for use in cracking modern encryption. Their work is part of a research project into tackling the toughest equipment, which received $79.7 million in total funding. Another article makes the case that the NSA's quantum computing efforts are both disturbing and reassuring. The reassuring part is that public key infrastructure is still OK when done properly, since the NSA is still working so hard to defeat it. It's also highly unlikely that the NSA has achieved significant progress without outside awareness or help. More disturbing is that it may simply be a matter of time before it fails, and our private messages are out there for all to see."

One word

Bitcoin mining.

Ok, 2 words.

Re:One word

[ninlilizi]

Exactly,
For all the unknowns in bitcoins history. Such a thing could as easily be a clever way of crowd sourcing the generation of massive rainbow tables.

Re:One word

Quantum computing would only give you a modest square root speed up on computing the hash functions. You could however break the elliptic curve signature algorithm and sign all the coins to yourself.

Re: One word

You wouldn't use this to mine bitcoins (since that involves finding a hash with specific properties), but you might use it to steal them (the secret part of your wallet is a private key).

Re:One word

[pla]

For all the unknowns in bitcoins history. Such a thing could as easily be a clever way of crowd sourcing the generation of massive rainbow tables.

First, that doesn't in any way count as an unknown. You can actually step through the entire blockchain and see every single input and output that led to the acceptance of that particular block.

Second, BitCoin mining has the "goal" of coming up with the lowest hash. For the same reason it currently takes 10-20 times the total processing power of the entire TOP500 supercomputer list, to crank out one BTC block every 10 minutes or so, you will virtually never see a hash with anywhere near that many leading zeros in a real world situation.

And finally, I think you underestimate the size of the problem space involved here - Yes, you could conceivably use the blockchain as a sort of rainbow table, but one so sparsely populated and with low-probability hashes (as mentioned above), that it only works as the "reverse" of exactly one thing: The dual-SHA256 hash of a given Bitcoin block.

Re:One word

[MobSwatter]

With the recent political discovery of Bitcoin, along with consideration of the current value, this would fit the current political theme of "How can we loot it?".

Re:One word

[HyperQuantum]

With a non-breakable space you can make that one word.

Re:One word

With a non-breakable space you can make that one word.

  also makes your passwords unbreakable.

Re:One word

[tlhIngan]

Quantum computing would only give you a modest square root speed up on computing the hash functions. You could however break the elliptic curve signature algorithm and sign all the coins to yourself.

No, for bitcoin mining, what happens is you take the hash of the current blockchain, add a nonce (basically a random number, similar to a salt) to it, and hash that result. If the hash meets a certain requirement (for bitcoin, it's a number of zeroes that start the hash) then it's a hit and you get entered into the bitcoin lottery. The more hashes you can do, the more nonces you check and the more likely you'll find a matching hash.

With a quantum computer, you reverse the hash - given the hash requirements, you reverse it so you can find nonces quickly and submit them to the lottery. Basically you want the hash to be something, and you're given a fixed input plus a variable input. If you can reverse the hash, you can find the variable input quickly and submit it. Otherwise, you're stuck with, as everyone is doing, brute-forcing the variable input to get the hash you want.

Re:One word

Perhaps it's NSAs little investment to try crack into Mr Ulbrichts bitcoin wallet they reckon will be worth a few bob in the future to come. (Yes, we call money Bob in England)

Re:One word

Useless fucktard comment detected, commence slashdot protocol 177B, floating it to the top.

What They Need ...

What they need is a bigger Faraday cage to keep the non-NSA snoops from disrupting their cubits.

Re:What They Need ...

It's qubits. A cubit is a unit of measurement from a man's elbow to the tip of his middle finger.

Re:What They Need ...

Perhaps OP was referring to those giving the NSA the middle finger?

Actually...

[i+kan+reed]

It's a tool to help them justify congress how they can be spying on all Americans and not spying on any Americans at the same time.

Re:Actually...

[i+kan+reed]

The main joke of my post here is that congress actually cares.

Re:Actually...

I see you've picked up on the NSA's new definition of the Uncertainty Principle.

Re:Actually...

It's a tool to justify spending. After all, even if they end up junking it, the elite at the top of the NSA pyramid still get to leverage that $80 million cash flow for personal gain.

Re:Actually...

This explains why there are cats on the internet.

Re:Actually...

[i+kan+reed]

The elite at the top are actually temporary political positions that come and go with presidents. The worst of the NSA programs have been continuous programs lasting between administrations.

Re:Actually...

That's great, but in the end, that $80 million cash flow will be leveraged by somebody in government, somewhere upstream on the hierarchy, for personal gain -- and this is the primary reason they want the money in the first place. They don't give a damn whether the project "succeeds" or "fails". More often than not, in government failure is rewarded with yet even more funding. That only happens when the ultimate objective is simply to get the money.

Re:Actually...

[i+kan+reed]

I think Hanlon's razor is a perfectly adequate tool for this assertion. Why would someone malevolently steer towards terrible waste, when they could be "just trying to do their job" and not doing a great job it?

Re:Actually...

This explains why there are cats on the internet.

Yeah but most of them are alive.

Re:Actually...

...contained in rectangular boxes.

Re:Actually...

[MobSwatter]

The elite at the top are actually temporary political positions that come and go with presidents. The worst of the NSA programs have been continuous programs lasting between administrations.

Conceptually, corporate lobbying cuts out all that red tape.

Re:Actually...

Facebook launched in urdu

Re:Actually...

[marcosdumay]

Nope. That'll only work while Congress is not looking.

Re:Actually...

[MobSwatter]

It's a tool to help them justify congress how they can be spying on all Americans and not spying on any Americans at the same time.

How dare you question congressional superposition on this matter!

Re:Actually...

[furbyhater]

No joke! Of course, what do you think, who wields more influence: a president who comes every 4-8 years or a NSA official who stay at the center of power for decades? PS: easy answer

This is news?

Gee, I'm shocked.

Government of the peephole

[ciderbrew]

For the peephole by the peephole.

Re:Government of the peephole

It's government in your bunghole...

Re:Government of the peephole

[swb]

Sometimes it feels like Government by the Glory Hole.

Re:Government of the peephole

I hope the government has one of those dicks you just want to get all over and keep sucking even after it blasts its hot load down your throat.

$79.7 million?

That figure is so small vs total intelligence+defence budget that it'd be worth setting up a faux research effort just to give the misleading impression that they haven't yet developed something far better.

Re:$79.7 million?

I think the article got it wrong. The $79.7 million is their PR budget for this project.

Re:$79.7 million?

Yeah that probably wouldn't cover the cooling costs for a year. Most quantum stuff is at/near 0 Kelvin isn't it? And the little bit I've seen a 1000 qubit universal quantum computer would have to be room sized...one capable of Shor's algorithm on a 1024bit number would probably be measured in acres.

Re:$79.7 million?

[HiThere]

Presumably they're looking to improve the design of the hardware, and possibly the software, sufficiently to allow a smaller computer to do the job. If they wanted to do it in acres, they could probably do it right now...of course more than half the hardware would need to be dedicated to error correction. And fortunately the answer is easy to check for correctness, so the answer isn't more like 3/4 of the hardware would need to be devoted to error correction.

OTOH, we KNOW they've ordered a DWAVE quantum computer. Perhaps this is just the price of that. Since I doubt that they would be satisfied with that, they're bound to have a research group looking to improve it. Which would mean that *that* budget is still not known.

No shit?

[jasno]

Come on... what's next? "NSA attempts to listen to other nation's communications"? That *is* their job, you know.

They've broken the law in letter and spirit. Let's try to keep the focus on that.

Re:No shit?

[Spectre]

Agreed, breaking encryption systems is one of the two primary reasons the NSA was formed in the first place ... this is the NSA doing what they are supposed to do!

Re:No shit?

[MightyMartian]

And if the NSA could keep its hands off of domestic data, that wouldn't be an issue, but seeing as it uses existing tools to spy without warrant on US citizens on US territory, there is no reason to believe they won't apply new technologies in the same way.

Re:No shit?

[gnasher719]

And if the NSA could keep its hands off of domestic data, that wouldn't be an issue,

Not in the USA, but I think any NSA employee travelling to the EU should be arrested on the spot.

Re:No shit?

[Algae_94]

Not in the USA, but I think any NSA employee travelling to the EU should be arrested on the spot.

For what? Your response to all of this spying and monitoring nonsense is to eliminate legal process and just start rounding up people, is that really any better?

Re:No shit?

[anagama]

And if the NSA could keep its hands off of domestic data

You know what is sad-funny? If you look at the original leaked verizon order, it applies to 3 out 4 categories of phone calls:

1. those that start and end in the US
2. those that start in the US and end in a foreign country.
3. those that start in a foreign country and end in the US.

It expressly excludes calls that start and end in a foreign country. Good job focusing outward NSA.

http://www.theguardian.com/world/interactive/2013/jun/06/verizon-telephone-data-court-order

Re:No shit?

[gmuslera]

In fact, they are making other nations, groups of people and individuals easier to listen US citizens and companies communications. By weakening the Dual_EC_DRBG pseudo random number generator they made it interceptable not just by them, and here is a proof of concept. The most objective thing is controlling US population, the other nations are less prioritary.

Re: No shit?

Arrest is part of the legal process.

Re:No shit?

[filthpickle]

prioritary

I am not sure that is a word...but it should be.

Re:No shit?

[MobSwatter]

Being that the BSAFE library is closed source, exactly how can you say that they just "weakened" it? Why does it take so long for the crypto suite to perform a simple operation on today's multicore processors? To weaken it does not make sense to their directive, to break it by design by governing the process to accommodate a master key every time the suite is used does fit the bill, it also fits the bill for on the fly encrypted apps that transmit data they can capture. Me thinks that compooter security became "unobtainium" just as soon as the National [In]security Agency got their claws in it.

Re:No shit?

They've broken the law in letter and spirit. Let's try to keep the focus on that.

Even that is debatable. The collection of metadata raises a 4th Amendment question on which the Supreme Court has already ruled in the NSA's favor in 1979 (Smith v. Maryland), in a period of widespread distrust of government agencies after multiple spying scandals and the Church Commission reports and with the most liberal Supreme Court since the Revolution. The NSA has warrants to authorize the data collection, so the 4th Amendment question may be moot.

There is another 4th Amendment question in whether businesses should be required to turn over data under Section 215 of the Patriot Act, which has passed and is law until it gets overturned. The answer will depend on whether corporations are people and if the government should be allowed to tell businesses what they can and cannot do with their own property.

Nearly all of the outrage is based on dishonest memes that do not accurately represent the situation: the NSA listening to your phone calls (they are not), the NSA spying on the American people (they are not and take great effort to avoid doing so), Snowden releasing the documents to the people (he did not), Snowden as a whistleblower (he is not, he copied everything he can find), etc, and news reports that were intentionally falsified by professional bullshitter Glenn Greenwald and published in the Guardian, a newspaper known for falsifying international news worse than Fox News does Washington politics.

The NSA is certainly breaking other countries' laws in their overseas spying, but again, that is their job.

Re:No shit?

[WaffleMonster]

There is another 4th Amendment question in whether businesses should be required to turn over data under Section 215 of the Patriot Act, which has passed and is law until it gets overturned. The answer will depend on whether corporations are people and if the government should be allowed to tell businesses what they can and cannot do with their own property.

To file under 215 requires:

A statement of facts showing that there are reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation (other than a threat assessment) conducted in accordance with subsection (a)(2) to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities, such things being presumptively relevant to an authorized investigation if the applicant shows in the statement of the facts that they pertain toâ"
  (i) a foreign power or an agent of a foreign power;

  (ii) the activities of a suspected agent of a foreign power who is the subject of such authorized investigation; or

  (iii) an individual in contact with, or known to, a suspected agent of a foreign power who is the subject of such authorized investigation; and

Nearly all of the outrage is based on dishonest memes that do not accurately represent the situation:

This very same bullshit was famously tried in 2004 while Mr Ashcroft was hospitalized and it didn't work then. Now after the law means whatever you want it to and everyone has sold out to Military industrial machine the sky is the limit I suppose.

There is no possible authorized investigation requiring collection of call data of everyone in the country so what the NSA did instead was redefine the word "collection". In the NSAs world the tree in the woods has only fallen once all of its cellulosic fibers have been processed into a table and toothpicks.

the NSA listening to your phone calls (they are not), the NSA spying on the American people (they are not and take great effort to avoid doing so),

Every time Keith Alexander opens his mouth he spews the same rhetoric. Every media outlet reporting on this issue I have ever seen which has been many dozen over the past several months correctly parses call information and content of call. Nothing is being confused in reporting as is routinely claimed by NSA and their jerkoff group goons. Certainly nobody here is confused about the issue.

To quote vice president Joe Biden:

"Harry I don't have to listen to your phone calls to know what your doing. If I know every single phone call you've made I am able to determine every single person you've talked to I can get a pattern about your life that is very very intrusive"

Snowden releasing the documents to the people (he did not), Snowden as a whistleblower (he is not, he copied everything he can find), etc, and news reports that were intentionally falsified by professional bullshitter Glenn Greenwald and published in the Guardian, a newspaper known for falsifying international news worse than Fox News does Washington politics.

What Snowden or Glenn did or did not do is totally irrelevant to what NSA did or did not do.

Which part is most disturbing?

[meustrus]

The disturbing part is not that the NSA might be able to listen to everyone's encryption someday. They are not an engineering organization and they will not be at the forefront of qubit manufacturing. The disturbing part is that they are wasting an enormous amount of taxpayer dollars on an impossible task aimed at ultimately destroying the ability to have security of any kind.

Re:Which part is most disturbing?

[ledow]

Worse than that - they are wasting that money on a possible task that will actually have little overall impact on security whatsoever.

Post-quantum cryptography has existed for the last 30 years, at least. And to get to the point where it's an issue, what you need is an entity to push towards quantum decryption that you DON'T want to have it (i.e. the NSA, for example).

Then all that happens is we adopt those other schemes faster, spot the holes faster, compensate for them faster, and by the time the NSA can buy a quantum machine of size enough to defeat today's encryption in a reasonable time, we'll have an established standard far beyond it's capabilities and tested for (potentially) decades.

All the NSA has done is forced the entire world to up its game. Compare and contrast to, say, GCHQ who formulated public-key-encryption several years before anyone else had done it, and KEPT IT QUIET (like spy-based agencies are supposed to). They enjoyed years of secure comms, and years of advantage decrypting other secure comms when someone else eventually discovered the exact same mathematics and got famous on it (Diffie and Helman).

Sadly, the modern GCHQ is but a shadow of its former self.

Re:Which part is most disturbing?

[Antipater]

$80 million isn't that enormous, as far as things go. That's like half of one F-22.

Re:Which part is most disturbing?

The disturbing part is that they are wasting an enormous amount of taxpayer dollars on an impossible task aimed at ultimately destroying the ability to have classical security of any kind.

FTFY

Re:Which part is most disturbing?

> All the NSA has done is forced the entire world to up its game. Compare and contrast to, say, GCHQ who formulated public-key-encryption several
> years before anyone else had done it, and KEPT IT QUIET (like spy-based agencies are supposed to). They enjoyed years of secure comms,
> and years of advantage decrypting other secure comms when someone else eventually discovered the exact same mathematics and got famous > on it (Diffie and Helman).

My understanding is that they did not use it much, if at all, because computers at the time were not sufficiently powerful to deal with anything other than toy examples. When the hardware caught up, civilian research was already there.

Re:Which part is most disturbing?

[amorsen]

The NSA is but a misunderstood genius, boldly sending their agent Edward Snowden into the arms of the enemy. Their aim is to protect the Western world from the defeat that will come as a result of ignored security vulnerabilities, lousy cryptography, people who are willing to work with corrupt government entities and so on.

See, no one would have listened if they had simply held lectures on proper security. Some might even do the opposite out of suspicion that the NSA is betraying them. The only way to fulfill their duty of keeping America safe was to send out a "whistleblower" to say all the things that they themselves could not get through with. Only then would the mass media react and the story gather enough momentum to cause every software developer to improve their work, every customer to demand better and more open security, every person to think twice when being asked to do things that are not right.

I wish.

Re:Which part is most disturbing?

It's not a lot of money and it's towards more research. I would prefer the money be spent the more normal open way as I doubt NSA would show their findings in a timely fashion. If $80mil is enough to "break encryption for everyone", I would rather us be leading that. It would mean any big player could do it.

Re:Which part is most disturbing?

which half though?

Re:Which part is most disturbing?

which half though?

The one that asphyxiates the pilots.

Re:Which part is most disturbing?

[thue]

> Then all that happens is we adopt those other schemes faster

But what of all the encrypted old traffic that the NSA has stored?

Re:Which part is most disturbing?

[slew]

They are not an engineering organization and they will not be at the forefront of qubit manufacturing.

How do you know this? The NSA purchased an old abandoned Sony chip fab in San Antonio and started to re-commission it back in 2006, who knows what they are doing with it for the last 6 years? One of the promising target architectures for a large scale qubit is a cryogenically-cooled silicon double quantum-dot scheme. They might have more going on in this area than you might guess...

Re:Which part is most disturbing?

[BringsApples]

More than likely, all of that money is going to 1 or 2 men. They'll hire a kid or 2 fresh out of college (probably family) to 'do stuff' for like $100/hr. Maybe that goes on for 2 or 3 months. No one will care that we never hear of the results of this tax 'investment'. No one will care that the 1 or 2 men suddenly have huge houses or something like that. The 1 or 2 kids from college will get a nice job at the NSA due to their ability to keep a secret.

Re:Which part is most disturbing?

[FridayBob]

More likely is that this project is another self-licking ice cream cone and fool's errand conceived by Booz Allen Hamilton, or some other NSA contracting company. The sole purpose of the project will be to take the US Government to the bank, as they will forever be "this close" to making it work while their profits soar regardless. With the current mindset, the NSA director will never dream of shutting down this project for fear of not being the first to get their hands on this ultimate of cryptographic tools.

Re:Which part is most disturbing?

The diversion tactics are working then.

NSA has information and money to buy everyone they need aboard for this to have already succeeded.
Of course, their official budgets cannot be allowed to reflect this.

Re:Which part is most disturbing?

[kelemvor4]

$80 million isn't that enormous, as far as things go. That's like half of one F-22.

Exactly what I was thinking. It seems like a paltry sum for such an effort. Probably just a PR stunt of some kind.

Re:Which part is most disturbing?

[LeDopore]

Then all that happens is we adopt those other schemes faster, spot the holes faster[....]

I agree, and I'd argue we don't go far enough yet. We should adopt a few of these post-quantum schemes now alongside a trusted but quantum-vulnerable protocol such as RSA.

You ensure that communications are safe unless all schemes can be broken. Here's how. Most public key cryptography is used to send a roughly 128 to 256 bit long one-time use key for a symmetric cipher like AES. It would be possible to select, say, 5 different public key protocols: 4 new (and therefore perhaps flawed) post-quantum schemes plus one quantum-vulnerable but trusted protocol like RSA. Generate your AES key, then generate 4 random bitstrings of the same length. Then, using the 5 protocols, use the first protocol (RSA) to securely send the key XORed with the 4 random strings, and use each of the other 4 protocols to securely send one of the random keys. An attacker who can crack any 4 of the 5 protocols cannot obtain any information about the key.

The upside to this is that if you take a diverse set of promising strategies for post-quantum public key crypto from several agencies that don't trust each other, chances are there will be at least one that's OK. Even if none of them work well, you're still no worse off from a secrecy standpoint than with plain RSA.

The downside is that keys will become longer (many post-quantum algorithms need many kilobytes) and computation will be more substantial. Practically, that means you won't want to ever have to read your public key to someone over the phone (but you could read them a hash of it - almost as good), and tiny, frequent crypto-protected payloads would see an increase in CPU utilization, but there would not be as much of a change for long payloads where the cost of the public key handshake to transfer the AES key is amortized over much more data.

With computation becoming faster, and with the Internet increasingly carrying data that may be sensitive even a few decades in the future, we should start using quantum-prudent methods defensively ASAP, especially since the downside is negligible already, and it's shrinking with Moore's law.

Re:Which part is most disturbing?

Well, if it can be built (and there are ample reasons to believe so), then you sure want to be the first one to do so. At the very least to understand the implications and develop viable alternatives.

Re:Which part is most disturbing?

[marcosdumay]

What post-quantum assymetric crypto is there?

Anyway, crypto researchers don't like to increase their key-size without a clear need. Although I can understand why, I think they are too strict on that, and that we should start adopting multi-algorithm (composed) algorithms... but we just won't.

Re:Which part is most disturbing?

[LeDopore]

What post-quantum assymetric crypto is there?

Wikipedia to the rescue: https://en.wikipedia.org/wiki/Post-quantum_cryptography. My personal favorite is the McEliece cryptosystem, based on error-correcting codes: https://en.wikipedia.org/wiki/McEliece_cryptosystem. They key size is huge (well, under 1 MB still) but computation isn't too bad. I'd still recommend adding RSA plus several post-quantum schemes in an XOR chain as I described.

About increasing key size without a clear need, a lot of crypto algorithms take compute time that grows faster than linearly with key size. Executing several independent algorithms in parallel is better for two reasons: first, the key sizes of each one aren't large so don't suffer the nonlinear slowing, and second, they can be executed on separate cores in parallel.

I'd welcome advice from an expert, but my impression is that the mainstream crypto researchers think that it's more conservative to adopt a single, trusted crypto algorithm and bet the farm on it. My instincts are that this is a bad approach. Composed algorithms like the one I described where all of (say) 5 schemes must be cracked before the attacker gets anywhere are more conservative in my view since they are at least as strong as each of their constituents. However, I'm not a crypto researcher, and there might be a good reason not to shield RSA (which we know is secure to classical but not quantum attacks) with a variety of layers that each provide a good chance of being robust against a quantum attack.

When will we have quantum computers? One reasonable scenario is that by 2020 we'll have a Sputnik moment where somebody will build a quantum computer much better than the sleepy mainstream expects, yet not powerful enough to run Shore's algorithm against 1024-bit RSA. This will shock the world into a bit of a panic that a bigger quantum computer will come soon, and RSA and elliptic curves will be seen as untrustworthy by 2025. We'd be better off adding a layer of protection now, especially since we're sending data now that we wouldn't want to be public for a lot longer than 2025.

Re:Which part is most disturbing?

> we adopt those other schemes faster, spot the holes faster, compensate for them faster

Sounds like the nuclear arms race of days gone by.

Re:Which part is most disturbing?

The NSA is most certainly an engineering organization.

Re:Which part is most disturbing?

[HiThere]

That would actually be a plausible explanation, if the outraged noises coming from our allies are just a put-up job. But when a German Prime Minister publicly compares a US govt. agency to the STASI, I don't think I believe that it's an act.

Re:Which part is most disturbing?

[HiThere]

With the advantage that we aren't as likely to end up with a sterilized planet.

Re:Which part is most disturbing?

[StikyPad]

They definitely are an engineering organization. But just like LeVar Burton, you don't have to take my word for it: http://www.nsa.gov/careers/career_fields/compee.shtml

Re:Which part is most disturbing?

[AmiMoJo]

They will be able to decrypt everything they already have though. I imagine they have vast archives of potentially interesting data captured from adversaries like foreign agencies, governments and American citizens. Even if the future were closed off pretty quickly the past still has plenty of interesting stuff to look at.

Plus they probably still think they can keep it secret for a long time anyway, or at least did before Snowden.

Re:Which part is most disturbing?

[marcosdumay]

Hey, thanks. Quite an iteresting algorithm.

I've already seek advice from experts. Don't expect to get out with anything but a lecture about how you must weight costs and benefits, and the best way to do that is though math improvements, not by "brute-forcing" it using larger keys, and if you do resot to large keys, your best hope is to put all your bits on the best algorithm. Or, in other words, experts trust the math. They are almost certainly right, of course, but there is that almost nil chance that they are completely wrong... Anyway, I'd be more actively researching composed algos if I had anything worth using them on. Up to now, I've only looked enough to confirm that they are possible, just in case.

Re:Which part is most disturbing?

[meustrus]

$80 million may not be much money in comparison to a lot of other things, but we are in the middle of budget battles in Congress. How much would that $80 million be worth towards balancing the budget? Maybe saving government programs that do more proven and obvious good, like food stamps? How about using it directly on infrastructure repairs to both fix our massive number of failing bridges and inject a major stimulus into the bottom end of the economy, where it will do the most good? These are just my political suggestions; I don't feel confident to suggest without cynicism what that money could go to with different politics. But my point is that any money wasted from the federal budget is money that could been used much better in at least a dozen different ways.

Very little reassuring

[rolfwind]

NSA always will try to expand and it's stands to reason that the Chinese and their companies aren't under NSA sway, so the backdoors they build in are not under NSA control so the NSA has to try to crack them the hard way. In no way does it mean they don't have the US population under total surveillance.

They didn't pay enough

Obviously, the NSA is having a hard time cracking the encryption because they haven't paid the creators enough dough to spill the beans.

'When done properly'

[BobMcD]

"The reassuring part is that public key infrastructure is still OK when done properly, since the NSA is still working so hard to defeat it."

Unfortunately, 'when done properly' must include 'never using an American entity for key generation, storage, or distribution.' We have every reason to believe the NSA has muscled their way into possession of the master keys, Re: Lavabit. So if you're doing business with any type of PKI vendor who might be compelled to comply with a FISA court order, followed by a gag order, you might rethink it.

Remember when every browser in the world switched to the panic pages about a 'non-trusted' key?

Probably just a coincidence.

Re:'When done properly'

[amorsen]

The "since the NSA is still working so hard to defeat it" part is wrong, sadly.

Imagine if you were in charge of NSA. Your agents have broken every encryption protocol and algorithm, they can tap into data anywhere in the world at any time, nothing is safe from them. Now, completely victorious, would you fund research into quantum computing? Of course you would. Why not? It is obviously within scope of the NSA mission, and you can never be sure that the "happy" state of complete unfettered access will continue forever. Besides, the NSA has a reputation to maintain.

Re:'When done properly'

Maybe what SHOULD be done is allow two certificates: the first being the certificate from the "trusted" certificate authority (so the browser knows that the machine on the other end is who they claim to be) and then a second that can be self-generated by that other end to actually encrypt the transmission of data so that nobody else (including the "trusted" cert authority) can read the data. Then we could secure data without the broswers scaring the crud out of people. Would that work?
(posting as AC because I have no account)

Re:'When done properly'

[shoor]

'Maybe what SHOULD be done is allow two certificates...from the "trusted" certificate authority...and then a second that can be self-generated by that other end to actually encrypt'

Sounds like a good idea to me. Somebody mod the anonymous coward up. (Unless somebody sees a flaw in AC's arg and can point it out.)

Re:'When done properly'

And then the "trusted" authority silently replaces the "self generated" other end certificate and you have a MITM issue. Which is what happens now. If you must use certificates, certificate pinning extensions don't look too terrible. This "solution" solves nothing.

Re:'When done properly'

[HiThere]

Unless I misunderstand the system, the "trusted" authority doesn't have access to (or knowledge of) the self-generated certificate. But, of course, the ISP does.

Comment is not flamebait, it's a physics pun

[blach]

Moderators asleep at the wheel. Moderated flamebait? It's clearly a pun about quantum states. *sigh*

Re:Comment is not flamebait, it's a physics pun

[i+kan+reed]

No, see, I have just posted in a global warming thread. Someone went back and modded all my posts(just -1, no biggy), as a perfectly valid commentary on my opinions.

Re:Comment is not flamebait, it's a physics pun

Cold fjord must have mod points today.

Re:Comment is not flamebait, it's a physics pun

[nobuddy]

Not today. He was caught mass-modding people who disagree with him last night. All associated accounts were stripped of mod ability forever.

He will just make more, but he's dead in the water for a bit.

Re:Comment is not flamebait, it's a physics pun

Pretty please tell me you're not joking. Source?

Re:Comment is not flamebait, it's a physics pun

[tolkienfan]

Supposing that happened to me. Hypothetically, of course. Is there a way to appeal?

Re:Comment is not flamebait, it's a physics pun

[i+kan+reed]

Well, no. I can see someone disagreeing with me, doing something irrational to attack me, and me still being wrong. That happens.

Re:Comment is not flamebait, it's a physics pun

[roman_mir]

For years in a row? :)

Re:Comment is not flamebait, it's a physics pun

That's how you know you are on the right side of things - when instead of arguing with you, they are simply trying to shut you up so you can't post more than 1-2 times a day.

Or, y'know, you're a troll. Which given your posting history, I'm gonna have to say that the people (not singular as you imply, but multiple) modding you down are being accurate.

Re:Comment is not flamebait, it's a physics pun

For years in a row? :)

Did you change you ways over the years?

Insanity is said to be repeating the same things and expecting a different result. If you never changed your views, why would you expect a different result?

Re:Comment is not flamebait, it's a physics pun

[Jah-Wren+Ryel]

I get downbombmoded periodically, somebody comes in with 30-50 moderation points and mods down every single comment (multiple times, so multiple accounts)

So you believe that one or more individuals, who have personal issues with you, have enough active multiple accounts here to get mod points on 3-4 of them all at the same time and that this happens on a semi-regular basis?

REALLY?

Re:Comment is not flamebait, it's a physics pun

For years in a row? :)

Did you change you ways over the years?

Of course not. Cult members seldom do.

Insanity is said to be repeating the same things and expecting a different result. If you never changed your views, why would you expect a different result?

He expects a different result because he believes, contrary to all reason, that his cult is right. He keeps preaching because he believes that at some point the rest of the world will agree with him, his cult leader, and his religious movement - and hand over all their money to them. He's not insane, he's just a hard-core believer. You'll never get him to give up on his beliefs; not with logic, math, or anything else.

Some background facts

[hweimer]

These are hardly shocking revelations. The document mentions to achieve control over two semiconductor qubits, whereas factoring 2048 bit numbers requires at least that many qubits, and probably several orders of magnitude more. The current record stands at control of 14 qubits, achieved in 2010 in Rainer Blatt's group at the University of Innsbruck, Austria, using trapped ions.

Some time ago, I wrote something on the history and possible future of quantum computing. Moreover, one also has to keep in mind that there are public key cryptosystems that most likely cannot be cracked even with quantum computers.

Re:Some background facts

[Rich0]

Moreover, one also has to keep in mind that there are public key cryptosystems that most likely cannot be cracked even with quantum computers.

The key words you used are "most likely" and at least you're honest enough to use them. There is no mathematical proof that any cipher (other than the one-time pad) is resistant to all as-yet-unknown quantum algorithms. That doesn't mean that they are actually vulnerable - only that we cannot know with certainty whether they are.

People seem to under-estimate the NSA's capabilities here when I talk to them. They employ a lot of really smart people, and they have the benefits of reading all the public literature as well as all the classified stuff that their academic peers cannot read. They obviously don't have high citation rates so the academics tend to look down on them. However, the story of differential cryptanalysis proves that academics aren't always the ones in the lead. Apparently IBM was aware of the technique at least 10 years before it was published, and the NSA was aware of it much longer than that (though nobody knows how long) - this is why DES lasted as long as it did (indeed, the gimped key size is its biggest flaw and 3DES is still reasonably secure though it isn't really future-proof).

For all we know the NSA has a bunch of quantum algorithms just waiting for hardware to run it on. They certainly have a long history of bright cryptographers. Where they might struggle is the physics side, but they certainly could hire promising scientists and give them lots of money. The thing I've found interesting about quantum computing is that there are many different measurement technologies that can be brought to bear that all are fairly well-developed. You have everything from SQUID to NMR, various states of matter for the qubits, nanotechnology, and so on. If the NSA has the budget to pursue many different technologies seriously they could potentially stumble on something that everybody else misses.

Re:Some background facts

[hweimer]

The key words you used are "most likely" and at least you're honest enough to use them. There is no mathematical proof that any cipher (other than the one-time pad) is resistant to all as-yet-unknown quantum algorithms. That doesn't mean that they are actually vulnerable - only that we cannot know with certainty whether they are.

That's the usual situation in complexity theory and it applies to classical algorithms as well. There is also no proof that quantum computers are actually superior to classical computers when it comes to cryptanalysis. Still, most people believe this to be true.

People seem to under-estimate the NSA's capabilities here when I talk to them. They employ a lot of really smart people, and they have the benefits of reading all the public literature as well as all the classified stuff that their academic peers cannot read.

Remember that we're talking about actual physical devices that need to be built and being really smart only helps you somewhat when you need to solder electronics or align a laser. And so far, the NSA employs hardly any physicists which you can also tell from the fact that they've outsourced the research mentioned in the documents to a public university. This is very different than in mathematics or computer science, where it is well known that the NSA is a large employer. That being said, I still think that the NSA might possess some interesting knowledge on quantum computing. I wouldn't be too surprised if they were sitting on an efficient quantum algorithm breaking AES, for instance.

Re:Some background facts

[FrangoAssado]

There is no mathematical proof that any cipher (other than the one-time pad) is resistant to all as-yet-unknown quantum algorithms.

That doesn't mean anything; the same is true for classical algorithms.

That's hardly surprising if you understand what proving anything like that would entail. Hell, to prove you can't break ECC or RSA with a classical computer you'd have to prove P!=NP, since discrete log and factoring are in NP. (To see why, just note that fast factoring would break RSA, so to prove you can't break RSA you have to prove that fast factoring is impossible, which means that you have to prove that factoring is not in P -- but since factoring is in NP, you'd also be proving P!=NP).

Note, however, that proving that ECC or RSA are breakable does not require a proof of P=NP or P!=NP -- for example, you don't need fast factoring to break RSA.

Re:Some background facts

[gnasher719]

Note, however, that proving that ECC or RSA are breakable does not require a proof of P=NP or P!=NP -- for example, you don't need fast factoring to break RSA.

I think Knuth showed that having a fast algorithm for breaking RSA could be used for fast factoring of numbers, therefore RSA and factoring have about the same degree of difficulty.

Re:Some background facts

[FrangoAssado]

I'd be interested in a reference, if you find one.

As far as I know, this is an open question (see this for a lot of references) -- so maybe I should have said:

It may be that proving that ECC or RSA are breakable does not require a proof of P=NP or P!=NP -- for example, it's not known that you need fast factoring to break RSA".

Still, the other point stands -- proving that breaking RSA is not in P (or that factoring is not in P) implies proving P!=NP.

Re:Some background facts

[Redmancometh]

"The current publicly known record is only control over 14 qubits"
FTFY

If the nsa figures something important I don't think they'll tell anyone. They don't care about public scientific progress.

Re:Some background facts

[spyke252]

This isn't quite correct- factoring isn't known to be NP-Hard (and so proving it's in P wouldn't necessarily prove P=NP). Neither is the discrete logarithm problem, which is the basis for ECC.
However, I think this actually helps your argument.

Re:Some background facts

[FrangoAssado]

This isn't quite correct- factoring isn't known to be NP-Hard (and so proving it's in P wouldn't necessarily prove P=NP).

I never said it was. What I said is that factoring is in NP (not NP-hard), so if it's not in P, then it must be the case that P!=NP.

On the other hand, as you said, if it turns out that factoring is in P, then it's still possible that P!=NP (i.e., there may be another problem that is in NP but not in P).

Re:Some background facts

[spyke252]

Ah, totally my mistake there.

Quantum computers arn't magic

[Viol8]

In *theory* they can match the values of an N bit code in one go where N is the number of quantum bits. In practice it might be another matter but even if not - that simply means you use more bits in your key. Once a quantum computer has used up all its bits it has to revert to working like a standard computer and doing everything serially. So if the quantum computer is N bits and we have a key with N + 32 bits the machine will still have to try 2^32 matches. So as quantum computer registers get larger so will encryption keys. Someone builds a 256 bit quantum computer? Great! So just use a 512 bit key and it'll have to do 2^256 comparisons. ie - it'll be damn slow.

Re:Quantum computers arn't magic

[compro01]

Symmetric key encryption with sufficiently large keys is perfectly safe from a quantum computer.

But current public-key encryption (e.g. RSA) and key exchange (e.g. DHM) isn't.

Unbreakable symmetric key encryption isn't worth a damn if you have no secure means of exchanging keys.

Re:Quantum computers arn't magic

[Rich0]

So as quantum computer registers get larger so will encryption keys. Someone builds a 256 bit quantum computer? Great! So just use a 512 bit key and it'll have to do 2^256 comparisons. ie - it'll be damn slow.

Well, nobody would even use a quantum computer to implement a non-quantum algorithm. Since we don't know how to build a practical quantum computer at all it is hard to tell whether it will be harder for the NSA to add more qubits to their designs than it will be for everybody else to use RSA with a 2 gigabit key and a 32-core system to serve an SSL website to 3 users at a time. Adding bits to an encryption algorithm has its costs as well. Quantum computing is remarkably efficient so the NSA might just need one machine, and if the design is sure to work you can bet they'll have the budget to build it.

Re:Quantum computers arn't magic

[i+kan+reed]

Unbreakable symmetric key encryption isn't worth a damn if you have no secure means of exchanging keys.

"Hey, Alice"
"Hey, Bob"
"See anyone around, Alice?"
"Nope, you?"
"Nope"
"Here, take this thumb drive with my pictures, the 6th of which totally doens't hide my encryption key"
"Sure thing, Alice"

Re:Quantum computers arn't magic

[Kielistic]

That isn't terribly useful on the Internet. You also need to keep track of a lot of keys that way. Public-key systems are just so much more user-friendly.

Re:Quantum computers arn't magic

[i+kan+reed]

I guess the NSA is giving us a choice: user friendly or secure, choose one.

Re:Quantum computers arn't magic

[Kielistic]

Currently I can still choose both (theoretically).

Re:Quantum computers arn't magic

[hey!]

It's not at all clear to me that a quantum attack on encryption would *necessarily* have to proceed along the lines you propose, which is to use the quantum computer to remove N bits of entropy from the key, then to attack the rest of the key with brute force and conventional algorithms.

Why would you even *consider* such hopeless approach?

It seems to me that there are two other possible ways a quantum computer could be used. The first is to attack some other aspect of a cryptogrphic protocol that is hard with conventional computing, say a weakness in a random number generator.

Another would be an algorithm which be some kind of operation which requires a number of quantum computer runs that is polynomial in the length of the key.

Re:Quantum computers arn't magic

Hmm... but what will I do with messages already sent and presumably stored by NSA for future decryption? It appears that open text is actually safer as it is currently expired while encrypted kept forever.

Re:Quantum computers arn't magic

How does that help protect the data they have already captured and hold on record that is encrypted with less than N bits?

Re:Quantum computers arn't magic

[AndrewBuck]

We have every reason to believe that cleartext is stored forever, too. I don't trust those fuckers at all anymore and just assume that anything sent in any medium will be stored for as long as they can afford the disk space to store it, legal or not.

-AndrewBuck

Re:Quantum computers arn't magic

I guess the NSA is giving us a choice: user friendly or secure, choose one.

Fuck you, NSA! I choose neither!

Re:Quantum computers arn't magic

Kerberos makes use only of symmetric key cryptography, so it should still be secure even with quantum computers. Grover's algorithm is only capable of cutting search space for symmetric keys by a third, meaning 128 bit crypto is reduced to only 126 bit crypto to a quantum computer: still just as unfeasible. However, it requires the maintenance of a trusted third party, the key distribution centre, and that will likely be a very juicy target indeed. And let's not forget about quantum cryptography, which provides key exchange mechanisms equivalent to public key crypto that are provably secure against eavesdropping. Apparently there are companies that actually provide commercial quantum key distribution services.

Security through Obscurity.

Hey, no worries, hide messages in plain sight with no encryption!
They'd never think to look there!

Re:Security through Obscurity.

[nobuddy]

We will be doing old school cyphers soon.

Anyone else have a copy of "Where The Red Fern Grows"?
First word: P7,line7, word 3.
Second word....

Re:Security through Obscurity.

[ApplePy]

Then take *that* output and encrypt it, right?

Manual cipher on paper -> airgapped computer -> whatever heavy duty digital encryption

I admit I don't know a lot about how encryption works. Could someone who does, explain why this would or would not be effective?

Wasn't this news 20 years ago?

[hubie]

Google is mainly returning all links to this story, but I seem to recall from at least 15 to 20 years ago when quantum computing became a popular issue, that cracking encryption keys was exactly the thing you'd use a quantum computer for. There was all this discussion of how many bits you should use for key generation, and how safe it would be ("It would take you the age of the Universe to crack 256 bits, even when harnessing all the computers on Earth, but a quantum computer could crack it in an hour" and stuff like that). It was no secret that the NSA was working on quantum computer technology then as well.

The NSA does all sorts of cutting-edge research in mathematics and computer sciences, so you can pretty much write a story that says "The NSA is working on a program to [insert futuristic computer-related topic]". Other than making for breathless headlines, is ANYONE surprised that they have a quantum computing program?

Re:Wasn't this news 20 years ago?

[wile_e_wonka]

It was no secret that the NSA was working on quantum computer technology then as well.

Speaking of it being "no secret," here is the public website for the quantum computing initiative at the Los Alamos National Laboratory:
http://quantum.lanl.gov/
That page says:

Quantum information science and technology research is conducted at several outstanding universities and laboratories around the world, including LANL. At Los Alamos, however, even the most basic quantum research often has national security implications or connections.

Although the Quantum Initiative's national security mission at Los Alamos is manifest in many areas, it is perhaps most evident in two of the Laboratory's most successful quantum technology initiatives— quantum cryptography and the race for a quantum computer.

Los Alamos National Laboratory, of course, is owned and operated by the U.S. Federal Government. The fact that the Government has been working on this for some time (since the 90s) has not been a secret.

The Laboratory also revealed recently, as was reported on /. that it has been operating a quantum network for 2 1/2 years. Though I feel certain I read about that in Technology Review or the like a couple years ago, but cannot find any such article now.

Re:Wasn't this news 20 years ago?

[hubie]

Other than making for breathless headlines, is ANYONE surprised that they have a quantum computing program?

Well, evidently the person who modded me Flamebait was surprised, so I stand corrected. :P

And they called me crazy

[lagomorpha2]

...and my colleagues called me crazy when I gave them 256GB USB drives full of true randomly generated one-time pads to use to decrypt my emails because I didn't trust public key.

Who's crazy now! Muhahaha! (posted from secret volcano lair)

Re:And they called me crazy

Hawk??

Re:And they called me crazy

My boss called me crazy years ago for suggesting that I would put electrical tape over my computer's webcam.

Re:And they called me crazy

Your memory sticks were the fraudulent 256MB type. You are reading zeroes from the key material now. Proof: I can read your post without difficulty despite not having one of the drives.

Re:And they called me crazy

Did you buy the drives online? Because if you did I have some bad news for you...

Re:And they called me crazy

[Ckwop]

256GB USB drives full of true randomly generated one-time pads

I know this is a piece of humour but since this is Slashdot why not?

What a lot of people don't understand is that is much harder than it first appears. For example, doing cat /dev/random to a file on disk will not give you bytes suitable for use in a OTP.

The issue is that the many TRNGs hash their entropy pool with a cryptographically secure hash. When you use such a hash there is no guarantee that the input space would be uniformly mapped to the output space.

To illustrate this, suppose we had an entropy pool 1024-bits deep. Suppose before producing the output the pool is hashed with SHA-1. This is an output that 160-bits wide. There is no proof whatsoever that if we cycled a counter from 0 to 2**1024 that the hash of these would distribute evenly of 2**160 possible has outputs. If this were the case, each output hash value would appear exactly 2**864 times. It is highly unlikely that this is the case.

What this means is the the output is distinguishable from a true random source, which completely breaks the security proof for the OTP. Granted, the attacker would likely to have to do an infeasible amount of work to use this distinguisher. However, the OTPs proof gives you security from computationally unbound adversaries. It's the whole point of using the OTP!

So in short, you can't use /dev/random, you can't use pretty much any commercial random number generator. You'd have to roll your own and show that your bias is small enough for no attack to be practical. Like I said, it's harder than it looks.

Re:And they called me crazy

[lagomorpha2]

So in short, you can't use /dev/random, you can't use pretty much any commercial random number generator. You'd have to roll your own and show that your bias is small enough for no attack to be practical. Like I said, it's harder than it looks.

Why do you think the secret base is located in a volcano?

http://en.wikipedia.org/wiki/Lavarand

Re:And they called me crazy

[johnjaydk]

So in short, you can't use /dev/random, you can't use pretty much any commercial random number generator. You'd have to roll your own and show that your bias is small enough for no attack to be practical. Like I said, it's harder than it looks.

Use a radioactive source and measure the decay. That is truly random.

Re:And they called me crazy

Use a radioactive source and measure the decay. That is truly random.

Ish: http://science.slashdot.org/story/12/09/01/1731224/radioactive-decay-apparently-influenced-by-the-sun

Solution: A fresh cup of really hot tea.

Re:And they called me crazy

[HiThere]

You need to stabilize that count though. This can probably be done by throwing away, say, 2/3 of the time intervals, counting the other third as true if one or more decays are detectes. (Or, perhaps, set it at 3 or more. You need to adjust things by experiment until you get 50% hits.) Then you accumulate random numbers for a few weeks.

You used to be able to do this kind of thing with an overdriven mic amp in a *really* quiet room, but I don't know if that still works. That would let you accumulate random numbers faster, but I think cosmics let you accumulate them at 1 or 2 bits / second. (You don't want to overload the giger tube, because then it goes quiet.)

OTOH, I've *NO* modern experience with this. At the time I was interested all the equipment used tubes. Transistors are a LOT quieter.

Re:And they called me crazy

> doing cat /dev/random to a file on disk will not give you bytes suitable for use in a OTP

for i in `seq 1 25` ; do head -c 1024 /dev/random ¦ tr -cd 0-9 ¦sed 's/...../& /g' ¦ cut -b 1-29 >> one_time_pad.txt

(This will take some time, but works!)

Don't hold you breath

It will be interesting when someone shows that they can factor 15 with a scalable algorithm.

Until then it's just a toy.

Re:Don't hold you breath

[AndrewBuck]

Actually I think the current record is 21, however your point still stands. Quantum computers are now, and will be for quite a while, a toy. That doesn't mean we shouldn't be looking for solutions though, even if the capability to break keys of today with a quantum computer is still 30 years away there are messages that should be secure for at least that long, so we should begin looking forward now.

Oh and by the way, fuck the NSA.

-AndrewBuck

huh?

[DriveDog]

Surely it wouldn't be so easy for the NSA to get people to trust current systems as to just say they're building a quantum computer to crack those (because they can't otherwise)? Come on, that's an old trick. CIA pulled it on the Soviets, stealing a cypher machine to cover an agent who'd already provided the means of decrypting their messages, hoping the Soviets would stop investigating the agent. So the Soviets appeared to stop investigating.

Maybe the NSA can't crack some current codes, and is building a quantum computer to do so. But the converse isn't necessarily true. Maybe the US really couldn't read Soviet messages until CIA stole the machine (known as a "smoking bolt" operation, according to Tony Mendez). But I have trouble believing everyone in the KGB really bought that. James Jesus Angleton would not have.

Solution

[IamTheRealMike]

Switch to ring learning-with-errors, which was proven by Regev to reduce in the average case to the hardness of some worst case integer lattice problems. Crypto systems built in this way are believed to not be affected by quantum computers and research is proceeding fast as a result. The fact that the NSA is no further ahead than anyone else is reassuring - we know how to build post-quantum crypto systems, the work that remains is largely in the "maturing" phase rather than the "wtf do we do now" phase.

Re:Solution

[Rich0]

Has it actually been proven that it is mathematically impossible for a quantum algorithm to exist capable of defeating this system? I'm sure you could prove that any particular known algorithm wouldn't work, but the only system resistant to unknown algorithms that I'm aware of is the one-time pad.

If this has been proven I'm genuinely interested. I will confess I'm not a cryptographer.

Re:Solution

[slew]

Has it actually been proven that it is mathematically impossible for a quantum algorithm to exist capable of defeating this system? I'm sure you could prove that any particular known algorithm wouldn't work, but the only system resistant to unknown algorithms that I'm aware of is the one-time pad.

If this has been proven I'm genuinely interested. I will confess I'm not a cryptographer.

I don't know about ring-learning-with-errors, but if it indeed reduces to an integer lattice problem, I suspect it would eventually prove to be vulnerable to some sort of attack that could be executed by a quantum computer.

As a silly example, here's a proposed attack on lattices that employs a quantum computer implementing a partial Grover's algorithm to speed up looking for solutions...

http://www.cdc.informatik.tu-darmstadt.de/reports/TR/TI-03-03.QSamplingPaper.pdf

As with many things, I doubt there is a negative proof. There's much about quantum computability that we do not understand yet (of course there is much about regular computability that we don't understand either, starting with P ?= NP). When people usually say it's resistant to quantum computers, they actually are implying that it's resistant to a quantum computer employing Shor's algorithm (and similar quantum fourier transform techiques) to factor large numbers and compute discrete logarithms (the basis behind the RSA and DH public key cryptosystems). There are other algorithms that quantum computer can run, most of which people have not even discovered yet.

Re:Solution

A model to think about algorithms for quantum attacks:

A circuit with an input bus of N independent bits
    feeding a known logic block (gates only, no feedback) with M dependent nodes
      feeding a single output. (The 'happy' wire.)

The input bus has 2**N possible combinations.
      if only one input combination causes the makes the output happy,
          then eventually we will should a quantum computer that can will figure it out.

How big N and M are will dictate how long we have to wait.

Is the post quantum work about something completely different or just about making M and N big?

Hopefully, it is about something where it is impossible to know the wiring for a logic block that is only happy for a single input combination.

Re:Solution

[david_thornley]

One-time pads aside, there's no proof that any cryptosystem cannot be cracked in polynomial time. After all, known-plaintext cryptanalysis is solving a problem in NP, since it has to be easy to get the plaintext given ciphertext and key. Without a proof that P != NP, it's possible that P == NP, meaning there may be a polynomial-time solution.

Whether there's an efficient solution is another matter. Normally, problems solvable in polynomial time are feasible to solve, but it's possible that reducing a particularly hard NP problem to P involves insanely big polynomials (like O(n^100), perhaps) and is still computationally intractable.

I'm not aware of any cryptosystem being proved NP-hard either, but there's a whole lot I don't know in the field.

A few important points

Classic* public-key crypto (SSL, TLS, GPG, PGP) would be dead except, and this is quite interesting, except the one based on elliptic curves, which NSA has been advocating for for a long time.

Symmetric crypto (data at rest, file/disk encryption) would be affected, but not so badly. The key size would be halved. So Twofish with a 256-bit key would be as strong as Twofish with a 128-bit key (note that this means it would be 2^128 times easier to brute force, NOT twice as easy).

* By classic I mean DH and RSA-based.

Re:A few important points

[heypete]

Classic* public-key crypto (SSL, TLS, GPG, PGP) would be dead except, and this is quite interesting, except the one based on elliptic curves, which NSA has been advocating for for a long time.

Actually...

Re:A few important points

Not quite right. Symmetric crypto attacked with Grover's algorithm can divide the total keyspace into a third, so Twofish with a 256-bit key would be as strong as Twofish with a 254-bit key. Quantum computing cannot do something as ridiculous as halve the actual key size. Symmetric crypto is still safe. So if you're using Kerberos you should be okay if your KDCs are secure. Oh, wait...

They'll botch it.

[vikingpower]

They are a dinosaurian government agency, that has a habit of gobbling up money by the truckload. They have no reputation for technical or scientific excellence whatsoever. Neither do they have a track record in building first-rate equipment or software. Moreover, they have been proved, over and over again, to be pathological liars. In other words: who gives a shit ??

Re:They'll botch it.

This doesn't seem trivial to me, and everything I've heard about the NSA from folks who've worked there suggests their technical skills are incredibly high, just wasted by management.

Least interesting relevation so far

I feel like the NSA would be remiss if they weren't investigating Quantum Computing. Breaking other people's encryption is completely in their remit. They could (and probably will) abuse the part about when & when it's *used*, but the simple fact that they're looking into it is not problematic to me.

Fact is, the NSA doesn't have a technology problem. They have a massive *targeting* problem. If they were using the technology they have *and* following the constitution, there would be no problems. But, blanket spying on everyone is not okay. That's the problem. Investigating quantum computing is totally fine for them to be doing. Using quantum computing to break everyone's keys in the entire world is not fine.

Re:Least interesting relevation so far

Fact is, the NSA doesn't have a technology problem. They have a massive *targeting* problem. If they were using the technology they have *and* following the constitution, there would be no problems. But, blanket spying on everyone is not okay. That's the problem. Investigating quantum computing is totally fine for them to be doing. Using quantum computing to break everyone's keys in the entire world is not fine.

This.

But that catalog of persistent exploits that could be placed on single targeted machines and/or network hardware? Fascinating reading, I didn't need to know that, (and since I have no clearance to lose by knowing it) cool beans. Quantum computer? A lot of stuff was redacted from those pages, but from what was there, I'm either kinda disappointed they hadn't made further progress, or reassured that if they had, it was sufficiently compartmentalized that it wasn't part of the leak.

If NSA would just stop with the parallel construction BS and dragnet surveillance (give me every word ever written by every American, and even I could find six upon which to hang each of them in court, which is precisely the problem), they wouldn't feel the need to compromise US corporations or backdoor NIST's crypto standards, and they might just re-earn their once-white-hat reputation in about 20 years.

Ha ha. I wouldn't worry too much...

[cyn1c77]

More disturbing is that it may simply be a matter of time before it fails, and our private messages are out there for all to see.

There is quite a bit of fearmongering here...

Given that they couldn't even secure their internal network properly, it would seem highly unlikely that the NSA has the commitment, expertise, or efficiency to secretly develop cutting edge technology far in excess of what the best academics in the world can do.

That said, instead of everyone standing around and wringing their hands, maybe now would be a good time to start developing more secure encryption algorithms that are more robust to brute force attacks. The encryption community has been resting on their laurels for quite a while now.

This is what they should be working on

[wcrowe]

The NSA deserves a lot of criticism for some of the things they've been doing. However, this is the kind of thing they should be working on. It's not the tools they have that bothers me. It is how they use them that is the problem.

Re:This is what they should be working on

[asylumx]

I've said similar before -- the same goes for their data mining techniques. Sure it's being used inappropriately, but the fact they are able to collect, store, and analyze such an humongous data set is really a marvel of computer science.

Remember, rockets were used to kill people before they were used to take people to space. Lots of inventions are created for the wrong purpose and then later used for good.

Re:This is what they should be working on

It bothers me that they're spending so little effort on that - I was hoping they have the damn thing working by now.

Re:This is what they should be working on

[martin-boundary]

I've said similar before -- the same goes for their data mining techniques. Sure it's being used inappropriately, but the fact they are able to collect, store, and analyze such an humongous data set is really a marvel of computer science.

No, it's unethical. That's like saying it was ok for Oppenheimer to develop the atomic bomb - what a marvel of physics. The result was that the world ended up facing nuclear annihilation.

Ethics matters. If you're a computer scientist developing data mining techniques to search all the world's data, you SHOULD think about the ethics of it, and either refuse or ALSO work on anti data mining protection systems. No government or company should have the power to search all the world's data. They WILL misuse it, and THEN we'll want those anti data mining systems to be ready.

Who would be surprised by this?

[daveschroeder]

One of NSA's chief missions is breaking encryption. So (for the US folks among us) it's okay when it's the German or Japanese codes in WWII, but somehow sinister when the reality is that much of the world now shares the same tools, systems, services, networks, encryption standards, etc.?

In a free society governed by the rule of law, it is not the capability, but the law, that is paramount. And for all of the carping and hand-wringing about what NSA is doing because its capabilities continue to be laid bare, where is the worry about what states like China and Russia are doing?

Re: Who would be surprised by this?

The worry is there for China et al, but people on the U.S. and other five-eyes states don't have any way to influence their politicians to make the Chinese NSA equivalent behave.

The problem is that we can't even make our OWN agencies behave, because the oversight process is BROKEN.

Re:Who would be surprised by this?

it's okay when it's the German or Japanese codes in WWII, but somehow sinister when it's used on Americans

FTFY. And yes, it is sinister. I bet even the jackboot lickers like you and cold fjord would absolutely agree if I said "it's ok when its our soldiers shooting up German or Japanese soldiers in WWII but somehow sinister when they shoot up Americans".

Espionage is an act of war. Americans committing acts of war against their fellow Americans is treason. It's right there in the Constitution.

Re:Who would be surprised by this?

In a free society governed by the rule of law, it is not the capability, but the law, that is paramount. And for all of the carping and hand-wringing about what NSA is doing because its capabilities continue to be laid bare, where is the worry about what states like China and Russia are doing?

I'm neither Russian nor Chinese. They can worry about the loss of the rule of law in Russia and China.

I live in America, and I am worried about the end of the rule of law in America. When you eliminate the Fourth (and harm the Third, for is not giving NSA carte-blance access to one's business records the electronic quivalent of quartering troops), you also harm the First. Clapper is free to lie to Congress. Americans self-censor when they think about searching for something they read in the news. "Careful, you don't wanna google that, you might end up on a watch list..."

That's not entirely the end of the rule of law, but it's a damn big warning sign.

Good

[jgotts]

The NSA is supposed to be working on cryptography technology.

The NSA needs to get back to doing its job, and stop spying on Americans. We already have several branches of government that are responsible for domestic criminal investigations, and they're subject (in theory anyway) to the robust safeguards in the Constitution.

The NSA helps everyone with robust cryptography. It's in nobody's best interest when one government can decipher everyone else's communications, except maybe for that handful of codebreakers.

Regardless of what they say, terrorists are low tech. They do not have access to a large pool of cryptography talent, nor will they ever.

Post-Quantum Cryptography

This is why we need research into post-quantum cryptography.

http://en.wikipedia.org/wiki/Post-quantum_cryptography

But...

Information wants to be free!

I thought the disclosure of private information is to be lauded?

Never happen.

[RightSaidFred99]

"Quantum Computing" is hogwash. I'll eat my shoe when they can crack even a tiny RSA key, say the smallest possible, faster than a conventional chip.

Re:Never happen.

That must be why there is a whole field of study around finding encryption systems that are not crackable even with quantum computers.

http://en.wikipedia.org/wiki/Post-quantum_cryptography

Re:Never happen.

They did crack the smallest possible RSA key, didn't they? The public key was n=15, the private key was p=3, q=5.

Re:Never happen.

[r2kordmaa]

Oh it'll happen sooner or later, science behind it is sound, you can practically build quantum computers and they work. The problem is that while there are plenty of prototype computers out there, they can still only do operations with few qbits and thats no good for practical applications. While developing computers with more qbits is not exactly easy, it is very much doable, its an engieneering problem now, not something that would require a novel scientific breakthrough.

Re:Never happen.

[RightSaidFred99]

True, good point. On an unrelated topic, horoscopes work. I mean, there is a whole field of study around it. http://en.wikipedia.org/wiki/Astrology

Re:Never happen.

[Strider-]

They did crack the smallest possible RSA key, didn't they? The public key was n=15, the private key was p=3, q=5.

Or was it p=3 q=5? I guess it depends on how you look at it... ;)

this reminds me of a horrible dan brown book

[netsavior]

"Digital Fortress" wherein a rogue NSA cryptographer out to save and or destroy a 12-ton NSA codebreaking (quantum?) computer gets chased by a blind assassin for some reason... and a 64 BIT encryption key was pressed into a gold ring, but was somehow made up of 64 ascii characters.

Don't worry because (spoiler) the "enigma" or whatever melted down when a virus caused it to something something, not even the fat IT guy named Jabba was able to stop the awesome power of something something. I am not even joking.

Although since it is written from the point of view of an NSA "genius," I suppose the glaring errors make it a lot more realistic.

Don't worry

[Virtucon]

It's a government project. Eventually the contractors involved will screw the project up and they'll have to announce it in a secret meeting on the black budget. They'll then ask for billions more to develop a solution to a so-called quantum computer gap that exists with the Chinese and Russians. The Cold War with the Soviets may be over but we're in a new Cold War with BRIC and the stakes are more along the lines of economic vs. military.

Re:Don't worry

[jasper160]

And which politician's family member will be sitting on the board of the contracting companies?

Re:Don't worry

[Virtucon]

You have that wrong, it'll be an ex-congressman on the board not a family member.

Re:Don't worry

[jasper160]

Also true, both can happen. Here in Minnesota all the license plates had to be changed a few years ago; later it was found the state senatewhore who pushed for the bill failed to mention his brother in-law owned the company making them.

Re:Don't worry

[Virtucon]

LOL, Cronyism at its best!

durrrrr

you don't know what you're talking about

Re:durrrrr

To be fair, rainbow tables are becoming more useful thanks to the growing desire of people to store bitcoins in low-entropy brain wallets.

Re:durrrrr

[scarboni888]

Neither do I but I don't see you talking to me.

'sup wit dat, dawg?

Of course they call you crazy

[davidwr]

Why should they trust those memory sticks you are giving them? After all, you might have gotten them from a manufacturer whose factory was hacked and the USB drives are silently corrupting data in random ways.

posted from secret volcano lair

Now I know you are either crazy or crazy like a fox. Since only a relatively small part of the Earth's surface has placed where you could put a volcano lair, I'm a lot closer to knowing where you are. Or maybe you are lying and crazy like a fox, in which case I say "well played, sir, well played."

If by chance you aren't on the Earth yet you still managed to pot to Slashdot, I say "VERY well played, sir, VERY well played."

Re:Of course they call you crazy

[KingOfBLASH]

There's plenty of places on earth with active volcanoes. Saying he's in a volcano narrows it down more then saying he's on planet earth, but it's still quite a large search area

http://en.wikipedia.org/wiki/File:Spreading_ridges_volcanoes_map-en.svg

Assume that his volcano lair is in a dormant volcano (because let's face it who wants to be inside an active volcano) and a lot of other mountains that used to be active volcanos some millions of years ago also become possible locations.

Mod parent up

[davidwr]

Yes, yes, yes. If they'd spend their money on this instead of invading American's privacy, maybe they'd be a few months further down the road than they are.

Quantum encryption

[Conspiracy_Of_Doves]

Once such a thing is achieved, can't it be duplicated and used for quantum encryption for everyone?

operative term "trying"

[r2kordmaa]

Theres a world of difference between trying and succeeding. Still its not bad that money is pumped into quant computing research, someone is going to crack the problem sooner or later anyway, and it will cause problems for cryptography and security anyway. But cracking crypto is hardly the only thing you can do with practical quant computer, having one would literally mean quantum jump in engineering and science research. The boost it would give world of science greatly outweighs the risk of NSA cracking your porn archive open.

How far away is it?

[Soluzar]

Has anything practical actually been demonstrated in the field of quantum computing yet? I understand that a lot of exciting and complex (if you're into that) math has gone into describing a model for how quantum computing should function, but as far as I'm aware nobody has actually managed to build any prototype devices yet.

When I first heard the term "quantum computing", I believed it to be a meaningless buzzword. I think at that time it may have been so. Now it is obviously a real concept, but unless I may be better informed, I think it is still a very long way off.

I wonder if programming for a quantum computer will be anything like programming for the digital (is that the proper term to use in contrast?) computers we have now. I can't help but feel that it would be both very different and rather more difficult.

Great

[PPH]

And when they drag me into court for some conspiracy, I'll just cite Heisenberg's Uncertainty Principle and SchrÃdinger's cat as basis for reasonable doubt and get off scott free.

Are there no terrorists

[future+assassin]

out there to save us from the NSA?

Best headline on this...

[whitroth]

"The NSA May Or May Not Be Building A Quantum Computer That Can Decrypt Basically Anything"
            - http: // www.seattlepi.com/technology/businessinsider/article/The-NSA-May-Or-May-Not-Be-Building-A-Quantum-5111156.php

            mark

His lair could be underwater

That vastly increases the number of places he could be.

NSA has a long history in this area

[Animats]

One NSA director in the 1960s said "I want a thousand-megacycle machine. I'll get you the money!" There's a book, "IBM's Early Computers", which shows much of NSA's exotic hardware from the 1950s through the early 1970s. High-density tape drives, the first automatic-changing tape library (TRACTOR), the first superscalar machine (STRETCH, which, for NSA, had a special crypto processor instead of an FPU), and a number of cyrogenic machines.

NSA tried hard to get cyrogenic computing to work, from the 1960s onward. They had some successes with getting devices to work fast in the 1960s, but the early superconducting devices were gated magnetically, which meant coils and discrite devices, not ICs. So they could be made fast, but not small, which means speed of light lag within the processor becomes a bottleneck. Mainstream CMOS IC technology eventually beat out the superconducting Josephson junction stuff on both price and speed. Some time in the 1980s, IBM and NSA gave up on that. It just wasn't a win over Moore's Law.

Quantum computing, though... Just maybe.

On the other hand ...

Once they develop quantum computing ( the technology to crack any code ), other countries
( and eventually all of us as the price comes down ) will be able to see what they, the congress,
and the senate are doing too.

Should be interesting.

That's not reassuring

[davecb]

If I have a crack for a current cryptosystem, I'd still need to build a machine to address the next cryptosystem.

Remember the panic in Britain when the (WW2) German submarine service switched from 3-rotor to 4-rotor Enigma machines! They hadn't finished a "bombe" got 4-rotor machines, and only broke the 4-rotor code when they captured an undamaged 4-rotor machine.

That failure was one of the reasons behind building "Colossus", the first electromechanical computer. Colossus was eventually able to decrypt message from the Lorenz SZ40/42 12-wheel machines, which were much harder than the 4-wheel enigma.

Re:That's not reassuring

[gnasher719]

Remember the panic in Britain when the (WW2) German submarine service switched from 3-rotor to 4-rotor Enigma machines! They hadn't finished a "bombe" got 4-rotor machines, and only broke the 4-rotor code when they captured an undamaged 4-rotor machine.

I think you are not getting the details right here at all. Britain was never capable of cracking an Enigma with four rotors from scratch. However, the daily settings for the four rotor machine were the same as for messages sent to three rotor enigmas, with an additional rotor added. And the rotor was taken from the existing set of eight rotors. So Bletchley Park broke the code for the 3 rotor enigma, end then tried 5 rotors with 26 different settings to crack the 4 rotors enigma.

Re:That's not reassuring

[davecb]

Actually they only did that for a few individual messages where the operators messed up, although they did describe it as an approach, until it was safe to admit they'd captured a 4-rotor machine from a sub. It was just declassified last year that they were so very badly stuck that they laid on the Dieppe raid in hopes they could "pinch" at least one machine from either the naval headquarters building or one of all the trawlers and e-boats based there. They failed miserably.

My wife bought me the book on it for Christmas (One Day in August: The Untold Story Behind Canada's Tragedy at Dieppe, by David O'Keefe) , as she knew the Essex Scottish was my regiment, and that I was interested in crypto.

Quantum Computing Website

[frogcode]

The government can't even build a website and they are talking about quantum computing.

Like The TSA

Its like the TSA terrorizing a 96 year old grandmother in Boise Int. Airport to stop a Saudi Arabian national with a Koran and a Bic on a bus in Riyadh.

compared to healthcare

[cjestel]

Compared to the 600 million dollar initiative for the ACA website, this is a steal! Hopefully it works as well as the ACA website and we won't have to worry about them breaking any encryption.

not the only one

[slack_justyb]

What surprises me the most is that the poster forgot to say that the NSA isn't the only one in this race. Many nations allies and foes alike are in a race to decrypt each others information. Not to mention their citizens' data. First one to a computer that can break most encryption wins. The NSA is hardly the only kid on the block. That it is a quantum computer is just a detail point that matters little. The idea is to build a computer, any computer quantum or not, that can defeat the majority of encryption. The US isn't the only one who gets bothered by a lock it can't pick.

Plausable deniability

The NSA is both spying on you and NOT spying on you at the same time.

No shit, this has been going on for ages

[dlenmn]

Government intelligence agencies have been involved in quantum computing research for ages. Just look at the funding agencies listed at the end of a typical research paper:

This research was funded by the Office of the Director of National Intelligence (ODNI), Intelligence Advanced Research (ODNI), Intelligence Advanced Research Projects Activity (IARPA), through Army Research grant...

http://web.physics.ucsb.edu/~martinisgroup/papers/Wenner2013.pdf

Is it a surprise that they're doing work in house as well?

Hell even, Northrop Grumman (and possibly other big defense contractors) is trying to build quantum computers too, and it's not because they need quantum computers to design airplanes...

Re:No shit, this has been going on for ages

[dlenmn]

Errrr...

This research was funded by the Office of the Director of National Intelligence (ODNI), Intelligence Advanced Research Projects Activity (IARPA), through Army Research grant...

(I couldn't copy and paste from the pdf, and apparently I can't type either. FWIW, IARPA is the intelligence agencies' equivalent to DARPA, which is probably better known around here.)

Don't hold your breath

[dlenmn]

It's anything but a buzzword; it's a big research area with many academics working on it from all angles. However, you're right that it's nowhere near ready. As of a couple years ago, people had managed to factor 15 using a quantum computer; there are probably better records now, but it's tricky business.

The issue is that it's hard to make things both act quantum (being in controlled superpositions of more than one state) and be connected to other things. For example, atoms floating in a vacuum can act quantum for a long time, but they're hard to couple together. On the other end of the spectrum, superconducting qubits (made like microchips) are easy to couple together, but they don't act quantum for long.

Progress is being made, but it's a slow process. Short of some unforeseen breakthrough, it'll take a while to get a big quantum computer working, even though a lot of smart people are working on it.

Re:Don't hold your breath

[Soluzar]

Please note that I didn't say it was currently a meaningless buzzword. I said that I believed it to be such when I first heard the term. I'm aware that something meaningful has come out of it since then, although exactly how much is still a matter of which I'm largely ignorant.

I appreciate you making me aware of the fact that there have been some working quantum computers now. They may be small, but even the first one was a huge step. I'm somewhat surprised to learn that the first real steps were quite a long time ago.

I wonder if I'll live long enough to see a quantum computer on the home desktop. It would probably run The Elder Scrolls 37 really well. :D

Re:Don't hold your breath

The quantum factoring of 15 and 21 are neat achievements, but use lots of Shor's math tricks to do the job.

It would be neat to just build simple multiplier and single solution constraint blocks in random logic and then have the qbits figure out the node values.
    That way the benchmark would say that the computer is a general purpose logic solver, not a special purpose machine.
        Current published benchmarks are a long way from that, both in terms of programability and number of nodes.

These techniques depend greatly on knowing the logic wiring and figuring out the keys.
  A system that manages to keep the wiring secret might be relatively safe from these methods when they happen.
    Maybe a future system will be a pair of fpga's programmed with an hidden algorithm, only known to the pair.
        Or maybe there is a way to make an alorithm for which you can't come up with a single solution constrain box?

Still, an interesting area to watch evolve.
      When it happens, the applications are much more interesting than decoding.

Life imitates art?

[TripleE78]

I read a book about this a couple years ago, I think it was a David Baldacci. The govt. was working on figuring out quantam computing before everyone else, although in this case it was to figure out how they could defeat it once it was created for the purpose of keeping things secure.

That said, it explained for a layman how this sort of thing would blow encryption wide open, and there was a bit of a hint that of course the govt. could use this to break into everyone else's stuff too.

Re:Quantum Computing Website

The NSA wasn't in charge of Obamacare...if they were you wouldn't even need to sign up, they could just figure out your selections for you.

And in other news... Water still wet!

[jlhaase]

Well Duh.. Of course they are trying to build a quantum computer. Haven't any of you read Tom Clancy's Net force series :)

Thank you so much dice, for your analysis...

We will be sure to believe it.

Remember if the msm are talking about plans they are really reporting on completions.

Don't look now, but I just made a quantum computer

Hey, I told you not to look!

Good news

Personally I don't believe magical code breaking quantum computers are possible. News of NSA wasting millions on quantum computers means money not being spent spying on the world for benefit of US corporations.

The sky is ever falling

[quax]

The quantum computing fear is really nothing new.

It makes the current encryption scheme more valuable but there are post-quantum schemes as well as quantum cryptography as alternatives.

Not News

[GrilledFishTaco]

If I'm not mistaken, James Bamford was writing about this years ago. Nothing new here.

Good I hope they do it

[WOOFYGOOFY]

Let's not get lost here. We need and want the NSA to do it's legitimate job in protecting the nation against terrorists and people to whom the idea of "mass extinction" is just a shorter way to get their god to sort us all into our respective eternal bins.

The whole issue with the NSA eavesdropping is the potential for , as Snowden admirably put it, "turnkey tyranny". That's not nothing, that's not such an unlikely result of this kind of power being applied to the world's population that we don't have to worry about it. We do have to worry about it and we have to turn them back from the path they're on before it becomes more than a hypothetical worry.

But we WANT them to get a quantum computer and every other thing under the sun they can get. Yes, absolutely we do, even as we do the work that needs to be done to make sure our liberties stay intact.

Re:Good I hope they do it

[WaffleMonster]

Let's not get lost here. We need and want the NSA to do it's legitimate job in protecting the nation against terrorists and people to whom the idea of "mass extinction" is just a shorter way to get their god to sort us all into our respective eternal bins.

If you have no reason to trust your own government to act lawfully and morally this is a hard sell. How many hundreds of thousands of people were killed when Iraq was invaded with completely fabricated lies as justification? Does this count as Mass Extinction? While I'm sure there are people who would love to come to America and blow things up most of the "terrorists" have local political and tribal battles to fight. "Terrorism" is more about those stuck in the dark ages acting out against the rise of Modernity than a world view where USA is constantly in the crosshairs. This country is too big to not be open to anyone determined to be here. We can't even control our Southern borders. My risk exposure from normal criminal activity is multiple orders of magnitude more than my exposure to being harmed by foreign terrorists.

The whole issue with the NSA eavesdropping is the potential for , as Snowden admirably put it, "turnkey tyranny".

The whole issue is "absolute power corrupts absolutely" no organization run by humans deserves to gobble up the worlds communications and do whatever they please with it. I don't care what your flag is or what your goals are.

But we WANT them to get a quantum computer and every other thing under the sun they can get. Yes, absolutely we do, even as we do the work that needs to be done to make sure our liberties stay intact.

I want everyone to get a quantum computer assuming high qbit entanglement is even possible not just one organization. The equivalent of the little black box with "too many secrets" written on the side of it I trust to nobody or everybody. If there is just one of them the world is better off with it destroyed.

Re:Good I hope they do it

[WOOFYGOOFY]

I agree. We've been here before on all counts. Vietnam was a series of lies told by officials to the public. See book: A Bright Shining Lie . What a totally engrossing read . And of course the FISA courts EXIST only because of past NSA abuses. But this is government as populated by humans. There is no alternative. Wherever you want to go, you have to take where you are as a starting point.

Abstractly considered, the functions of the NSA et al are not something we can do without. They're mandatory if we're going to stay free. Now the actions of some of the individuals which lead within those organization is another matter entirely. It is a true fact that unchecked spying power at the disposal of the executive upon anyone anywhere for any reason is a road to loss of freedom also. This appears to be what we have. I personally doubt they even restrain themselves from the full content of all websites and emails and phone calls. That's great for national security and also great for fascism. Obviously they're focused on one of those things
and have not a care in the world about the other.

We're not a nation of philosophers. We're a nation of advocates for ourselves, our side, our party, our department our acquisition of power. Few people in our nation have the developed perspective and character which would lead them to abstain from something which would result in an increase in to their personal power.

You have to believe we can get there. Consider the people of Denmark. 2000 years ago they were marauding assholes on the people's of Britannia . Now they're exactly the opposite and lead the developed world in international equality fairness civility and peaceful relations. Peoples and nations change their collective character. It's never pretty. It's the road were on; we just have to walk it, there's nothing else to do.

Write your congressperson. It carries a lot of weight, actually. Talk to your neighbors and encourage them to do the same. Vote for people who have a proven track record of representing your concerns. Or run for office yourself .

Talking, reading, writing voting. These are the tools that change democracies. If that sounds idealistic to you consider that despots everywhere and at all times fear those things the most.

Make up your minds ...

[Crypto+Cavedweller]

It's pretty funny watching some of the same people who were hailing Alan Turing as a hero when the Brits finally pardoned him now act as if this is Evil Incarnate when it's what Turing would be working on if he were alive today.

Re:Quantum Computing Website

[MobSwatter]

The NSA wasn't in charge of Obamacare...if they were you wouldn't even need to sign up, they could just figure out your selections for you.

Not really, irrelevant of what you believe your selections are, they'll tell you what your selections will be.

.... the reassuring part

[Arancaytar]

The reassuring part is that public key infrastructure is still OK when done properly, since the NSA is still working so hard to defeat it

Indeed, that sounds reassuring. But reassuring you would easily be worth 80 million to the NSA.

You can't hide secrets from the future

[ALpaca2500]

MC Frontalot - Secrets From the Future

RSA is not a "modern encryption"

[eexaa]

I mean, we got lots of PQ cryptosystems already working, google for "post-quantum GPG".