Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Trying To Build Quantum Computer

Posted by Soulskill on from the looking-forward-to-quantum-leaks dept.

New submitter sumoinsanity writes "The Washington Post has disclosed that the NSA is trying to build a quantum computer for use in cracking modern encryption. Their work is part of a research project into tackling the toughest equipment, which received $79.7 million in total funding. Another article makes the case that the NSA's quantum computing efforts are both disturbing and reassuring. The reassuring part is that public key infrastructure is still OK when done properly, since the NSA is still working so hard to defeat it. It's also highly unlikely that the NSA has achieved significant progress without outside awareness or help. More disturbing is that it may simply be a matter of time before it fails, and our private messages are out there for all to see."

20 of 221 comments (clear)

  1. One word by Anonymous Coward · · Score: 5, Funny

    Bitcoin mining.

    Ok, 2 words.

  2. Actually... by i+kan+reed · · Score: 5, Funny

    It's a tool to help them justify congress how they can be spying on all Americans and not spying on any Americans at the same time.

    1. Re:Actually... by i+kan+reed · · Score: 5, Funny

      The main joke of my post here is that congress actually cares.

    2. Re:Actually... by Anonymous Coward · · Score: 3, Funny

      This explains why there are cats on the internet.

    3. Re:Actually... by i+kan+reed · · Score: 3, Informative

      The elite at the top are actually temporary political positions that come and go with presidents. The worst of the NSA programs have been continuous programs lasting between administrations.

  3. Government of the peephole by ciderbrew · · Score: 5, Funny

    For the peephole by the peephole.

  4. $79.7 million? by Anonymous Coward · · Score: 4, Insightful

    That figure is so small vs total intelligence+defence budget that it'd be worth setting up a faux research effort just to give the misleading impression that they haven't yet developed something far better.

  5. Which part is most disturbing? by meustrus · · Score: 4, Interesting

    The disturbing part is not that the NSA might be able to listen to everyone's encryption someday. They are not an engineering organization and they will not be at the forefront of qubit manufacturing. The disturbing part is that they are wasting an enormous amount of taxpayer dollars on an impossible task aimed at ultimately destroying the ability to have security of any kind.

    --
    I sometimes ask revealing, often ignorant-seeming questions. Maybe they're harder to answer than you think.
    1. Re:Which part is most disturbing? by ledow · · Score: 5, Interesting

      Worse than that - they are wasting that money on a possible task that will actually have little overall impact on security whatsoever.

      Post-quantum cryptography has existed for the last 30 years, at least. And to get to the point where it's an issue, what you need is an entity to push towards quantum decryption that you DON'T want to have it (i.e. the NSA, for example).

      Then all that happens is we adopt those other schemes faster, spot the holes faster, compensate for them faster, and by the time the NSA can buy a quantum machine of size enough to defeat today's encryption in a reasonable time, we'll have an established standard far beyond it's capabilities and tested for (potentially) decades.

      All the NSA has done is forced the entire world to up its game. Compare and contrast to, say, GCHQ who formulated public-key-encryption several years before anyone else had done it, and KEPT IT QUIET (like spy-based agencies are supposed to). They enjoyed years of secure comms, and years of advantage decrypting other secure comms when someone else eventually discovered the exact same mathematics and got famous on it (Diffie and Helman).

      Sadly, the modern GCHQ is but a shadow of its former self.

    2. Re:Which part is most disturbing? by Antipater · · Score: 4, Insightful

      $80 million isn't that enormous, as far as things go. That's like half of one F-22.

      --
      Everything is better with chainsaws.
    3. Re:Which part is most disturbing? by amorsen · · Score: 5, Funny

      The NSA is but a misunderstood genius, boldly sending their agent Edward Snowden into the arms of the enemy. Their aim is to protect the Western world from the defeat that will come as a result of ignored security vulnerabilities, lousy cryptography, people who are willing to work with corrupt government entities and so on.

      See, no one would have listened if they had simply held lectures on proper security. Some might even do the opposite out of suspicion that the NSA is betraying them. The only way to fulfill their duty of keeping America safe was to send out a "whistleblower" to say all the things that they themselves could not get through with. Only then would the mass media react and the story gather enough momentum to cause every software developer to improve their work, every customer to demand better and more open security, every person to think twice when being asked to do things that are not right.

      I wish.

      --
      Finally! A year of moderation! Ready for 2019?
  6. Some background facts by hweimer · · Score: 4, Informative

    These are hardly shocking revelations. The document mentions to achieve control over two semiconductor qubits, whereas factoring 2048 bit numbers requires at least that many qubits, and probably several orders of magnitude more. The current record stands at control of 14 qubits, achieved in 2010 in Rainer Blatt's group at the University of Innsbruck, Austria, using trapped ions.

    Some time ago, I wrote something on the history and possible future of quantum computing. Moreover, one also has to keep in mind that there are public key cryptosystems that most likely cannot be cracked even with quantum computers.

    --
    OS Reviews: Free and Open Source Software
  7. Quantum computers arn't magic by Viol8 · · Score: 5, Interesting

    In *theory* they can match the values of an N bit code in one go where N is the number of quantum bits. In practice it might be another matter but even if not - that simply means you use more bits in your key. Once a quantum computer has used up all its bits it has to revert to working like a standard computer and doing everything serially. So if the quantum computer is N bits and we have a key with N + 32 bits the machine will still have to try 2^32 matches. So as quantum computer registers get larger so will encryption keys. Someone builds a 256 bit quantum computer? Great! So just use a 512 bit key and it'll have to do 2^256 comparisons. ie - it'll be damn slow.

    1. Re:Quantum computers arn't magic by compro01 · · Score: 3, Informative

      Symmetric key encryption with sufficiently large keys is perfectly safe from a quantum computer.

      But current public-key encryption (e.g. RSA) and key exchange (e.g. DHM) isn't.

      Unbreakable symmetric key encryption isn't worth a damn if you have no secure means of exchanging keys.

      --
      upon the advice of my lawyer, i have no sig at this time
  8. And they called me crazy by lagomorpha2 · · Score: 3, Funny

    ...and my colleagues called me crazy when I gave them 256GB USB drives full of true randomly generated one-time pads to use to decrypt my emails because I didn't trust public key.

    Who's crazy now! Muhahaha! (posted from secret volcano lair)

    1. Re:And they called me crazy by Ckwop · · Score: 3, Interesting

      256GB USB drives full of true randomly generated one-time pads

      I know this is a piece of humour but since this is Slashdot why not?

      What a lot of people don't understand is that is much harder than it first appears. For example, doing cat /dev/random to a file on disk will not give you bytes suitable for use in a OTP.

      The issue is that the many TRNGs hash their entropy pool with a cryptographically secure hash. When you use such a hash there is no guarantee that the input space would be uniformly mapped to the output space.

      To illustrate this, suppose we had an entropy pool 1024-bits deep. Suppose before producing the output the pool is hashed with SHA-1. This is an output that 160-bits wide. There is no proof whatsoever that if we cycled a counter from 0 to 2**1024 that the hash of these would distribute evenly of 2**160 possible has outputs. If this were the case, each output hash value would appear exactly 2**864 times. It is highly unlikely that this is the case.

      What this means is the the output is distinguishable from a true random source, which completely breaks the security proof for the OTP. Granted, the attacker would likely to have to do an infeasible amount of work to use this distinguisher. However, the OTPs proof gives you security from computationally unbound adversaries. It's the whole point of using the OTP!

      So in short, you can't use /dev/random, you can't use pretty much any commercial random number generator. You'd have to roll your own and show that your bias is small enough for no attack to be practical. Like I said, it's harder than it looks.

  9. Re:Comment is not flamebait, it's a physics pun by nobuddy · · Score: 4, Funny

    Not today. He was caught mass-modding people who disagree with him last night. All associated accounts were stripped of mod ability forever.

    He will just make more, but he's dead in the water for a bit.

  10. This is what they should be working on by wcrowe · · Score: 4, Insightful

    The NSA deserves a lot of criticism for some of the things they've been doing. However, this is the kind of thing they should be working on. It's not the tools they have that bothers me. It is how they use them that is the problem.

    --
    Proverbs 21:19
  11. Re:No shit? by Spectre · · Score: 5, Insightful

    Agreed, breaking encryption systems is one of the two primary reasons the NSA was formed in the first place ... this is the NSA doing what they are supposed to do!

    --
    "Flame away, I wear asbestos underwear"
  12. Re:No shit? by MightyMartian · · Score: 4, Insightful

    And if the NSA could keep its hands off of domestic data, that wouldn't be an issue, but seeing as it uses existing tools to spy without warrant on US citizens on US territory, there is no reason to believe they won't apply new technologies in the same way.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.