SoylentNews is people
SoylentNews
from the that's-what-they-WANT-you-to-think dept.
https://www.theregister.com/2021/09/01/nsa_quantum_computing_faq/
America's National Security Agency has published an FAQ about quantum cryptography, saying it does not know "when or even if" a quantum computer will ever exist to "exploit" public-key cryptography.
In the document, titled Quantum Computing and Post-Quantum Cryptography FAQ, the NSA said it "has to produce requirements today for systems that will be used for many decades in the future." With that in mind, the agency came up with some predictions [PDF] for the near future of quantum computing and their impact on encryption.
Is the NSA worried about the threat posed by a "cryptographically relevant quantum computer" (CRQC)? Apparently not too much.
What the super-surveillance agency seems to be saying is that it's not a given that a CRQC capable of breaking today's public-key algorithms will ever emerge, though it wouldn't be a bad idea to consider coming up with new techniques that could defeat a future CRQC, should one be built.
It's almost like the NSA is dropping a not-so-subtle hint, though why it would is debatable. If it has a CRQC, or is on the path to one, it might want to warn allies, vendors, and citizens to think about using quantum-resistant technologies in case bad people develop a CRQC too. But why would the spies tip their hand, so? It's all very curious.
What do the experts here think... is this a red herring or is there some substance to this ?
(Score: 3, Insightful) by JoeMerchant on Thursday September 02 2021, @11:41AM (15 children)
When an intelligence gathering agency volunteers information, that information is suspect by default. The visible quantum computing projects don't seem terribly expensive or hard to reproduce or scale up. What are the odds that superpower intelligence programs do not have much larger and more capable quantum computers already working on decryption tasks?
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 0) by Anonymous Coward on Thursday September 02 2021, @11:53AM (4 children)
The NSA has working quantum computers and all the mathematicians needed to make quantum-safe cryptographic algorithms. The military has working artificial intelligence and the robot drones to weaponize it.
(Score: 1, Funny) by Anonymous Coward on Thursday September 02 2021, @03:38PM (3 children)
The Special Forces are human-android hybrids that don't need to sleep and can shit bullets.
(Score: 0) by Anonymous Coward on Thursday September 02 2021, @04:41PM (2 children)
Did you mean cyborgs, or that they have robots that can reproduce sexually with humans? Not to kink-shame, but SN is not your personal erotica site.
(Score: 0) by Anonymous Coward on Thursday September 02 2021, @06:10PM (1 child)
I'd guess the military have a sub fetish. They seem to enjoy degrading themselves and being used as the Taliban's bitch.
(Score: 2) by Kell on Thursday September 02 2021, @10:46PM
I thought they were sub kinksters because they're into SSBN...
Scientists ask questions. Engineers solve problems.
(Score: 3, Interesting) by looorg on Thursday September 02 2021, @12:21PM (5 children)
In that regard would it not be more likely that they actually believe that they, or someone else they can buy it from, will build one and it will work and they are now trying to downplay that fact so more and more will implement weak encryption so they can snoop on them in the future?
That said perhaps they are correct. A lot of quantum computing claims at the moment seem to be about the hype or problems that they believe that they can (or hope they can) solve in the future. Isn't the field today a bit light on actual practical problems solved right now? Some suggestions that they are solving problems we already solved but faster, which is nice but still it's not the same. Then there are the papers with very iffy claims and solutions that may or may not be real or working.
(Score: 3, Interesting) by JoeMerchant on Thursday September 02 2021, @12:49PM (4 children)
For all my skepticism, I find it hard to believe that if a quantum algorithm to break, say, RSA or Elliptic Curve encryption were shown to give significant speedup - even on trivial key sizes using small quantum computers, that we'd have hordes of academic papers showing projected curves into the future how the algorithm will scale with larger quantum computers and what it means for break-times on larger and larger keys up to and past the current standards for security.
And, of course, the first group to break 256 bit Elliptic Curve will own as much Bitcoin as they can cash before the world catches on and crashes its value.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 2) by JoeMerchant on Thursday September 02 2021, @04:49PM
From TFA's FAQ:
Q: Aren’t the public key algorithms in the CNSA Suite all vulnerable to quantum attacks?
A: The public key algorithms (RSA, Diffie-Hellman, ECDH, and ECDSA) are all potentially vulnerable to attack
by a CRQC. The intent of the interim strategy is to allow more flexibility for customers and vendors in the near
term to save on costs while robust quantum-resistant standards are being developed and thoroughly evaluated
by the cryptographic community.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 0) by Anonymous Coward on Thursday September 02 2021, @05:13PM
https://en.wikipedia.org/wiki/Shor%27s_algorithm [wikipedia.org]
(Score: 2) by VLM on Friday September 03 2021, @10:18PM (1 child)
Note that CNSSP-15 is now demanding keys longer than 3000 bits whereas in the old days 1024 bits was good enough.
The "suite B" stuff from the 00's is now considered "historic" and no longer good enough.
So maybe its already happening?
(Score: 2) by JoeMerchant on Friday September 03 2021, @11:07PM
Those were weaknesses discovered in the early MD5 algorithms using conventional attacks in the early 2000s. SHA2-256 has stood firm since then (hash not crypto, but related) but they developed and standardized SHA3 just incase.
RSA 2048 is considered "breakable" but the cost to do so is... significant.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 1, Interesting) by Anonymous Coward on Thursday September 02 2021, @01:42PM (1 child)
I'm assuming by your hyperventilating that you've never really paid attention to them and the amount of information they do provide. They've always "volunteered information" if you've been paying attention, because that is actually part of their job. You can get your panties in a wad about what you don't know about them, or about the things they're not going to talk about, but they are a huge reason that computer systems are as secure as they are.
I encourage you to actually read that linked PDF and tell me that it isn't a very good document on quantum computing.
Your ilk have decided you know exactly what they know and what they do and if they don't say anything about it, that confirms you're right. If they say something different about it, that confirms you're right because they are obviously being intentionally misleading. And if they say something that confirms what you think, then that means you are right. All roads lead to Rome. Is it a surprise that people want to inhale bleach and eat horse dewormer, because it is exactly the same "logic" that gets used there too.
(Score: 2) by JoeMerchant on Saturday September 04 2021, @03:38PM
Who is hysterically hyperventilating?
I actually have read the NSA release, and it is as usual an equivocal"load of waffle."
If you are charged with operating a secure government service, it gives general guidelines which tell you how to meet expectations and reduce costs while maximizing interoperability with other government operators.
It states the obvious about symmetric keys ( zero concerns for quantum cracking ) and yet fails to even mention defense in depth layering of potentially quantum secure methods with proven secure vs conventional attack methods.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 2) by sjames on Thursday September 02 2021, @05:00PM (1 child)
Agreed that anything the NSA says is suspect. However, I have yet to see a QC do anything practical AT ALL, much less crack crypto. The best we've seen so far is a QC that demonstrates that it's better at being a QC than a simulation running on a conventional computer is MOST of the time.
Scaling is likely to be VERY difficult. In fact, the difficulty in keeping a QC coherent scales exponentially with the number of qbits. The ongoing research is well justified, but a practical QC that actually does something practical better than a conventional computer is NOT just around the corner.
Most of the NSA's efforts seem to have been getting crypto with weaknesses known only to them (as far as they know) introduced as standards and to hell with any damage that does top businesses or non-NSA government agencies.
(Score: 2) by JoeMerchant on Thursday September 02 2021, @06:23PM
This is what I refer to as "conservation of difficulty." Whatever problem space you are working in, transforming a problem to another space rarely makes it any easier.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 2) by Rosco P. Coltrane on Thursday September 02 2021, @12:22PM (8 children)
They would say that if they already had the capability.
Or they would tell the truth as a double-bluff so you think they have the capability.
The only thing you know for sure about the NSA is that you can't know anything for sure about the NSA.
(Score: 1, Funny) by Anonymous Coward on Thursday September 02 2021, @12:34PM (7 children)
They LARP as good guys who are now out in the open instead of No Such Agency and are just here to protect 'merica.
(Score: 2) by janrinok on Thursday September 02 2021, @02:42PM (6 children)
Not quite - there are 2 parts to NSA. One part wants to hear everything - and the other wants to protect everything from being overheard. They are not all bad guys, if any are at all.
(Score: 0) by Anonymous Coward on Thursday September 02 2021, @03:41PM
Not bad guys, but working for bad guys. Like the rest of us. So whatcha gonna do?
(Score: 0) by Anonymous Coward on Thursday September 02 2021, @04:31PM (1 child)
Anybody working for the NSA in 2021 is a bad guy. They knew exactly what kind of evil shit they signed up for.
(Score: 2) by janrinok on Thursday September 02 2021, @05:49PM
(Score: 0) by Anonymous Coward on Thursday September 02 2021, @06:47PM (1 child)
The offensive part is duplicated with the US Cyber Command, so all those NSA folks should really move over there and
remove the split focus which seems to make them bad at both since they hoard vulnerabilities without notifying vendors.
(Score: 3, Interesting) by janrinok on Friday September 03 2021, @05:43AM
It's the other way around. I'll bet that Cyber Command is subordinate to the NSA for the signals intelligence aspects of their work. But Cyber Command are looking predominantly at securing the use of the internet by US Military forces while preventing its use by enemy forces, predominantly military e.g.. For example, the GRU [iotcentral.io], or the North Korean military units.
Part of the NSA's role is to 'hear everything' - which is why they are always looking for vulnerabilities which they can exploit to achieve this. Having the ability to intercept an enemy's communications is vital, so they are hardly going to tell people how they do it and how to stop it, otherwise the enemy will also know what to fix. This task also includes the ability to monitor terrorist communications - so they have to be able to intercept communications both externally and within the US e.g. the terrorists who flew the planes during 9/11 were actually inside the USA. Neither of us knows what exactly they are doing today.
I agree with you about the need for personal privacy but I also believe that the government has a duty to protect the people. Whichever path they chose to follow will be exploited by those who wish to harm that governments defences and who might, of course criticise whatever they do for that reason. Others just look at their own personal circumstances and do not consider the bigger picture.
In an ideal world none of this would be necessary. Unfortunately, we do not live in such a world.
(Score: -1, Flamebait) by Anonymous Coward on Thursday September 02 2021, @07:14PM
Ah, so jan is an old spook or something, figures. Many people sweep the bad things under the rug just because the intentions are good. This mass surveillance is more harmful than good, full stop.
(Score: 5, Informative) by driverless on Thursday September 02 2021, @12:24PM (15 children)
Twenty years ago, the state of the art in quantum cryptanalysis was factoring the value 15 (four bits), provided you knew the factors in advance.
After twenty years of effort, we've now advanced to factoring the number 21 (five bits), provided you know the factors in advance.
Last I checked, we haven't made it to six bits yet.
A typical RSA key today is 2048 bits, and things get harder exponentially due to various effects like decoherence as you get to more bits.
Quantum cryptanalysis is the rapture for crypto geeks, the magical apocalypse they can hang out for and invent new algorithms to deal with even though it'll never actually come. And every time their boss says "why are we paying you to wank around with exotic algorithms to replace existing ones that work just fine" they can say "but the rapture is coming!".
(Score: 0) by Anonymous Coward on Thursday September 02 2021, @01:15PM
The report seems to say that symmetric would be quantum safe. That seems wrong.
Misdirection here would be interesting.
Why this seems wrong is that in theory, there should be follow on to relevant QC.
First, make something that can to some special trick with a hand crafted algorithm like Shore's.
That would make public key exchange as we know it worrysome.
This threat seems about as real as than fusion for power generation.
A really hard engineering problem that physics says is possible, maybe.
Second, a box that can solve general logic equations without a hand crafted algorithm.
Such a box is even less real now, but I don't see why it's not just as possible eventually.
That seems the ultimate goal and definitely more dangerous than our friendly report admits.
It would take out symmetric and anything else you can describe with logic equations.
Not sure what a countermeasure would be, but I'd bet we learn something new about information theory and physics that says why this can't work.
It would be nice to see somebody actually factor 15 fair and square.
Definitely a grab your popcorn moment that the report was published.
(Score: 2) by HiThere on Thursday September 02 2021, @01:52PM (9 children)
You're overly dismissive, but I think (based on open information) that the NSA statement is right on. It's not clear that significant quantum computation will ever be possible, but it isn't clear that it won't.
OTOH, it's also not clear how useful even a good and cheap quantum computer would be. Yes, it could factor numbers well, and it could probably simulate quantum processes admirably. Those are two uses with a large fan-out of effects. But it's not clear that it would be better at anything else.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by driverless on Thursday September 02 2021, @02:04PM (4 children)
Sure, but the same could be said for almost any other form of attack. For example we desperately need more work on time travel resistant cryptography [colinoflynn.com], and alien-resistant cryptography, and witchcraft-resistant cryptography, and ...
(Score: 2) by maxwell demon on Thursday September 02 2021, @04:44PM (3 children)
The difference is that unlike time travel, alien technology and witchcraft, quantum mechanics has been proven to work countless times in the lab, and even small quantum computers have been built. The only thing which we don't yet know for sure is whether scaling them to larger sizes is possible.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 4, Interesting) by sjames on Thursday September 02 2021, @05:31PM (2 children)
According to PEAR lab [wired.com] at Princeton, witchcraft may stand a decent chance.
(Score: 2) by Subsentient on Friday September 03 2021, @02:31AM (1 child)
I can believe this, though I'm skeptical. Who knows? I've always treated my devices with care, perhaps that's why I have far fewer physical hardware failures than most people I know. I've often felt a genuine sense of gratitude to inanimate machines when they serve me well. Maybe it makes a difference.
"It is no measure of health to be well adjusted to a profoundly sick society." -Jiddu Krishnamurti
(Score: 3, Interesting) by sjames on Friday September 03 2021, @06:50AM
There's plenty to be skeptical of there. On the other hand, way back in the before time starting my IT career I was building and servicing PCs (back when small PC boutiques were a viable business. I had one PC come back for the third time with customer complaining that it would freeze up. I could never get it to malfunction on the bench no matter how I abused it (short of actually pulling the plug). The first two times it was sent back with nothing done to it. That third time as a joke, I plucked a hair and put it on the motherboard to "remind it it's being watched". It didn't malfunction again.
(Score: 1) by AlienInterview on Thursday September 02 2021, @05:14PM (3 children)
I struggle to understand how quantum computers operate and what they do. I didn't realize the struggle with quantum computers was as difficult as it was until I saw an interview with a quantum computer scientist who said basically "When you program a quantum computer your program needs to have both the question and the answer in it before you know the answer and that is a challenge."
I always expected quantum computing to excel at AI as, in my head and with out any understanding of qualifications to make such a statement, the ability to evaluate so many possibilities would get AI closer to actual cognition and consciousness. Is this an outlandish idea?
(Score: 0) by Anonymous Coward on Thursday September 02 2021, @06:27PM
Quantum machine learning and quantum neural networks are also "a thing".
(Score: 1, Informative) by Anonymous Coward on Thursday September 02 2021, @07:22PM (1 child)
Basically quantum computing is like a web where bits of information can be tied together. Tug on one strand and it vibrates all the connected ones. With regular computing everything is done in a straight predictable line. With quantum computing changing one bit of information can affect many other bits instantly without requiring some specific set of instructions of how to change the other bits.
Here is a bad analogy, regular computing is like dominoes and quantum computing is like jenga. Dominoes fall over in a line one after another, Jenga you remove one piece and every piece in the tower is affected.
(Score: 1) by AlienInterview on Thursday September 02 2021, @11:00PM
Thanks for the info. I'm slowly getting a grip on them. My most recent leap came from understanding how a result is output. I already knew that quantum gates were a thing and that quantum algorithms were a thing but it still never made any sense to me. I understand how classical gates and classical algorithms work no problem.
In a quantum computer the quantum gates are some block box operations and the algorithms are processes that cause the "correct" type of constructive and destructive interference. Then the signal that comes out of the processor is the result of the interference and you measure that and you get a result for the computation.
Crazy!
(Score: 3, Informative) by FatPhil on Thursday September 02 2021, @02:12PM
Or something almost as retarded as that.
The best thing was how they spun it as the simultanious factoring of dozens of composite numbers, each one having factors that shared the same difference property. One of the claims even included the factoring of a number whose storage requirements were bigger than the machine used for factoring it, IIRC. At that point I went into full "don't even pay attention to them now" mode.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Thursday September 02 2021, @03:43PM
> And every time their boss says ...
So then you look at what the boss is doing himself... wank wank wank. Nothing. Fiddling with Excel sheets. Nitpicking attendance records. Ordering paperclips. Real stuff.
(Score: 0) by Anonymous Coward on Friday September 03 2021, @02:32PM
This is true and insightful. It is also very misleading, to the point of possibly being "just wrong."
There are two analogies I'm thinking of. The first is AI and the board game "Go." For years, AI was horribly bad, constantly trounce-able by humans on the simplified 9x9 board (much less the 19x19 board). It would slowly improve, but still utterly fail at even mid-level human play. Then Google took a fundamentally different approach, there was literally a quantum leap in technology, and now there is "no way for a human to beat even a moderate AI." This is recent enough in history that most people here probably remember that moment.
It's good to note that the current state of technology is only creeping forward. I wasn't aware how slow it was. However, that's not to say it is impossible to break. It could very well be tomorrow there is a breakthrough, and it happens practically overnight.
The second analogy would be fusion technology. We keep getting promised "fusion technology in 20 years," and that keeps extending out. However, as much as anything, that is because of a failure to invest in it. That could possibly be the situation with quantum computing as well, that it is a failure to invest as anything which is causing it to stall so much. I haven't checked numbers and I doubt it, but it is a possibility.
(Score: 2) by VLM on Friday September 03 2021, @10:22PM
In the old days, a supercomputer was a giant machine that turned your problems from being ALU/compute limited to IO limited. And IO hasn't increased in speed as much as silicon did in past decades, so ...
In the new days, a QC will be a giant machine that turns your problems from too many qubits required into a problem of decoherence means you can't read the result.
(Score: 4, Insightful) by Thexalon on Thursday September 02 2021, @01:06PM (1 child)
"We at the NSA have already cracked public key encryption in those cases where we need to, but we may have used a different method to do it, and more importantly we don't want the people we're spying on to know that we did it and how."
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 0) by Anonymous Coward on Thursday September 02 2021, @03:21PM
I thought they were still working on cracking rot-13?
(Score: 3, Funny) by EJ on Thursday September 02 2021, @01:23PM (2 children)
Imagine the NSA caring about anything you personally do online.
The last I checked, they still have me blocked. I can't even text them anymore :(
(Score: 4, Insightful) by Thexalon on Thursday September 02 2021, @07:06PM (1 child)
So, they might not care what you do now.
But here's why they enjoy getting data on everybody: If at some point in the future you become important to them (e.g. elected to public office, involved in some sort of protest movement, or a significant person in a business they care about) they can blackmail you with what they know about you. And it doesn't have to be something you did: If you, say, donated to somebody's GoFundMe to deal with a hospital bill or something, and it turns out that somebody likes to watch the kind of pr0n a lot of people find distasteful, that will get turned into "EJ supports _______ pr0n".
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by EJ on Thursday September 02 2021, @07:20PM
ROFLMAO! Like I said before. Imagine any of that stuff actually happening to you personally.
As if I would actually get out of bed to go to a protest. Public office? As if.
I'm not saying this isn't a concern. I'm just saying most of us shouldn't lose any sleep over it.
As for pr0n. The NSA has the best pr0n. I just hope they share.
(Score: 2) by bzipitidoo on Thursday September 02 2021, @02:51PM (3 children)
Right now, this area of research is wide open. Been an open problem since it was first formulated the 1970s. QP is the set of problems solvable in polynomial time with a quantum computer. We don't know what is and is not in QP. We can say that QP is in NP, and P is in QP, that is, P = QP = NP. (Yes, I know, should be using Set Theory symbols, not the less than sign.) P!=NP remains unproven, and if somehow P=NP, then all this effort with quantum computing may be moot, because then P=QP=NP. However, most everyone thinks that P!=NP.
Some years ago, I considered the possibility that there could be some principle of physics that would prevent a quantum computer of more than a very few "qubits" from functioning. That could still be so. But everyone was banging away with so many supposed advances in quantum computing that it seemed a real quantum computer with a serious number of qubits was just around the corner, and when it came, RSA and all of public key encryption would be toast.
Often, the advances turned out to be hot air, just a bunch of hype. Not quite fake, but not the big breakthrough the marketing department trumpeted. Yes, we have quantum computers with hundreds of qubits-- provided you use them only for simulated annealing.
So, yes, any announcement concerning quantum computing should be viewed with great skepticism. It's hot, It's big. And that attracts the hustlers and swindlers, ready to sell eager chumps a magical mystical device that allegedly does quantum computing. That's what happens when everyone gets too eager for something.
(Score: 0) by Anonymous Coward on Thursday September 02 2021, @03:26PM
With the right set of breakthroughs, the dominoes will fall quickly. Unlike in the 1970s or 90s, we can fabricate chips with billions of transistors. Adapt a working quantum design to even an older node, and it can be scaled up to millions of physical qubits.
(Score: 4, Informative) by maxwell demon on Thursday September 02 2021, @04:56PM (1 child)
In particular, you should have used preview; then you would have noticed that no less-than sign shows up in your post. :-)
Hint: If you want to get a less-than sign, you have to write <. You also get a less-equals sign with ≤.
But you can get set theoretic signs as well; in particular ⊂ (⊂) and ⊆ (⊆).
I assume what you actually wanted to write is P ⊆ QP ⊆ NP.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 3, Informative) by bzipitidoo on Thursday September 02 2021, @06:13PM
It's one of the most annoying things about the code that although I have my comments set to "Plain Old Text" it still interprets the < symbol as if it might be HTML.
Observe a small bug. If you write "& lt" in your text (without the space), and you hit preview twice, the less than sign disappears anyway. The 1st time you hit preview, the web page converts the one in the text input box to the less-than sign, and the 2nd time, the sign just goes away. Use a semicolon, "& lt;", and it stays.
Anyway, yeah I didn't want to take a moment to look up the UTF-8 codes for the Set Theory symbols, nor the not-equal symbol.
(Score: 1) by AlienInterview on Thursday September 02 2021, @04:30PM
(Score: 3, Interesting) by PinkyGigglebrain on Thursday September 02 2021, @06:20PM (1 child)
One of the best ways to hide a big lie is to wrap it in a little truth.
So they don't know when or if a public key created for Today's test run will be broken.
"I don't know when or if the sun will rise tomorrow." is a truthful statement independent of the fact that the event happened previously.
"Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."
(Score: 0) by Anonymous Coward on Thursday September 02 2021, @07:27PM
Yeah, we're multiple years past the first commercially developed quantum computer, to me this says they are already breaking crypto and want to delay people taking precautions.