Forgot your password?
typodupeerror
Encryption Communications Privacy Supercomputing

NSA Trying To Build Quantum Computer 221

Posted by Soulskill
from the looking-forward-to-quantum-leaks dept.
New submitter sumoinsanity writes "The Washington Post has disclosed that the NSA is trying to build a quantum computer for use in cracking modern encryption. Their work is part of a research project into tackling the toughest equipment, which received $79.7 million in total funding. Another article makes the case that the NSA's quantum computing efforts are both disturbing and reassuring. The reassuring part is that public key infrastructure is still OK when done properly, since the NSA is still working so hard to defeat it. It's also highly unlikely that the NSA has achieved significant progress without outside awareness or help. More disturbing is that it may simply be a matter of time before it fails, and our private messages are out there for all to see."
This discussion has been archived. No new comments can be posted.

NSA Trying To Build Quantum Computer

Comments Filter:
  • One word (Score:5, Funny)

    by Anonymous Coward on Friday January 03, 2014 @11:32AM (#45856683)

    Bitcoin mining.

    Ok, 2 words.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Quantum computing would only give you a modest square root speed up on computing the hash functions. You could however break the elliptic curve signature algorithm and sign all the coins to yourself.

    • Re: One word (Score:2, Informative)

      by Anonymous Coward

      You wouldn't use this to mine bitcoins (since that involves finding a hash with specific properties), but you might use it to steal them (the secret part of your wallet is a private key).

    • With a non-breakable space you can make that one word.

  • Actually... (Score:5, Funny)

    by i kan reed (749298) on Friday January 03, 2014 @11:34AM (#45856713) Homepage Journal

    It's a tool to help them justify congress how they can be spying on all Americans and not spying on any Americans at the same time.

  • by ciderbrew (1860166) on Friday January 03, 2014 @11:36AM (#45856745)
    For the peephole by the peephole.
  • $79.7 million? (Score:4, Insightful)

    by Anonymous Coward on Friday January 03, 2014 @11:36AM (#45856753)

    That figure is so small vs total intelligence+defence budget that it'd be worth setting up a faux research effort just to give the misleading impression that they haven't yet developed something far better.

  • by jasno (124830) on Friday January 03, 2014 @11:37AM (#45856761) Journal

    Come on... what's next? "NSA attempts to listen to other nation's communications"? That *is* their job, you know.

    They've broken the law in letter and spirit. Let's try to keep the focus on that.

    • Re:No shit? (Score:5, Insightful)

      by Spectre (1685) on Friday January 03, 2014 @12:16PM (#45857257)

      Agreed, breaking encryption systems is one of the two primary reasons the NSA was formed in the first place ... this is the NSA doing what they are supposed to do!

      • Re:No shit? (Score:5, Insightful)

        by MightyMartian (840721) on Friday January 03, 2014 @01:00PM (#45857837) Journal

        And if the NSA could keep its hands off of domestic data, that wouldn't be an issue, but seeing as it uses existing tools to spy without warrant on US citizens on US territory, there is no reason to believe they won't apply new technologies in the same way.

        • by anagama (611277)

          And if the NSA could keep its hands off of domestic data

          You know what is sad-funny? If you look at the original leaked verizon order, it applies to 3 out 4 categories of phone calls:

          1. those that start and end in the US
          2. those that start in the US and end in a foreign country.
          3. those that start in a foreign country and end in the US.

          It expressly excludes calls that start and end in a foreign country. Good job focusing outward NSA.

          http://www.theguardian.com/world/interactive/2013/jun/06/verizon-teleph [theguardian.com]

    • by gmuslera (3436)
      In fact, they are making other nations, groups of people and individuals easier to listen US citizens and companies communications. By weakening the Dual_EC_DRBG pseudo random number generator they made it interceptable not just by them, and here is a proof of concept [0xbadc0de.be]. The most objective thing is controlling US population, the other nations are less prioritary.
  • by meustrus (1588597) <{meustrus} {at} {gmail.com}> on Friday January 03, 2014 @11:40AM (#45856807)
    The disturbing part is not that the NSA might be able to listen to everyone's encryption someday. They are not an engineering organization and they will not be at the forefront of qubit manufacturing. The disturbing part is that they are wasting an enormous amount of taxpayer dollars on an impossible task aimed at ultimately destroying the ability to have security of any kind.
    • by ledow (319597) on Friday January 03, 2014 @11:54AM (#45856997) Homepage

      Worse than that - they are wasting that money on a possible task that will actually have little overall impact on security whatsoever.

      Post-quantum cryptography has existed for the last 30 years, at least. And to get to the point where it's an issue, what you need is an entity to push towards quantum decryption that you DON'T want to have it (i.e. the NSA, for example).

      Then all that happens is we adopt those other schemes faster, spot the holes faster, compensate for them faster, and by the time the NSA can buy a quantum machine of size enough to defeat today's encryption in a reasonable time, we'll have an established standard far beyond it's capabilities and tested for (potentially) decades.

      All the NSA has done is forced the entire world to up its game. Compare and contrast to, say, GCHQ who formulated public-key-encryption several years before anyone else had done it, and KEPT IT QUIET (like spy-based agencies are supposed to). They enjoyed years of secure comms, and years of advantage decrypting other secure comms when someone else eventually discovered the exact same mathematics and got famous on it (Diffie and Helman).

      Sadly, the modern GCHQ is but a shadow of its former self.

      • by amorsen (7485) <benny+slashdot@amorsen.dk> on Friday January 03, 2014 @12:25PM (#45857383)

        The NSA is but a misunderstood genius, boldly sending their agent Edward Snowden into the arms of the enemy. Their aim is to protect the Western world from the defeat that will come as a result of ignored security vulnerabilities, lousy cryptography, people who are willing to work with corrupt government entities and so on.

        See, no one would have listened if they had simply held lectures on proper security. Some might even do the opposite out of suspicion that the NSA is betraying them. The only way to fulfill their duty of keeping America safe was to send out a "whistleblower" to say all the things that they themselves could not get through with. Only then would the mass media react and the story gather enough momentum to cause every software developer to improve their work, every customer to demand better and more open security, every person to think twice when being asked to do things that are not right.

        I wish.

      • by thue (121682)

        > Then all that happens is we adopt those other schemes faster

        But what of all the encrypted old traffic that the NSA has stored?

      • by LeDopore (898286)

        Then all that happens is we adopt those other schemes faster, spot the holes faster[....]

        I agree, and I'd argue we don't go far enough yet. We should adopt a few of these post-quantum schemes now alongside a trusted but quantum-vulnerable protocol such as RSA.

        You ensure that communications are safe unless all schemes can be broken. Here's how. Most public key cryptography is used to send a roughly 128 to 256 bit long one-time use key for a symmetric cipher like AES. It would be possible to select, say, 5 different public key protocols: 4 new (and therefore perhaps flawed) post-quantum schem

        • What post-quantum assymetric crypto is there?

          Anyway, crypto researchers don't like to increase their key-size without a clear need. Although I can understand why, I think they are too strict on that, and that we should start adopting multi-algorithm (composed) algorithms... but we just won't.

    • by Antipater (2053064) on Friday January 03, 2014 @11:58AM (#45857051)
      $80 million isn't that enormous, as far as things go. That's like half of one F-22.
      • $80 million isn't that enormous, as far as things go. That's like half of one F-22.

        Exactly what I was thinking. It seems like a paltry sum for such an effort. Probably just a PR stunt of some kind.

    • by slew (2918)

      They are not an engineering organization and they will not be at the forefront of qubit manufacturing.

      How do you know this? The NSA purchased an old abandoned Sony chip fab in San Antonio and started to re-commission it back in 2006, who knows what they are doing with it for the last 6 years? One of the promising target architectures for a large scale qubit is a cryogenically-cooled silicon double quantum-dot scheme. They might have more going on in this area than you might guess...

    • More than likely, all of that money is going to 1 or 2 men. They'll hire a kid or 2 fresh out of college (probably family) to 'do stuff' for like $100/hr. Maybe that goes on for 2 or 3 months. No one will care that we never hear of the results of this tax 'investment'. No one will care that the 1 or 2 men suddenly have huge houses or something like that. The 1 or 2 kids from college will get a nice job at the NSA due to their ability to keep a secret.
    • by FridayBob (619244)
      More likely is that this project is another self-licking ice cream cone and fool's errand conceived by Booz Allen Hamilton, or some other NSA contracting company. The sole purpose of the project will be to take the US Government to the bank, as they will forever be "this close" to making it work while their profits soar regardless. With the current mindset, the NSA director will never dream of shutting down this project for fear of not being the first to get their hands on this ultimate of cryptographic too
  • by rolfwind (528248) on Friday January 03, 2014 @11:43AM (#45856853)

    NSA always will try to expand and it's stands to reason that the Chinese and their companies aren't under NSA sway, so the backdoors they build in are not under NSA control so the NSA has to try to crack them the hard way. In no way does it mean they don't have the US population under total surveillance.

  • 'When done properly' (Score:3, Interesting)

    by BobMcD (601576) on Friday January 03, 2014 @11:45AM (#45856877)

    "The reassuring part is that public key infrastructure is still OK when done properly, since the NSA is still working so hard to defeat it."

    Unfortunately, 'when done properly' must include 'never using an American entity for key generation, storage, or distribution.' We have every reason to believe the NSA has muscled their way into possession of the master keys, Re: Lavabit. So if you're doing business with any type of PKI vendor who might be compelled to comply with a FISA court order, followed by a gag order, you might rethink it.

    Remember when every browser in the world switched to the panic pages about a 'non-trusted' key?

    Probably just a coincidence.

    • If I have a crack for a current cryptosystem, I'd still need to build a machine to address the next cryptosystem.

      Remember the panic in Britain when the (WW2) German submarine service switched from 3-rotor to 4-rotor Enigma machines! They hadn't finished a "bombe" got 4-rotor machines, and only broke the 4-rotor code when they captured an undamaged 4-rotor machine.

      That failure was one of the reasons behind building "Colossus", the first electromechanical computer. Colossus was eventually able to decrypt

      • Remember the panic in Britain when the (WW2) German submarine service switched from 3-rotor to 4-rotor Enigma machines! They hadn't finished a "bombe" got 4-rotor machines, and only broke the 4-rotor code when they captured an undamaged 4-rotor machine.

        I think you are not getting the details right here at all. Britain was never capable of cracking an Enigma with four rotors from scratch. However, the daily settings for the four rotor machine were the same as for messages sent to three rotor enigmas, with an additional rotor added. And the rotor was taken from the existing set of eight rotors. So Bletchley Park broke the code for the 3 rotor enigma, end then tried 5 rotors with 26 different settings to crack the 4 rotors enigma.

        • by davecb (6526)

          Actually they only did that for a few individual messages where the operators messed up, although they did describe it as an approach, until it was safe to admit they'd captured a 4-rotor machine from a sub. It was just declassified last year that they were so very badly stuck that they laid on the Dieppe raid in hopes they could "pinch" at least one machine from either the naval headquarters building or one of all the trawlers and e-boats based there. They failed miserably.

          My wife bought me the book on

  • by hweimer (709734) on Friday January 03, 2014 @11:46AM (#45856889) Homepage

    These are hardly shocking revelations. The document mentions to achieve control over two semiconductor qubits, whereas factoring 2048 bit numbers requires at least that many qubits, and probably several orders of magnitude more. The current record stands at control of 14 qubits, achieved in 2010 in Rainer Blatt's group at the University of Innsbruck, Austria, using trapped ions.

    Some time ago, I wrote something on the history and possible future of quantum computing [quantenblog.net]. Moreover, one also has to keep in mind that there are public key cryptosystems [wikipedia.org] that most likely cannot be cracked even with quantum computers.

    • by Rich0 (548339)

      Moreover, one also has to keep in mind that there are public key cryptosystems [wikipedia.org] that most likely cannot be cracked even with quantum computers.

      The key words you used are "most likely" and at least you're honest enough to use them. There is no mathematical proof that any cipher (other than the one-time pad) is resistant to all as-yet-unknown quantum algorithms. That doesn't mean that they are actually vulnerable - only that we cannot know with certainty whether they are.

      People seem to under-estimate the NSA's capabilities here when I talk to them. They employ a lot of really smart people, and they have the benefits of reading all the public lite

      • by hweimer (709734)

        The key words you used are "most likely" and at least you're honest enough to use them. There is no mathematical proof that any cipher (other than the one-time pad) is resistant to all as-yet-unknown quantum algorithms. That doesn't mean that they are actually vulnerable - only that we cannot know with certainty whether they are.

        That's the usual situation in complexity theory and it applies to classical algorithms as well. There is also no proof that quantum computers are actually superior to classical computers when it comes to cryptanalysis. Still, most people believe this to be true.

        People seem to under-estimate the NSA's capabilities here when I talk to them. They employ a lot of really smart people, and they have the benefits of reading all the public literature as well as all the classified stuff that their academic peers cannot read.

        Remember that we're talking about actual physical devices that need to be built and being really smart only helps you somewhat when you need to solder electronics or align a laser. And so far, the NSA employs hardly any physicists which you can also

      • There is no mathematical proof that any cipher (other than the one-time pad) is resistant to all as-yet-unknown quantum algorithms.

        That doesn't mean anything; the same is true for classical algorithms.

        That's hardly surprising if you understand what proving anything like that would entail. Hell, to prove you can't break ECC or RSA with a classical computer you'd have to prove P!=NP, since discrete log and factoring are in NP. (To see why, just note that fast factoring would break RSA, so to prove you can't break RSA you have to prove that fast factoring is impossible, which means that you have to prove that factoring is not in P -- but

        • Note, however, that proving that ECC or RSA are breakable does not require a proof of P=NP or P!=NP -- for example, you don't need fast factoring to break RSA.

          I think Knuth showed that having a fast algorithm for breaking RSA could be used for fast factoring of numbers, therefore RSA and factoring have about the same degree of difficulty.

          • I'd be interested in a reference, if you find one.

            As far as I know, this is an open question (see this [stackexchange.com] for a lot of references) -- so maybe I should have said:

            It may be that proving that ECC or RSA are breakable does not require a proof of P=NP or P!=NP -- for example, it's not known that you need fast factoring to break RSA".

            Still, the other point stands -- proving that breaking RSA is not in P (or that factoring is not in P) implies proving P!=NP.

    • "The current publicly known record is only control over 14 qubits"
      FTFY

      If the nsa figures something important I don't think they'll tell anyone. They don't care about public scientific progress.

  • by Viol8 (599362) on Friday January 03, 2014 @11:48AM (#45856909)

    In *theory* they can match the values of an N bit code in one go where N is the number of quantum bits. In practice it might be another matter but even if not - that simply means you use more bits in your key. Once a quantum computer has used up all its bits it has to revert to working like a standard computer and doing everything serially. So if the quantum computer is N bits and we have a key with N + 32 bits the machine will still have to try 2^32 matches. So as quantum computer registers get larger so will encryption keys. Someone builds a 256 bit quantum computer? Great! So just use a 512 bit key and it'll have to do 2^256 comparisons. ie - it'll be damn slow.

    • by compro01 (777531) on Friday January 03, 2014 @12:04PM (#45857125)

      Symmetric key encryption with sufficiently large keys is perfectly safe from a quantum computer.

      But current public-key encryption (e.g. RSA) and key exchange (e.g. DHM) isn't.

      Unbreakable symmetric key encryption isn't worth a damn if you have no secure means of exchanging keys.

      • Unbreakable symmetric key encryption isn't worth a damn if you have no secure means of exchanging keys.

        "Hey, Alice"
        "Hey, Bob"
        "See anyone around, Alice?"
        "Nope, you?"
        "Nope"
        "Here, take this thumb drive with my pictures, the 6th of which totally doens't hide my encryption key"
        "Sure thing, Alice"

    • by Rich0 (548339)

      So as quantum computer registers get larger so will encryption keys. Someone builds a 256 bit quantum computer? Great! So just use a 512 bit key and it'll have to do 2^256 comparisons. ie - it'll be damn slow.

      Well, nobody would even use a quantum computer to implement a non-quantum algorithm. Since we don't know how to build a practical quantum computer at all it is hard to tell whether it will be harder for the NSA to add more qubits to their designs than it will be for everybody else to use RSA with a 2 gigabit key and a 32-core system to serve an SSL website to 3 users at a time. Adding bits to an encryption algorithm has its costs as well. Quantum computing is remarkably efficient so the NSA might just ne

    • by hey! (33014)

      It's not at all clear to me that a quantum attack on encryption would *necessarily* have to proceed along the lines you propose, which is to use the quantum computer to remove N bits of entropy from the key, then to attack the rest of the key with brute force and conventional algorithms.

      Why would you even *consider* such hopeless approach?

      It seems to me that there are two other possible ways a quantum computer could be used. The first is to attack some other aspect of a cryptogrphic protocol that is hard

  • by lagomorpha2 (1376475) on Friday January 03, 2014 @11:52AM (#45856957)

    ...and my colleagues called me crazy when I gave them 256GB USB drives full of true randomly generated one-time pads to use to decrypt my emails because I didn't trust public key.

    Who's crazy now! Muhahaha! (posted from secret volcano lair)

    • by Ckwop (707653) <Simon.Johnson@gmail.com> on Friday January 03, 2014 @02:18PM (#45858677) Homepage

      256GB USB drives full of true randomly generated one-time pads

      I know this is a piece of humour but since this is Slashdot why not?

      What a lot of people don't understand is that is much harder than it first appears. For example, doing cat /dev/random to a file on disk will not give you bytes suitable for use in a OTP.

      The issue is that the many TRNGs hash their entropy pool with a cryptographically secure hash. When you use such a hash there is no guarantee that the input space would be uniformly mapped to the output space.

      To illustrate this, suppose we had an entropy pool 1024-bits deep. Suppose before producing the output the pool is hashed with SHA-1. This is an output that 160-bits wide. There is no proof whatsoever that if we cycled a counter from 0 to 2**1024 that the hash of these would distribute evenly of 2**160 possible has outputs. If this were the case, each output hash value would appear exactly 2**864 times. It is highly unlikely that this is the case.

      What this means is the the output is distinguishable from a true random source, which completely breaks the security proof for the OTP. Granted, the attacker would likely to have to do an infeasible amount of work to use this distinguisher. However, the OTPs proof gives you security from computationally unbound adversaries. It's the whole point of using the OTP!

      So in short, you can't use /dev/random, you can't use pretty much any commercial random number generator. You'd have to roll your own and show that your bias is small enough for no attack to be practical. Like I said, it's harder than it looks.

      • So in short, you can't use /dev/random, you can't use pretty much any commercial random number generator. You'd have to roll your own and show that your bias is small enough for no attack to be practical. Like I said, it's harder than it looks.

        Why do you think the secret base is located in a volcano?

        http://en.wikipedia.org/wiki/Lavarand [wikipedia.org]

        • by johnjaydk (584895)

          So in short, you can't use /dev/random, you can't use pretty much any commercial random number generator. You'd have to roll your own and show that your bias is small enough for no attack to be practical. Like I said, it's harder than it looks.

          Use a radioactive source and measure the decay. That is truly random.

  • by DriveDog (822962)

    Surely it wouldn't be so easy for the NSA to get people to trust current systems as to just say they're building a quantum computer to crack those (because they can't otherwise)? Come on, that's an old trick. CIA pulled it on the Soviets, stealing a cypher machine to cover an agent who'd already provided the means of decrypting their messages, hoping the Soviets would stop investigating the agent. So the Soviets appeared to stop investigating.

    Maybe the NSA can't crack some current codes, and is building a q

  • Switch to ring learning-with-errors [iacr.org], which was proven by Regev to reduce in the average case to the hardness of some worst case integer lattice problems. Crypto systems built in this way are believed to not be affected by quantum computers and research is proceeding fast as a result. The fact that the NSA is no further ahead than anyone else is reassuring - we know how to build post-quantum crypto systems, the work that remains is largely in the "maturing" phase rather than the "wtf do we do now" phase.

    • by Rich0 (548339)

      Has it actually been proven that it is mathematically impossible for a quantum algorithm to exist capable of defeating this system? I'm sure you could prove that any particular known algorithm wouldn't work, but the only system resistant to unknown algorithms that I'm aware of is the one-time pad.

      If this has been proven I'm genuinely interested. I will confess I'm not a cryptographer.

      • by slew (2918)

        Has it actually been proven that it is mathematically impossible for a quantum algorithm to exist capable of defeating this system? I'm sure you could prove that any particular known algorithm wouldn't work, but the only system resistant to unknown algorithms that I'm aware of is the one-time pad.

        If this has been proven I'm genuinely interested. I will confess I'm not a cryptographer.

        I don't know about ring-learning-with-errors, but if it indeed reduces to an integer lattice problem, I suspect it would eventually prove to be vulnerable to some sort of attack that could be executed by a quantum computer.

        As a silly example, here's a proposed attack on lattices that employs a quantum computer implementing a partial Grover's algorithm to speed up looking for solutions...

        http://www.cdc.informatik.tu-darmstadt.de/reports/TR/TI-03-03.QSamplingPaper.pdf [tu-darmstadt.de]

        As with many things, I doubt there is a ne

      • One-time pads aside, there's no proof that any cryptosystem cannot be cracked in polynomial time. After all, known-plaintext cryptanalysis is solving a problem in NP, since it has to be easy to get the plaintext given ciphertext and key. Without a proof that P != NP, it's possible that P == NP, meaning there may be a polynomial-time solution.

        Whether there's an efficient solution is another matter. Normally, problems solvable in polynomial time are feasible to solve, but it's possible that reducing a p

  • They are a dinosaurian government agency, that has a habit of gobbling up money by the truckload. They have no reputation for technical or scientific excellence whatsoever. Neither do they have a track record in building first-rate equipment or software. Moreover, they have been proved, over and over again, to be pathological liars. In other words: who gives a shit ??
  • More disturbing is that it may simply be a matter of time before it fails, and our private messages are out there for all to see.

    There is quite a bit of fearmongering here...

    Given that they couldn't even secure their internal network properly, it would seem highly unlikely that the NSA has the commitment, expertise, or efficiency to secretly develop cutting edge technology far in excess of what the best academics in the world can do.

    That said, instead of everyone standing around and wringing their hands, maybe now would be a good time to start developing more secure encryption algorithms that are more robust to brute force attacks. The encryption community has been resting on their laurels for quite a while now.

  • by wcrowe (94389) on Friday January 03, 2014 @12:01PM (#45857099)

    The NSA deserves a lot of criticism for some of the things they've been doing. However, this is the kind of thing they should be working on. It's not the tools they have that bothers me. It is how they use them that is the problem.

    • by asylumx (881307)
      I've said similar before -- the same goes for their data mining techniques. Sure it's being used inappropriately, but the fact they are able to collect, store, and analyze such an humongous data set is really a marvel of computer science.

      Remember, rockets were used to kill people before they were used to take people to space. Lots of inventions are created for the wrong purpose and then later used for good.
  • by jgotts (2785)

    The NSA is supposed to be working on cryptography technology.

    The NSA needs to get back to doing its job, and stop spying on Americans. We already have several branches of government that are responsible for domestic criminal investigations, and they're subject (in theory anyway) to the robust safeguards in the Constitution.

    The NSA helps everyone with robust cryptography. It's in nobody's best interest when one government can decipher everyone else's communications, except maybe for that handful of codebreak

  • "Digital Fortress" wherein a rogue NSA cryptographer out to save and or destroy a 12-ton NSA codebreaking (quantum?) computer gets chased by a blind assassin for some reason... and a 64 BIT encryption key was pressed into a gold ring, but was somehow made up of 64 ascii characters.

    Don't worry because (spoiler) the "enigma" or whatever melted down when a virus caused it to something something, not even the fat IT guy named Jabba was able to stop the awesome power of something something. I am not even jok
  • It's a government project. Eventually the contractors involved will screw the project up and they'll have to announce it in a secret meeting on the black budget. They'll then ask for billions more to develop a solution to a so-called quantum computer gap that exists with the Chinese and Russians. The Cold War with the Soviets may be over but we're in a new Cold War with BRIC [wikipedia.org] and the stakes are more along the lines of economic vs. military.

    • And which politician's family member will be sitting on the board of the contracting companies?
      • by Virtucon (127420)

        You have that wrong, it'll be an ex-congressman on the board not a family member.

        • Also true, both can happen. Here in Minnesota all the license plates had to be changed a few years ago; later it was found the state senatewhore who pushed for the bill failed to mention his brother in-law owned the company making them.
  • Has anything practical actually been demonstrated in the field of quantum computing yet? I understand that a lot of exciting and complex (if you're into that) math has gone into describing a model for how quantum computing should function, but as far as I'm aware nobody has actually managed to build any prototype devices yet.

    When I first heard the term "quantum computing", I believed it to be a meaningless buzzword. I think at that time it may have been so. Now it is obviously a real concept, but unless I m

    • It's anything but a buzzword; it's a big research area with many academics working on it from all angles. However, you're right that it's nowhere near ready. As of a couple years ago, people had managed to factor 15 using a quantum computer; there are probably better records now, but it's tricky business.

      The issue is that it's hard to make things both act quantum (being in controlled superpositions of more than one state) and be connected to other things. For example, atoms floating in a vacuum can act quan

      • by Soluzar (1957050)
        Please note that I didn't say it was currently a meaningless buzzword. I said that I believed it to be such when I first heard the term. I'm aware that something meaningful has come out of it since then, although exactly how much is still a matter of which I'm largely ignorant.

        I appreciate you making me aware of the fact that there have been some working quantum computers now. They may be small, but even the first one was a huge step. I'm somewhat surprised to learn that the first real steps were quite a
  • by PPH (736903)

    And when they drag me into court for some conspiracy, I'll just cite Heisenberg's Uncertainty Principle and SchrÃdinger's cat as basis for reasonable doubt and get off scott free.

  • out there to save us from the NSA?

  • "The NSA May Or May Not Be Building A Quantum Computer That Can Decrypt Basically Anything"
                - http: // www.seattlepi.com/technology/businessinsider/article/The-NSA-May-Or-May-Not-Be-Building-A-Quantum-5111156.php

                mark

  • by Animats (122034) on Friday January 03, 2014 @01:44PM (#45858273) Homepage

    One NSA director in the 1960s said "I want a thousand-megacycle machine. I'll get you the money!" There's a book, "IBM's Early Computers", which shows much of NSA's exotic hardware from the 1950s through the early 1970s. High-density tape drives, the first automatic-changing tape library (TRACTOR), the first superscalar machine (STRETCH, which, for NSA, had a special crypto processor instead of an FPU), and a number of cyrogenic machines.

    NSA tried hard to get cyrogenic computing to work, from the 1960s onward. They had some successes with getting devices to work fast in the 1960s, but the early superconducting devices were gated magnetically, which meant coils and discrite devices, not ICs. So they could be made fast, but not small, which means speed of light lag within the processor becomes a bottleneck. Mainstream CMOS IC technology eventually beat out the superconducting Josephson junction stuff on both price and speed. Some time in the 1980s, IBM and NSA gave up on that. It just wasn't a win over Moore's Law.

    Quantum computing, though... Just maybe.

  • What surprises me the most is that the poster forgot to say that the NSA isn't the only one in this race. Many nations allies and foes alike are in a race to decrypt each others information. Not to mention their citizens' data. First one to a computer that can break most encryption wins. The NSA is hardly the only kid on the block. That it is a quantum computer is just a detail point that matters little. The idea is to build a computer, any computer quantum or not, that can defeat the majority of encrypt
  • Government intelligence agencies have been involved in quantum computing research for ages. Just look at the funding agencies listed at the end of a typical research paper:

    This research was funded by the Office of the Director of National Intelligence (ODNI), Intelligence Advanced Research (ODNI), Intelligence Advanced Research Projects Activity (IARPA), through Army Research grant...

    http://web.physics.ucsb.edu/~martinisgroup/papers/Wenner2013.pdf [ucsb.edu]

    Is it a surprise that they're doing work in house as well?

    Hell even, Northrop Grumman (and possibly other big defense contractors) is trying to build quantum computers too, and it's not because they need quantum computers to design airplanes...

    • by dlenmn (145080)

      Errrr...

      This research was funded by the Office of the Director of National Intelligence (ODNI), Intelligence Advanced Research Projects Activity (IARPA), through Army Research grant...

      (I couldn't copy and paste from the pdf, and apparently I can't type either. FWIW, IARPA is the intelligence agencies' equivalent to DARPA, which is probably better known around here.)

  • The quantum computing fear is really nothing new. [wavewatching.net]

    It makes the current encryption scheme more valuable but there are post-quantum schemes [wikipedia.org] as well as quantum cryptography as alternatives.

  • Let's not get lost here. We need and want the NSA to do it's legitimate job in protecting the nation against terrorists and people to whom the idea of "mass extinction" is just a shorter way to get their god to sort us all into our respective eternal bins.

    The whole issue with the NSA eavesdropping is the potential for , as Snowden admirably put it, "turnkey tyranny". That's not nothing, that's not such an unlikely result of this kind of power being applied to the world's population that we don't have to wor

Never trust an operating system.

Working...