Maybe I'm too far-out there, but what do we really know about the NSA's quantum computing abilities?
Given their budget and their ability to keep things under wraps (eg: consider the scope of PRISM and how they ran that for close to a decade), is it that crazy to think this is a debate they don't care about winning?
Teams at universities made 16 qbit machines something like 5 years ago. D-wave claims 512 qubits today. I don't think it's out of the question that NSA is far ahead of both of them. D-wave employs "100+ people" according to Wikipedia. NSA is estimated to have upwards of 30,000.
It makes a lot of sense, then. NSA got caught with their pants down, naturally backlash from it is still happening today. So if your opponents are going to be winning some ground back, the best PR move is to have them win ground that doesn't matter. (Or that won't matter in a couple years.)
I think these debates about the necessity of key escrow and modified firmware are conversations they're having with the intention of losing, to prevent meaningful pushback but to still provide the illusion of it.
It just doesn't make sense to me that they would invest billions into dragnet infrastructure with the knowledge that something as inevitable as letsencrypt or an iPhone passcode could make it all useless.
> D-wave claims 512 qubits today. I don't think it's out of the question that NSA is far ahead of both of them.
I don't doubt that NSA have some techniques that are not public knowledge, but is it feasible that they are that far ahead of academia/industry? (IIRC, D-Wave cannot run Shor's algorithm, so is not particularly useful in breaking cryptography). Even if they are, I would expect them to be having these legal battles hoping to win - if there is a plausible, non-classified, way to access the data, maintaining secrecy of these techniques is much easier.
> that something as inevitable as letsencrypt and an iPhone passcode could make it all useless.
Widespread, well-implemented crypto is probably less inevitable than this makes it sound. letsencrypt etc. probably make the surveillance dragnet less useful, but sloppy implementations and unforeseen weaknesses (e.g. Heartbleed) probably render it still rather useful.[1] Encryption usage, through increasing, is also not a given for people who may be targeted by NSA et al.[2]
[1] In terms that it can be used to gather information. Whether it is actually useful from a security standpoint, and if it is price worth paying, is something I strongly doubt.
Yes, it would seem that maintaining plausible deniability about their methods (through something that amounts to a kind of parallel construction with an unwitting party) would make a lot of sense. Even if they don't have the capability, there are game theoretical benefits towards pursuing this.
> It just doesn't make sense to me that they would invest billions into dragnet infrastructure with the knowledge that something as inevitable as letsencrypt would make it all useless.
Never underestimate the stupidity of massive bureaucracies.
We're talking about 256-bit AES, not public key crypto. Unless additional flaws are found in AES, quantum computing only weakens 256-bit AES to requiring on average 2^128 AES encryptions on the quantum machine.
I don't think the NSA would resort to quantum if simpler techniques would yield results effectively; in the case of the iPhone, decapping the chips and reading the keys directly from the hardware is something that isn't even "NSA-level" in the sense that even small reverse-engineering companies in China can probably do it for a few K$.
That's a part of what I'm saying. Their public strategy of late seems to be calling for things that don't make a whole lot of sense. They don't really need Apple's cooperation, and the politicians asking for key escrow are being ridiculous. You can be almost certain that people working at NSA know that. So how did those politicians find these ideas in their platform?
Washington is keeping conversations about the NSA in favor of their opponent, and I think they're doing that to avoid debates on things that really matter.
The assumption that I'm making is that NSA doesn't really care about Apple not giving them firmware and doesn't really care about key escrow.
One possible explanation for why those things don't matter to them is that they're much further on quantum computing than we think. A more boring answer is that they're willing to trade these things in order to satisfy the public.
Remember when everyone wanted transparency and public accountability? This is what that entails.
There is literally nothing wrong with this request. It is a model of how legal searches of this nature should be conducted. The methodology is open, the company has a right of appeal to the demands, and the basis of the request is well-stated and has undergone judicial review.
We know that it isn't anymore advanced than everyone else's. How do you think they figure out most if not all of the quantum breakthroughs? By either stealing the information or reading the public papers themselves like all the other scientists.
I think Google will be the first to have a small useful (but not crypto-breaking) quantum computer by 2020. D-WAVE can't break encryption.
You don't think they are doing independent research at NSA?
When I look at the technical problems they solved 10 years ago when they were first setting all of this up, I'm nothing short of amazed. Say what we will about the ethics behind it, I have no doubt that they've got a handful of the best minds in the country over at NSA.
Like I said, this is all conjecture on my part. They probably can't break all of our encryption. But the places that NSA is drawing lines seem a bit out of place to me.
Given their budget and their ability to keep things under wraps (eg: consider the scope of PRISM and how they ran that for close to a decade), is it that crazy to think this is a debate they don't care about winning?
Teams at universities made 16 qbit machines something like 5 years ago. D-wave claims 512 qubits today. I don't think it's out of the question that NSA is far ahead of both of them. D-wave employs "100+ people" according to Wikipedia. NSA is estimated to have upwards of 30,000.
It makes a lot of sense, then. NSA got caught with their pants down, naturally backlash from it is still happening today. So if your opponents are going to be winning some ground back, the best PR move is to have them win ground that doesn't matter. (Or that won't matter in a couple years.)
I think these debates about the necessity of key escrow and modified firmware are conversations they're having with the intention of losing, to prevent meaningful pushback but to still provide the illusion of it.
It just doesn't make sense to me that they would invest billions into dragnet infrastructure with the knowledge that something as inevitable as letsencrypt or an iPhone passcode could make it all useless.
Edit: wording and some additional comments