Re: a new way to build quantum computers?
-- Steven M. Bellovin wrote: > http://www.tgdaily.com/content/view/33425/118/ > > "Ann Arbor (MI) - University of Michigan scientists > have discovered a breakthrough way to utilize light in > cryptography. The new technique can crack even complex > codes in a matter of seconds. Scientists believe this > technique offers much advancement over current > solutions and could serve to foil national and > personal security threats if employed."... > > I'll let those who know more physics comment in > detail; from reading the article, it appears to lead > to a way to construct quantum computers. It is another *in* *principle* design: The computer is programmed and supplied with data at optical frequencies. We cannot modulate light at that frequency with sufficient precision and detail. Perhaps we will be able to soon. As Moore's law progresses, quantum effects get relatively larger. Another way of stating this proposal is to say that when we can build classical computers with nanoscale line widths and hundred terahertz clocks, *then* we can build quantum computers - indeed, we will have to, as our classical computers will start acting weirdly due to quantum effects. Quantum computers are best done with the highest possible frequencies and the lowest possible energies, so become more feasible as conventional computers become faster and more energy efficient. If we had optical computing at optical frequencies with quantum dots acting as the nonlinear elements, yes, quantum effects would be quite large, making classical computers harder, and quantum computers easier. If we could build a quantum computer of this design, we could build a classical computer that operated at five hundred terahertz, and in order program and interface with the proposed quantum computer, we are going to *need* a classical computer that operates at five hundred terahertz, that is to say five hundred thousand gigahertz, that is to say five million megahertz. It will be a while before you can buy that one at Fry's. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: New DoD encryption mandate
On Aug 19, 2007, at 12:13 PM, Ali, Saqib wrote: On if MS provided some way to manage them centrally. Using a encrypted DB to manually store the keys in it, is simply not feasible. Your argument just went from "TPMs are bad for volume encryption with BitLocker because they can't be centrally managed" to "Microsoft should provide tools to centrally manage key recovery files because I find doing it myself too hard". Which are you actually arguing? I've tried to show you that the first argument is _wrong_; the second argument has nothing to do with TPMs. You have a choice when it comes to how you approach the recovery keyfile problem. You can build tools for it, or any company that perceives a market need can do so. -- Ivan Krstić <[EMAIL PROTECTED]> | http://radian.org - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: a new way to build quantum computers?
Steven M. Bellovin wrote: http://www.tgdaily.com/content/view/33425/118/ "Ann Arbor (MI) - University of Michigan scientists have discovered a breakthrough way to utilize light in cryptography. The new technique can crack even complex codes in a matter of seconds. Scientists believe this technique offers much advancement over current solutions and could serve to foil national and personal security threats if employed."... It's a mater of (lack of) journalism English. The first paragraph phrase: "The new technique can crack even complex codes in a matter of seconds." should have been written as: "The new technique may crack even complex codes in a matter of seconds." The scientific authors, I believe, were more careful. Their technique still has all the basic problems of QC built in. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: New DoD encryption mandate
> I still don't follow. BitLocker explicitly includes a (optionally > file-based) recovery password. If you want central management, why > not centrally manage _that_? On if MS provided some way to manage them centrally. Using a encrypted DB to manually store the keys in it, is simply not feasible. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: New DoD encryption mandate
On Aug 18, 2007, at 3:30 PM, Ali, Saqib wrote: One of the functions provided by the TPM is to wrap/bind and store the bulk encryption keys. Now let's us say the mother board or the TPM goes bad on your notebook or you simply want to upgrade the computer. You need to be able to restore+transfer the information stored in the TPM to your new computer. This is where you need TPM management suite that support key backup/restore and transfer. I still don't follow. BitLocker explicitly includes a (optionally file-based) recovery password. If you want central management, why not centrally manage _that_? Alex Alten wrote: Agreed, for most requirements. Sometimes one may need to keep keys in trusted hardware only. The reason the TPM is used to wrap the BitLocker key is not because people don't want the key to be available outside of hardware -- at least I've never heard of that requirement going hand in hand with central key backup/migrate. Instead, TPM key wrapping is used so the early-boot checks can be enforced. I don't see how a hardware-only key that you can migrate to another TPM centrally is any more secure than keeping a key in hardware but falling back on a centrally- managed spare for enabling data migration. -- Ivan Krstić <[EMAIL PROTECTED]> | http://radian.org - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: AMDs new instructions for parallelism and?UTF-8?B?IHN1cHBvcnQgZsO2ciBzaWRlLWNoYW5uZWwgYXR0YWNrcz8=?=
=?UTF-8?B?Sm9hY2hpbSBTdHLDtm1iZXJnc29u?= <[EMAIL PROTECTED]> writes: >I just saw om EE Times that AMD will start to extend their x86 CPUs with >instructions to support/help developers take advantage of the increasing >(potential) parallelism in their processors. First out are two instructions >that allows the developer to get info about instruction completion as well as >cache misses. > >Considering the article by . about analysis of protection mechanism against >cache based timing attacks for AES [1] one could assume that these >instructions should be useful for writing side-channel resistant >implementations I think it's exactly the opposite, we're already having enough problems with microarchitectural (MA) attacks without explicit diagnostic facilities built into the CPU. If you look at the AMD specs these extra ring3-accessible facilities are only going to make it worse. These attacks are essentially impossible to defend against merely by modifying the victim code, the only possible defences at the moment are: 1. "Don't do that then" (i.e. don't allow arbitrary untrusted code to run in parallel with your crypto ops). 2. With future hardware support, some mechanism for partitioning the CPU so that critical regions of code can run without leaving externally observable traces, ending with some sort of super-INVD/INVLPG instruction to clear all caches and buffers. So the code would be something like: enter_secure_region [[[crypto code]]] INV_everything exit_secure_region Of course something like this would have to be accessible from ring 3, which makes it a built-in DoS mechanism. So "don't do that then" seems to be the only fix for this (not including the usual blue-sky response of everyone having built into their system). Peter. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: New DoD encryption mandate
On 8/17/07, Ivan Krstic <[EMAIL PROTECTED]> wrote: > How so? If your computer goes bad, you need a *backup*. That's > entirely orthogonal to the drive encryption problem. One of the functions provided by the TPM is to wrap/bind and store the bulk encryption keys. Now let's us say the mother board or the TPM goes bad on your notebook or you simply want to upgrade the computer. You need to be able to restore+transfer the information stored in the TPM to your new computer. This is where you need TPM management suite that support key backup/restore and transfer. A large company's (name withheld) strategy regarding TPM was to ignore it. Not too long ago few key engineers from that company decided that a TPM enabled encrypted vault would be good place to secure their documents. Somehow they managed to lock themselves out of the encrypted vaults (maybe forgotten password / or lost keys). Had that company not ignored the TPM and instituted a key backup/archive program, the engineers would have been able to recover their confidential documents. We can blame the engineers, but at the end of the day it was the whole company that lost money and valuable design documents. saqib http://security-basics.blogspot.com/ - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: a new way to build quantum computers?
Via Farber's list: From: Rod Van Meter <[EMAIL PROTECTED]> Date: August 18, 2007 11:39:47 AM EDT To: [EMAIL PROTECTED] Subject: Re: [IP] Light pulses crack security codes within seconds http://www.tgdaily.com/content/view/33425/118/ Wow, that's one of the most egregious quantum computing-related articles I've ever seen. I'm not even sure where to start. First off, let's point at the real research paper: http://www.sciencemag.org/cgi/content/abstract/317/5840/929 Coherent Optical Spectroscopy of a Strongly Driven Quantum Dot Xiaodong Xu, Bo Sun, Paul R. Berman, Duncan G. Steel, Allan S. Bracker, Dan Gammon, L. J. Sham I read it. It's an advance, but does not yet mean anything at all is practical. Their work is on the optical properties of self-assembled quantum dots. There are two major categories of quantum dots in semiconductors, self-assembled and lithographically created (and within each of those, many types). The self-assembled dots are a compound grown on top of a substrate of a different kind. Differences in the crystalline structure mean that the deposited material "beads up", like water on a freshly-waxed car. The quantum dot itself then is a place where the motion of electrons can be confined to a small two-dimensional area at the interface between the materials, creating a place where quantum wave functions can behave like an "artificial atom". The work presented in the paper is some of the first solid experimental work on the optical properties of self-assembled dots that I have seen, though I'm not an expert. Various groups, including that of my adviser, Kohei M. Itoh ( http://www.appi.keio.ac.jp/Itoh_group/ ), have been working for years on the growth and mechanical characteristics (stress/strain, size and shape, etc.) of self-assembled dots. All of that has been very hard work, and as far as I know no one has a reliable way to grow the dots in a given place. I wish they had a micrograph of the device, I'd like to see it. But the TG article talks only a little about the research itself; it's mostly breathless pie-in-the-sky reporting on the possibilities of quantum computers. "Light pulses crack security codes within seconds," the title reads. Wow. Well, first off, it can't be done yet, and won't be done for years, despite the present tense. Second, saying it's done with light pulses is like saying we compute today with electrons. It's true, but tells you nothing about transistors or computer architecture. Third, "crack security codes" is as vague and non-technical as it gets, not to mention outright wrong (we'll come back to that). Fourth, "within seconds" presumes many things about a quantum computer that are not yet defined to any level of precision. This topic is the focus of my research: how do you build a large-scale quantum computer out of a given technology? No one really knows yet. Which security codes does a paper on the spectroscopy of a quantum dot break? Well, none, really. But where they're headed with that is obviously Shor's algorithm for factoring large numbers on a quantum computer. If the algorithm can be efficiently implemented, it is theoretically capable of breaking RSA public-key cryptography and elliptic curve crypto. HOWEVER, the advantage may well be with the defenders on this one. Shor turns a super-polynomial problem (factoring) into a polynomial one. Not coincidentally, the complexity of running Shor is similar to the complexity of doing the encryption in the first place. And running an algorithm of the same computational class on a quantum machine will probably always be harder than running an algorithm on a classical computer. So, raise your key length and you might be okay. Shor does nothing to affect symmetric key cryptography, or any system not dependent on the factoring problem. I hesitate to mention this, for fear it will be misinterpreted, but in my opinion there is still some small doubt about whether Shor can in practice be scaled to large sizes, on theoretical grounds, let alone the practical difficulties of building using any given technology. The problem is the quantum Fourier transform (QFT) that is the key to Shor requires, in the abstract, exponentially precise gates as the problem size grows. Most researchers believe that the QFT can be truncated at some reasonable level and will still have a high probability of success. However, the several papers on the topic (including one by a collaborator of mine) in the last decade have taken different approaches to the calculation, and come up with substantially different answers, making different assumptions about the problem. The theorists seem confident, but I will give only provisional assent until I see it implemented. Perhaps I'm just not smart enough to fully grasp the arguments in the papers. Breaking a code in seconds really depends on both the problem and the machine. A major factor is how many levels of quantum error correction (QEC) are necessary, which i
Re: a new way to build quantum computers?
Steven M. Bellovin wrote: http://www.tgdaily.com/content/view/33425/118/ "Ann Arbor (MI) - University of Michigan scientists have discovered a breakthrough way to utilize light in cryptography. The new technique can crack even complex codes in a matter of seconds. Scientists believe this technique offers much advancement over current solutions and could serve to foil national and personal security threats if employed."... I'll let those who know more physics comment in detail; from reading the article, it appears to lead to a way to construct quantum computers. Which means, if Moore's Law still applies, that in a few years no current code created by one of the three letter agencies will be safe from prying. So what is the statute of limitations on invasion of privacy suits? Or, if it has expired, then me may have proof available that people weren't crying wolf. I've always loved the old saw, "Be careful what you wish for, you just might get it." My addendum is that you will probably not like the unintended consequences. Best, Allen - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
