Q-Day and the fall of Internet:

7

October

2022

No ratings yet.

To those who have never heard the term Q-Day it may sound mysterious, as if it was a major event from a Sci-Fi novel which has changed the fate of the whole humanity. This description is not far off the truth, as the technology hiding behind the “Q” is quantum computing, a concept which for decades were constrained to such novels. So, what is “Q-Day” than? It is a day in which the quantum computers become stable enough to operate for the prolonged period of time. But don’t we have operational quantum computers right now? Similarly, to the physics behind the concept, the answer is not straightforward. In order to understand it, we first have to understand the difference between quantum and semiconductor-based computers (duh, physics). Regular computers operate based on bits – electrical signals which can take value of 0 or 1. They are processed by the CPU, a device consisting of millions of transistors etched onto a silicon chip – for example, a CPU in iPhone 14 has 16 million transistors (Ganti, 2022). Those transistors are organized into logic gates, which execute operations according to the predefined programs (Gayde, 2019). Quantum computers operate using qubits which can also take a value from 0 to 1. However, contrary to regular bits, they are in the state of superposition between 0 and 1 (Nielsen & Chuang, 2010). They can be treated as being 0 and 1 at the same time (a bit of oversimplification, but detailed explanation is outside of the scope of this article). It means, that with every added qubit their power grows in a quadratic fashion: 1 qubit = 1 bit, but 1000 qubits = 1000000 bits. It means that their theoretical power vastly outperforms those of the standard computers. So, you may ask, what is the problem with quantum computers and why the Q-Day has not arrived yet? The main issue is maintaining the state of superposition. It requires the qubits to be fully isolated from their surrounding – they have to be kept at temperature close to absolute zero (Jones, 2013) and shielded from any outside interactions, since things as miniscule as cosmic radiation can break the quantum state of superposition (Vepsäläinen et al., 2020). To illustrate how big of the hurdle it is, on the 30th of September 2022 researcher from the University of South Wales announced a breakthrough – they have managed to maintain the quantum state of superposition for the staggering 2 milliseconds (100 times more than the previous record) (For the Longest Time: Quantum Computing Engineers Set New Standard in Silicon Chip Performance, 2022). Despite being operational for such a fleeting period of time, quantum computers have already shown immense power. In 2019 team of scientists from Google and NASA achieved the so called “Quantum Supremacy”. Quantum computer developed by them managed to conduct calculations which the most powerful traditional supercomputer, Summit, would calculate for 3 million years (Liu et al., 2021). There is no official definition of the Q-Day but try to imagine that the very same computer could operate for 2 minutes. Then surely a point of no-return will be reached.

But how will the Q-day contribute to the fall of Internet? It all boils down to cryptography and how the digital information is secured. Nowadays, vast majority of online data is encrypted via TLS/SSL protocols. In a nutshell, the main idea behind them is multiplication of prime numbers. To give an example, a 2048-bit encryption would mean that a server would send in a public message (visible to everyone) a 2048-digit number which is a product of two primes. In order to authorize the access, the user’s computer would have to provide the server with those two primes. Trying to find two divisors of 2048 digit number by brute force is virtually impossible – according to some estimates, it would take 300 trillion years for a standard computer to break this encryption. In this case, how is it even possible that you can log in into your bank account without waiting for a heat death of the universe? Every account has a private prime number which matches one of the prime numbers sent by the server. The only thing the computer has to do is to divide one number by the other, which can be done in milliseconds. How does it compare to quantum computers? A quantum computer with 4099 qubits (this threshold has already been reached  (Rolston-Duce, 2022)), could break the 2048-bit encryption in 10 seconds! It means that someone with a quantum computer able to maintain quantum superposition for long enough could gain access to anything on the internet – bank accounts or government secrets, nothing will be able to withstand the unbelievable power of a stable quantum computer. Does it mean that the world will have to go back to pre-digital era, since nothing cannot be safely encrypted ever again? Fortunately, major players in the encryption business have recognized the problem. In 2016 US government organization, National Institute of Standards and Technology (NIST), has asked scientist to submit propositions of encryption algorithms which will be ready for post quantum future. The results of the contest were announced this year, with the winner (in public Key-Encryption area) being Crystals-Kyber encryption method (Bos et al., 2018; NIST, 2022). Unfortunately, despite my best efforts I am unable to explain how this method works, it makes sense that the complex problem requires complex solution. Even though solutions to the problem exists today, companies are reluctant to implement them. They face similar dynamic when it comes to Post Quantum (PQ) encryption as they do with climate change. Implementation of the solutions is costly and does not offer immediate benefits, and the only incentive to implement them is in the future. There is little awareness to this problem, hence companies face little pressure from the consumers to improve the security of their encryption. Thus, the question remains, will the internet as we know it succumb to the unimaginable power of future quantum computers? Or will we be able prepare ourselves for the inevitable emergence of the quantum monster?

References:

Bos, J., Ducas, L., Kiltz, E., Lepoint, T., Lyubashevsky, V., Schanck, J. M., Schwabe, P., Seiler, G., & Stehle, D. (2018). CRYSTALS – Kyber: A CCA-Secure Module-Lattice-Based KEM. Proceedings – 3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018, 353–367. https://doi.org/10.1109/EUROSP.2018.00032

For the longest time: Quantum computing engineers set new standard in silicon chip performance. (2022). https://archive.ph/HikMD

Ganti, A. (2022). Apple A16 Bionic announced for the iPhone 14 Pro and iPhone 14 Pro Max – NotebookCheck.net News. https://www.notebookcheck.net/Apple-A16-Bionic-announced-for-the-iPhone-14-Pro-and-iPhone-14-Pro-Max.647967.0.html

Gayde, W. (2019). How CPUs are Designed and Built, Part 2: CPU Design Process | TechSpot. https://www.techspot.com/article/1830-how-cpus-are-designed-and-built-part-2/

Jones, N. (2013). Computing: The quantum company. Nature, 498(7454), 286–288. https://doi.org/10.1038/498286A

Liu1, Y. A., Liu1, X. L., Li1, F. N., Fu, H., Yang, Y., Song, J., Zhao, P., Wang, Z., Peng, D., Chen, H., Guo, C., Huang, H., Wu, W., & Chen, D. (2021). Closing the “quantum supremacy” gap: Achieving real-Time simulation of a random quantum circuit using a new sunway supercomputer. International Conference for High Performance Computing, Networking, Storage and Analysis, SC. https://doi.org/10.1145/3458817.3487399

Nielsen, M. A., & Chuang, I. L. (2010). Quantum Computation and Quantum Information. www.cambridge.org

NIST. (2022). Post-Quantum Cryptography | CSRC. https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022

Rolston-Duce, K. (2022). Quantinuum Announces Quantum Volume 4096 Achievement. https://www.quantinuum.com/pressrelease/quantinuum-announces-quantum-volume-4096-achievement

Vepsäläinen, A. P., Karamlou, A. H., Orrell, J. L., Dogra, A. S., Loer, B., Vasconcelos, F., Kim, D. K., Melville, A. J., Niedzielski, B. M., Yoder, J. L., Gustavsson, S., Formaggio, J. A., VanDevender, B. A., & Oliver, W. D. (2020). Impact of ionizing radiation on superconducting qubit coherence. Nature 2020 584:7822, 584(7822), 551–556. https://doi.org/10.1038/s41586-020-2619-8

Please rate this

NSA could put “trapdoors” in crypto keys

11

October

2016

5/5 (1) Researchers have found a way to place undetectable backdoors in the cryptographic keys that protect websites, virtual private networks, and internet servers. These backdoors offer the possibility for hackers to passively decrypt hundreds of millions of encrypted communications as well as cryptographically impersonate key owners. The technique puts  a so-called ”Trapdoor” in the 1,024-bit keys used in the Diffie-Hellman key exchange, which is a specific method of securely exchanging cryptographic keys over a public channel. People that are familiar with the trapdoor, can easily decrypt Diffie-Hellman-protected communications over extended periods of time. As with all public key encryption, the security of the Diffie Hellman key exchange builds on theoretic computations involving prime numbers so large, that the problems are hard for attackers to solve. As a second line of defense, the parties that use these encryptions can also conceal secrets within the results of these computations. However, researchers developed a special prime containing certain invisible properties that make secret parameters unusually susceptible to discovery.

The the user of a trapdoored prime, it just looks like any other 1,024-bit key. However, to attackers with knowledge of the weakness, makes it’s security about 10.000 times easier to solve. This makes the trapdoored prime ideal for NSA, according to the documents Edwards Snowden exposed in 2013. If the NSA succeeded in getting a trapdoored prime als de industry standard, the agency would have a way to flawlessly decrypt communications of end users.

If this would happen, it wouldn’t be the first time the NSA intentionally weakened codes so it could more easily bypass encryptions. For example, in 2007 NIST backed NSA-devloped code for generating random number generators. It was suspected that NSA deliberately designed weaknesses into the code that allowed the agency to decrypt the algorithm that used these random number generators. This was all confirmed by the documents leaked by Snowden.

All in all, the current batch of 1,024-bit primes might not cut it anymore. The time has come to replace 1,024-bit primes with 2,048-bit or even 4,096-bit replacements, since some 1,024-bit primes can’t be verified as truly random.

Please rate this

AIVD reading your Whatsapp messages?

10

October

2016

5/5 (10) This year Whatsapp decided to use end-to-end encryption for all whatsapp messages in following of their concurrent Telegram. This to protect the privacy of all users and ensure the users that their private messages keep private.

This week Rob Bertholee, the CEO of the AIVD (Dutch national security agency) spoke out in an interview that the AIVD wants the power to crack the encryption of Whatsapp. According to the AIVD the increasing use of information-encryption leads to problems regarding to the prevention of terrorism. The ideal situation for the AIVD would be to have an oversight of the whole criminal network, provided by their phone network history.

But of course this raises again the security versus privacy discussion. How much privacy is your safety worth? Should the AIVD have insights in everyone’s personal messages to protect the country?

History doesn’t prove that spying is the right solution. Before Whatsapp decided to encrypt their messages, people made use of PGP (Pretty Good Privacy) telephones. The government got the rights to crack these and since then they use them as prove in court for criminal cases. This should make the process more easy, but has so far disappointing results. A lot of criminals use aliases to stay anonymous and if they handled secure, the messages weren’t retraceble.

I would like to plead that privacy is not dead (yet) and that analyizing personal messages isn’t the right solution to protect citizens. Privacy is crucial for self-identity and autonomy. (Focault, 1977) (Wolf, R. D., & Heyman, R. ;2015).

“Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others” (Westin, 1968).

Also if the AIVD gets access to the messages, it is not sure how they’ll analyze the messages. Which false-positive ratio would be acceptable? And for what extend of time can they store the information? Another raising question is how they can ensure the security. Once there is a crack, the security of the messages is much harder to maintain.

What do you think? Would you let the AIVD read your messages? Does privacy still excist and if so, where do we draw the line?

 

 

http://nos.nl/artikel/2132835-aivd-plan-om-versleuteling-whatsapp-te-omzeilen-veel-te-gevaarlijk.html                  

Wolf, R. D., & Heyman, R. (2015). Privacy and Social Media. The International Encyclopedia of Digital Communication and Society.

Foucault, M. (1977). Discipline and punish: The birth of the prison. Vintage.

Westin, A. F. (1968). Privacy and freedom. Washington and Lee Law Review,25(1), 166.

Please rate this