Liechtenstein Über Alles?

The New York Times had a story, “Tax Inquiry? Principality Is Offended:”

After weathering days of criticism from Germany over a spectacular tax evasion case, Liechtenstein — sometimes seen as the inspiration for the satirical novel from the 1950s about a tiny Alpine principality that declared war on the United States — is digging in for what may be a prolonged battle to defend its lucrative tradition of banking secrecy against what it views as attacks from a giant neighbor.

Of course, Germany, and the other large nations would like to pretend this is about fraud, not competition for business. They’d like the smaller nations to harmonize their tax codes, and prevent the messy chaos of having to compete on their laws. Countries such as Liechtenstein offer alternatives, and act as a brake on the unfettered invasions of privacy that otherwise intrude on all our lives.

This isn’t about Liechtenstein above all others, it’s about diversity. It’s about diversity in approaches to taxation leading to diversity of choices. It would be stereotyping to assert that the orderly Germans or the bureaucratic French don’t like Liechtenstein solely because it’s different. Really, it’s because few governments have any appreciation of, or love for liberty.

Governments and their employees focus on their goals and their (always enlightened) rules. This isn’t about Liechtenstein putting itself above others, but allowing people to put their own self-interest ahead of that of the functionaries and bureaucrats.

Some chaos emerges, and we think it’s a fine thing.

Speaking of Privacy….

I was dismayed to learn that footage of Spitzer’s (alleged) rent-a-babe “Kristin” performing in a class play while in elementary school has been featured at various web sites — among them serious sites that should know better.
One could argue that this woman made her bed, and now she can lie in it (puns intended). That’s fine. However, the child in that school play did not make any choices about it being immortalized digitally, and to bandy this footage about in the guise of news does violence to a part of “Kristin” — her memories of a more carefree and innocent time — the sanctity of which should be respected. It won’t, of course, but we can at least recognize what could have been.

Banks, Privacy and Revenge

Eliot Spitzer made a name for himself attacking banks. Setting aside the legitimacy of those attacks, I find it shocking that he didn’t realize how much banks know about each one of us. It’s doubly shocking that he didn’t expect revenge.

The New York Times claimed that the “Revelations Began in [a] Routine Tax Inquiry.” I wish we had better insight into how true that is. In perhaps closely related news, “Fraud Police Buckling Under Mountains of Data.” So what kicked off this routine investigation? Was it data or voyeurism?

What does a guy need to do to get a little privacy in this country, anyway?

More Hardware Security Shown to be Bunk

Pix of bogus hardware

After showing that “encrypted” disk drives only encrypted the password you use, not the data, Heise-Online now shows that fingerprint-access is often bunk:

Manufacturers of USB sticks and cards with fingerprint readers promise us that their data safes can only be opened with the right fingerprint. It turns out that an easy-to-find tool allows nosy parties to get around the protection in some products.

Basically, all you have to do is get a low-level USB tool, PLscsi, and have it tell the device to ignore all that security stuff. Yes, I’m over-simplifying, but I’m disgusted. Read the article for details.

Thank you, Usenix!

I’m delighted to report that USENIX, probably the most important technical society at which I publish (and on whose board I serve), has taken a long-overdue lead toward openly disseminating scientific research. Effective immediately, all USENIX proceedings and papers will be freely available on the USENIX web site as soon as they are published. (Previously, most of the organization’s proceedings required a member login for access for the first year after their publication.)

For years, many authors have made their papers available on their own web sites, but the practice is haphazard, non-archivial, and, remarkably, actively discouraged by the restrictive copyright policies of many journals and conferences. So USENIX’s step is important both substantively and symbolically. It reinforces why scientific papers are published in the first place: not as a proprietary revenue source, but to advance the state of the art for the benefit of society as a whole.

From Matt Blaze, “USENIX to make all conference proceedings freely available.”

Quantum Progress

quantum-computers.jpg

What is it about the word “quantum” that sucks the brains out of otherwise reasonable people? There has to be some sort of Heisenberg-Schödinger Credulity Principle that makes all the ideons in their brains go spin-up at the same time, and I’m quite sure that the Many Worlds Interpretation of it has the most merit. (In case you’re a QM n00b, the ideon is the quantum unit of belief.) Fortunately, there seems to be some sanity coming to reporting about quantum computing.

Just about every quantum computing article has a part in it that notes that there are quantum algorithms to break public crypto. The articles breathlessly explain that this means that SSL will be broken and the entire financial world will be in ruins, followed by the collapse of civilization as we know it. Otherwise sensible people focus on this because there’s very little to sink your teeth into in quantum computing otherwise. Even certified experts know that they don’t know what they don’t know.

Scott Aaronson has a good article in Scientific American called “The Limits of Quantum Computers” (only the preview is free, sorry) that gives a good description of what quantum computers can’t do. I’m pleased to see this. SciAm has been a HSCP-induced quantum cheerleader over the last few years.

I have been doing some research on the claims of quantum computing. I decided to pick the specific factoring ability of quantum computers, and produce some actual numbers about how we might expect quantum computing to develop. In other words, I’m going to be a party pooper.

The crypto-obviating algorithms in question are Shor’s algorithm for factoring and an algorithm he developed for discrete logs. I was surprised to learn that Shor’s algorithm requires 72k3 quantum gates to be able to factor a number k bits long. Cubed is a somewhat high power. So I decided to look at a 4096-bit RSA key, which is the largest that most current software supports — the crypto experts all say that if you want something stronger, you should shift to elliptic curve, and the US government is pushing this, too, with their “Suite B” algorithms.

To factor a 4096-bit number, you need 72*40963 or 4,947,802,324,992 quantum gates. Lets just round that up to an even 5 trillion. Five trillion is a big number. We’re only now getting to the point that we can put about that many normal bits on a disk drive. The first thing this tells me is that we aren’t going to wake up one day and find out that someone’s put that many q-gates on something you can buy from Fry’s from a white-box Taiwanese special.

A complication in my calculations is the relationship between quantum gates and quantum bits. For small numbers of qubits, you get about 200 qugates per qubit. But qubits are rum beasts. There are several major technologies that people are trying to tease qubits out of. There’s the adiabatic techlogies that D-Wave is trying. There are photon dots, and who knows how many semiconductor-based methods.

It isn’t clear that any of these have any legs. Read Scott Aaronson’s harumphing at D-Wave, more pointed yet sympathetic faint praise and these educated doubts on photonics. Interestingly, Aaronson says that adiabatic quantum computers like D-Wave need k11 gates rather than k3 gates, which pretty much knocks them out of viability at all, if that’s so.

But let’s just assume that they all work as advertised, today. My next observation is that probably looking at billions of q-bits to be able to get trillions of q-gates. My questions to people who know about the relationship between quantum gates and quantum bits yielded that the real experts don’t have a good answer, but that 200:1 ratio is more likely to go down than up. Intel’s two-billion transistor “Tukwila” chip comes out this year. Five trillion is a big number. We are as likely to need 25 billion qbits to factor that number as any other good guess. Wow.

The factoring that has been done on today’s quantum computers is of a four-bit number, 15. If you pay attention to quantum computing articles, you’ll note they always factor 15. There’s a reason for this. It’s of the form (2n-1) * ( 2n+1). In binary, 2n-1 is a string of all 1 bits. A number that is 2n+1 is a 1 bit followed by a string of 0s, and then a 1 again. These numbers are a special form that is easy to factor, and in the real world not going to occur in a public key.

This is not a criticism, it’s an observation. You have to walk before you can run, and you have to factor special forms before you can factor the general case. Having observed that, we’ll just ignore it and assume we can factor any four-bit number today.

Let’s presume that quantum computers advance in some exponential curve that resembles Moore’s Law. That is to say that there is going to be a doubling of quantum gates periodically, and we’ll call that period a “generation.” Moore’s specific observation about transistors had a generation every eighteen months.

The difference between factoring four bits and factoring 4096 bits is 30 generations. In other words, 72*43 * 230 = 72*40963. If we look at a generation of eighteen months, then quantum computers will be able to factor a 4096-bit number in 45 years, or on the Ides of March, 2053.

This means to me that my copy of PGP is still going to be safe to use for a while yet. Maybe I oughta get rid of the key I’ve been using for the last few years, but I knew that. I’m not stupid, merely lazy.

I went over to a site that will tell you how long a key you need to use, http://www.keylength.com/. Keylength.com uses estimates made by serious cryptographers for the life of keys. They make some reasonable assumptions and perhaps one slightly-unreasonable assumption: that Moore’s Law will continue indefinitely. If we check there for how long a 4096-bit key will be good for, the conservative estimate is (drum roll, please) — the year 2060.

I’m still struck by how close those dates are. It suggests to me that if quantum computers continue at a rate that semiconductors do, they’ll do little more than continue the pace of technological advancement we’ve seen for the past handful of decades. That’s no mean feat — in 2053, I doubt we’re going to see Intel trumpeting its 45 picometer process (which is what we should see after 30 generations).

I spoke to one of my cryptographer friends and outlined this argument to him. He said that he thinks that the pace of advancement will pick up and be faster than a generation every eighteen months. Sure. I understand that, myself. The pace of advancement in storage has been a generation every year, and in flash memory it’s closer to every nine months. It’s perfectly conceivable that quantum computing will see horrible progress for the next decade and then whoosh off with a generation ever six months. That would compress my 45 years into 25, which is a huge improvement but still no reason to go begging ECRYPT for more conferences.

On the other hand, it’s just as conceivable that quantum computing will end up on the Island of Misfit Technologies, along with flying cars, personal jetpacks, Moon colonies, artificial intelligence, and identity management.

But I also talked to a bigwig in Quantum Information Theory (that’s quantum computing and more) and gave him a sketch of my argument. I heard him speak about Quantum Information and he gave the usual Oooooo Scary Quantum Computers Are Going to Factor Numbers Which Will Cause The Collapse of All Financial Markets And Then We Will All DIEEEEE — So That’s Why We Need More Research Money boosterism.

He wouldn’t let me attribute anything to him, which I understand completely. We live in a world in which partisanship is necessary and if he were seen putting down the pompoms, he’d be fired. Telling middle-aged technocrats that the math says their grandkids are going to see quantum computers shortly before they retire will cause the research money dry up, and if that happens then — well, the world won’t end. And then where would we be?

Nonetheless, he said to me sotto voce, “There’s nothing wrong with your math.”

Photo is a detail from “Shop Full” by garryw16.

Dan Geer: Economics and Strategies of Data Security

Speaking of books:

This book explores the dramatic shift from infrastructure protection to information protection, explaining why data security is critical to business today. It describes how implementing successful data security solutions across sophisticated global organizations requires a new data-centric, risk based and strategic approach, and defines the concepts and economics of a sound data security strategy.

Order “Economics and Strategies of Data Security” from the Verdasys website.

Reactions to “The New School:” Thank you!

A big thank you to those of you who picked up the New school in your blogs and mailing lists.


Ryan Hurst says:

This is a concept I know I beleive in, one I have discussed numerous times with folks over beer; with that being said I can’t wait to get my copy to see what the Most Evil Genius thinks. (“UnmigitagedRisk.com“)

John Quarterman:

…if it’s like the material he posts in his blog, it’s a good thing.
(“Perilocity“)

Also, thanks to Canadian Privacy Law Blog, SamaBlog, and TechnoFlak.

Most of all, thank you to those who decided to pre-order. This was yesterday afternoon:

new-school-amazon.jpg

 

I don’t know when the “people who bought this also bought” gets updated, but we have no idea what’s up with the search engine optimization overlap.

Which doesn’t prevent us from again, saying “thank you!”

Belva’s got a brand new blog

Ken Belva has a new blog at http://www.bloginfosec.com/. Looks like it is more “formal” and magazine-like than the typical blog, which many people will appreciate.
There seems to be a pretty solid collection of contributors, and the hunt is on for additional qualified writers. There’s even a raffle for an iPod (but I already have one).
Plenty of information is available at the official announcement page.
(Apologies for the title of this post to the late, great, James Brown)