# SDL Episode96

*Recorded on January 22, 2019 at G-Unit Studios in Rhode Island!*

## Hosts

## Announcements

- If you are interested in quality over quantity and having meaningful conversations instead of just a badge scan, join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass.
- Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.

## Topic: Quantum Computing 1

- Quantization is the movement from some classical state into an quantum state. Once that happens, it can get really, really STRANGE (Ha!). - The basic idea is that something might exist in all states at the same time (which would subsequently mean there is LOT of information there).

- This idea comes from a lot of deep thought stuff from Planck, Heisenberg, etc. and sort of started when some people realized that light didn't behave the way they thought it should. There's this classic physics thing called Young's (DOUBLE-SLIT) experiment where you shine a laser through some slits in a card and well, where do the photons go? If a photon is a thing shouldn't it go through one of the slits and not all of them? WAVE/PARTICLE DUALITY. Uh oh!

- Essentially, we have to understand Schrodinger's cat which is really a criticism of the Copenhagen Interpretation. Now, don't go harming any cats because this can't actually be done on anything the size of a cat so leave the critters for the internet. The actual idea is called a Gedankenexperiment (thought experiment). This means you can't test it in real life. In this Gedankenexperiment, a small amount of radioactive material that decays was placed in the box and there was a 50 50 chance in one hour that the decay would be detected. If the decay is detected, then a hammer shatters a tube of cyanide and the cat dies, poor kitty. Ok, seal the box and place in a vacuum. In classical model, we could predict the outcome but in the quantum model, all possible occurrences exist in the box (the cat is alive and not alive at the same time). This was called the Copenhagen Interpretation. So, now, basically what we have is a non quantum state when the box is open and we are looking at the cat sitting inside with the mechanics. When we close the box, the cat, et. al. is quantized into a quantum state where the cat is alive but it may also be dead if the decay has been detected but we cannot possibly use any classical means to predict what has happened or even when, so essentially, like the light through the slits, all possible states exist at the same time, until the box is opened and the observer observes an outcome. So, this portion of the experiment is called "quantum" since all possible outcomes exist when the box is sealed. Now, when we open the box again, and the cat is sitting there angrily looking at us, well, the quantum has collapsed back into the classical state. This was caused by us looking into the box. Eek!

- So, what does this mean for computing and in particular "quantum computing"? Well, let's think about it like this. Let's say you have a very large number that is the an RSA key that you want to use to crack RSA based encryption. To do this, you would have a beginning state where the number is encrypted and an end state where it is decrypted. Now, if we use something called Shor's algorithm, this allows for the factoring of anything right? What if we could shift this algorithm and data into a quantum state, now all possible outcomes exist, and then collapse the state back into the solution? Boom, we can crack any sort of RSA encryption.

- Ok, it's not quite that simple but that's the idea. The magic step above is the quantization of Shor's algorithm.

- The idea is that waves exist in this quantum computing space and that good outcomes have amplified interference (making the good waves bigger) and the bad outcomes use cancelling interference where the waves cancel each other out. It's possible to create quantum algorithms where you can measure the periods of wave form in the Fourier transformation instead of just doing the Fourier transformation a lot of times) and thus essentially reduce the number of possible outcomes dramatically.

- What does this mean? Well, if it would take a billion years to factor a RSA number using classical computing (compute, test, recompute) it could mean that you vastly reduce the amount of time using this quantum state to see the whole thing at once and measure the period of the function, collapse bad solutions and promote good solutions and viola', rather than having to calculate each one and then you can get the answer pretty fast. Really, really fast.

- The basic idea there, is this: If you can see a problem in all possible states, you can probably find a way to measure or do things, in new ways that exceed the classical so long as you can achieve the quantum state with some sort of algorithm and in a space that can support the quantum state.

- see math.nist.gov/quantum/zoo for a list of all the quantum algorithms that are known.

- So, what are the elements of quantum computing:

- The main one is the idea of a qubit.

In classical computing, everything is stored as a bit. This is a simple logic gate (transistor) that represents a 0 or a 1 (on or off) and is ultimately the basis of everything in classical computing. Literally, everything from math to porn is some combination of zeros and ones that are being manipulated using "abstraction layers" which sit between you and the ultimate mathematical representation. This is done using DC voltage changes and it takes time since even though it's really quick, the change still has to happen as it shifts from one state to another. So, a classical bit has one of two states, 0 or 1. In this model if I want to add up a column of figures, I load each one into a register, do the math and put the result in another register. With modern computers something this simple is not a big deal, but what about something unbelievably large and complicated?

- But a qubit, well, uh? A qubit is much more complicated. A qubit has multiple states and is often described as being superpositioned, it can be a 1, a 0, or both at the same time.

- A quantum register (or quantum byte or whatever) can contain qubits that have all possible values continuously (as long as it is in a quantum state) and essentially perform very large numbers of calculations simultaneously.

- So, for instance, a travelling salesperson problem with a very large number of possible paths could all be tested simultaneously and the answer obtained very quickly compared to a classical algorithm.

- There are three basic quantum ideas that come into play with QC. Superposition (the idea that the bits have multiple states at the same time), interference (the idea that we can manipulate the states in either positive or negative ways), and (wait for it), entanglement (the idea that quantum things can be "entangled" and thus represent the same state even if they are separated from each other galaxies away--this is what Eintstein referred to as Spooky action at a distance).

- I'll be honest, the quantum state gets really weird for us to understand but here goes. Since we have all these superpositioned bits, they can represent a vast amount of information all at the same time in a quantum state. Ok. Let's say you want to solve a complex puzzle and it has lots of possible outcomes where there is only one "win" and lots of losers. You could apply this to just about anything. We use the idea of interference in the quantum state. Interference has two approaches, amplification and cancellation (like Russ' headphones). Since we are seeing everything at once, we have to have a way to determine the "win". Good paths are amplified and bad paths are cancelled out and at the end of it, you have a path to the win. In a classical model, you would have to try all the paths to find the best one using either some linear approach or some weighting/machine learning scheme to get there. In quantum, this can be bypassed by using the quantum state of essentially seeing all the paths at once.

- Other ideas, like entanglement, can mean that this becomes even larger in capability.

- So, what does it all mean? Well, essentially, despite all the weirdness, it means MASSIVE computing power. I mean massive. You think your Iphone is a monster compared to UNIVAC I? Well, it is but it's not a drop in the bucket to the capability of a QC. These things could be millions of times more powerful then anything that exists today.

- Let me give you an example. I had a chess game on an Atari back in maybe 1979. If you played it on beginner, it just guess at a move and usually lost. On the next setting it began looking at the tree for several moves ahead and took maybe 10 seconds to make a move. If you set it on hard, it tried to run the whole tree for that move. It meant it could take literally hours to decide on a move. I remember once making a move and going to eat dinner and coming back and it was still "thinking" because it was running down all these possibilities. A QC could conceivable load every possible set of moves from any possible board position and determine the best outcome almost instantly.

- But, don't be fooled. Today, I think, IBM Q has about 50 Qubits available, is very large, requires supercold elements to even run, and costs a fortune. There isn't a real, practical QC around. Probably won't be for years. But look at UNIVAC. From 1951 to 2019 we went from that to an IPHONE. It's coming, it's awesome, so get on board. Moores law could apply here as well. You need a lot of Qubits. Currently Bristlecone (Google) has about 72 Qubits available.

- IBM is allowing people to play around with a very basic model of this via the cloud (https://quantumexperience.ng.bluemix.net/qx/experience) so go invent something and make a LOT of money (and you can send that contribution to Doug and Russ c/o security weekly).

And if you're looking for one of many fields to explore, check out Post-Quantum Cryptography!