Presidential Candidate Andrew Yang Has Quantum Encryption Policy

At least one presidential candidate has a policy about quantum computing and encryption.

It has two basic planks. One: fund quantum-resistant encryption standards. (Note: NIST is already doing this.) Two, fund quantum computing. (Unlike many far more pressing computer security problems, the market seems to be doing this on its own quite nicely.)

Okay, so not the greatest policy -- but at least one candidate has a policy. Do any of the other candidates have anything else in this area?

Yang has also talked about blockchain: "

"I believe that blockchain needs to be a big part of our future," Yang told a crowded room at the Consensus conference in New York, where he gave a keynote address Wednesday. "If I'm in the White House, oh boy are we going to have some fun in terms of the crypto currency community."

Okay, so that's not so great, either. But again, I don't think anyone else talks about this.

Note: this is not an invitation to talk more general politics. Not even an invitation to explain how good or bad Andrew Yang's chances are. Or anyone else's. Please.

Posted on July 12, 2019 at 5:36 AM • 31 Comments

Comments

quantumguyJuly 12, 2019 7:20 AM

Hi Bruce, I understand your skepticism, this sounds a lot like tech-buzzword sales pitch that you often hear around. However, this time I'm aligned with the position about quantum. Namely, all 3 points that are identified as "problems" I believe are real:

1) Our current encryption standards protecting sensitive national security and banking data, among other types, will one day be decryptable in a short time period.

2) Other countries are currently collecting encrypted information from us that they will one day be able to decrypt.

3) Other countries are developing powerful quantum computing technology at a pace that could outstrip our own capabilities.

I work in the quantum security area (like, both consultancy AND academic work) and the general consensus is that, maybe not tomorrow, maybe not in 5 years, but eventually quantum will be around. "Eventually" used to mean "a looong time in the future", but we now believe that this is not going to be the case. True, maybe there are more immediate and pressing problems in cybersecurity to be solved, but nothing prevents addressing these at the same time as well.

Notice 3 things:

A) problem 2) above is serious. Even if quantum computers arrive in 50 years, the fact that they will allow to decrypt currently stored information might be troublesome for certain kind of data (think of genomics and diplomatic cables)

B) problem 3) above does not necessarily have to do with security. Arguably, quantum computers will be commercially successful in solving real-world problems in chemistry, physics, finance, etc., way before they become a threat for cryptography. So, being ahead in that field is important.

C) there is a general mainstream view that quantum computers will slowly progress in capability until a point where they will start to look like maybe going slightly closer to approaching the point of being vaguely interesting for minor cryptanalytic purposes. Nobody seems to consider the scenario where a single breakthrough discovery turns QC from "can factorize 15" to "can break RSA 4096" in a matter of weeks. But this scenario might be very real: once we manage to realize a single error-free logical qubit (sort of a qubit that self-corrects over time), then we solve the main obstacle in scaling up a quantum circuit (decoherence), and then universal fault-tolerant QC is basically at hand.

This is not, by any mean, an endorsement of the above mentioned presidential candidate.

Just my 2C

RealFakeNewsJuly 12, 2019 7:41 AM

What does he mean by "have fun with the crypto currency community"? I read this negatively, as in he will create them problems. Regulation? Ban?

What is the obsession with Blockchain? Own more than half the network, and it's broken.

Wasn't it shown recently that a certain crypto currency had been the victim of fraud through multi-spending of coins?

I wonder how many transactions are actually fraudulent, in terms of crypto currency itself being attacked. Strange that everyone believes it to be 100% accurate and honest up to now.

Petre Peter July 12, 2019 8:23 AM

I am still waiting for a candidate that would talk about privacy.

Rj BrownJuly 12, 2019 9:07 AM

Quantum or not, cryptographic or just a plain old mechanical combination lock, we tend to forget that security is about protecting something for a sufficient amount of time. If it takes a good safecracker 25 hours to crack the bank vault lock, then it is secure during the work week because the staff will interrupt him while he works, but it is not secure over the weekend because he has oer 25 hours of time to open the vault.

The other aspect we tend to ignore is that we should be able to detect that that the vault has been opened withing some reasonable amount fo time after it happened. So with the bank vault, whn the staff comes in Monday morning, they will hopefully be able to detect that the safe was opened over the weekend.

If we fear that quantuum cryptography will crack our safe vault on sensitive data in the next N years, then we should not be keeping and such data that is not declassifiable in less than N years.

That is good security. All we need to know is what time span is required (or estimated) to crack the safe, and then never kep any data longer than that time period.

The danger comes when the time period is shortened after we thought it was safe for N years, then we discover it is only safe for N-k years. If copies of secure data are made in the hopes of being able to decrypt it later, we must be very conservative in our estimate of N, because destroying the data does not destroy the copy.

meJuly 12, 2019 9:09 AM

Strange language!

"I believe that blockchain needs to be a big part of our future,I believe that blockchain needs to be a big part of our future"

Here using "blockchain" without definite or indefinite article ("the" or "a") or plural ("-s") confers it a kind of quality like "air" or "water" or "god" or "money".

It's clearly way over the top, in other words, it's indicative of a superstition of a new kind of techno religion.

VRKJuly 12, 2019 10:49 AM


@me "Strange language!"

:) Ha ha. I thought that too. Isn't blockchain "a generic gob of hash bubblegum you stick at the end of a ledger to validate its rightful place in the continuum of all prior ledgers"?

Just the mechanic in me again perhaps. I do hope I can get blake2 or some such working in javascript tho. As it stands, my snake oil has been badly broken, failing even my tests. I seek a "Short Message" one-way hash to "blockchain" with.

Glasper L. EnspielJuly 12, 2019 10:56 AM

Colorful beads are sort of like high-tech blocks. One of the major economic coups of all time used what we can summarize as “beads” as the vehicle. The ones who saw that the beads were accepted obtained an entry that let them realize and benefit from a potent multiplier. Who will have the multiplier for the modern beads of blockchain?

Gerard van VoorenJuly 12, 2019 11:17 AM

@ Petre Peter,

> I am still waiting for a candidate that would talk about privacy.

You have got yourself a point. Now, if I was you, I would like to point that out to mr. Andrew Yang, and if he is what he calls himself a 'present-ist', then maybe he can also listen. It's up to you of course.

Clive RobinsonJuly 12, 2019 11:34 AM

@ Bruce,

Okay, so not the greatest policy -- but at least one candidate has a policy. Do any of the other candidates have anything else in this area?

History tells us that politicians are predominately to the point of being almost entirely interested in Money and Power seasoned for some with some peculiar pleasures of the flesh involving domination / submission etc...

There is also an oldish saw about giving politicians money and power is the equivalent of giving a reckless teenage a quart of whisky and the keys to the car, in that fairly soon you know what will happen.

Having worked in a few high tech companies, the last thing we ever wanted was for politicians to take interest in us, because it's the kiss of doom. Kind of like Typhoid Mary going on a glad hand and baby kissing tour.

One reason is because politicians not knowing what one end of a tool is from another or eve what it's designed for let alone how to use it, get their pet advisors in. There are three types of advisor, lobyists and those politicians do not realy listen too oh and those that know how to ensnare them.

As we know from the way Silicon Valley is making it big and buying legislation favourable only to them that they will move in and take control as long as they can squeeze blood out of other peoples stones.

The result will be a "bubble market" with out jurisdictional or distant limit, which will only be of benifit for just a favoured few in even the short term, and as for the rest of us well, we will be product and so will our privacy.

The reality is the only companies that will be alowed to survive are those with the right political connections and friendly with the right agencies, the history of crypto tech for the last hundred years shows us that.

As for the "great white hope" of technology "open source" it's track record on developing secure systems is not exactly stellar...

Also for comparison have a look at the supposadly ultra secure Quantum Crypto from BB84 onwards, they have not exactly been secure either. Worse it's a hiqhly limited market solution basically looking for a problem to solve, and thirty five years later it's still unafordable and unscalable and won't get you very far down the road. So much so that an old Citroen 2CV2 stocked high with DVD's of one time pads and a full tank of gas has a greater and faster throughput.

It might be interesting to live another 50-60years as a fly on the wall, but most certaibly not as a citizen.

Oh and what's the state of play with that mid 1970's algorithm by Robert McElliece, that is so far maybe secure against Shor's algorithm? Are we sure Shor's algorithm and variations on Fourier sampling are the only ones we have to worry about?

After all slight variations on McEllice that did not use Goppa liner codes have been shown to be susceptible to other attacks via structral decoding[1].

Further if memory serves correctly it was about a decade ago that, Daniel J. Bernstein showed that the already immensely large McEllice key would have to be atleast four times larger (so ~0.5Mb and growing). At this rate our keys will easily exceed the size of our messages...

But there are other issues to be considered as well, it's worth having a look at the curious properties of BIKE (Bit Flipping Key Encapsulation). Not only does it require inordinate amounts of reliable entropy for it's "use only once" ephemeral keys. It also has an issue in that the encrypted data does have a recognizable signature that "Eve can not just see but know that the algorithm is in use". Or to put it another way making an add-on for the Great Firewall of China etc is going to be more than possible. So equipment will probably be designed to detect BIKE encryption in networks and action taken against it such as at the very least throttling it back or entirely blocking it. Whilst you might think this would only be of interest to the likes of State Actors, think again, Silicon Valley billionairs companies are reliant on you not having privacy from them. This is a game the telco's and Wanabe ISPs are getting into as well, it obviously would be in their interest now the FCC alows it to be done to make any BIKE traffic as slow and undesirable to use as possible, such that users will continue to use HTTPS etc or other weak system they can then unmask your privacy with in some way...

I can see the likes of Politicians advisors from the SigInt agencies getting very interested in post-quantum crypto with such odd characteristics.

[1] https://eprint.iacr.org/2014/210.pdf

YT-IG-FBJuly 12, 2019 12:07 PM

To heck with blockchain, we need pols who will wrestle Google, YT, IG, FB into humble submission before moving forward with BC. BC has already shown its ability to help criminals be criminals in ways that CCs and actual cash cannot, via not only anonymous payments, but anonymized theft too. Meanwhile, BC doesn't represent the threats to social stability that the digital behemoths clearly do because it hasn't been as widely deployed.

Paper money is hard to steal, let's keep paper money around (and paper ballots, too).

So far Yang's Different =/= Better.

qubert-satoshiJuly 12, 2019 12:28 PM

Somehow I don't believe that Yang, nor any of the other candidates, could ELI5 what "quantum computing" is. Or a blockchain, for that matter.

What the US technology infrastructure needs is a GDPR and a hefty wave of antitrust. We'll get neither, because corporations own the government, regardless of who is in the White House.

qubert-satoshiJuly 12, 2019 12:38 PM

"me" wrote It's clearly way over the top, in other words, it's indicative of a superstition of a new kind of techno religion.

People are often willing to be religious about things they scarcely understand, especially if those things are wildly popular. Consider climate change. Not one in a thousand believers even knows what the "troposphere" is, or could tell a standard deviation from an STD.

qubert-satoshiJuly 12, 2019 12:49 PM

RealFakeNews What is the obsession with Blockchain? Own more than half the network, and it's broken.

lol. You sound like the romantics that complain that if only everyone would vote, we could elect the right people and change the world. How exactly do you propose to "own half the network"?

To explain the "obsession" again: it is common for people to become obsessed or religious about things that they scarcely understand, especially if those things are popular. Basic human psychology. Works on same principle as viral videos. Has nothing to do with inherent value/accuracy/permanency/usefulness of said thing.

Jeff HallJuly 12, 2019 1:17 PM

The thing that really scares me is where did the people that developed these thoughts come from because as you point out the policies themselves are not quite as accurate as they should be. It says to me at least he has incompetent people developing his policy statements and is not involving true subject matter experts, i.e., the blind leading the blind.

This is no different than the resurrected debate on breaking encryption so that law enforcement and others can have an easy time of doing their investigations. The people involved just do not seem to understand the very simple fact that what they want to do breaks encryption and makes it worthless - period - FULL stop! Yet, somewhere there are people that are advising them just the opposite or at least are not telling them the full story.

It's very scary when the inmates are running the asylum.

TatütataJuly 12, 2019 2:55 PM

1) How could anyone in 99.44% of the public relate to this question?

2) How is this more important than say, global warming?

I got it: let's propose a quantum blockchain solution to climate change!

Note: this is not an invitation to talk more general politics. Not even an invitation to explain how good or bad Andrew Yang's chances are. Or anyone else's. Please.

Insert $CANONICAL_DISCUSSION_ABOUT_WEATHER here.

Peter Sellers' Chauncy Gardiner was truly prophetic...

RachelJuly 12, 2019 3:16 PM

he knows how the game works. this is nothing to do with the voters.
question 1 is appealing to needs of the NSA
question 2 appeals to needs of military (in the sense they merge out of the NSA project)
squeezing in a nonsensical reference to blockchain is a nod to banks financial regulators and fintech

ScottJuly 12, 2019 3:19 PM

Andrew Yang is also the only presidential candidate talking about the need to prepare for the millions of jobs that will be eliminated due to robots and AI.

Clive RobinsonJuly 12, 2019 4:28 PM

@ Tatütata,

I got it: let's propose a quantum blockchain solution to climate change!

That is easy "Outlaw all proof of work algorithms" that are used with blockchains and that will be like making thr whole of Austria not exist[1], hrnce cut the carbon foot print immensely...

[1] Or what ever other country crypro currency mining is now the equivalent to in terms of total energy consumption[2].

[2] Though the polution footprint is probably larger. From ehat has been said the "cheap electrcity" used is most likely generatrd with poor fuel sources like "brown coal" or imported oil that's been literally shipped half way around the world... "Brown coal" and "Bunkering fuel oil" are realy barral bottom scraping of the energy supply business, excesively dirty thus cheap.

Clive RobinsonJuly 12, 2019 5:00 PM

@ Scott,

... prepare for the millions of jobs that will be eliminated due to robots and AI.

Actually something like one third of the workforce is effectively not productively enployed already.

Yes about one third of employees are effectively doing "make work". Back in the 1980's the conversation was about what people would do if they only had to work a two or three day week...

Historical studies have shown that what many would consider the more productive workers who "create with their minds" probably only actually do work for one to three hours a day. The rest of the time they are "filling in" with some other activity.

Look up the real history behind the protestant work ethic. In essence it was a scheme to control the population politically. You make them work long hours doing meaningless or mind numbingly boaring work for two reasons,

1, To stop them becoming politicaly active.

2, To keep what we would now call "rent seekers" in a very comfortable life style.

The nonsense about religion as always the old con about "life after death where the meek shall inherit the earth" etc. Compleate tosh that worked from the Roman times onwards. In effect "the church" provided the "civil servents" of the day and likewise the equivalent of politicians.

But the biggest joke of all on.us in the West was the discovery of the Kalahari Bushmen. It so shocked those who funded the explorers it was in effect kept as a state secret. Put simply the bushman awoke and spent fourty minitues to an hour attending to his daily needs the rest of the time they were free to just sit under a tree and watch the world go by...

What many have not realised is that society has two sets of people that are actually needed. Those who think creatively and design the technology to make life less arduous and those who care for other humans who cannot for what ever reason look after themselves to the standards society expects. Whilst we still need some humans to man the machines and do things that machines can not do. As we have got rid of those atleast productive jobs they have been replaced with "administrative" and "guard labour" jobs that actually serve no real purpose other than to keep people effectively falsely occupided so they don't actually see what is going on around them and causing problems for those who see themselves as the new kings, earls and barons.

Thus the real secret in life, is to find someone prepared to pay you to do what you want to do. But a word of caution also ensure you have a hobby, that will cater for the "life long learning" that will keep your brain thus your body alive way longer than those that stop learning. But a word of caution, I've made the mistake several times in my life of turning a realy good hobby into well paid profession, and run out of hobbies I actually realy enjoyed which is a real pain.

Lawrence D’OliveiroJuly 12, 2019 5:43 PM

Quantum computing ... *yawn*. So far it’s been incapable of solving anything more than numeric, physical-simulation-style problems. Anything number-theoretic has been completely beyond its capability.

In other words, quantum computers are just old-style analog computers rehashed. They can give numerical answers quickly, but with limited precision. Anything that requires long-word-length digital computation (which includes encryption/decryption) is more than they can manage.

Impossibly StupidJuly 12, 2019 5:45 PM

@RealFakeNews

What does he mean by "have fun with the crypto currency community"? I read this negatively, as in he will create them problems. Regulation? Ban?

Just about anything the US government does would affect cryptocurrency markets in a negative way. One of the most damaging things they could do would be to have the Treasury issue their own form of digital cash. Who would bother working with one of the stablecoin alternatives with that in place? It would also erode the market for "proof of" value-derived cryptocurrencies, because very few people want to bother with all that speculative busywork.

What is the obsession with Blockchain? Own more than half the network, and it's broken.

That's not necessarily true of all implementations. As Bitcoin's growing pains have shown, there are a lot of alternative solutions bubbling around that address various issues that have been encountered. And it should go without saying that a government-controlled ledger, even if essentially decentralized in normal operation, will be the ultimate authority of how the system operates.

Wasn't it shown recently that a certain crypto currency had been the victim of fraud through multi-spending of coins?

And? The potential of fraud exists for all conventional currencies, too. It doesn't make sense to single out the bad implementations. The only real questions blockchain technologies address are ones that can be answered by a public ledger of secure signatures. Everything else is up for grabs.

I wonder how many transactions are actually fraudulent, in terms of crypto currency itself being attacked. Strange that everyone believes it to be 100% accurate and honest up to now.

Nobody believes that if they have any understanding of how the various implementations work. The real question is what forms the fraud can take and what, if anything, can be done to correct the errors.

That's the inherent problem with encryption: whether it's quantum attacks or just law enforcement agencies trying to mandate backdoors, once it's crackable, the genie is out of the bottle. You must have larger policies in place that limits the amount of damage that can be done when certain parts of the system fail. There are all sorts of examples of that not being done, and so we are consequently surrounded by these fragile infrastructures which we pretend are the basis for a safe and secure society.

MarkHJuly 12, 2019 6:12 PM

@Clive:

I've seen estimates that in the Soviet Union, up to 40 percent of the "work force" was effectively unemployed ... though almost all of them were on the rolls of some organization, had a "workplace," and were receiving their miserable pay packet.

The reasons for this policy are quite apparent.

TatütataJuly 12, 2019 8:42 PM

though almost all of them were on the rolls of some organization, had a "workplace," and were receiving their miserable pay packet.

The joke went: "We pretend to work, and they pretend to pay us."

Nowadays these people can be gainfully employed in resetting GE light bulbs.

And this thread began with "blockchain" with its "proof of work", so this is still OT. :-)

AlexJuly 12, 2019 9:44 PM

@quantumguy,

Mr. Yang is also in support of cryptocurrencies which is a boon to certain circles. I suspect this is just his appeal to the tech community due to his personal background. Whether his appeals will materalize if and when he gets elected remains to be seen.

Clive RobinsonJuly 13, 2019 4:26 AM

@ Tatütata,

And this thread began with "blockchain" with its "proof of work", so this is still OT. :-)

Proof of work, is I guess the ultimate form of "makework" so it's definitely "on topic" and not OTT ;-)

Oh the spell checker on this phone has finally decided that the name you use should be "in the dictionary" 0:)

Which is helpfull as today is due to "unseasonal weather" in London effectively a "slow progress day" that started due to the weather long befor "OMG it's Sparrow Chirp time". Not that we get many sparrows these days, or the more anoying starlings. No we have something many times more troublesome "Parakeets" some years ago in deepest dark Strawberry Hill in South West London they got into the wild, where climatic chsnges have suited them. The result is as often happens with an invading species, decimation of the existing wild life. Whilst I disliked starlings for their noise and mess, the parakeets are something many times worse, like drunken beligerant youths they make their presence felt in most unwelcome ways...

SeanJuly 13, 2019 5:33 AM

No wonder a type with an endless list of ideas about things that could be done with other people's money has a policy for anything.

Mr Schnier has a soft spot for central planning so this appeals to, rather than outrages, him.

TatütataJuly 13, 2019 6:47 AM

Clive,

Douglas Adams also had choice observations about the usefulness of work in his quadrilogy, with the episode where telephone cleaners were sent forward together with hairdressers and co. in the first (and last) Golgafrincham ark as vanguards. As a matter of course, the "civilisation" they left behind collapsed from a bug propagated on a dirty telephone. The ark's destination was the earth.

[ Back in the days the great influenza epidemic of 100 years ago, telephones were feared as a propagation vector, and all manners of more of less effective devices were devised to prevent this. Our time has solved the problem with the personal, quasi-disposable, device. But our phone still carry viruses anyway, and we're not that effective either at controlling them. ]

Anthropologist David Graber wrote an interesting essay back in 2013 called "On Bullshit Jobs" that went, to use this modernism, "viral". He turned it into a book in 2018, which I recommend.

justinacolmenaJuly 13, 2019 10:57 AM

Okay, so not the greatest policy — but at least … a policy.

A “policy” is (or should be) like a German Richtlinie, literally a technical guideline or directive or rule of thumb, ideally a how-to (like an RFC from the IETF) that one could read up on and follow in order to do something correctly or make it function properly.

I do not like to see so much technical “policy” that appears intended to be passed as law or enforced by punishment or censure.

When people are doing something wrong, it is invariably something very basic they are doing wrong, and that is what they should be called to account for, not some technical violation of a “policy” established on questionable grounds.

BobJuly 15, 2019 8:48 AM

>at least one candidate has a policy

Politician's syllogism. It's possible for no policy to be better than a bad/stupid policy.

TatütataJuly 15, 2019 2:42 PM

Re: Politician's syllogism

This one was straight out of "Yes, Prime Minister", Series 2, Episode 5: "Power to the people", (@ ~ 19'17"), in a cynical exchange between Sir Humphrey and Sir Arnold:

We must do something;
This is something;
Therefore, we must do this.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.