Security Community Security Industry

DEFCON Quantum Village 2: Electric Boogaloo

Last year, I went to the Quantum Village and encountered some absolute bullshit, which I proceeded to call out.

This year, while I was walking around the Crypto + Privacy Village at DEFCON 31 in fursuit, a wild Cendyne approached me and asked, “There are going to be some debates at the Quantum Village; do you want to go check them out?”

Photo by PhaseNoise

I’m not going to recite a play-by-play of the events that occurred there (I’m sure it’s recorded elsewhere online already… and if not, Cendyne blogged about it too), but the gist of it was an Oxford-style debate whose outcome would determine the official position of the Quantum Village.

The first topic for our Second Annual #Quantum Village Debate:

“The Quantum Village believes individual citizen privacy will be enhanced with the fielding of new quantum technologies.”

David Joseph will argue for the proposition

Troy Mills will argue against.

You will vote.

Bob Gourley, Quantum Village @ DEFCON 31

Not to throw too much shade, but this characterization is misleading for the actual content of the debate.

David Joseph certainly argued in favor of quantum technology enhancing individual citizen privacy.

However, Troy Mills’ position seemed less against and more middle of the road… which, to be fair, is the most reasonable position to take on the question. None of us have access to a crystal ball that can reveal the future for any technology with any degree of certainty. Experts can, and often will be, wrong about technology.

The absence of a real opposition meant choosing between an optimistic pie-in-the-sky windbag who stammered down their nose at a question from “the person in the… dog suit?” and someone who’s kind of 50/50 about the whole ordeal (but performatively takes the side of opposition).

Imagine not knowing what furries are in 2023.

Art: valery91thunder

My question, by the way, is an obvious one to ask when presented with the notion of unstealable quantum money: “How do you make unstealable money that can also be spent?”

This isn’t a one-dimensional question, either.

On one paw, you have the risk of rubber-hose attacks. Just because you cannot steal quantum money with math doesn’t mean you cannot steal it with violence. If it can be spent, it can be stolen. Model your threats accordingly.

On the other, as Patrick McKenzie is fond of pointing out, our financial systems depend on an optimal amount of fraud, which is non-zero. Quantum Money, as postulated, is incompatible with modern financial systems and human error.

I am not an expert in quantum technologies. My only exposure to them is as a threat to some of the cryptography we use today.

We didn’t stick around for the vote, because we needed to leave for another event.

That night, I went on the Quantum Village discord and saw the participants there found my question insightful.

The point made about how do you spend quantum money was interesting. Quantum money has been introduced as a way of preventing counterfeiting. If you do an operation called the controlled swap between a valid “coin” and a test coin, you can reveal the validity of the coin without “measuring” the coin. The problem is that this can be put to any other area – for example you could search someone’s “quantum-safe storage” for specific key words without destroying the state.

This is something that I would not have considered without seeing this debate.

QuantumNerd#0000 on the Quantum Village Discord

After discussing further with the participants in the audience, and reflecting on my experience from last year, my takeaway isn’t at all that the Quantum Village is wittingly hosting security charlatans or engaged in vapid performative theatrics.

Ultimately, I think the Quantum Village suffers from a lack of vocal skeptics involved in their planning and Call For Presentations.

With that in mind, I would like to make a few suggestions to the community at large to make the Quantum Village a better experience for DEFCON 32 in 2024.

Soatok’s Proposal

First, the Quantum Village need more cryptographers; both in attendance and as speakers.

This includes aspiring cryptographers and students. You’re likely better at discussing security threats and understanding how cryptography-relevant quantum computers will impact society than you give yourself credit for. Many of you have exactly the knowledge and experience needed to mount an honest opposition to quantum optimism.

To make the intermingling of the two villages seamless, I’d like to ask the DEFCON event staff to place the two villages next door to each other in 2024, if possible.

Whether or not that last request can be satisfied, as a stretch goal of this overall effort, I think a joint quantum/cryptography CTF would be a worthwhile endeavor; especially if we can get laboratories involved in modern cryptography validation to contribute tools for assessing side-channels.

Partly because it would be fun to see hackers defeat Quantum Key Distribution with side-channel emissions. Partly because it would be a great technical challenge for all parties.

Stretch goal for the stretch goal: Somehow involving gold atoms with the Crypto & Privacy Village’s Gold Bug challenge is a shitpost too good to pass up.

Final Thoughts

It may be tempting for some to look at my experience these past two years at the Quantum Village and use it to discredit or demean the people involved. I don’t agree with this course of action.

NO sticker
Art: CMYKat

The most valuable thing you can do for your community is to help them. Build others up, don’t tear them down.

Yes, you still must call the charlatans out. “If you see fraud and don’t say fraud, you are a fraud,” is a Nassim Nicholas Taleb quote worth remembering.

However, well-meaning people make mistakes and are sometimes misinformed.

Everything I have observed from the Quantum Village and its attendees leads me to believe these are correctable problems, provided the right people get involved. And if you’re reading my blog, you’re probably one of the right people.

If we do not help the Quantum Village at DEFCON, I fear it will likely become a magnet for fraudsters like Terra Quantum and TimeAI that want to get their foot in the door by calling themselves a DEFCON speaker; using the unchecked optimism of the Quantum Village as a tool to manipulate. Nobody wins.

Skin–er, Fur–in the Game

For my part, at some point between now and DEFCON 32, I intend to submit a talk about cryptography and the real-world threat of quantum computers.

This is the quantum-relevant topic I feel most qualified to discuss, partly because other cryptographers have had to correct me about mistaken beliefs on the topic in the past.

If accepted, I will deliver the talk in fursuit.

If you want to get involved too, the Quantum Village’s website is the best place to start. They’re active on Discord.

By Soatok

Security engineer with a fursona. Ask me about dholes or Diffie-Hellman!

Bark My Way

This site uses Akismet to reduce spam. Learn how your comment data is processed.