Our Daily Breach: No way Q-Day
Murdoc encounters quantum computing in the wild! He had hoped to have this conversation when you were older.
A year has passed since I wrote about the Chinese researchers decrypting a 50-bit RSA key using Canadian quantum computers, but that's honestly the last I've heard of this paper, but it wouldn't be the last I would hear about quantum attacks.
At the NorthSec CTF competition this in May this year, one of the challenges involved a simulated quantum computer that was embedded into the esp32 badge firmware. The prompt for the flag read:
Using a single qubit, initialize it to a |-> state. Then print out the state vector hash and submit to compare the calibration.From there the challenge gets progressively more difficult with more qubits involved. Somehow 40 people solved this challenge that I didn't even know it existed until the write-ups started getting published: https://cryptax.github.io/nsec2025/
For the dozens of you interested in quantum CTF design, the source code for this challenge is here on Github: https://github.com/nsec/nsec-badge/tree/master/ctf-components/quantum
A note from the author of this code that isn't in the repo but probably should be:
Insights into the code - when I first started designing this track, there was no esp32 quantum code. At least nothing really usable. So one of the initial things I looked at was how feasible it was to code it myself. I can't find my original calculations but I vaguely remember reasoning out that our badge had memory for a theoretic max of 13 qubits. I didn't want to push the boundaries too badly, so I kept it to 8 qubits.
... those are more versed in quantum computing will notice a few oddities. In the track doc, the concept of sandwiched gates, like creating the CZ gate based on a universal set, was introduced. I had some ideas to include that in the track overall, however there was some weirdness with tracking phases of qubits with the code. So I ultimately decided to leave the reference (for knowledge, and a bit of an easter egg) and keep the calibration track more "standard".
I could pretend to know what all of this means, but that would be dishonest to you dear reader and I wouldn't do that to you, because I'm not a publicly traded corporation that exposed your private data like some gigolo at a bachelorette party.
