![Page 1: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/1.jpg)
Cybersecurity in an era with quantum computers: will we be ready?
Michele Mosca19 October 2016
![Page 2: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/2.jpg)
A new paradigm for physics: quantum mechanics
![Page 3: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/3.jpg)
A new paradigm for computation:quantum computation
E. Lucero, D. Mariantoni, and M. Mariantoni
![Page 4: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/4.jpg)
What is a quantum computer?• What is a classical computer?• A device that encodes information in an array
of bits, and can manipulate those bits according to simple rules.
0= 1=
![Page 5: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/5.jpg)
New feature:superposition/parallelism
A physical system that can exist in two or more distinguishable states can in a special way embody all the distinguishable states at the same time
==0
==1
7071.0 7071.0−
%50 %50
![Page 6: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/6.jpg)
019.0
000.0
242.0
121.0
−
+
−
401.0
000.0
000.0
875.0
+
+
+
−
![Page 7: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/7.jpg)
Simulating quantum bits with classical bits
• Describing n qubits in a classical computer in this way uses more than 2n
bits of memory.# qubits #classical numbers to store
3 8=23
4 16=24
10 1024=210∼Kilo
20 1048576=220∼Mega
30 1073741824=230∼Giga
40 1099511627776=240∼Tera
50 1125899906842624=250∼Peta
60 1152921504606846976=260∼Exa
70 1180591620717411303424=270∼Zetta
128 340282366920938463463374607431768211456=2128∼3.4x1038
230 1725436586697640946858688965569256363112777243042596638790631055949824=2230∼10100
![Page 8: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/8.jpg)
"Global" patterns: Seeing the forest without observing the trees.
What are quantum computers good for?
Example: The sequence 34, 12, 54, 38, 57, 34, 12, 54, 38, 57, 34, 12, … has a period of length 5.
Imagine a sequence with an astronomically large period.
![Page 9: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/9.jpg)
Example
With a handful of quantum glimpses:
“length of period = 729672482463”
“any specific value in the sequence = ???”
![Page 10: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/10.jpg)
Applications: studying materials and chemicals
![Page 11: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/11.jpg)
Applications: Searching and Optimizing
![Page 12: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/12.jpg)
New feature:Eavesdropper detection
![Page 13: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/13.jpg)
Quantum Cryptography
SwissQuantumNetwork
Beijing-Shanghai QKD Backbone
Tokyo QKD Network
Battelle QKD NetworkColumbus, Ohio, USA
swissquantum.idquantique.com/?-Network-
http://www.uqcc.org/QKDnetwork/http://www.battelle.org/our-work/national-security/cyber-innovations/quantum-key-distribution
http://www.idquantique.com/photon-counting/clavis3-qkd-platform/
http://www.quantum-comm.com/index.php/Cate/index/pid/1 http://www.qasky.com/Product.aspx?id=94
Courtesy of Qiang Zhang, USTC
![Page 14: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/14.jpg)
Free-space Quantum Cryptography
Thomas Jennewein et al., Smiths Falls, Ontario, Canada, Sept. 2016
![Page 15: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/15.jpg)
![Page 16: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/16.jpg)
New paradigm brings new possibilities
Designing new materials, drugs, etc.
Optimizing What else???
Sensing and measuring
Secure communication
![Page 17: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/17.jpg)
But… while in the old paradigm
Encrypting is easy. Codebreaking is hard.
![Page 18: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/18.jpg)
…in the quantum paradigm
Encrypting is easy. Codebreaking is easy!
![Page 19: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/19.jpg)
Cyber attacks
![Page 20: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/20.jpg)
Algorithm Key LengthSecurity level (Conventional Computer)
Security level(Quantum Computer)
RSA-1024 1024 bits 80 bits ∼0 bitsRSA-2048 2048 bits 112 bits ∼0 bitsECC-256 256 bits 128 bits ∼0 bitsECC-384 384 bits 192 bits ∼0 bitsAES-128 128 bits 128 bits ∼64 bitsAES-256 256 bits 256 bits ∼128 bits
How secure will our current crypto algorithms be?
![Page 21: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/21.jpg)
What will be affected?
Products, services, business functions that rely on security products will either stop functioning or not provide the expected levels of security.
Clouding computingPayment systemsInternetIoTeHealthetc….
RSA, DSA, DH, ECDH, ECDSA,…
AES, 3-DES, SHA, …
Secure Web Browsing -TLS/SSLAuto-Updates – Digital SignaturesVPN - IPSecSecure email -S/MIMEPKI
etc…
![Page 22: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/22.jpg)
Do we need to worry now?
Depends on:• X = security shelf-life• Y = migration time• Z = collapse time“Theorem”: If X + Y > Z, then worry.
y
time
xz
![Page 23: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/23.jpg)
Why do we need to worry now?• X = security shelf-life (required security time horizon)• Y = migration time (planning and full implementation)• Z = collapse time (time to development of quantum
capability) “Theorem”: If X + Y > Z, then worry.
Z = “Time to Invention”
X=Security Time Horizon(5 yrs)
2017 2019 2021 2023 2025 2027 20302018 2020 2022 2024 2026 2029 2031
Y=Implementation(5 yrs)
X=Security Time Horizon(20++ Years)Y=Implementation
(10 yrs)
OrgA
OrgB
Targeting existing encryption key systems unlocks everything using legacy capabilities
![Page 24: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/24.jpg)
Bottom line
Fact: If X+Y>Z, then you will not be able to provide the required X years of security.
Fact: If Y>Z then cyber systems will collapse in Z years with no quick fix.
![Page 25: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/25.jpg)
Building a large quantum computer
![Page 26: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/26.jpg)
Towards a fault-tolerant designIARPA [July 2015]: “BAA Summary – Build a logical qubit from a number of imperfect physical qubits by combining high-fidelity multi-qubit operations with extensible integration.”
Several leading groups internationally have reported receiving awards.
![Page 27: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/27.jpg)
What I don’t worry about
• How big of a number has been quantumly factored to date [wrong benchmark]
• “Quantum computing” approaches that do not have a path for fault-tolerantly implementing quantum algorithms that are known to threaten cryptography (e.g. “adiabatic quantum computers”) [not a known threat]
![Page 28: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/28.jpg)
What is ‘z’?Mosca:[Oxford] 1996: “20 qubits in 20 years”[NIST April 2015, ISACA September 2015]: “1/7 chance of breaking RSA-2048 by 2026, ½ chance by 2031”
Microsoft Research [October 2015]: Recent improvements in control of quantum systems make it seem feasible to finally build a quantum computer within a decade. …Use of a quantum computer enables much larger and more accurate simulations than with any known classical algorithm, and will allow many open questions in quantum materials to be resolved once a small quantum computer with around one hundred logical qubits becomes available.
![Page 29: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/29.jpg)
Quantum-safe cryptographic tool-chestconventional quantum-safe cryptography a.k.a. Quantum Resistant Algorithms (QRA) or Post-Quantum Cryptography
•Deployable without quantum technologies•Believed/hoped to be secure against quantum computer attacks of the future
quantum cryptography
•Requires some quantum technologies (less than a large-scale quantum computer)•Typically no computational assumptions and thus known to be cryptographically secure against quantum attacks
+
Both sets of cryptographic tools can work very well together in quantum-safe cryptographic ecosystem
![Page 30: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/30.jpg)
Security is a choice
![Page 31: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/31.jpg)
![Page 32: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/32.jpg)
4th ETSI-IQC Workshop on Quantum-Safe Cryptography
![Page 33: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/33.jpg)
![Page 34: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/34.jpg)
Managing the quantum risk
+ > Security Shelf life
Urgent action required to
minimize losses
Migration Time
Collapse Time
+ < Acting now will
avoid losses
Proprietary Information of evolutionQ Inc.
• We need to assess x,y and z for the range of information assets and business functions.
![Page 35: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/35.jpg)
Assessing and managing ‘y’
• This is the part we have control over• Leverage existing risk mitigation policies, procedures, and processes.• Manage community and technical challenges to deploying quantum-
safe cryptography.• Consider “hybrid” approaches to retain robustness of tools protecting
against today’s threats while introducing new tools designed to protect against the future quantum threat.
![Page 36: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/36.jpg)
openquantumsafe.org
![Page 37: Cybersecurity in an era with quantum computers: will we be ready? · 2019. 2. 11. · A physical system that can exist in two or more distinguishable states can in a special way embody](https://reader033.vdocument.in/reader033/viewer/2022060906/60a1527c3a3658245a2c4da5/html5/thumbnails/37.jpg)
Thank you!
• Comments, questions and feedback are very welcome.
Michele MoscaUniversity Research Chair, Faculty of MathematicsCo-Founder, Institute for Quantum Computing www.iqc.ca/~mmoscaDirector, CryptoWorks21 www.cryptoworks21.comUniversity of [email protected]
Co-founder and CEOevolutionQ Inc. [email protected]