When will a quantum computer be able to crack modern encryption and what should we do about it?

So our final talk for the day on the main track uh is from Rajiv Shah. It's going to be about quantum computing specifically when will quantum computer be able to crack modern encryption and what should we do about it? A question I think we all know the answer to. So please uh please take it away Rajiv and welcome him to the stage.

>> All right. Well, thank you very much. Thank you for making it to the end of the day and coming along to listen. Um so so I'm going to talk to you about quantum computing and what we should do about it. Uh just my background my background came I did a PhD in physics and I worked for a company called Detica and BAE for about 20 years and now because I had one job for 20 years I have about six separate jobs that I try and do at the same time. Um but I'll let you go and read my bio in the program. Um so what I'm going to talk to you today is take on a bit of a journey. So

we'll talk a little about what is quantum. Then we'll talk about what a quantum computer is and then why do we care and what should we do about it and if we're going to do something about it how do we actually get started. So why are we talking about this now? You're probably hearing a lot about quantum at the moment. One of the reasons you may be aware 2025 is the international year of quantum. Uh it marks 100 years in some of the major developments in quantum theory. Um but also highlights the fact there's a number of quantum technologies such as quantum computing that are coming to the four. And although these might seem like

quite long-term technologies that may take a while to get there, they're the sort of things where we need to start doing some work now to be ready to plan for the risks and the opportunities of those. So what is quantum physics? Um quantum physics is weird, right? That's the simple example. Um quantum physics is not like anything you're used to in the real world. Um because what quantum physics does is it explains how individual atoms and electrons and subatomic particles behave. And it's completely different from how things behave. You know, this is a solid lecton here. You know, I put my hand doesn't go through it. According to quantum theory is the probability I'm going to put my

hand there, it's going to go all the way through. But that probability is so small and therefore it never happens and therefore that's what you expect to happen. But when we look at the details about how individual atoms and individual particles behave, it becomes very counterintuitive. And physicists like myself like to use like fancy terms like wave particle duality, entanglement, and we've even brought in teleportation because it makes it sound exciting because you probably think we're going to talk about Star Trek. But I'm sorry to disappoint you, we won't talk about Star Trek. Um, but as I say, it's complicated. So Richard Fine was a famous physicist and he said you can safely say no one

understands quantum mechanics. which is why it's a really good subject to talk about because then if anyone looks puzzled and doesn't understand what I'm saying, it means I'm doing a really good job. So, all right, what's quantum physics? Someone asked me, can we have a partial differential equation in there? So, there's one. But, um, don't worry, I'm not going to start trying to get teach you differential equations at this time in the afternoon. Um, what I will do though, maybe example, is talk about an example called Schroinger's cat. I don't know if people have heard about this. Um, we got any cat lovers in the audience? Okay, I apologize. This is entirely a thought experiment. As far as

we're aware, no one's ever done this experiment. But Shreddingers CAD is one of the examples that Shreddinger came up with just how weird quantum mechanics is. Um, and it comes down to the fact that basically things are all probabilities. So say you have a radioactive source and it has a half life of a minute. So after a minute, there's a 50% chance of a heming decay and a 50% chance of it not having decayed. And according to quantum mechanics, it actually remains in this combination of probabilities until you actually observe it. And we observe it, it either decays or it hasn't decayed. And so if we now take this radioactive source, put it next to a bottle of

poison. So when the radioactive source decays, it releases the poison. And then we put the cat in there as well. And we close the box up. It's like a thought experiment. Don't worry, no cats were really harmed during the course of this. Um, we close it all up. And then what happens? This cat is actually in this superp position of probabilities of being half alive and half dead until we open the box up and then we look and see whether it actually is or not. Everyone completely confused. Everyone think I'm talking rubbish? Again, again, anyone who's not shocked by has not understood it. So that means I've explained it really well. Anyway, so the idea of this

is really to help you to understand that quantum physics, as I say, is weird, right? It's not like anything you intuitively do know in the real world. And therefore, that means sometimes you have to sort of suspend your intuition and your disbelief when we talk about what quantum mechanics can maybe do for us. And so, you know, we hear a lot about quantum computing. And yet, when you think about it, all the computers we use today all actually depend on quantum physics. So things like LEDs and the fact they emit certain frequencies of lights, things like transistors and the band gap and the way that they work in switching electronic circuits is all because of quantum physics, right? All

those different energy levels in there. And therefore, we actually use quantum devices all the time. So what is all this stuff that you hear about quantum now? The stuff we talk about quantum is sort of next generation of quantum or sometimes quantum 2.0 zero is where we can say actually instead of going for these sort of bulk quantum phenomena we start getting to the point where we can manipulate and change the quantum state of individual atoms or individual particles. I was a theoretical physicist and back in the days when I was doing my PhD it was great because we say if in theory you could produce a single atom configuration then you could do this

this and this right and it was very safe to say it's because we knew no one had a chance of being able to do it but now you know 20 30 years on people have worked out how to do it. Fortunately, those predictions that we made back then are proving to be fairly accurate. Um, but what this means now is that we hear a range of different technologies and some of the ones you might have heard is things like quantum timing, quantum positioning, quantum communication, quantum sensing. Um, but obviously the one we're going to talk about most today is quantum computing there. Okay. So, what is a quantum computer? Um, well, it's a fundamental level. It contains something called

cubits. And this is nothing to do with Harry Potter. I do apologize if you thought you hear Harry Potter at all, but um the physical cubits they can be made in different types of ways. So we have things which involve superconducting junctions, some things which involve trapped ions, some that involve photons. There's a number of different sort of physical types of cubit that people are experimenting with and trying to use. Um and then on top of this, of course, you know, that doesn't just make a computer. We got to layer a few other things. So we need a control plane and some control circuitry and assemble it all together into some hardware. And you see pictures like

this. This is a picture of an IBM quantum computer. You see it used a lot. Looks really pretty. It looks like a chandelier. Um the interesting thing about this actually is that if this point works, the actual quantum computer bit is just in there, right? It's a tiny bit in the middle. All the rest around it is actually cooling equipment because these quantum computers are actually very delicate and most quantum computers have to be cooled down to almost down to absolute zero. So, you know, 99% of that is actually cooling rather than computing unit itself. Then on top of this, we need to layer more. We're going to need some sort of compiler. We're going to need some sort of programming

language. And know these exist. We have a thing called Quiskuit for example IBM has which is a very simple scripting language. Anyone's used a Jupyter notebook would be quite familiar with trying to use Quiskuit. And then we need to run some algorithms on top of it. So that's sort of roughly what a quantum computer consists of. And why is it so special? As I say quantum computers use this thing called cubits, right? And cubits are just very different from the standard binary computing that we do. Right? When we do binary computing you know that a bit is a zero or a one, right? And that's the two possible states that it can have. Cubits are

different. Cubits actually have a a continuous number of possible states that you can think of as points on the surface of a sphere. So what this means is a cubit can actually encode much more data or much more complex data than just a n or a one. The other interesting thing about that is it also makes them much more susceptible to noise because if you think about it with a binary computer, say you've got n is n volts and one is 5 volts and the signal fluctuates and you get 4 1/2 volts. Well, it's probably a one still, isn't it? Now imagine you've got a measurement on here and it moves slightly to there. Well, is that noise or was that a

genuine thing that happened? And therefore, that's one of these things that the it makes a challenge in trying to get a quantum computer to work. But it also means as I say, it gives you this amazing richness of complexity of the sort of things that you can encode and the sort of things you can compute because you basically got so many more you basically got a continuum of possible states around the surface of that sphere instead of just a n or one in your single bit. And so what this means then is that we can also start to put these cubits together. And what it actually means is that these states on here actually turn

out to be these probabilities. And if I put them together, you end up with combined probability distributions. And what this means is that the computing power scales exponentially with the number of cubits. So as I more and more cubits, my computing power grows exponentially. And so what this means actually is that we can do something completely different from normal computers. And it's very important to remember, right? So you might hear people sort of say, well, you know, quantum computers are just classical computers on steroids. You say, you know, people probably know better, say things like, well, a quantum computer will just do calculations faster, better, cheaper than a classical computer. And that's actually completely wrong because people completely

misunderstand. If you want to do things like binary arithmetic, then you need to just stick to using standard classical bits and ns and ones. But what these cubits allow us to do is actually do completely different types of computation. And therefore, what this means is you have things, for example, which are impossible to do or infeasible to do in a sensible amount of time with a classical computer. And we might find ways that with a quantum computer, we could actually run those and achieve managing those calculations. So what this really means is that things that we thought were computationally intractable now become things that we can think about doing. So rather than go into a lot of

mathematical detail, again I'll use an analogy here. Um and the analogy stay with me on this one. Um is that giving someone a quantum computer is like giving a caveman a speedboat. And I'll explain a bit more. Right? So imagine you were a caveman and what you had to do was climb up mountains to go and find food every day. If I come and give you a speedboat, it doesn't really help you get up the mountain. You could sort of do it. It'd be pretty difficult and probably easier than probably much harder than just sort of climbing up there yourself. But once I give you a speedboat, it gives you the chance to do something you thought was completely

impossible, which is, you know, go across to the island on the other side of the river, which was otherwise just too far away and you were going to drown before you could get there. And therefore, this is the important thing I'd like you to sort of take away is that with a quantum computer, it's not about trying to solve the problems we do with a computer today. It's actually finding the problems that we can't solve and finding imaginative ways of using a quantum computer to do them. And so obviously not all problems can be solved in that way. But there's a lot of active work that goes on into trying to develop these quantum algorithms where people

say, well, if I had a good enough quantum computer, then this is an algorithm I could run on there and I could solve this problem that I know otherwise is impossible for me to try and calculate today using a standard computer even using, you know, the biggest supercomputers that we have. And so people have found sort of three main classes of these problems that they can solve. The first one being these complex optimization problems, the so-called traveling salesman problem where you're trying to find the best solution. An example, for example, is the transport for New South Wales is trying to use quantum algorithms to work out things like the optimumuling of buses and trains, those sort of big complex

multivariable problems. Uh the second class actually is around calculating quantum systems. This is what I did my PhD in actually was trying to do first principal simulations of things like chemical reactions and how a molecule binds to a catalyst. And if you can understand how that works, you can do things like design better drugs, design better materials, design more efficient batteries and so on. And that's really difficult to do with a computer. You know, even though I was doing it 20, 30 years ago using a supercomput, even with all the mos advances since then, it's still very difficult to calculate realistic size systems. But it's likely that a quantum computer can often simulate these quantum processes much

more efficiently. And the third one is this really esoteric thing, right, called factoring large numbers. Now, why would anyone ever want to do that? Um but this is an area that continues to be developing people investigating potential algorithms. Okay, with this audience I probably don't need to spend too much time right so we'll just briefly take a do on to encryption. Um as you know right if you know to encrypt you need a key and a symmetric encryption you need to agree a key with the other party in a way that no one else sees it and you know back in the analog days we used to meet down a darkened alley or something hand over a

piece of paper and that was the secret key used for communication. Now when we communicate across networks, we need to find a way of agreeing a key that allows us to communicate securely with someone at the other end without anyone who has access to the network traffic in between being able to see that. And that comes down to public and private key cryptography. And at the end of days rest on a very simple assumption. So it's a bit out of focus as I hope you can read that. Okay. Um that we can give everyone the public key and it is impossible in inverted commas for someone to derive the private key from the public key. So as long as I keep the

private key private only I can decrypt the messages. Of course when it comes down to it that's not something that we can necessarily prove it's impossible but we believe it's very difficult to do. And so we've come up with various encryption schemes. And if the cryptographic cryptographers in the audience can bear with my simplification at a simplest level what we have is a public we have a private key which consists of two large prime numbers. We multiply them together and the product of those is the public key. And that turns out to be one of these mathematical problems which although it's you know it's an obvious simple calculation to do. It's very difficult to reverse if you give someone the

product and ask them to derive the original two numbers that we use to multiply it together. Um there aren't any efficient algorithms that anyone's found to do it. You basically just have to keep on guessing. And even though you might have been guessing, it doesn't even necessarily get you closer to the answer. You just keep on trying and trying and trying. And this is what our fundamentally our encryption of data in transit relies upon is this assumption of the assumed impossibility of being able to reverse that calculation. And it stood us in fairly goodstead. If anyone's found a way of actually breaking it, they've kept it pretty quiet. And so we're reasonably confident that this is working for us. And this is

therefore what we rely on every day. You know, we have our padlock in our browser or HTTPS or TLS. And it all comes down to relying on this factoring of crime numbers problem being impossible to reverse. a while ago then a man called Peter Shaw then came up with thing called Shaw's algorithm and what he said is if you give me a big enough and a good enough quantum computer I can actually do that reverse calculation I can do that solve that factoring problem I can take this big number and I can work out what were the two prime numbers that we multiplied together to get that answer and so what it is he showed you know using a various

diagrams and how we could do this that if you had a quantum computer sufficiently powerful you could go and essentially do this and obviously you know this causes concern right because that assumption that we've all relied upon about it being computationally intractable to do that calculation suddenly may no longer be true. So I guess what's important to understand though is that what is it vulnerable? So things like RSA encryption and also things that rely on discrete logarithm problems like elliptic curve cryptography therefore are potentially vulnerable to Shaw's algorithm. What is not impacted is your symmetric ciphers. So things like AES and other symmetric ciphers are not impacted by this. Um there is a thing called Grover's algorithm which people

may have heard of which people have hypothesized could be a way of trying to speed up trying to break those symmetric ciphers. Essentially it comes down to trying to do an unstructured search but it doesn't give the same level of speed up. Um if you look at things like Shaw's algorithm it basically provides an exponential speed up compared to that brute force of trying to work out how to crack or how to factoriize the number. Grover's algorithm gives you what I call a quadratic speed up. So it gives us a square root of the number of bits factor of speed up. Now the interesting thing and you might want to think about this. So you know we talk about these quantum

computers and say well if we had a quantum computer it could do this right but we don't have a quantum computer and we don't even really know how fast it's going to run or how expensive it's going to be. Um so how do we even know it's worth it? And the reason often we know it's worth it is we if we look at the scaling of the algorithm even if for example the cost per step we don't know what it is. If we have an algorithm which we know scales better on a quantum computer than on a classical computer then we know for a big enough system we'll be able to get a it'll be cheaper.

Um but the thing about this is because it's a fairly small speed up if you start to look at the details actually quite difficult to run Grover's algorithm in practice because you can't parallelize it. Um it's very um very delicate very susceptible to errors and actually would cost you a lot just to sort of load data in and out. So, it's probably unlikely, but if there was an issue, essentially with this sort of square root thing, if you double the key length, you'd still get back to that same thing. But to be honest, this is not really something we need to worry about at the moment. Okay, so I've told you what would happen if we had a good enough quantum

computer. You've probably seen some headlines around in the last year or so. Um, Google, for example, saying they've got this 100 cubits. Google's great advance in error correction where they suddenly discovered error correction makes it better rather than making it worse. And that was a good big breakthrough. Uh Microsoft announced this thing called the Myana Cubit with a road map to building a million of them. Uh but if you go and look at the paper that they published and read the small print, they say, "Well, we may or may not have made one of them, but we're not entirely sure yet." And of course, if Google and Microsoft do something, then Amazon had to come

out with a similar announcement fairly shortly afterwards. But possibly my favorite headline of the year is this one. Quantum computers making millions of these chips. So where are these millions of quantum computers? And if you go and read the small print, you know why they're building millions of them? Cuz they don't work. They make a batch of them. None of them work. They chuck them in the bin and they make another batch and they've got up to a million or more already, right? And they haven't actually got them to work. So this is why you have to take the headlines with a bit of a pinch of salt. Um perhaps a little bit more realistic

is actually then what are people actually doing in terms of running practical algorithms on some hardware? And here we see people running things like that Grover's algorithm on four cubits. So at a much smaller scale of course now you're going to ask me say well okay if that's this but what do we really need in order to get this you know what at what point should we worry that our current cryptography is under threat. So what we have today is what we would call the NISK, the noisy intermediate scale quantum computers. And by intermediate scale, we're getting to sort of 100 maybe people getting almost to a thousand cubits in some of the hardware that they're building. But

they're noisy hardware. Remember what I said about the fact that these quantum states are quite delicate because you can't easily detect noise in the way you can with a binary circuit. So they've actually become much more errorprone. When you think about, you know, you run millions and millions of steps of calculations on your computer and it always works. These things typically have about a one in a thousand error rate, which you know means most of the time you get the right answer, but it's still not that good. And that's why we call it the noisy stage. So what do we need to do if we want to break RSA 2048? So the latest estimates are that we would need 2,000 cubits and

you need about 10^ the 14 instruction cycles. 2,000 is maybe not that much more than that, you know. So, we almost got to a thousand cubits, but that 10^ the 14 instruction cycles is the real killer because imagine that 10 to the minus3 error rate. What's the chance of getting the wrong answer after 10 to the 14 cycles? Pretty certain it's going to be wrong. And what that means is if we're going to get the right answer, we've got to find some way of driving that error rate down to significantly less than that. Many, many orders of magnitude less than what we're getting today. And generally the assumption is in order to do that we're going to need

some sort of error correction scheme where we have large numbers of physical cubits that we use into logical cubit and essentially we try and detect and average out errors across there. And so what we actually get is about a million cubits as the assumption. And if you look at the sort of clock speeds you think we can achieve that's going to take about seven days. So seven days run time to run this algorithm once on a single p public key in order to derive the private key. So, is it doable? Is it significantly faster than doing with current computers? Yes. Is it going to suddenly mean that, you know, anyone can instantaneously decrypt everyone's communications? Probably not. And the

other interesting thing is you go and do the sums is that's going to cost you about $250,000 of electricity, right? So, once you get one of these quantum computers, right, and maybe you're given the task of going and decryting some communication, you're probably going to think very carefully which session you're going to select to go and do do the key. Because if you go to your boss and say, "I spent $250,000 and I found a cat meme they were sending around the office." Might not be the best day in your career. Okay. So say what we got to do is we got to find a way scaling up current quantum computers, right? So we got these sort

of small scale noisy quantum computers. Need to get the errors down. So things around trying to just suppress the errors, mitigation schemes where we may do calculations several times and try and average out the results and then doing things like surface codes in order to correct the errors. And that's this thing where you know we probably need around a thousand of these physical cubits in order to get this one logical cubit which has an acceptable error rate because you bear in mind we've got to get those error rates down to 10 the minus14 and current on about 10 the minus 3 and then beyond that right what we got to do is we at some point we're

going to have to do networking and interconnection even if it's a short scale we have a number of you know processing units and we need quantum interconnects between them most of these systems generally need to run at very low temperatures so you actually talking about large amounts of cooling I showed you that picture of the IBM quantum computer and how much of the volume of that was actually the cooling equipment rather than the processing equipment. So as you scale that up to sort of a thousand or tens of thousands of times that scale the cooling becomes a real challenge as well. Of course an interesting question is are we even starting in the right place

because we're all assuming right that the quantum computers that we have today are the equivalent of enia. So, Inia was probably the first modern computer back in about the 1940s built using vacuum tubes. And obviously over years, you know, we've got much better. They become much smaller, faster, cheaper, but that was sort of the starting point. The interesting thing is you go back more than 100 years before ENIAC. Anyone know what this is? This is Charles Babage's difference engine. So, he actually came up and designed for this in the 1820s. had a subsequent version where he worked with Ada Love Lace on a eventually what would have been the first programmable computer. Why did it never happen and

why was 100 years later? Because essentially it was just completely the wrong form of physical in physical form he was using because this relied on using basically very carefully machined metal cogs, stainless steel cogs that sort of fitted together. And the problem was that actually you just couldn't machine it accurately enough and you certainly couldn't scale it up enough. And so what we don't really know, I told you there's a number of different types of cubits that people are trying to build at the moment. Hopefully at least one of them is the equivalent of ENIAC or even better the equivalent because ENIAC was using vacuum tubes and it's the equivalent of the transistor. But for all we know it might be that we're

starting off with technology is just fundamentally not going to get there because of engineering challenges. So you know the question is how long is it going to take? Well, we don't really know, but it's certainly there's a lot of scientific and engineering advances that can be needed to go from those sort of current noisy quantum computers we have today to ones that will actually start to threaten things like modern day encryption like RSA 2048. Of course though, you probably heard some talk about harvest now and decrypt later. So again, you know, you can think about this. So if I have a quantum computer in the future, if I now collect encrypted traffic being sent across the

network and I store it somewhere maybe in 5 10 20 years time when I have a quantum computer, I could then go and decrypt that data and look at it and find out what was in there. And you can see reasons why someone might do this. Particularly if you're a well- resourced nation state, obviously you need to be able to collect all the data. You're going to be able to store it for a long time. But as I say, if you got all this data stored and you got your quantum computer, you're going to have to be very selective about what you start trying to decrypt in there because it comes down to, you know, one week of

runtime, $250,000 of electricity per key, right? So each session that's in there, you're going to have to go and spend that amount of money to go and decrypt it. So clearly the risk here is around if you have data that is you know potentially of value to an adversary in the long term and there is a good chance being able to identify from the metadata or however it's been collected that's likely to be a value then this is a threat to worry about. But again is this the sort of thing where you know all our bulk messages are being collected and someone's going to suddenly be able to read them one day. I suspect we probably

won't get there. So what does this mean? Does this mean the quantum apocalypse is coming? I've seen headlines from people again might know ought to know better about things like Qday which sort of suggests going to be one day someone's going to invent this quantum computer and suddenly all encryption will be broken and everyone can read all these messages as I think you've now understood that's not what's going to happen it's going to be a much more gradual process um so there is no such thing as Qday so again please go and spread the message that's my one person campaign at the moment is get rid of people talking about Qday um again you hear people saying things like well

all encryption will be useless and it's not all encryption right it's rs say it's elliptic curve cryptography things that basically depend on this factorization problem. It's not symmetric cryptography that's not what's a risk. Um and we as we'll talk about there may be other forms of asymmetric cryptography which are safe and then you hear people sort of talking about you know what data do you have stored and how long do you need to store the data for and maybe that affects your risk profile and again that really comes from misunderstanding because again you're not worried about the security of stored data right when we encrypt data at rest we typically use symmetric encryption to store data encrypt data at

rest and so what data you have stored or how long you store it for is completely irrelevant what's important or what you might want to be worried is where you have data that you send across a network where someone might be able to read the data on the network and that data has value to someone else in the future. It's not only how long you store it for, how long is it of value to them or at what point could it still do harm to you if that data is seen. So say important thing is to think about what is the threat is data in transit and data with long-term potential for harm. Uh the other thing actually is around

authentication. So I've talked a lot about encryption but the same processes are used for digital signatures and therefore things like authentication particularly signatures that that we may put out there certificates we may put there for long-term route of trust for example things like hardware and firmware upgrades again those are the things that we may want to concern about long-term risks for so as I say it's not going to be Q day it's not going to be the apocalypse it's more like the boiling frog because at the moment we all have this assumption as I said right that that RSA encryption or whatever is safe because no one can derive the private key from the public

key. And over time, we'll probably be the less and less certain of that assumption. And therefore, those highest risk cases, we'd be most worried that someone might be spending some money and going and actually breaking that assumption. So, we're going to have to do something about it. Now, what should we do? Okay, so these quantum physicists have come up with these wonderful quantum computers and now caused us this security headache. Is there some quantum technologies that can help us? And you may have heard some of these discussed. Um, one is quantum random number generators. Again, this is a cool piece of physics. It comes back to those probability distributions and the fact you don't know whether something's

actually n or one or whatever until you measure it. And so the idea is that you can use the properties of quantum mechanics to do genuinely random numbers. None of this pseudo random number generator or things like thermal noise random number generator that we use at the moment. Um and from a cryptographical point of view sounds like a brilliant idea and it is 100% guaranteed randomness we can get. It's also 100% guaranteed useless against this quantum threat from the Shaw's algorithm because Shaw's algorithm doesn't rely on anything about weak entropy or the pattern of the key generation. No matter how perfectly your public and private key pair were created, Shaw's algorithm means you can reverse from the public key to the

private key. So this isn't going to help us. Another piece of cool physics, right, that we you may hear people talk about is quantum key distribution. And this actually relies on that thing around the Schrodingers cat. The idea is that if you once you open something, it stops being in a quantum state. So that you can reverse this and say, "Actually, I can now put something in a quantum state and I can send it across to you at the back of the room." And if you open it up and you it's still in a quantum state when you open it up until you open it up, then we know that no one has looked at it in between. Now, if someone in

between intercepts that box and opens it up, then it collapses out of that quantum state and we know they've seen it. This potentially gives us a way of creating a shared secret between us, right? with 100% guaranteed certainty theoretically uh that no one has seen it. And so this is called quantum key distribution. And you may have seen headlines like this and again with an audience like this is probably red rag to your bull. Anyone believes anything is hacker proof. No, I didn't think so. And so some examples about how you could do this because I say right from a quant from a theoretical point of view this channel here is 100% guaranteed secure as in I

can know for certain if someone has seen the data on route before before the data gets from Alice to Bob. So what are we going to do if you wanted to hack this? Where would you start? Well, the first thing actually you got to this diagram is only partially there because what happens is we have this key for example that gets sent across but Bob needs some way of telling Alice that which bits of the keys received which of he knows no one has seen in between and whether it's got through. So what this means actually if you look at it is you need a classical authenticated channel as well. So you have this quantum channel right

between here and here 100% guaranteed secure. So what could we do? Well the first thing actually you could do is a simple denial of service attack. If your threat model is that Eve is has access to read access to all the data on the network that is sent in between the two endpoints, then what could you do? You could just sit there and you could just read all the data and every time Bob says, "Oh no, someone's got someone's already looked at it. Send it again. Send it again. Send it again." The message never gets through. So denial of service attack is pretty trivial to do on this. The other thing obviously I sort of showed you that classical

authenticated channel. Well, maybe we can't hack this link, but we might be able to find vulnerabilities in this classical channel. And what's another thing you do? You're probably all ahead of me on this, right? Is obviously you could go after the end points. And it turns out, you know, as I say, the words in theory do a lot of heavy lifting and talking about quantum key distribution because these end points are actually quite difficult because you've got to get these things that can send out single quantum states, single photons one at a time. Um, and therefore the things you can do around the characteristics of those end points. And also generally it's just very difficult to do to reliably. You can do

get this working over about 100 km of fiber. Uh again, if you go back to that headline I show you, it talks about like sort of 900 kilometers or something that's done by a satellite uh waiting until nighttime, waiting until clear skies and direct line of sight from the ground station to the satellite. So it's actually very difficult to do. So again, this sounds like one of those really cool pieces of physics. It's like quantum random numbers, quantum key distribution. I'm a quantum physicist. They're cool pieces of physics and they're really exciting, but practically they're no use. And some guidance actually that even ACSC produced um just at the start of this week makes it very

clear that it's not seen as a secure form. The UK NCSC did some advice about a month ago which is even more explicit. I think it said if you try and use quantum key distribution we don't see this as basically satisfying your obligations to secure your data. So what are we going to do? We got to go back to the mathematicians. The same mathematicians that gave us the wonderful RSA and elliptic cryptography have got to find some other solution. And what we need to do is find some mathematical function that allows us to do that public to private key to public key mapping but makes it almost impossible for them to reverse the calculation. So we find some new maths,

new asymmetric algorithms. Um and these end up being called generally called postquantum cryptography. Some people get a pick picky and say well it's not postquantum because we haven't got a quantum yet so we should call it quantum resistant cryptography. again in my attempt to clean up terminology. If anyone says quantum cryptography, please correct them because it's not quantum cryptography because this is just about new maths that we can run on today's computers, right? It's not about the fact that we need any of these fancy schmancy quantum hardware or quantum systems to do it. So, it's not quantum cryptography. It's postquantum cryptography. And so, how do we find this new form of maths? Well, fortunately, we have been thinking about

this for a number of years. So for about 10 years, NIST has been running a process where they've basically issued an open call for proposals. People put forward ideas and a lot of these sort of mathematical ideas have been out there for a long time. You know, we end up doing things like the elliptic curve and the RSA cryptography because they were quite easy to implement. So people have dusted these off. People have tried them out. Um, of course, some of them didn't work. You know, people came up with these quantum safe algorithms and then, you know, people went and tried to crack them and found they could. But the good thing, right, is it's taken about 10

years. So hopefully all the stuff that has now survived all this process, people have had a good go at trying to break it and we have a good degree of confidence that it should be okay. And so what we have is these things called latis cryptography is what's been used. And so at the end of last year, NIS published three standards. Um so I've sort of highlighted on here. Uh this is the recommended strength for example in the ISM for key encapsulation key encapsulation. Um interesting. I don't know how well you can read that right. One of the things that we do see and it comes back to why did we end up choosing even

though this sort of math was known about 50 60 years ago reason why we did RSA was is actually quite efficient right so RSA is 256 byt key size 256 byt cipher size the sort of sizes we get here are two three four times that size so it is going to be less efficient when we look at the signatures so the sort of general replacement for elliptic curve digital signature algorithm um is actually even bigger so we're seeing probably almost 10 times that and there are actually people that are concerned that this particular signature method is not as secure as we might want it to be. It's a sort of extra secure hashbased one. And

if you look at the numbers there, you can start seeing we get some really large signature sizes. So, you know, there were good reasons why we didn't try this when we didn't need to, but when now we know what we're using is susceptible to a future content computer. We need to find new things, but we need to realize it's going to introduce extra overheads. uh this debate is sort of still going on and again it probably comes back to um so if you go back to the 1990s right in the history of the internet right back in those days a group of engineers mainly in the US came up with a whole load of standards and geopolitics was

much simpler and everyone just accepted them right and we can say as a result we probably missed out a lot of security in the current internet right but we can have that discussion another time but what happens here is that NIST has gone through this process even though it's been an open transparent process anyone around the world could go and contribute proposals anyone around the world could examine these proposals and try and find vulnerabilities in them. Not necessarily everyone trusts the Americans in the way they used to. So the EU, for example, is saying, "Well, maybe these things are not quite secure enough. We've got another algorithm we think we should be using." Probably to no one's surprise,

China doesn't necessarily trust the US's algorithm. So China is talking about developing its own algorithm. So this is definitely still an evolving area. Um, and again, maybe it comes down to this problem. At the end of the day, we can't actually prove, right, that RSA is secure, right? We just hope because no one if anyone's found a way of breaking it, they've kept very quiet about it. But we think it is. So again, now we've come up with these new algorithms and potentially as you saw from an example of one of the ones that have been tried, you know, we might have these new algorithms we think are safe from a quantum computer, but we end up

introducing a vulnerability that means that a classical computer can break it. So in trying to protect against that threat in the future, we might make something insecure now. And so therefore, what we have to be ready for is that we've got these standards, we've got some ideas about what we want to do, but this may not be a one-off change to crypto cryptographic algorithms. So as we upgrade systems, we need to make sure what we call crypto agile. So we're able to make future upgrades if we need to. And depending on your level of paranoia, one of the things that people often talk about doing is actually sort of encrypting data twice. So encrypt it

once with RSA and then encrypt it again with the postquantum cryptography. If the close quantum cryptography example turns out to be susceptible to a classical computer attack, your data is still safe because it's in this sort of double wrapped or double encrypted state. So we sort of worked out what we need to do and we sort of probably need to get on with it because although it sounds relatively straight, all we got is, you know, run some different algorithms on the same hardware. It's just a software problem that's going to write some new stuff. Um it's obviously going to be a big complicated ICT project. Uh and one of the biggest problems actually is going to require multi-party agreement,

right? because you can upgrade all your systems but unless the person that you're communicating with upgrades all their systems in a compatible way and coming back to that potential fragmentation of standards I've alluded to that could be a challenge uh and the other thing is that you know we've been using the current systems for a long time right and we've got the standards written down but how much sort of like you know law and practice is built around that unspoken assumptions and how we've implemented it that when we go and try and change the implementation we maybe break those assumptions I say the other thing that's going to be there is going to be additional

overheads there are additional sizes around that key and signature which can add communication overhead. Uh there has been some concern that also these things are probably some ex extra processing load although some of the benchmarking that NIST has done suggests that's not that significant. It may be a sort of 10 to 20% extra CPU load for what's been standardized on. Um but again you know it comes back you know why do we use the current algorithms because they were actually quite efficient and cheap and easy to implement. So we'll have to be some compromises and then the other thing is going to be complexity right these algorithms are more complex. we're less familiar with them. We just don't have the experience,

right? And again, what is complexity? Complexity is the enemy of security. So once we start to introduce this, there's the risk that as we make these upgrades, we're going to introduce vulnerabilities. And because we don't have that same experience of working with, we don't have as many trusted libraries, for example, that we can use. So we need to be wary of that as well. Okay. So I was going to talk about some experiences, right? Anyone got an iPhone? Those of you with an iPhone, iMessage was upgraded to postquantum cryptography over a year ago. probably about 18 months ago now. Did you notice? You didn't notice. It just happened overnight. One day you woke up and

obviously this shows how easy it's going to be, right? You hit me. Um yeah, obviously it was easy for Apple because they own the whole ecosystem, right? They own the device, they own the operating system, they own the endpoint software, they own all the servers in between. And therefore, it's actually a relatively straightforward and seamless upgrade for them to do. Few things about how they did it. They used this double encryption. So they did have this sort of paranoia. They said we're not just going to rely on postquantum. We're going to encrypt everything twice. Um and what at the moment what they've done is they've just actually updated the content. What they haven't done is

upgraded their authentication. Uh and the reason for that is that content is something which is subject to this harvest now and decrypt later. Whereas authentication is not something you can go and exploit in the future or if you know someone can go and exploit by using replaying your authentication in 10 years time you've got bigger security problems to solve. So obviously um you know Apple did this update. So you know Google said well anything you can do we can do better right? So, a couple of months later, they decided to upgrade Chrome and release an upgraded version of TLS and Chrome that would support postquantum cryptography. How do you think it went? They broke the internet. Not quite,

right? But it just didn't work. It broke everything. And why did it break? And the interesting thing about why it broke comes down to these unspoken assumptions. Cuz what happened was because they had these larger packet sizes, some of the routters in between looked at these packet sizes and it's like they said, "That's weird. That's unusual. That's not what we expect. that is abnormal network traffic. Something funny is going on. I'm going to drop that packet because there must be something wrong in it. Right? Even though it was within the standards, it was outside of normal behavior. We just had this unspoken assumption. No one would ever do that. Who would ever do that? If someone's doing it, either

something's gone wrong or someone's trying to do something dodgy. So, I'm just going to drop it. And then it turned out also various things about fallback negotiation methods also didn't work. And therefore, what happened was the connections were getting dropped. So, they had to roll the change back. So, what do we learn from this, right? is that there's you know from these years of implementations all this sort of folklore and practice we're gonna have to unwork when we do it as I say it was easy for Apple because they own the whole chain so they could very easily you know test everything end to end as we do upgrades of individual systems you're going to do a lot of testing with

all the potential counterparties and make sure that testing tests all those different corner cases of the protocol all the weird things that you know doesn't normally happen but maybe the standards allow to happen need to make sure we test those quick a couple other updates uh so AWS s for example then started doing this. Um they've started providing support the end of last year. Um interesting is also they default to that which suggests that they don't expect to get a massive performance hit from it. Um and the other one I put up here is Microsoft because obviously so much works from Microsoft. So Microsoft have recently recently released a road map around how they're going to do this. Probably the

important thing to note is it's end of 2029 when the main sort of things like Windows services, Azure services, endpoint, office 365 will be quantum safe. So that's the sort of commercial road maps that we're seeing. So what do we need to do? Uh some of you may be aware there's been a few updates from the government recently. So the ISM was updated a couple of weeks ago and came up with a couple of things. So one's actually been there for a while which is basically saying we recommend support for these new algorithms no later than 2030 and also a requirement that organizations should develop and implement a migration plan for implementing postquantum cryptography across their environment

Monday this week which made me have to go and rewrite my slides. Um there was some further update that came uh and actually proposed this and again coming back to you know we sort of talked about when is this likely to happen and you know the most optimistic pessimistic on your point of view of how we might get to a quantum computer that can break RSA 2048 is probably about 5 years away more pessimistic is probably 15 years maybe even longer than that and so what they've said here is you know sort of less likely 2030 more likely 2040 come up with then some actually some quite uh let's call them ambitious targets that by 202 26 that's next year

fortunately the end of next year um you should have an implementation plan start implementation by the end of 2028 and by the end of 2030 recommending that actually all migration should be completed this is quite an ambitious schedule um and you know it's probably more ambitious for example than most of our partners on so the UK for example has a very different one although you know the UK at the start of 2031 we're saying end of 2030 the UK said what you need to do is upgrade those high-risk systems so coming back to what I said those sort of things where you'd be worried about those harvest is now decrypt later or sort of things where

you've got this long live lift long live long live certificates route of trust that you're putting out there. Those are things you need to focus on as high risk and then the rest can be done by 2035. So we'll see where this goes. I say this is hot off the press. This was literally Monday morning this week this guidance was published. Um but what is in there and what I'll expand upon is actually a really good framework. So we talked about you know how are you going to get started and the first step in actually doing this is making sure you understand where cryptography is used across your organization. And you could argue that regardless of the quantum threat, you

know, actually having a better understanding of what where cryptography is used, what cryptography is used and what data it is protecting is good cyber security practice. And then having done that, then assess each case and look at, you know, which ones are vulnerable. So again, coming out, if it's symmetric encryption, don't really worry about it. If it's using asymmetric encryption, is it using one of those vulnerable algorithms? If so, then you know, what do we need to do? How easy is it going to be to upgrade? And the first thing probably is to go and talk to your vendor. And I say 95% of your cases, you know, you're using some Apple or Google or whatever. Go and

talk to the vendor. Check their road map. Make sure they got a plan for upgrading it. Then the most important point is triaging because I say it's nice that there's an target out there to try and do all of this by 2030. There's always going to be a tale of things that don't get done. So what you need to do is work out which is the highest risk systems you want and make sure you prioritize those. And so the sort of things that make you prioritize it, you know, if you've got data that has long-term value, if it's going across public networks where it be easy for an adversary to collect the cipher text, if

you've got systems, you know, are going to be difficult slash impossible to upgrade. So those upgrade paths might involve, you know, ripping out some physical systems or going around a large number of sites around the country, those are the ones you need to start early. Um otherwise, if you've got things like interoperability, again, these are all things where you want to start early. Re things where you might want to just wait, right? Is the vendor road map, right? I'll tell you, Microsoft's got a road map that says they'll upgrade things like Office 365 by 2029. Probably the last thing you want to do is start layering in some extra encryption system on top of your

Office 365 now in order to try and get out. You just want to wait for that road map to come through because again, you know, start putting more in, more complexity, more opportunity for vulnerability, more opportunity to get it wrong. And the other thing you might think about, you know, what are natural refresh cycles and also maybe where where do you have additional protections in place? If the data is not traveling across a public network, maybe the risk of someone sitting there and collecting that encrypted data is low. And if it's on your internal network, well, if an attacker on your internal network, maybe you've got a different threat to worry about. So these sort of things you think

about. And this is actually the most important section is about how do you triage having triaged it then you need to think about how you implement it. Good ways of implementing hopefully best case the vendor is still around, the vendor still supports the system and apply their patch. Oh, as you may know, things like go and upgrade libraries or go and procure new systems. Things to avoid if you can at all do it is handcrafted code because generally roll your own crypto not advised. Um non-standardized implementations are things to be be wary of and these are things you need to think about in coming up with your migration plan. And so you may have noticed the sort of acronym so locate,

access, triage, implement. And alongside that is communicate and educate which comes to latis and your sold is latisbased cryptography. You see what they did there? Okay. He says the government doesn't have a sense of humor. Of course they got the spelling slightly wrong. So I came up with my own tweak now which actually says that because triage is the most important point. Maybe we should triage twice and then I can get the acronym right. Right. And now I can claim credit for instead of giving them credit for it. All right. So that brings us really towards the end. Um the closing thought I give you. I say a lot of this quantum stuff sounds very fancy. There's a lot

of hype out there in the market. I showed you some of the headlines and things that are out there. Um, but what will happen is I think it's one of those typical technologies where we're overestimating in the short term maybe what it's going to do. There's going to be some disappointment that's going to come out in the next few years. I was in a meeting this morning where people, you know, people just sort of quantum washing everything. You know, you say something is a quantum thing because then it sort of gets you funding, gets people excited and so on. Um but in the long run we're probably underestimating some of the fundamental changes because things like quantum computers mean

there's a lot of things not just you know things like code breaking which are just impossible for us to do with computers today even we scale up our current supercomputers suddenly they become computationally feasible problems for us to solve. So if we just summarize um so I say quantum computing the important thing about quantum computing is it will undermine the commonly used methods for encryption of data in transit. It's going to be a gradual process. It's not suddenly one day everyone is going to have instantaneous access to decrypt all the communications. We'll start off with you know very big very expensive things and they'll be used for the highest value targets over time we probably

expect a bit like Mo's law now things will get cheaper and easier to use and the threat will become more widespread. So it does means there's no need to panic, right? So don't panic. Don't go back and say, "Right, we need to upgrade everything tomorrow." But what we really need to do is we do need to start now planning because we know that some things are going to take us a long time to upgrade. Next one. This is not a quantum technology unless it helps you get funding. If it helps you get funding, go and tell your boss, "Yes, I'm building a quantum network." Right? But otherwise, please be very careful with your terminology. Right? Because it doesn't

require any of this fancy quantum. Right? the the quantum physists can keep developing their quantum hardware and their quantum optical systems and their cubits and all of that. You don't need to wait for any of that. This postquantum cryptography is something you can start to roll out now. Um obviously you will have challenges in some cases where you've got things like embedded hardware, you've got HSM, you might need some hardware, but it's not about a whole new generation or completely different type of hardware. So it's one we can get on and start implementing now. And then what you're going to find, I'm guessing here, right, is that as you do that, locating everything and assessing everything, you

discover that 95% is probably pretty easy for you to upgrade, right? Because you're just going to apply the patch to Chrome, apply the crash to Office 365, etc. Um, and it's going to fix your problems. And that's probably the problem is that's probably the lowrisk stuff. The stuff that's going to be really difficult, the last 5% is probably also the stuff that is highest on that triage. So, come out to that triage, it's the high-risk stuff. So, you might see a target. Someone might tell you you need to do everything by 2030. If you can only do some of it, don't chase a don't chase a metric around what percentage of your systems you've upgraded. Make sure that you

prioritize by the highest risk. Right? So, let's make sure that 5% is going to be very hard, but it's going to be the highest risk. I know it might be a bit disappointment, you know, to go after the most difficult one first. Again, it's not a good not good thing to report to your boss, but that's where we need to be concentrating our effort on. So, that's everything. Thank you very much. I'm very happy to take questions, comments.

Thanks for uh do we have any questions?

>> Thanks mate. That was really interesting. Um, a little bit off topic, but do you have anything to say about what the killer app might be? >> Oh, I still miked up on it. Okay, it's late in the day. Sorry. Um, I don't know. And it's it's a very good question, right? It's one of the, you know, we're sort of building it and they will come. It's a bit like 5G to be as I'm roll out 5G. Have we found the killer app yet? Um my personal feeling is that and maybe comes from my bias of a background having done this sort of quantum chemistry stuff is I think the opportunities actually to do things like

speeding up those quantum mechanical first principles calculations you know they are fundamentally just really really difficult to do on a classical computer and really really difficult to scale. But if we can solve that potential for sort of like the value that we can deliver there through things like as designing new drugs, providing new materials, you know, more efficient batteries, there's actually a huge number of opportunities there. Where at the moment, we're mainly constrained by the fact that you have to go and synthesize things in a lab and then test them. Even if you can't get perfect answers, if you could go and use a quantum computer, for example, to whittle down to a short list of a dozen

things that you then need to go and actually fabricate and test in a lab, there's potential there to speed up those development cycles massively. So that's my personal feeling about where I think the the killer app might be. Um but we really don't know and you know again another probably an area that's underexplored I think is actually people trying to just think about these problems. What are those problems which we can't solve with the computer today? Can we find a quantum algorithm that means that we're ready when the quantum computer comes along and that could take us several years to do. So we'll see. >> Thanks. Got a question down here then. So firstly, fantastic talk and my

question is, who do you think will win the arms race, China or America or maybe even another company like Europe? >> That's a really good question and one of the things I don't I talked about actually there are people trying to build cubits with fundamentally different physical building blocks, right? Some people are trying to use photons, some people are trying to use neutral atoms, some people trying to use ions, some people using superconducting junctions. And sometimes people come and ask me and say well which technology is going to win and I'll tell them if I knew the answer to that I would have invested all my money in the winner and I'd be offered an island somewhere. So

it's very difficult to know. I think in terms of where we are generally um the US is probably the leader. Um but there are some very strong capabilities in Europe. Australia actually some very strong companies companies like silicon quantum computing and direct that both came out in Sydney um are very strong in this area and it is one of those things where we don't know right who is building eniac and who is building the Charles Babage difference engine you know we it's it's very difficult to know because some of these things people will only find the fundamental scaling limit with their technology maybe in several years time so it's really difficult to know balance of probabilities from what we can see

today and you know you to bear in mind probably that the west is much better openly publishing where it's at. But if you look at openly published literature in progress, West is ahead, the US is ahead, the UK is strong, Australia is strong. Um, Germany actually has got some very strong quantum companies as well doing quantum hardware. Um, but there's always a it's very early in the race. There's a good chance that one or more horses is going to stumble and fall. So, we don't know who's going to win. >> I've just got a question up there first and then >> Thank you. Uh, good talk. Thank you for that. um to the question of what the

killer app is. Uh now this is a bit left field but I understand that um that in the old days of the Bitcoin protocol uh it was common to pay to a public key and the public key would become public. Uh and I don't know but I imagine there might be addresses uh in Bitcoin that have I don't know maybe 10,000 Bitcoin that might be worth I don't know a billion dollars. Um, I've been wondering if perhaps the killer app is just cracking those old Bitcoin addresses. And I've also been wondering if we might know um that we've reached, if you'll forgive me, Q day. >> No, no. >> The day the day suddenly a whole flight

of uh old Bitcoin addresses um start start being drained. I'm I I don't know, but I just interested in your thoughts about whether or not that might be a thing. >> Yeah, it's a really good point. and um $250,000 worth of electricity to recover a single private key. Depending on your motivation, that might be one of the places you'd start, right, is actually going and doing that. Um and you know, another good question people say, well, will we even know when this happens, right? And I go back to the story of the Enigma being cracked, right, in the Second World War, right? Once the Allies knew how to decode those messages, they had to be very careful about how they

acted on what the information they decrypted because they wanted to give give away the fact that they had the ability to decrypt. And so you can imagine the same thing happening when someone can come and break this. But you know maybe at the end of the day temptation will come in if the right person with the right financial motivation gets access to it. One of the first things they might do is go after that and that will be a very obvious sign right. >> I think the way Bitcoin works is it's a race like you know it's it's all of us you know like if you can get in first do it now like don't wait cuz

>> go and build a quantum he have a hardware village in bides. It seems like a pretty to if if true if true it seems like a pretty reliable way to know that you know uh that it's possible because if there are people who can do it who aren't doing it I mean it just doesn't seem pragmatic. >> Yeah. Although you got to remember given the resources needed chances are >> it will be a nation state probably a lot you know or an agency that has this capability first um it's probably beyond the means of the criminals. Now there are certain nation states for example North Korea we seem very financially motivated in its cyber activities so

maybe if they got there first but um you know we had the question I I haven't said anything about them they don't publish anything about their research um but you're right and but again if you had it you might be very selective how you use it because it's one of those things you burn once right and then people very rapidly work go to change that >> we got one down the front >> what makes an algorithm a quantum resistant uh encryption algorith algorithm resistant to uh quantum computing is it just the fact that it doesn't use depend on factorizing uh you know working out the prime the factors of a uh >> yeah I mean and I mean is why why is why

is um factoring sort of like uh uh just the only kind of um thing which uh can makes an algorith algorithm susceptible to quantum. Uh so the first simple answer that comes out to this fact actually we don't know right so we've come up with these new algorithms and we have hypothesized that they are quantum safe right and we can't ever prove that hypothesis someone could disprove that hypothesis by finding attacks people have found classical attacks against them and there are people trying to look and see because um so I'm trying to think get into huge amount of detail so the reason why factoring works is one of these things about the fact that quantum computers

can do these different types of calculations and there's a thing you can do which basically involves working out sort of periodicity if you imagine sort having a wave that goes across a pond, right? And it's a way of doing a quantum the wavelength that gives you an exact number of peaks and troughs, an integer number in that pond, right? And that's essentially the factorization problem. So what's happened is someone has found an algorithm to reverse the factorization issue, right? All I can tell you for certain now is so far no one has revealed that they have an algorithm that they can run on a quantum computer that can reverse latis cryptography. But that's actually all I

can promise you now. And there was an interesting thing. There was a paper that was published earlier on this year by a Chinese researcher where he actually claimed that he had found a quantum algorithm that allowed you to reverse this latis cryptography and it caused a huge amount of activity as you can expect amongst the community. people went and sort of reviewed in huge details and eventually they found sort of a fundamental flaw and you got to remember people are coming up these algorithms right they have to do them all on paper the hardware doesn't even exist to test them now right so people are coming up these and then other people go and review your work right and

maybe found an issue there um but it's a very good question that's why it comes out to this point I say we have to be aware that as we do these upgrades to encryption that it may not be the last one we do so as we go and upgrade systems we need to think about how do we make them crypto agile in a way that if we need to go and do another upgrade because we do discover that these algorithms are quantum them susceptible. We have to change to something else completely different in a few years time. Hopefully, we've done a fair amount of the ground work that allows us to do that. >> Thank you.

>> We might have time for one more. Oh, there's two more. We'll just go one here just and then one at the back after and that will be it. Yeah. >> Uh Rajie, do you think that um given what we've just spoken about uh that information theory might have something to um provide in terms of uh something on the other side of postquantum cryptography? >> Do you think that's a >> So I think your question is could I use information theory to prove that something is quantum safe? >> Correct. >> I think the answer is no because no one's actually found an information theoretical way of proving that RSA is safe. Right. The information theoretical

secure is two two things. One is around you know a one-time pad but that involves some way of then securely sharing that one-time pad which back to the old problem. The way that is informationally theoret information information theoretically secure is quantum key distribution in theory and then because this and again this comes out to right again everyone in this audience nothing is guaranteed secure right because even if I can see one part of it there are the components of the system are vulnerable. So I don't think I don't we think we've been in the same point. We've been in the situation, right? For how many years we been using RSA cryptography, right? We cannot prove it is secure. No one has

managed to disprove it secure and therefore the longer we've gone on with that, the more confident we become rightly or wrongly. >> There's actually a question over here and then there's one more at the back. >> Hey, hello. Um, thank you for your presentation. It was brilliant. um anything quantum is I don't know I'm very amateur with it but it's just extremely fascinating so I I really do appreciate the the talk today but um more as my question is I understand that that there are two corresponding uh states of matter and effects happening through these quantum concepts what is currently known about the greater effects to the atmosphere through these types of technologies and how would that

roll out on more of a commercial scale as the technology progresses? >> So I think by effects on the atmosphere you're talking about energy consumption and global warming. Yeah. So and it is a serious issue right when you think about a quantum computer as I say they're going to be very expensive to build and very expensive to run. >> And one of the reasons for that apart from anything else is that most of the technologies that are under development require a huge amount of cooling. They need to be called to a very close to absolute zero. That's from - 273 degrees below zero. It's colder than a camper winter morning. It's going to take a lot

of power to do that cooling. And so then it comes down to well actually but if we can find those right problems and the problems where it's going to be worth running a quantum computer is when it's actually cheaper to do so on that than it is on a classical computer and those are probably going to be big problems. So there is a very good question right do you know someone asked a killer app right can we afford the killer app right because if a quantum we might get to the point where a quantum is only value for these really really massive calculations and we say well actually you know given all the externalities of the power

consumption the cost of doing that is it worth doing so glass half full potentially it's a way of actually trying to reduce the amount that we all spend on doing lots of very expensive classical calculations because we'll find a quantum computer that can do a lot of these some of these big calculations more efficiently glass half empty is Maybe it'll encourage us to do more big calculations and increase our global energy and water consumption. >> Um, even like further than that, um, we're breaching points >> outside of, you know, Earth and things that we we currently understand cuz I I I feel like Albert Einstein warned against it um, in many ways and was opposed to the the whole concept.

>> So, I'm not sure there's a question there or is that a comment? But like um like so what what's known to further reaches of what we don't know in through this technology like is there is there any explanation to major events occurring throughout um space? Not. So are you saying can we use a quantum wheel to predict cosmological events or you saying what's the impact? >> Isn't there two simultaneous states of matter something occurring and that there's things that I don't know like like I said I'm very limited in my knowledge with it but I feel like there's a there's a lot known and as well as unknown. Yeah. >> What what would you say you're afraid of

through this development seeing that you you you don't see it as so doom and gloom? >> I don't see as doom and gloom. I think ultimately and it comes out I think we are there are things we need to do to prepare but I think the opportunities actually and you know opportunities are things like more efficient battery storage, more efficient materials, things like that. There's potential opportunities of a huge amount of benefit to humanity, but we do need to start thinking and planning and getting ready for that. >> Thanks. I did see one more hand just Oh, sorry. Yeah, there's one more question. This will be the last one. Right. Um, if someone's wanting to

contribute to the design of like quantum algorithms or quantum computers themselves, um, what's some of the prerequisite knowledge and like the entry points to like contribute to the field? Oh well, I mean so important subject to study would be things like maths, physics, uh and actually sort of computational theory or computer science theory or computer information science. Um the other thing though actually that I would encourage anyone to do if they're interested in this is not only sit there because on the one hand you got to go and study all these sort of maths and work out but go and talk to people about the problems. What are some of the things that actually I thought

about writing a program to do this but I realiz it's going to take me a million years for it to run and execute because at the end of the day it's got to be a combination of the two. It's got to be some math that works but it's got to solve a valuable real world problem. I didn't talk about I was just maybe quickly close with this in a sec. Um so one of the other things that for example Google came up with right is they said there was a big headline about you know they found some calculation that would take a trillion years or whatever the stupid number was to run on a the

world's biggest supercomput and their quantum processor could run it in 90 minutes right or thereabouts right and it's sounds really impressive when you say that right and when I looked at that I thought well it might take a trillion years for a classical computer to run that calculation it' take even longer to find anyone that cared about the answer that they were giving because they weren't trying to solve an economically useful problem. So you got to come at it with both ends. So on the one hand there's a and you know we all know right there's not enough STEM being studied and definitely we need more people doing maths and physics to understand that but

also people need to get out there go and talk to people in the world find what are the problems worth solving that are actually going to produce a net benefit to humanity is maybe the last question I was asking about. All right. Can we once again thanks Rajiv for that greatation.