Securing Our Post-Quantum Future - Jaya Baloo

can I just say this is probably the most professional conference I've been to in a while and it's a bides organized by Martin that's amazing can I just say it's so cool even the badges that you guys are wearing I think they're amazingly well done so thank you so much for the opportunity to be on your inaugural conference the first Speaker it's an honor that I very much appreciate thank you while I don't [ __ ] up um let's actually talk about what I'm here to tell you about today which is if let's see it's the infamous clicker there we go so what I'm here to talk to you about is how we can have a secure Quantum

future and you might think like oh my god really we're going to talk about Quantum yeah we really are because what I hate that we do together collectively is we don't prioritize things that are important until they become bloody urgent so we are going to talk about something that isn't urgent yet for some people but maybe it should be so I'm just going to keep trying to click very stubbornly uh so what you should know is that in Europe we have a Quantum Flagship and it's a Quantum Flagship that uh means that there's a billion euros reserved for all things Quantum a billion EUR the EU doesn't do that that often the only only times they've done

it before is when they tried to study the human brain which is kind of hard and when they tried to figure out what the hell to do with graphine so of all the flagships there's only three the brain graphine and Quantum and what they're trying to figure out is how do we you know crack this nut of this Quantum stuff to keep intellectual property and prosperity for Europe they think it's so important and so fundamental that that's why they're putting a billion euros of EU money in it in light of everything else and if we go to the next slide what I want to tell you about is that like you might think of quantum as a

singular homogeneous thing it's absolutely not there is a field around Quantum uh that's not a physics joke but there's a field around it which is really like Computing and then you have Quantum communication uh you have Quantum simulation and you have sensing and Metrology which is how do we make better clocks how do we have more precise measurements and sensing tools if we go to the next slide all of those pillars if you will around this that's how the flagship is organized all those pillars require a whole bunch of other things to happen before we get a quantum computer before we get a quantum gravit meter which looks at Earth specific gravity or better clocks you need this

area of enabling science as well as Theory algorithms and protocols and there's so much work that's being done in each of these pillars that's why you need a little bit more investment in order to get this stuff off the ground and if you look at competing countries there're spend spending a lot more so um you should know that the goal eventually is to hook all of these different disperate types of Technologies together so hook up the clock with the computer so making an entirely new backbone for the internet that doesn't just drive our current equipment but will also be able to connect a quantum computer to it and that the quantum computers can run fully

native on a postquantum Computing Network so we're looking at things that will be terrestrial components but also space-based so the European space agency has a project already for a few years called Skylight you can look it up which is all trying to figure out how to deliver this stuff from space so if we keep going one thing I got to tell you no matter what else you guys do regardless of what we're trying to say like there's so much other stuff that's broken shouldn't we fix that first I've got to tell you that regardless of all that stuff there will be a quantum computer because the kind of thing that we've enjoyed for the last couple of

decades has been Moors law everybody knows Moors law anyone not know Moors law all right there I heard a giggle that means someone doesn't know it but they're uncomfortable so I'm just going to tell you every 18 months your computing power doubles and roughly what we've been seeing is that there's an asymmetric decline in price so your computing power keeps doubling boop boop boop boop boop every 18 months but what we're also seeing is like the price keeps going down for all of that processing power and what we're now seeing the emergence of is something called AMD doll's law which is that you can eat adding stuff you know keep adding processing power but you're

actually not getting that additional compute that you originally enjoyed there's actually a decline of that processing power so even if we don't really want to we're going to need Quantum Computing to answer some very specific problems and these very specific problems hold lot of Promise You Know The Promise is things like it's going to help us figure out how to do personalized medicine and you know do better detection of cancer you saw that like uh Google's Deep Mind is also working on problems like protein folding these are also problems that a quantum computer is ultimately capable of doing because it can map all of these different scientific interactions so if we go to the next

slide you got to know that the people who are the most advanced and in terms of pure determination and meeting the bloody road map I have a deep admiration for projects that are delivered on time and what they said they were going to do it's IBM not very sexy it's IBM and IBM currently possesses um and you'll see it here we're at Condor I believe at 1,21 cubits and then like we're going towards 1,386 plus cubits in order for it to be useful we need millions of cubits but the expectation is once you have a stable art architecture scaling is going to be how these companies are going to achieve it but it's not just IBM it's

Google it's Microsoft it's everyone in their mother working in an NSA basement all of these people are working on a quantum computer and if we go on you might want to know why because there's some cool funky bits about a quantum computer first and foremost they're not the same as what we have so you might have heard before it's not bits it's Q bits why because on a bit you can write one operation in a way it's can either be on or off and in this particular example up or down and if you think about this property that a quantum computer has of spin you can think about how this quantum computer can actually be those things at the same time instead

of just being up or down on or off it can be up or down at the same time so what does this do that increases your ability to write a particular operation or keep a particular value cuz instead of having one that was this way or this way you now have two okay and when we look to the next slide what's really cool is when you have this up or down at the same time hooked up to another up or down at the same time and when you want to look at you know how do quantum computers do that scaling it's through this property called entanglement which is that we create this bond in between them and

when things are maximally entangled you know they result in a in a perfect symmetry when they have this you basically have to think of every quantum computer you're looking at with the amount of bits you have to take it two to the N where n is the number of bits so I'll give you an example if I have one bit and it's 2 to the N what's 2 to the one come on guys I know it's early but we can do this two to the one is two two to the if I have two cubits I have right so if I have three cubits I I have I know I heard someone whining hey so but you get the idea so if I have the

biggest supercomputer on Earth and I want to double it what do I do no add a Quantum Compu add an entire supercomputer next to it have the biggest supercomputer on Earth if I want to double it I have to build another supercomputer and Milan who always knows my thingies thank you hello good morning Milan um however if I want to double the power of a quantum computer all I need to do is is add one cubit okay it's not Mo's law in 18 months it's Mo's law instant gratification version are we all cool this is why people are so salivating at this notion of creating something like this because it keeps delivering if you add just one

more Cubit okay um there's also another property uh that I want to mention very specifically there's this notion of noise there's stasti built into a quantum computer which means that the least thing can disturb it it can collapse that Quantum state so there's a degree of fragility baked in to everything Quantum and at the same time that fragility means that you can't actually copy Communications so TCP replay attacks or you know any other type of interruption will actually or interception will actually be noticed by the two parties that are communicating we'll talk about that a little bit later if we keep going I want to explain why it's a threat to cryptography um our current cryptography is based on

difficult math problems okay really hard math problems which we cannot figure out because we need a lot of time and and processing power frankly to do it so it's based on very large prime numbers uh which you know really large primes that are multiplied together basically in an complex operation and in order to kind of derive what was originally parts of those operations that's difficult so that problem is called integer factorization so I always I'm going to make it super simple I'm going to pick on someone in the audience and I'm so sorry it's you so what's 9 * [Music] 8 yes good job now what are all the factors you can multiply together to get

72 that's right what are

they don't stall if okay so what you're doing is really good but this is what our current computers do when we ask them to multiply two large prime numbers together to get some secret Cipher text blob right I'm oversimplifying but you get the idea if I do that this way the computer goes oh the output is BL that's great now you ask our current computers to reverse that oneway function and it takes a long time maybe the lifetime of the universe to reverse so that's the strength of a one way function depends on how much time you need to reverse it you need time to figure out what all the factors of 72 are but if I say 9 * 8 we're

pretty relatively even without coffee quick to answer that everybody get this notion all right so this is the point our current computers cannot do this one-way function for integer factorization but they can't also do it for distr logs so if we have this Formula 3 to 16th with a modulus which is just a remainder of 17 you have this answer yeah this is also known as clock arithmetic but we have this answer now if we only have the answer trying to figure out what the hell the formula was that created it becomes also really really difficult that notion I think is also pretty clear right but what happens is if we click down we have really two

very cool algorithms we have Shores algorithm which can help us reverse the integer factorization and we have love Grover's algorithm which allows us to perform different computations in a sort of maze like thing to if you had a maze and you had to solve it you know sometimes you draw a line like one by one right what Grover's algorithm allows you to do is test all of those possibilities at the same time so it's an optimization algorithm it allows you to try multiple outcomes at the same time and thereby getting the answer quicker so again because it's a Time bound constraint both of these algorithms reverse the time that it takes okay and if we go to the next one and

you guys know right I'm not telling you to do Quantum at all costs I I'm a chief security officer and I can tell you our Hardware sucks our operating system sucks protocols applications all if all of those things are vulnerable and shitty and susceptible to back doors then it doesn't matter how good your crypto is the attacker isn't going to attack your crypto they're going to attack one of the weak underbellies before it so we need good cryptography but we also need a really clear understanding of what the hell it is we're trying to protect from home yeah so don't do this [ __ ] before you do that by the way you guys want to sit down

there's tons of chairs tons okay um standing is good um if we go to the next slide and you might want to know like when will we have the quantum computer where I already told you that IBM in 2024 isn't going to get there okay we need millions of these suckers so in order to get to the millions we're looking at some time and what you should think about is remember I told you like we're going to have to do something that's really cool if we want to break things like RSA if you take a Time factor of this of how long it currently takes to break RSA which is again potentially lifetime of the universe and

if you have a lot of cubits you'll basically bring that down to a couple of seconds again big problem and depending on the amount of cubits you bring down that operation to a couple of seconds so we need a lot of cubits in order to perform this well so if we go to the next slide Mar sorry the other issue we have is a capture now decrypt later problem which is means that everything we've ever transmitted that was encrypted is actually at risk because this is a photo of the Utah data center facility of the NSA where they keep captures of internet traffic by the way they're not the only government that does it every government captures

internet traffic they also capture the encrypted stuff um and that's because you know sometimes old secrets are just as good as new Secrets if they have this predictive force and you can then use them to figure out how other future communications or codes or whatever will be done yeah and right now I just want to ask you guys like we don't know all of this other stuff that could potentially be at risk because this stuff is at risk because we use it everywhere but what you should see is really fundamentally everything we currently use in our modern cryptographic Stacks is going to have to be replaced and even when you have a larger key size which you absolutely

something you should all be doing even when you do that there's still a concern around the you know the key management functions to know that they're still really going to be okay for the Long Haul so even AAS even with the larger key size I still worry about key management and how we're doing um Key Management across the board and asset understanding of cryptographic algorithms because most companies don't have that go to the next slide so when you're trying to figure out like what should I do I think first and foremost you need to understand how long do I need to keep my current cryptographic stuff the stuff that I encrypt how long do I need to keep it

secure any ideas how long do you guys keep your cryptography secure forever forever we don't know how to do forever how about we say like 23 in me data how long would you want that secure are we going to go back to forever yeah even that we don't know how to do or maybe even the lifetime of you and your children we don't know how to do that yet so it's a real challenge like I think healthcare data which is also the most often vulnerable to these types of attacks you can change your credit card can't really change too much about your medical stuff I think this is really a fundamental problem so the healthcare

industry has a huge issue but so does the banking industry who also have long-term secrecy needs so let's say they want to keep it secure for 20 years okay 20 years will buy that that's like a reasonable interim so let's say we need to keep it secure for 20 years how long before there's a viable quantum computer that breaks our secrets so I I talk to folks that are building quantum computers pretty frequently um and I can tell you that the least optimistic ones say 10 years the more optimistic ones believe that there's might be one somewhere um because there's always scientists that come to these conferences that don't show any papers that are always there anyway so that

there's all kinds of theories uh about when there's a viable quantum computer but I really uh would be more hesitant to to be more optimistic I'd rather be more pessimistic so let's say that before there's one in the public domain we need about 10 years there's also Quantum Skeptics which say that you'll have cold fusion before you have a quantum computer so um how long do we need to work to transition our Network and systems to something that's Quantum safe any ideas yeah cuz we're so good at like IPv6 transition that's my limus mark so um no look but genuinely we're not good with change and we're not good with upgrading things that we know need to be

fixed because unless there is an urgency attached to it we rarely do anything so I I really think that if we say we need to keep stuff for 20 years secure but there's 10 years before there's a quantum computer we we've already got a problem and then we need another decade to transition then we still have a problem so we have a massive problem we should have started you know a decade ago basically and if we go to the next slide I think what we need to do first and foremost I'm going to be really pragmatic and super simple um first and foremost figure out what cryptography you use and use the maximum key length

wherever possible then look for opportunities in very tiny spefic specific areas for something called Quantum key distribution I'll explain what that is and then finally look for what I believe is the most stable long-term solution which is postquantum algorithm yob kek hey um so and then if we go uh to the next slide yeah so I'm going to explain what qk sorry it's really hard to do this when there's like only friends in the audience so um uh what I wanted to do is explain to you how Quantum key distribution Works which is basically you have have two parties Alice and Bob and then you have Bob's jealous ex-girlfriend Eve all right and so Eve

basically wants to know what Alice and Bob are dming to each other and the clue is what did I tell you about interception anyone remember it's not happening yeah so if we if we go to the next Slide the way that it really works is qkd prevents Eve intercepting without Alice and Bob knowing that's it that's all you got to remember about Quantum key distribution because while you're Distributing the keys you want to know that the channel is secure yeah so it's a key distribution issue and the way that it really works is you have a little box which has a bunch of polarizers diagonal and horizontal there's a single Photon emitter on this side which is your Photon Source it

emits a particle of light when the polarizers are oriented in a particular way the light passes if they're oriented in another way just like a regular polarizer you guys have polarized sunglasses right do you know how if you tilt the angle by uh 90° you don't let Light Pass yep it's the same thing so light passes or it doesn't pass so when the light doesn't pass uh and you know Bob's polarizers aren't configured to receive Alice's photons they know Eve has been hanging out in the middle cuz then Bob gets gibberish so when Alice's polarizers are set up correctly with the sing Le Photon Source working properly and Bobs are set up correctly we're cool

if Eve is in the middle it shifts everything and they get gibberish is this idea clear okay cool and if we go to the next slide you can do this because there's limitations when you do this over a fiber channel like a fiber optic cable um it's really a problem because there's distance limitations the maximum distance limitation on fiber for doing this kind of stuff right now in the wild like in a lab you can get up to 120 km but in the wild you usually get to closer to 9 or 10 kilm and sometimes if you're lucky on really good Dow Corning fiber you can get about 64 km they've been test done with 64 km but

unfortunately I don't know about you guys but I communicate with people that are further than 64 km away so as a result of which in order to get a secure connection happening then we're looking at something called free space qkd and involves lasers uh so we have lasers at very long distances this was 144 km this is one of the earliest experiments that was ever done in Europe um by Pao vesi Italian scientist between La Palma and tened and he managed to do this regardless of the vapor and everything else it was a really cool experiment but if we go to the next slide we're Way Beyond that experiment phase because China since 2016 has been operating ating a space

based qkd Communications satellite um on top of a terrestrial Network this was the original terrestrial Network it's about 10,000 km long it's now three times as large so they have a terrestrial qkd Network completely secure against any attack from a quantum computer across all of China and they have this satellite to go with it that satellite didn't just prove its capability to have secure Communications with China they did an encrypted video call with the professor of panan way in Vienna um uh what's his name thingy but uh they did a encrypted video call with him in Austria so this thing works is all I'm trying to tell you and it's worked and it's been operational since 2016 I told you that

the that Europe spends about 1 billion on the European Flagship right China spends 10 billion uh they also have private funding for all of this stuff on top of you know the stuff that's in The Five-Year Plan they also encourage private companies like Alibaba Etc to also fund Labs research for Quantum so if we go globally what I believe is a more stable solution for all of us is postquantum cryptography and where you look for all of that is nist so I work with Etsy um which is by the way if you guys are really interested having a conference on May 14th to the 16th in Singapore on all of the ET cpqc algorithms in close cooperation with

nist um and what we did is in 2016 there's a call for candidate submissions for all these algorithms and in different categories um and then we're now at like the final round where you know we've had previous rounds stuff has been broken and challenged and now we expect standards to be coming out this year roughly end of the summer beginning of fall there will be uh standards announced and there's already actually like pre-selected candidates that have already been announced earlier we'll get to that in the next slide but here's the thing how many of you guys have already looked at or played with or examined any of those new algorithms wow you're cool okay so

there's like one person back there which we all should meet afterwards um but the the idea is not many and we all need them and we can't just rip and replace them so we go to the next slide oh no previous one sorry so here's the deal right these are the finalists that we have in the round and we have signature uh algorithms as well and then there's alternates of those alternates psych for example you might have heard of at it was already broken and not with a quantum computer with like a really old computer the clue is that we need more people testing this stuff trying it out breaking it before we genuinely know that it's secure to

use and viable there's also trade-off constraints in bandwidth in CPU utilization so you cannot just take one algorithm out pop in another and then hope that we're okay that's why we need to try them out um and I I worry about all the things that can go wrong because every time we try to do stuff around cryptography we know that governments are still interested in figuring out you know how to do Crypt analysis we will still have people like I have invented a super secret algorithm all by myself I'm not going to tell n or anyone else and it's super secure that's going to happen too so there are governments that do not engage with n or with Etsy or anyone

else and are actually rolling their own crypto postquantum okay and no one's testing them up they're not up for peerreview you should be terrified um and then subsequently like we don't just have Crypt analysis which is you know finding a mathematically orientation for an attack or looking at the traffic uh and trying to figure out a way to attack we still have all other kinds of problems around if the entropy source that we use for some of this crypto is good if you know like because we've seen that go wrong before uh with the NSA introduction of um weak entropy sources for other algorithms so I really think that there's so much that can go

wrong just purely from a technical side and if we look from a legal side we also have these arguments that are there to figure out how to balance equities either ban the crypto alog together no cryptography you guys might have seen recently there was all these really big issues with iCloud usage and encrypting things in iCloud did you guys see that so there was a parents Association because I think the root password for all of this stuff is if you can say the words terrorism or pedophilia you can weaken or ban cryptography pretty easily so those arguments are there to either you know also restrict crypto so the good crypto stays at home and everybody

else who uses our stuff gets the weak [ __ ] so we can then decrypt it or you know France's biggest arguments for key escrow we'll keep all of the you know Ki material with us in a super secret vault and you guys in the mobile network you don't get anything else um so I think there's all kinds of worries that we have because when you look at the alternatives for law enforcement there are things like buying vulnerabilities and cashing in in the oday market uh so I I think that we need to come up with better Solutions all around but in the meantime we need to figure out how to get our crypto up to scratch so if we go

to the next slide what I I want you guys to think about if there's one thing you leave with after this talk I want you to think about just one question what cryptography do I currently use so the Biden Administration in 2022 already said that everybody needed to figure that out from a um government capacity to understand their own cryptographic assets assets that we regularly do in a cmdb or asset inventory they need to include cryptography so that's the first then we need to think about how are we going to implement this stuff I'll talk about that later make policies which is super unsexy I know and then also talk about the vendors that we use across a thing

and which crypto they use because that's just as important because finally that's what you use and make sure you have this stuff in very unsexy contractual annexes supported by legal and make sure you Break Stuff quickly rather than finding out at the 11th Hour uh so there's this road map I'll happily share this with anyone I presented this at RSA um there's this road map for Readiness which basically says you should have started last year which is very similar to what the Biden Administration did um and then have this a phased approach where you're like discovering and then you're implementing things you're breaking stuff and then you do this monitoring backup phase because the name

of the game is cryptographic agility assume that any algorithm you choose will break you will need to replace that algorithm with another candidate algorithm so you need to not just pick one but have two cryptographic agility is the only way that we can handle when stuff breaks and that we then can replace it so if we go to the next Slide the other thing too is and I'm going to keep this super simple we need to be able to evaluate threats there's a lot of information and disinformation out there so trying to understand you know like what the different side Channel attacks are uh trying to that's not what I'm going to ask you to do but I'm going

to ask you to like very carefully select the sources of information that you choose to look at without delving into the rabit holes that are somehow out there um online it's it is really quite a lot of stuff and I I think that really if you select your ches carefully then you'll be in much better shape for evaluating threats the other thing too is you can start uh taking existing products that are already there and just start playing with them just start experimenting with them so there's vpns that already use postquantum cryptographic algorithms there's open SSH there's postquantum chats there's all kinds of stuff that you can do um that I I recommend just play with it

just just get started and then what I want to tell you that's really cool which I think is going to change the game is your mom can do this too if you click down because um all of uh Apple iMessages are also using postquantum so you don't have to be the only one playing with postquantum algorithms because it's being embedded for a larger consumer population I think this is going to be the single most impactful thing hey don't get me wrong in lockdown mode you still can't use iMessage right so there are still issues of other vulnerabilities and other problems and OD days and back doors and all the things there's still issues however what

I'm suggesting is that for the wider security having postquantum already embedded into something that is a consumer application is the long-term best approach so if we go to the next slide so so I wanted to like close by saying it is going to take us a while we're not going to be done in the 10-year Horizon that we need to finish stuff in or yesterday so I think the clue is iterate and improve every time building that crypto agility make sure that you have your org with you because this might cost money this will cost money not might it will and find out who it is you can trust for this evaluation as time goes

on so you do need to talk to your National cyber security Center or new Kip or whomever and there are two reports um that I helped right with the world economic Forum one is uh the transition to a Quantum secure Quantum and the other one is a uh building a Quantum economy one is more on what's the state of quantum and the other one is more on how do we transition effectively with everybody so uh check those out start now I realize that Quantum is not the biggest priority if you are underneath the information security poverty line and cannot fix VES and don't have any clue what your assets are do that first but then

prioritize the things that are important before they become urgent thank you