Preparing for the Quantum Era Michele Mosca 16 January 2018

E. Lucero, D. Mariantoni, and M. Mariantoni

Quantum paradigm brings new possibilities Designing new materials, drugs, etc. Optimizing Sensing and measuring Secure communication What else??? ©2017 M. Mosca

What sorts of practical applications? Cybersecurity in an era with quantum technologies What sorts of practical applications? Possibilities include: Optimizing the design of new materials For example, next generation materials could allow more efficient energy capture or transport or storage. Simulating chemical reactions at the quantum level Potential applications include more efficient yields for chemical processes like the production of fertilizers. Optimization of designs or allocation or resources For example, optimizing in the insertion of dampers in buildings to protect against earthquakes. ©Michele Mosca 2017

Quantum Cryptography Quantum Random Number Generation (QRNG) Quantum Key Establishment (QKD) Other… www.quintessencelabs.com whitewoodsecurity.com Courtesy of Qiang Zhang, USTC swissquantum.idquantique.com/?-Network- http://www.battelle.org/our-work/national-security/cyber-innovations/quantum-key-distribution Beijing-Shanghai QKD Backbone SwissQuantum Network http://www.uqcc.org/QKDnetwork/ Tokyo QKD Network Battelle QKD Network Columbus, Ohio, USA One such tool is the secure exchange of cryptographic keys, which can be used for secure encryption, e.g. These tools are in fact commercially available, and there are proof of concept networks emerging around the world. http://www.idquantique.com/photon-counting/clavis3-qkd-platform/ http://www.quantum-comm.com/index.php/Cate/index/pid/1 http://www.qasky.com/Product.aspx?id=94

But… while in the old paradigm Encrypting is easy. Codebreaking is hard.

…in the quantum paradigm Encrypting is easy. Codebreaking is easy!

Cybersecurity in an era with quantum technologies What will be affected? Products, services, business functions that rely on security products will either stop functioning or not provide the expected levels of security. Secure Web Browsing - TLS/SSL Auto-Updates – Digital Signatures VPN - IPSec Secure email -S/MIME PKI Blockchain etc… Clouding computing Payment systems Internet IoT etc…. RSA, DSA, DH, ECDH, ECDSA,… AES, 3-DES, SHA, … copyright Michele Mosca 2016

Cybersecurity in an era with quantum technologies What will be affected? Products, services, business functions that rely on security products will either stop functioning or not provide the expected levels of security. copyright Michele Mosca 2016

Do we need to worry now? Depends on*: y x z How long do you need your cryptographic keys to be secure? – security shelf-life (x years) How much time will it take to re-tool the existing infrastructure with large-scale quantum-safe solution? (y years) – migration time How long will it take for a large-scale quantum computer to be built (or for any other relevant advance)? (z years) – collapse time “Theorem”: If x + y > z, then worry. y time x z *M. Mosca: e-Proceedings of 1st ETSI Quantum-Safe Cryptography Workshop, 2013. Also http://eprint.iacr.org/2015/1075

Cybersecurity in an era with quantum technologies Business bottom line Fact: If x+y>z, then you will not be able to provide the required x years of security. Fact: If y>z then cyber systems will collapse in z years with no quick fix. Fact: Rushing “y” will be expensive, disruptive, and lead to vulnerable implementations. Prediction: In the next 6-18 months, organizations will be differentiated by whether or not they have a well-articulated quantum risk management plan. copyright Michele Mosca 2016

Cybersecurity in an era with quantum technologies How close are we to having sufficient quantum resources? copyright Michele Mosca 2016

Cybersecurity in an era with quantum technologies copyright Michele Mosca 2016

Cybersecurity in an era with quantum technologies Non-fault-tolerant quantum devices “Similarly, although there is no proof today that imperfect quantum machines can compute fast enough to solve practical problems, that may change.” Not a known threat to cryptography Can they capture some of the power of quantum computation? Can they simulate themselves or similar systems faster/cheaper than conventional computers? Can they solve useful problems better than conventional devices? copyright Michele Mosca 2016

Cybersecurity in an era with quantum technologies What is ‘z’? Michele Mosca [Oxford, 1996]: “20 qubits in 20 years” Microsoft Research [October 2015]: ”Recent improvements in control of quantum systems make it seem feasible to finally build a quantum computer within a decade”. Michele Mosca ([NIST, April 2015], [ISACA, September 2015]): “1/7 chance of breaking RSA-2048 by 2026, ½ chance by 2031” Michele Mosca [London, September 2017]: “1/6 chance within 10 years” Simon Benjamin [London, September 2017]: Speculates that if someone is willing to “go Manhattan project” then “maybe 6-12 years” copyright Michele Mosca 2016

Quantum-safe cryptographic tool-chest Cybersecurity in an era with quantum technologies Quantum-safe cryptographic tool-chest + quantum cryptography conventional quantum-safe cryptography a.k.a. Post-Quantum Cryptography or Quantum-Resistant Algorithms http://www.idquantique.com/photon-counting/clavis3-qkd-platform/ Courtesy of Qiang Zhang, USTC Both sets of cryptographic tools can work very well together in quantum-safe cryptographic ecosystem copyright Michele Mosca 2016

Cybersecurity in an era with quantum technologies Quantum cryptography For this talk, focus on key establishment – “Quantum key distribution” (QKD): Over time, QKD evolves from: Point-to-Point  Trusted Repeater Networks Untrusted Repeater Networks Quantum physics guarantees the cryptographic security of the key copyright Michele Mosca 2016

Quantum Internet – the Long Term Vision Qubit distribution with moving systems: satellites, aircraft, vehicles, ships, handheld Distant Network (Thanks to Thomas Jennewein)

Protocol stack for QKD QKD Link Layer (QLL) QKD Network Layer (QNL) Key Mgmt. Service Layer (KMS) Host Layer Can design QKD into systems today as a key establishment alternative. https://arxiv.org/abs/1712.02617

Testing new tools openquantumsafe.org ©2017 M. Mosca

Ongoing work to develop standards and certifications for these tools. Cybersecurity in an era with quantum technologies Ongoing work to develop standards and certifications for these tools. copyright Michele Mosca 2016

Cybersecurity in an era with quantum technologies (by Lily Chen: https://docbox.etsi.org/Workshop/2017/201709_ETSI_IQC_QUANTUMSAFE/TECHNICAL_TRACK/S03_THREATS/NIST_CHEN.pdf ) copyright Michele Mosca 2016

Security is a choice Problematic choices: “Do nothing: my vendors will take care of this for me” “Do nothing until NIST standardization is done” “Get it over with”

“But we’re risk-averse!” Cybersecurity in an era with quantum technologies “But we’re risk-averse!” Hybrid deployment of quantum-safe with currently deployed crypto provides strictly better security copyright Michele Mosca 2016

Quantum Risk Fundamentals Identify: Your organization’s reliance on cryptography The sources and types of technology in use Track: The state of quantum technology development Advances in the development of quantum-safe technologies and algorithms Manage: IT procurement to communicate the issue to vendors Technology upgrades and lifecycles to facilitate the incorporation of quantum-safe algorithms. https://globalriskinstitute.org/publications/3423-2/

Security is a choice Does your organization have plan? Who is responsible for it? Do your vendors have a plan? Does your industry have plan? Are these plans coordinated?

Historic opportunity We also don’t want the fix to be the result of a major last minute heroic rush. This will mean the foundations of our cyber infrastructure will be very buggy and unreliable, and open to a regular stream of Heartbleed-like attacks. We don’t want our cyber security to be based on a weak, highly flammable, foundation. We want a solid cryptographic and cybersecurity foundation. I will make the aspirational prediction that not only will we win the race and protect core cyber systems before quantum computers break them, we will have done it an open, transparent, careful and disciplined way, so the net result will be a new cryptographic foundation that is much stronger than the current one. This way in the future we can build security into our cyber systems using much more reliable building blocks, and thus make the future, filled with many new unexpected cyber tools and technologies, much safer than it otherwise would be.

The choice is ours Embrace quantum technologies that will help humanity and live in a cyber-enhanced world designed to be safe.

How can help Bringing together years of research and experience, evolutionQ has developed a suite of proprietary products and services to help forward-thinking organizations manage evolving quantum security risks. Quantum Risk Assessments Roadmap Design & Implementation Education Services Quantum-Safe Hardware & Software The first step in understanding the extent of the quantum cyber risk, and the timeframe in which quantum-enabled threats are likely to emerge. Once identified, risks need to be mitigated. A Roadmap to a Quantum-Safe state is designed and solutions are implemented. Quantum-Safe solutions integrate leading-edge hardware & software designed and enhanced by a leading team of specialists. Custom educational programs built on cutting-edge knowledge and research help organizations better safe-guard their quantum-vulnerable data and systems.

Cybersecurity in an era with quantum technologies Thank you! Comments, questions and feedback are very welcome. Michele Mosca University Research Chair, Faculty of Mathematics Co-Founder, Institute for Quantum Computing www.iqc.ca/~mmosca Director, CryptoWorks21 www.cryptoworks21.com University of Waterloo mmosca@uwaterloo.ca CEO, evolutionQ Inc. @evolutionQinc michele.mosca@evolutionq.com copyright Michele Mosca 2016