Key Takeaways
- Quantum computing decimates RSA cryptography which underpins most of our digital platforms: you can’t have a happy quantum computing world without first protecting all of the critical infrastructures against quantum-enabled attacks.
- The quantum threat development is not gradual and can come suddenly to break everything. This can come fast to threaten our networks and the Internet.
- Our digital infrastructure is not ready for quantum-enabled attacks. Service providers, data center operators and others need to protect their networks for from such attacks. The planning cycle is long, so service providers need to start planning back from the date they are required to implement quantum technologies, for instance 2031 in the case of Germany.
- The planning cycle to incorporate quantum cryptography is long and has several challenges, such as availability of standard, interoperability and validation; in addition to a complex supply chain.
- NIST, ETSI and other organizations are in process of developing new algorithms and standards which are coming out imminently: NIST will announce the finalists in a few months, and the final standard will be out in 2024.
- North America, Europe and China are heavily investing in quantum cryptography and post-quantum cryptography.
Transcript of discussion
The following summary of the discussion with Dr. Michele Mosca (bio below) on the application of quantum technologies in communication networks.
Frank: Good day to everyone. I’m happy to be here with Michele Mosca. He’s a leader in quantum space. We will be talking about quantum technologies and applications in communication. So, Michele, welcome! Pleasure to have you. If you don’t mind to kick it off by briefly introducing yourself.
Michele: Hello, thanks a lot. It’s great to be here. I’m the CEO of evolutionQ, which is a company focused on products and services to help organizations get to a quantum safe state, my backgrounds in cryptography for almost 30 years. And early in my cryptography career I stumbled upon quantum computing, initially I thought it was a joke, and I thought it was the dumbest thing I ever heard of. And then I started working in it when I realized I was wrong. In the subsequent years, I’ve been very involved in research, and a range of outreach and not-for-profit work in that space, and very aggressively in the last 10 years, working to help a wide range of stakeholders work together to make sure our digital platforms are resilient to quantum-enabled attacks.
Frank: To kick it off with the first question, and to have a baseline when we talk about the applications of quantum in communications, can you briefly describe what some of the terms, for example, quantum safe and quantum resistant, just to help with orientation?
Michele: Yeah, that’s a great question just sort of level set. Quantum can mean thousands of different things. Obviously, quantum physics is a framework for physics and has all sorts of implications. One of the implications is you can build this thing called a quantum computer. And there’s a whole growing industry that will help you take advantage of this powerful new computing platform, which is super powerful at certain things, and perhaps not helpful at other things. So, they’re trying to figure out how to get value out of a quantum computer: That’s one aspect of quantum people talk about. We know it can be super disruptive, because it massively disrupted public key cryptography. Up until 1994, we thought quantum computing has zero impact on cybersecurity. Then, academics would have said maybe it could. But then Peter Shor showed us it actually decimates RSA cryptography which underpins most of our digital platforms directly or indirectly. And the failover at the time, would have been discrete log-based cryptography. But he broke that too. So, the fact that there exist quantum computers drives what we call quantum-safe cryptography, which is cryptography designed to be safe against quantum-enabled attacks. But you can’t have a happy quantum computing world without first protecting all of our critical infrastructures against quantum-enable attacks. Most of the solution is not quantum, but by taking advantage of quantum we can actually build a more resilient and robust digital infrastructure. So within quantum safe cryptography there is an overlap with quantum communication. We can build a quantum internet – the ability to send information and retain its quantum properties over arbitrary long distances – and we’re moving in that direction. Why would you want a quantum internet? For one, you can network these quantum computing devices for all sorts of reasons. One is application error; another is distributed quantum sensing, which I won’t get into; another is secure quantum-enabled cryptography. One of the almost magical cryptographic primitives – magical in the sense that we didn’t think it was possible constantly, but it is possible quantumly – is quantum key agreements or also known as quantum key distribution (QKD), where you can achieve the functionality of RSA. It does basically what HTTPS does every day, which is to establish a secret shared key through a public but authenticated channel. That’s what quantum key distribution does. But you don’t need a mathematical assumption. That’s a beautiful thing, in that we don’t have to go to bed at night worrying about what if somebody figures out how to solve these math problems, how to find short vectors in a lattice. You know, quantum photonics is a wonderful new addition. But that does require additions and modifications to our communication networks.
Frank: Just to go back to highlight why should service providers or data center operators who are always big participants in this event, why should they pay attention to these things? You already mentioned in your overview why they should. Can you also comment on how commercial and mature these quantum solutions are right, especially related to quantum key distribution and quantum random number generation?
Michele: With any new disruptive technology, we have to go through the four phases of understand it, understand the risks and opportunities in it, and if appropriate, to come up with a plan if it’s relevant. The last stage is implementing that plan. But you don’t get to implement the plan unless you’ve done the first three stages. Cryptography is very fundamental, like plumbing in a sense, you don’t change that overnight: it takes 10 to 20 years to do this properly. If you rush it, that’s just a disaster. Because if you try to rush the deployment of cryptography, things are going to crash. With any rush deployment, you’re not going to do all the right things like assured quality control, and so on. There’s going to be security vulnerabilities that hackers can exploit without a quantum computer. If you’re too late, then you have the possibility of quantum-enabled attacks. So, you really do need to get ready. It’s a long lifecycle and you have a choice. I think boards of directors and regulators will increasingly go to their responsible teams and say: look, tell me if we’re going to be able to manage this transition as part of our lifecycle management? Or if we’re going to need to manage a crisis later?
The people who need to answer that question, would hopefully say this is going to be lifecycle management; that the advent of quantum computers a happy day, and there’s no need to panic. But right now, we’re not ready to say that. We need to get there. Obviously, the service providers and data center operators are integral parts of the ecosystem. They need to protect their own technologies and their own products, so they can keep running. We can’t have the internet and telecommunications networks stall. They can also, in some cases, be providing some of these quantum-enabled services to their customers. So, it’s both in terms of using it for your own business purposes, or reselling to their clients. But it’s a long lifecycle to do that, and they need to start early.
Frank: In terms of maturity, some people say this is 10 years or 20 years out; but there are solutions out there. What can you comment on the maturity of the technology?
Michele: For fault tolerant quantum computing, you got to wait for that computer to come. If talking about quantum annealing, then that’s actually available today. But focusing on quantum key agreement, the point-to-point links are available today. Products that allow you to turn those point-to-point links into effective networks with trusted intermediate nodes, that’s already product grade today. What’s not product grade today is the ability to put sort of quantum repeaters that allow you to route quantum information through a network without measuring it and looking at it. But the technology that doesn’t require that is coming. There are billions invested in Asia, Europe and North America, to take that technology from a research grade technology to a product. Proofs of concept with satellite-based communication have been done. Our friends in China demonstrated that and we know it works, and it will be product grade There are companies that have received hundreds of millions of investments and have billion-dollar valuations, that will deliver product that will establish quantum keys through satellites as the intermediary. In the future we’re going to evolve into an ecosystem of so-called quantum internet, where you have a hybrid of satellite and ground-based repeaters. But in the short term, what’s already ready to go, is the point to point links turned into effective networks, using very deep software packages.
Frank: There are many great points that you mentioned that I would like to drill deeper on one or two of them. Today, we have extensive networks based on certain cryptographic technologies; then we have quantum technologies that will sort of overlay or integrated at some point. What kind of challenges do you see in that? What kind of roadmap can we envision?
Michele: There are two solutions – both are excellent – and they need to be integrated and combined, as appropriate to solve the real-world security problem. The low hanging fruit is the so-called post quantum cryptography. NIST in the United States is standardizing new algorithms. ETSI in Europe is working on various related standards and so are other organizations. Those standards are coming out imminently. NIST will announce the finalists in a few months, and the final standard will be out in 2024.
One of the challenges has been that there’s no standard. We’ve had years to get ready. There’s a lot of preparation work to be done before you deploy a new standard. There’re great open source platforms that are in use today by major vendors around the world to start preparing and testing. So, we know what the emerging standards are and how they’ll behave; what their functionality is, what their performance is, and we’re ready to to start incorporating these standardized algorithms into systems because often, you’ll need additional standards on top of that. Every sector knows what they need. You need to have a plan; you kind of work backwards. Say you want quantum safe telecommunications networks by 2031, for example, which is what the German government is targeting. Working backwards from that date, and you’ll start quickly filling out details like we can’t have that unless we have certification, common criteria, a protection profile, we need a FIPS mechanism for example, and so on. So, just work backwards and make sure it’s ready in time.
There’s a lot of challenges in terms of standardization, certification, and interoperability. I think another challenge is the complex supply chain. The service providers and data center operators are in the middle: they have customers, but they also have people their vendors. You are as strong as your weakest link. You have to make sure there are no major gaps that take years to fill when it’s showtime. Because when it’s showtime, you don’t get to call the timeout. If quantum-enabled attacks are here, we better be quantum safe by then. But it takes years to get there, where I think we better have our roadmaps sketched out to the first order, and all the building blocks in place. Actually, I would say the threat is 75% developed when we demonstrate a logical fault-tolerant quantum bit. If it’s 1-10 of them, it’s not a threat. But 4000 will crush everything. The threat development is not gradual, but can suddenly break everything. So once we have fault-tolerant qubits that look like they’re pretty scalable, you have a small number of years left before they’ll actually break your platforms. And you can’t do this in five years; I don’t think anyone’s that diluted.
So you have to do stages one, two, and most of stage three, and then just confidently but assertively deploy. IBM says they’re going to have fault-tolerance qubits in 2023, for example. We’ve surveyed thought leaders around the world, and we don’t know for certain if it’s 2023. It could be this year, it more likely than not around 2023, or it could be lot late longer. We have to manage these risks properly since there’s a very high chance it’s done by 2022-2023. It’s really critical to maintain the confidence of all the stakeholders in the ecosystem: the customers, the regulators, and so on, and be able to confidently say, congratulations, IBM, Alibaba or Google, whoever it is, and say, you know, full steam ahead on using quantum computing for positive things. Our digital infrastructures are ready for this.
Frank: I’d like to go back to one point you mentioned earlier, and that’s basically how different countries are playing this field because there’s a lot of activity and investment going on by governments and nations. Can you outline how this is shaping up? And what different areas are they focusing on?
Michele: There are two tracks: post-quantum cryptography and quantum cryptography. I work in both; my pedigree is more from post-quantum, but I’m a big supporter of quantum cryptography as well. My company does both and I do a lot of not-for-profit and ecosystem development in both. Their development has been sort of two parallel tracks.
Quantum cryptography was invented in North America. Satellite quantum cryptography was invented at Los Alamos, developed a lot in Europe, and in North America. Then at one stage, over a decade ago, after working on different aspects of quantum, China decided to go big on quantum and raced ahead in the real world implementation of quantum cryptography in communication. Europe and North America are still very much in the game. Europe has allocated billions to develop Euro QCI, which is a very exciting initiative. North America is doing similar bold initiatives to develop quantum communication technologies. And so, the QKD aspect is moving along especially in Europe, I would say, but the quantum communication is also being developed in the US; Europe is more aggressively pursuing commercial QKD development, its certification and validation, in parallel to what’s going on in China.
In post-quantum cryptography, I think it’s being driven by US/North America and Asia – China, especially. I think the world authorities in this is NIST in terms of the basic algorithmics. But the teams working on the algorithms and scrutinizing them are worldwide. There’s definitely a lot of commercialization in post-quantum. I would say post quantum is maybe more developed in North America and in Europe. But it is also being developed in Asia as well.
Frank: Thank you for that overview. Unfortunately, we’ve reached our allotted time, so we’re going to leave it at this point. It’s a fascinating topic, and there are many other questions that I wanted to ask you, but we just did not have the chance to talk about, like the startup landscape and the role of the cloud players. But I really would like to thank you very much for taking the time and joining us here.
Dr. Michele Mosca, Co-Founder, President and CEO, EvolutionQ
Dr. Mosca is one of the world’s leading scientists in quantum computing, quantum cryptography, and conventional cryptography in an era with quantum technologies. He was a founder of Canada’s Institute for Quantum Computing, was a founding Faculty Member of Perimeter Institute for Theoretical Physics, and co-authored the respected textbook An Introduction to Quantum Computing.
Interview was aired at Capacity Europe 2021; October 21, 2021. Special thanks to David Tran for inviting us to discuss quantum communications and cryptography with their audience.