17 June 2019 Michele Mosca - ETSI€¦ · • Microsoft Research [October 2015]: ”Recent...
Transcript of 17 June 2019 Michele Mosca - ETSI€¦ · • Microsoft Research [October 2015]: ”Recent...
Toward a Safe Quantum Future
17 June 2019
Michele Mosca
Quantum paradigm brings new possibilities
Designing new materials, drugs, etc.
Optimizing, Learning, etc.
What else???
Sensing and measuring
Secure communication
Cryptography:RSA, DSA, DH, ECDH, ECDSA,…, SHA, AES
Secure web browsing, Auto-updates, VPN, Secure email, Blockchain, etc…
Cloud computing, Payment systems, Internet, IoT, etc…
• User errors
• Corrupt users
• Admin errors
• Corrupt admin
• Platform implementation errors
• Platform design errors
• Cryptography implementation errors
• Fundamentally vulnerable cryptography
So many different vulnerabilities
• User errors
• Corrupt users
• Admin errors
• Corrupt admin
• Platform implementation errors• Platform design errors
•Crypto implementation errors•Fundamentally vulnerable
cryptography
Ranked, from bad to worse?
Do we need to worry now?Depends on*:• security shelf‐life (x years)• migration time (y years)• collapse time (z years)“Theorem”: If x + y > z, then worry.
y
time
xz
*M. Mosca: e‐Proceedings of 1st ETSI Quantum‐Safe Cryptography Workshop, 2013. Also http://eprint.iacr.org/2015/1075
Bottom line
• If Y>Z then cyber systems will collapse in Z years with no quick fix.
• Rushing “Y” will be expensive, disruptive, and lead to vulnerable implementations (i.e. won’t need quantum computers to hack)
• The emergence of the first scalable quantum computers will challenge the trust in the tools and institutions underpinning our digital economy.
What is ‘z’?
• M. Mosca [Oxford, 1996]: “20 qubits in 20 years”
• Microsoft Research [October 2015]: ”Recent improvements in control of quantum systems make it seem feasible to finally build a quantum computer within a decade”.
• M. Mosca ([NIST, April 2015], [ISACA, September 2015]): “1/7 chance of breaking RSA‐2048 by 2026, ½ chance by 2031”
• M. Mosca [London, September 2017]: “1/6 chance within 10 years”
• Simon Benjamin [London, September 2017]: Speculates that if someone is willing to “go Manhattan project” then “maybe 6‐12 years”
Quantum‐safe cryptography tool‐chest
conventional quantum‐safe cryptography a.k.a. Post‐Quantum Cryptography or Quantum Resistant Algorithms
quantum cryptography+
Both sets of cryptographic tools can work very well together in quantum-safe cryptographic ecosystem
http://www.idquantique.com/photon‐counting/clavis3‐qkd‐platform/
Courtesy of Qiang Zhang, USTC
openquantumsafe.org
Can test and prototype post‐quantum algorithms now
Other open source implementations:https://github.com/mupq/pqm4https://libpqcrypto.orghttps://github.com/safecrypto/libsafecryptoIndustry tool‐kits also available.
QKD Link Layer(QLL)
QKD Network Layer (QNL)
Key Mgmt. ServiceLayer(KMS)
Host Layer
OpenQKDNetwork.com
Can design QKD into systems now
Full protocol stack for QKD
“But we’re risk‐averse!”
Hybrid deployment of quantum‐safe with currently deployed crypto provides strictly better security.
Advisable until quantum computers have been around for several years and are easily accessible.Several practical considerations in how to implement (e.g. FIPS 140‐2 certification, backwards compatibility).
Security is a choice
• Will you be ready for the NIST standards around 2022‐2023?• If “phase 4” for quantum computing is achieved in the next 2‐4 years,
will key stakeholders trust that your sector will be ready in time?• Will your systems be quantum‐ready by 2024? 2026? 2028? 2030?
Quantum Risk Fundamentals:Identify:• Your organization’s reliance on cryptography• The sources and types of technology in use
Track:• The state of quantum technology development• The timeline for access by specific threat actors • Advances in the development of quantum-safe technologies
and algorithms
Manage:• IT procurement to communicate the issue to vendors• Technology upgrades and lifecycles to facilitate the
incorporation of quantum-safe algorithms.
https://globalriskinstitute.org/publications/3423‐2/
Historic opportunity
Thank you!Comments, questions and feedback are very welcome.
Michele MoscaUniversity Research Chair, Faculty of MathematicsCo‐Founder, Institute for Quantum Computing, University of Waterloo www.iqc.ca/[email protected]
CEO, evolutionQ Inc. @[email protected]
Co‐founder, softwareQ Inc. softwareq.ca