Toward a Safe Quantum Future

17 June 2019

Michele Mosca

Quantum paradigm brings new possibilities

Designing new materials, drugs, etc.

Optimizing, Learning, etc.

What else???

Sensing and measuring

Secure communication

Cryptography:RSA, DSA, DH, ECDH, ECDSA,…, SHA, AES

Secure web browsing, Auto-updates, VPN, Secure email, Blockchain, etc…

Cloud computing, Payment systems, Internet, IoT, etc…

• User errors

• Corrupt users

• Admin errors

• Corrupt admin

• Platform implementation errors

• Platform design errors

• Cryptography implementation errors

• Fundamentally vulnerable cryptography

So many different vulnerabilities

• User errors

• Corrupt users

• Admin errors

• Corrupt admin

• Platform implementation errors• Platform design errors

•Crypto implementation errors•Fundamentally vulnerable 

cryptography

Ranked, from bad to worse?

Do we need to worry now?Depends on*:• security shelf‐life (x years)• migration time (y years)• collapse time (z years)“Theorem”: If x + y > z,  then worry.

y

time

xz

*M. Mosca: e‐Proceedings of 1st ETSI Quantum‐Safe Cryptography Workshop, 2013.  Also http://eprint.iacr.org/2015/1075

Bottom line

• If Y>Z then cyber systems will collapse in Z years with no quick fix.

• Rushing “Y” will be expensive, disruptive, and lead to vulnerable implementations (i.e. won’t need quantum computers to hack)

• The emergence of the first scalable quantum computers will challenge the trust in the tools and institutions underpinning our digital economy.

What is ‘z’?

• M. Mosca [Oxford, 1996]: “20 qubits in 20 years”

• Microsoft Research [October 2015]: ”Recent improvements in control of quantum systems make it seem feasible to finally build a quantum computer within a decade”.

• M. Mosca ([NIST, April 2015], [ISACA, September 2015]): “1/7 chance of breaking RSA‐2048 by 2026, ½ chance by 2031”

• M. Mosca [London, September 2017]: “1/6 chance within 10 years”

• Simon Benjamin [London, September 2017]: Speculates that if someone is willing to “go Manhattan project” then “maybe 6‐12 years”

Quantum‐safe cryptography tool‐chest

conventional quantum‐safe cryptography a.k.a. Post‐Quantum Cryptography or Quantum Resistant Algorithms

quantum cryptography+

Both sets of cryptographic tools can work very well together in quantum-safe cryptographic ecosystem

http://www.idquantique.com/photon‐counting/clavis3‐qkd‐platform/

Courtesy of Qiang Zhang, USTC

openquantumsafe.org 

Can test and prototype post‐quantum algorithms now

Other open source implementations:https://github.com/mupq/pqm4https://libpqcrypto.orghttps://github.com/safecrypto/libsafecryptoIndustry tool‐kits also available.

QKD Link Layer(QLL)

QKD Network Layer (QNL)

Key Mgmt. ServiceLayer(KMS) 

Host Layer

OpenQKDNetwork.com

Can design QKD into systems now

Full protocol stack for QKD

“But we’re risk‐averse!”

Hybrid deployment  of quantum‐safe with currently deployed crypto provides strictly better security.

Advisable until quantum computers have been around for several years and are easily accessible.Several practical considerations in how to implement (e.g. FIPS 140‐2 certification, backwards compatibility).

Security is a choice

• Will you be ready for the NIST standards around 2022‐2023?• If “phase 4” for quantum computing is achieved in the next 2‐4 years, 

will key stakeholders trust that your sector will be ready in time?• Will your systems be quantum‐ready by 2024? 2026? 2028? 2030?

Quantum Risk Fundamentals:Identify:• Your organization’s reliance on cryptography• The sources and types of technology in use

Track:• The state of quantum technology development• The timeline for access by specific threat actors • Advances in the development of quantum-safe technologies

and algorithms

Manage:• IT procurement to communicate the issue to vendors• Technology upgrades and lifecycles to facilitate the

incorporation of quantum-safe algorithms.

https://globalriskinstitute.org/publications/3423‐2/ 

Historic opportunity

Thank you!Comments, questions and feedback are very welcome.

Michele MoscaUniversity Research Chair, Faculty of MathematicsCo‐Founder, Institute for Quantum Computing, University of Waterloo www.iqc.ca/~mmoscammosca@uwaterloo.ca

CEO, evolutionQ Inc. @evolutionQincmichele.mosca@evolutionq.com

Co‐founder, softwareQ Inc. softwareq.ca