Last year, I wrote a Quantum Threat paper much to the subtle interest of my peers. It was an interesting read for some and a 'someday' 'cautionary tale.' Many advancements have occurred, especially around NIST PQC, IBM, Intel and Q-SENSE – to name a few. The industry has come out, much like zero trust, with the latest magic solution that does it all – mainly around non-standard KEM. The goal is to share my research and what quantum means, and give some real guidance. This part two is a more advanced discussion of what has transpired in 2023 and provides guidance for my peers and clients. 

The Now: the potential

The Internet is built to be easily accessed and perform secure communications. Your entire digital experience is based upon secure and private data encryption. That security is based upon asymmetric key encryption previously thought to last anywhere from hundreds to thousands of years. With continuing advancements in quantum computing, that security construct is now at risk. The erosion of the current security encryption algorithms will start slow and work its way to dramatic results three to five years from now. Some/most of the Diffie-Hellman (DH) and Elliptical-Curve (EC) cipher suites will be a thing of the past. 

Quantum computing shows promise for what is possible and will expand the ability of computers to solve large data sets. We are using this new computing technology today mainly for cryptography, pharmaceuticals and investments, but this is just scratching the surface. In R&D, newfound synergies with quantum computing and atomic clocks provide new methods to analyze data, solve 'complexities,' and prepare quantum technology for tomorrow's solutions. Just like with conventional computing, as we apply AI/ML, quantum solutions will become even more useful. More advanced internet experiences are just around the corner. Now, let's dive deep into the more difficult subjects. 

                  - Clive James

What is the quantum threat? 

If we take this apart, this relates to how quantum computing is a 'disruptive technology.' Quantum computing is also a threat to currently used cipher suites. A threat is just that – a manifestation of something that might happen. It is several converging technologies that defy Moore's Law and expose current cipher suites that are used today.

We have covered the cipher suites that are vulnerable (RSA, DH, EC) and relatively secure (AES), and some of the newly proposed quantum resistant/proof (Kyber, Dilithium, SPHINCS+) cipher suites from the NIST (PQC) competition. What we have not covered is the why, the impact and the long-term ramifications. Let's get into the latest news and then focus on the data we are trying to protect. This is an entangled state of data security (cipher suites) and the overly complex future we are heading toward. Will our current cipher encryption be safe today and tomorrow (2-5 years)?

What is Q-Day? It is "when quantum computers will be able to crack codes protecting our digital data." Some say that Q-Day will occur very soon – as early as 2025.

The compute power of quantum

Conventional computers work on registering a group of bits in either a '1' (ON) or '0' (OFF) state. These group of bits are grouped into words/registers. Current computers are either 32-bit or 64-bit. This is how many bits make up a word or chunk of data.

Quantum computers have the fundamental advantage of managing and storing both the '1' and the '0' states simultaneously within a 'quantum entangled' state. The critical condition of the states of the element is initially unknown and in a superposition. This is referred to as a qubit for both element states. As we increase the number of qubits, the computational power increases exponentially. For example, if we increase from an IBM Falcon (2020) chip at 27 qubits to an IBM Eagle (2022) chip at 127 qubits, we have increased our computational potential by a factor of 2100 times in just two years – soundly breaking Moore's Law of doubling CPU every two years. The ability to entangle not just a single qubit but to entangle all 127 qubits is the real power of this quantum processing power. Therefore, the efficiency gained in quantum processing is by processing very large data chunks using high qubits and faster Circuit Layer Operations Per Second (CLOPS). Interestingly, this will only get faster and more efficient with the massive effort in quantum research. However, there are unique challenges working with quantum. 

Time, Noise, Sensing – Getting it Right

While analyzing an entangled quantum element, the reduction or elimination of errors necessitates the need to reduce the following:

  • Time to sense
  • Noise, whether that is RF or environmental effect
  • State or phase changes

Fidelity in qubit operations is the key here. For example, a solution that generates 1,000 qubit operations with a 60 percent accuracy rate presents challenges with getting consistent, repeatable results. Comparing this error-prone system to a 100 qubit operation that generates results 99.9 percent error-free, it is much simpler to account for deviations with some error correction algorithms. The time spent and quality of operation far outweigh the sheer qubit capacity. Therefore, a 133 qubit computer could operate and perform faster overall than the latest 1000 qubit computer. The real goal is to maximize the total error-free qubits generated within a quantum computing system. 

Time to Sense

Just sensing the state of the qubits could affect the element being used. Therefore, the element and the sensing need to be thought out. Discovering what works best is fundamental. This will always be better if I can sense quicker and more accurately. Much research in the area around clocking and using substrates (sapphire) is being developed. The use of sapphire substrates has given the longest coherence times.

Noise and Stability

As the qubit capacity grows, so do the noise and the sensing needs. Keeping the noise down with superconductors, cooling and other methods is being developed and tested. There is a great deal of optical testing and research within the R&D efforts of Q-SENSE. There is also an effort to correct out-of-band errors from AWS, which seems very promising. Lastly, testing and R&D around using rare earth ytterbium and yttrium have been positive for increased coherence.

The latest news

Here come the hobbyists:

In the last few months, quantum computing labs have been developed (downloadable software and cloud) which can be set up to make limited tests. One popular quantum simulation software from IBM is Qiskit, and many others are out there. Interested individuals can put together their own limited quantum lab. The big challenge for hobbyists is the monitoring or detection phase of whatever actual entangled state you are testing. Just the sensing/detection could upset the actual state (element under test). Hobbyists, as well as academics, have really delved into this with varying approaches. Intel released a 12-qubit CPU recently that will only grow within this community. Hobbyists will increase interest, software development and overall quality and applied use.

Kyber news:

I recently read that 'Kyber' being broken was very disconcerting, but relieved it was found before being publicly used. Looking into this news, it was revealed that this was carried out with a side channel attack using AI. This side-channel attack succeeded by having access to the CPU performing the encryption. This is the same method used to "crack" AES encryption. AES has been very secure and enjoys extreme confidence, running at 256 bits today. At this point, it is a factoid but does not discount Kyber's usefulness or exclusion.

Is my retirement fund safe? (1000 bitcoin account):

Blockchain is at risk now and in the future. If someone knows the public key and the cipher is one of the three exponential-based vulnerabilities (EC, RSA, DH, as discussed in part one), it's not a happy story. Now, nation-states only need about 30 minutes of work to break a vulnerable cipher (using the original Bitcoin encryption). Some best practices exist when using or transacting some of the older Bitcoin accounts.

The block-chain based cryptocurrency, Bitcoin, uses two digital signature algorithms to prove ownership of Bitcoin whenever a transaction is broadcasted onto the blockchain. The first is the Elliptic Curve Digital Signature Algorithm or ECDSA. The second, and the latest is Schnorr Signatures (Elliptical Curve based), which were enabled as a part of the 2021 Taproot upgrade to the Bitcoin network. These signature algorithms generate a public and private key pair and are a one-way function.

Exponential growth within Intel and IBM:

In late 2023, Intel released a 12-qubit CPU. This is something that will start an obvious trend. The future will manifest larger qubit capability, CLOPs and software that will force us to update our implemented cipher suites. We have progressed from a 5 qubit (Canary) experimental fab in 2017 to 2023 with 133 qubit (10133 combinations) from IBM as the latest.

10 qubit fab shown (ref: phys.org)

 

I want to break a cipher suite – currently in math

There are simple (MD4/MD5) hashes to complex (DH/EC) ciphers that are vulnerable to some degree. This capability was developed by looking at the math and designing an algorithm that makes it 'less-than-desirable' to secure anything.

In the past, Hypercube theory was a method used for data decryption/encryption. Again, based on math models and constructing 'if you know the value of two vertices, you can calculate what the third vertices will be for the total corner (vertex)'. This is great for problem solving.

For instance, Shor's Algorithm depends on working within these three math disciplines:

  • Modular Arithmetic
  • Quantum Parallelism
  • Quantum Fourier Transformation

The reason quantum computing has gained so much popularity is Shor's Algorithm and its innate ability to handle very large numbers and quantum's parallelism.

So, we have developed from exponential and polynomial to lattice math to get a valid, secure, and reliable cipher suite. Suffice to say, nothing is safe forever if based upon math.

The threat

Protecting the data is the most important result of encryption. Cipher keys, and all three data states are at risk from quantum. The threat is primarily to the data itself. The quantum threat, to varying degrees, affects all three states of data – 'at rest', 'in flight', and 'in use'. The data that is safe today may not be safe tomorrow. Out of these three states, the major threat from quantum is geared towards data in flight. Seemingly secure and encrypted data can be captured and decrypted later to discover the unencrypted data. Saving that data to decrypt and use later is a massive threat for all forms of personal, commerce, business, and government information. There has always been a shelf life to encrypted data however quantum computing is exponentially shortening that window. At a high level, this is a huge risk to web1/web2 environments as well as the future of web3

Data at rest:

When is the data still relevant and when is it no longer of value? Usually, data is relevant for 5 to 10 years and more than 20 years for DoD or private sector IP.

Data in flight:

This type of data use is affected every time you browse the internet. All the normal tasks you perform on the internet are affected. There is a constant risk.

Data in use:

This equates to application layer encryption. In the VDI world, this can have an effect as well. Protecting this data is paramount and extremely vulnerable to advanced persistent threats (APTs). Any sort of encryption will be relevant like encrypted workloads.

Within the three states of data use, there will be a constant threat of quantum vulnerability. From the seemingly benign capture of data all the way to the vulnerabilities of the exponential-based cipher suites being compromised. The '1,000 years of protection', has been reduced tomorrow to days or minutes leveraging quantum computing and advanced algorithms.

John Kindervag predicts: 

  1. An estimated 25 percent of the global encrypted data has been harvested by China. They are waiting for a quantum computer to decrypt it.
  2. The current cryptography model is breaking down.
  3. The grid will become the first line of attack.
  4. The threat is evolving quickly.

Why all the interest in quantum computing? What are the immediate uses?

These quantum environments can exist anywhere. Just like conventional computers, you can have on premise and off premise compute. Depending on your use and application, you may want these costly computers in the cloud. Then you need something like Quantum as a Service (QaaS). 

The immediate use cases for quantum are:

  • Finance: Optimize financial portfolios, day trading and simulating the market.
  • AI/ML: Train complex learning models more quickly and efficiently.
  • Cryptography: Leverage Shor's Algorithm to break current cipher suites and put at risk others.
  • Material science: Assist researchers in designing materials with specific properties that are purposefully enhanced.
  • Weather forecasting: Simulate weather patterns at a level not currently available. Better weather forecasting would be a boon to everyone.
  • Traffic optimization: Optimize traffic patterns in cities to reduce congestion and improve efficiency.
  • Space exploration: Simulate complex systems in space that could lead to more discoveries and enhancements.
  • And many more now and in the future.

There are many uses we have not discovered yet. We have only scratched the surface of applying this new compute technology. 

This all comes down to scale and 'getting it right.' If I want a desktop machine to run Qisket or experiment, I run an Intel or IBM CPU. If I want a business solution, R&D or prototype environment, then I am looking for a much larger solution. Business is finding uses today for quantum and will continue to find uses in the future. We just need to take a methodical approach now and in the future. 

What is our quantum guidance?

Clients and peers are asking, "When can I move from our regular cipher suites to something more quantum resistant?" The answer is not yet. The older cipher suites leverage asymmetrical keys. That means one key can encrypt and another key can decrypt. The public and private keys are mathematically bound and longer than a symmetric key. Asymmetrical keys do not need a key management distribution solution. 

WiNIST PQC, or the use of these quantum-resistant cipher suites that use symmetrical keying, one single key to encrypt and decrypt. This means NIST PQC needs to be ratified so the standard for symmetrical key management is established. NSA's guidance is NOT to use NIST PQC ciphers until ratified and a stable key management solution (KEM) is established.

If you could generate symmetric keys with Kyber (key encryption) to apply to Dilithium (data encryption), you could safely secure your data today with PQC.

If you are not prepared for the future, the future will destroy you. This is a journey.


References and further learning

  1. The Quantum Threat – Part 1
  2. Deloitte – Quantum and Bitcoin blockchain
  3. What is a Quantum Superposition
  4. NSA FAQ on Quantum
  5. 13 Sources for Quantum as a Service (QaaS)
  6. Intel announces 12-Qubit chip
  7. Janna Levin talks Quantum Entanglement with Neil deGrasse Tyson
  8. Quantum Mechanics with Sean Carrol (my favorite)
  9. More advanced Lattice and Hypercube subjects and Lattice Cryptography for the Internet, Chris Peikert.
  10. Fabrication of Al/AlOx/Al junctions with high uniformity and stability on sapphire substrate

Kind Regards to Dr. Tim Robinson, Brett Schneck, Bill Diestelkamp, Taven Brown (retired CW3), and Michale Tillery (retired CW4) for their valuable time in editing this document.