The Quantum Quandary: How researchers are bridging the supercomputer security concerns
Mitch: Quantum computing relies on quantum physics for computational power and it computes much faster than classical computers leveraging things like superposition and entanglement. And don't worry, we'll talk more about those in this episode. Quantum computing is being heralded for its potential to achieve major breakthroughs across society, science, and business. But at the same time, it poses a risk to key cryptographic algorithms we depend on for the safety of our digital world, meaning it has the potential to render existing communications as insecure as if they weren't encoded at all. Fortunately, scientists have been actively engaged in the development of alternate encryption algorithms that possess the ability to withstand quantum computer- based attempts at code breaking. In this episode, we're going to talk to one of those scientists, Dr. Walid Rjaibi, has spent considerable time experimenting with quantum- safe algorithms and creating prototypes for transitioning current software to quantum- safe standards. He'll share his perspective on quantum safety and give us an in- depth view of the security risk it poses. Then he'll talk about how researchers are addressing that risk and how policy can or should shift to make standardization a reality. We'll also talk about what organizations might struggle as they shift towards quantum and how some of those struggles might be addressed. Join us as we venture Into the Breach. So Walid, welcome to the podcast. We are actually really happy to have you on Into the Breach to talk about quantum.
Dr. Walid Rjaibi: Thank you very much for having me.
Mitch: Tell me a little bit about you. I know that you've been kind of working on this problem and I don't want to steal our own thunder ahead of time, but you've been focused on quantum for a while, so tell us a little bit about your background there.
Dr. Walid Rjaibi: So I'm a Distinguished Engineer and CTO for data security here at IBM, and I work out of the Toronto lab here in Canada. So I cover the whole portfolio about data security, data discovery, data classification, activity monitoring, encryption and key management. And part of what we do in my team is we provide the cryptographic libraries that many of our products in IBM use for meeting their encryption needs. So with the recent work on post- quantum cryptography, one of the things that we have done is looking into how we extend those cryptographic libraries so that you offer the new post- quantum cryptography algorithms for our products to make use of. Now as well as we have done a number of experiments with those algorithms. So for example, we have looked at Db2 and we understood the type of algorithms that are used right now in the product which are not going to be quantum- safe. And we have leveraged the cryptographic algorithm that we have built in those libraries that I mentioned before to kind of build the POC of a quantum safety inaudible.
Mitch: So quantum computing, good. We have the right guy on the show because you're all about encryption. We are going to talk about quantum, and quantum is one of those things that a lot of us know a little about it. We know it's big, we know it's coming, and we know it's complicated. And in fact you'll probably get a little bit of a chuckle out of this. This morning I decided to go on Google to see if Google could tell me how difficult or easy it is to understand quantum. And the answer was, " As you might have guessed, quantum computing is a complex field that is difficult for non- experts to understand." So the good news is is we have an expert on the line and you're going to help us understand it. Give us an overview of quantum computing and how it's different than what we have today.
Dr. Walid Rjaibi: Sure. So quantum computing is actually one of the most exciting fields in science and engineering today. You see quantum computers exploit quantum mechanics to process information using quantum bits or qubits for short. So in classical computing we have the notion of bits. A bit can be either zero or one at any given point in time. On the other hand, a qubit can be a combination of zero and one at the same time. We call this property superposition. Let's take an example. Suppose that you have two bits. With these two bits, you can express four states, 00, 01, 10, and 11. But at any given time you have only one of these four states available to work with. Now if instead you had two qubits instead of two bits because of the superposition property that I mentioned earlier, you actually have all these four states available at the same time. In addition to that, qubits can also be entangled, which means that the state of one qubit can be correlated with the state of another qubit and it is the superposition property and this entanglement property that allow quantum computers to compute much faster than classical computers, and be able to solve some problems that we are actually not able to solve with classical computers today. Some of these problems that quantum computers will solve include the ability to quickly solve the mathematical problems that underpin some of the key cryptographic algorithms that we depend upon today for the safety of our digital world.
Mitch: You must have a math background, man, because I am hearing echoes of my undergraduate math class where I had to learn about permutations and combinations. For the record, I was a communication and poli- sci major. So we're over my head already, but this is good because you're breaking it down for me. You talked about cyber risk associated with quantum and some of the algorithms that are going to be in jeopardy here. So I've heard a riff on Y2K, which is that doomsday scenario that many of us thought was going to happen when the calendar rolled over to the year 2000, with some referring to quantum as YQK. Tell us what's at risk here in layperson's terms and why?
Dr. Walid Rjaibi: Sure. So we depend on encryption for the safety of our digital world. So as an example, when you and I perform an online transaction without actually realizing it, we are relying on encryption to ensure that our credit card information and our other personal information is safe and secure. So how do we tell that an encryption algorithm is secure? Well, we look at the mathematical problem, and depending that encryption algorithm, and if we can say that this mathematical problem is hard to solve at least in any reasonable amount of time, then we can be confident that the encryption algorithm is secure. For example, if we look at RSA, which is one of the most widely used encryption algorithm today, the security of RSA is based on the fact that it is very hard to factorize a large integer. So as an example, if Mitch, I ask you to factorize the number 15, you will very quickly tell me three times five. Three is a prime number, five is a prime number, and three times five is 15. You'll immediately give me that answer. If I ask you now to factorize 77, you maybe think a little bit more, but eventually you'll tell me that it is 11 times seven. Again, 11 is a prime number and seven is a prime number. Now if I give you a number that is several hundred digits long, even if you have access to the most powerful classical computer that we have to today, it'll take you millions of years to find those two prime numbers. Unfortunately, all this changes with Shor's algorithm. So Shor's algorithm when run on a quantum computer, it will be able to solve that problem and instead of taking millions of years, it will take only a few hours or perhaps only a few minutes. So what are the implications of that or what are the risks of that? So given the ubiquitous usage of encryption in our digital world, the applications are actually so wide. I'll just give you some example. One example is stealing confidential information. So suppose you and I, Mitch, are exchanging some confidential information over a channel that we are protecting with TNS or with HTTPS, so the TNS protocol actually has two phases. The first phase is what is called the handshake. This is where you and I using a protocol like RSA that involves RSA will end up agreeing on an encryption key to use for the bulk encryption of the data, which is the second stage. Now, if somebody is running Shor's algorithms and watching what you and I exchange between each other, they would be able to actually derive the private key and therefore decrypt the information that you and I are exchanging and be able to actually have access to it and steal it. So the confidentiality of what we transmit in our communications would be one of the risks here. Another example is we use algorithms that are based on public cryptography like RSA, DSA and others also for signatures. So you and I, when we download an update or even an automatic update of software we have on our computer, we trust that because it was signed by somebody that we trust, now somebody who can again derive the private key that is used for signing, they can actually distribute malware and it'll appear as if it were a legitimate code update. So that's another example of a risk. Another example, again, with respect to signatures, we rely a lot on electronic signatures. So people can actually forge document or forge digital certificates. So those are some of the examples of the risks that can happen when people can use the Shor's algorithm to break algorithms like RSA and similar.
Mitch: So that's a pretty significant problem. So what I hear you saying is basically from the encryption side, Shor's algorithm and quantum computing can sort of render existing encryption almost nonexistent, and it makes it as if it doesn't exist at all, number one. And number two, there's this problem with signatures where we can get information from, let's just say pick on any software vendor here, right? It's like, " Hey, you need to update your program." And we trust it because it looks like a signature from them and suddenly it's not, it's malware. Two pretty big problems there. I also have to say I appreciate you giving me the benefit of the doubt that you think I could actually give you prime numbers. If you asked me for 15 or 77, it would take me considerably longer than a few minutes. But thank you. Thank you Walid for having faith in me there. Now back to this threat. You've spent a considerable amount of time working on this. How distant or how close is the problem from becoming a reality for us?
Dr. Walid Rjaibi: That's a great question, Mitch. So the way I'd like to phrase it is as follows, while the impact is in the future, the problem is actually right now. Let me explain what I mean. Suppose that two parties are exchanging some confidential information between each other, and further suppose that the information that they are exchanging is information that needs to remain confidential say for the next 10 years or for the next 20 years or even longer.
Mitch: Give us an example of that. What kind of information would that fall?
Dr. Walid Rjaibi: So some examples of that. If you think of the data that we have in the passport office, right? So passports in some cases they have 10 years life expectancy, right? So that information like your passport number and all the details in there need to remain secure for that amount of time. Information related to healthcare, right, for patient information. That information needs to remain secure for very, very long time, at least for as long as the patient is alive, perhaps even inaudible.
Mitch: Ah, gotcha, gotcha. Okay.
Dr. Walid Rjaibi: So there are lots of information like that. Now somebody who is aware of that, what they can actually do is they can steal that information that is being transmitted between these two party. Of course when they get that information is that it is encrypted, so it's no value to them, but you know what? Storage is cheap. So they can take that information and just store it and then wait till a cryptographically irrelevant quantum computer becomes available and then go back and decrypt that information. And most likely when they decrypt that information, it is still confidential because it's time value is long in 10 years, 20 years and so on. So this is what is referred to in the literature as the harvest now decrypt later a problem, right? So again, while the impact is in the future, the problem is actually right now.
Mitch: And we don't know how much of this harvest now decrypt later is happening, correct? We don't really have an eye on that.
Dr. Walid Rjaibi: Well, I don't think anybody really knows, but I think we are all confident that some entities out there are doing this. Right?
Mitch: I sadly think that you are correct in that assumption. So let's talk a little bit more about these algorithms, specifically the public key algorithms that are resistant to code breaking. How far along are we in developing those, and when do you expect organizations to be able to begin to use them?
Dr. Walid Rjaibi: So we talked about the risk and so on, but let's talk about the good news. So the good news is that the alternate algorithms that are quantum- safe are already available. In fact, in July of last year, the US National Institute of Standards and Technology or NIST announced the four algorithms that they selected for standardization, right? So that's the good news. The replacements are available. The actual standard will be published sometime next year, but the algorithm themselves are available. Now you are probably thinking of, " Okay, what makes these algorithms quantum- safe?" So as I mentioned earlier, the way we know or we can tell that an encryption algorithm is secure is by looking at the mathematical problem and the underpinning that algorithm and see if it is a hard problem. Then we are confident that the encryption algorithm that is based on that is a secure encryption algorithm. Now, three out of the four algorithms that were selected for standardization by NIST are based on what is called lattices. So in layman terms, a lattice is just a grid of points in multidimensional space, and they allow us to formulate problems that are hard to solve even with a quantum computer. And the problem is as follows, it's about finding the point on the grid that is closest to some other point that we call the origin. If the grid is a two- dimensional space, this is actually very easy because you can just look with your eye and you can see which point is closer to that origin point that you are interested in. In three- dimensional space, it gets a little harder, but you can still visualize it. In four- dimensional space, I have to admit, Mitch, that I have even no capacity to even visualize that.
Mitch: Well, neither do I. So keep going.
Dr. Walid Rjaibi: But here in the context of these algorithms, we are actually talking about a multidimensional space that has several hundred dimensions, right so when somebody is asked to answer that question that I just posed, it's very hard to solve even if you are equipped with a quantum computer. Okay? So the example I gave in the beginning of this conversation was RSA, it's based on integer factorization. Integer factorization can be broken by a quantum computer. You're running short algorithms. But these new algorithms that are based on this lattice problem, they are hard to solve even for somebody who is using a quantum computer. So eventually when we are gone through this transition, everybody will have replaced their current usage of RSA, ECC, Diffie- Hellman and the suite of algorithms that are going to be broken by Shor's algorithm and replace them with these alternatives that are quantum- safe. More and more organizations are looking into this issue now, and some are even doing experiments with the new algorithms, including ourselves at IBM. I mentioned at the beginning that we have done a POC, also quantum- safe Db2, and I'm expecting that once the PQC standard is published sometime next year we will see more and more production use of these algorithms.
Mitch: Well that's good to know that we have a solution out there and it's actually being implemented by some folks, or at least tested by some folks. I do want to make a point of clarification here because I thought this early on. So RSA in this context refers to a specific algorithm that is used to encrypt data currently. Correct? Because there's going to be a lot of folks who listen to this who think of RSA, the event we just had in San Francisco when that's kind of not the same thing, right?
Dr. Walid Rjaibi: Yeah. So let me take maybe a few seconds to kind of describe that. So when we talk about encryption algorithms, Mitch, you can actually divide them into two classes or two categories. Okay? So there is what is called public key cryptography. They include algorithms like RSA, Diffie- Hellman, ECC. The characteristics of these algorithm is that they use two keys. One is called the public key and the other is called the private key. And you typically encrypt with the public key and decrypt with the private key. But these algorithms don't only do encryption, they also do signature. So that private key can be used to sign something. For example, if you send me an email and they want to make sure that it came from you, you would sign it or the tool that you are using for your email, you would sign it with your private key. And when it comes to me, because I have access to your public key because it's public, I can actually verify that it did come from you. So that's the public key cryptography. And those algorithms are the ones that are going to be affected by Shor's algorithm. So RSA, ECC, Diffie- Hellman, all these algorithms that are based on integer factorization and discrete algorithms, will need to be replaced. And then there is a second class of cryptography that we call symmetric cryptography. Symmetric cryptography algorithms, these are algorithms like AES, and they are used for the most part for bulk encryption. So every time you hear something like database encryption, disc encryption, file encryption, these are done using symmetric algorithms like AES. These one do not face an existential threat like the asymmetric algorithm that I mentioned earlier. But you need to pay attention to the key sizes here. And the reason you need to pay attention to key sizes is because of the Grover algorithm. So Grover's algorithm is actually a search algorithm and can provide a quadratic improvement for brute force attacks against algorithms like AES as an example. So what does this really mean in simple terms? If today you are using AES with 128 bits, which is fine, in phased of an attacker using Grover's algorithm, that security is just 64 bits. So if you would like to enjoy the same 128 bits security, you really need to make sure that you're using AES with 256 bits, which by the way happened to be the good security practice anyway.
Mitch: All right. So it sounds like a really big improvement with some really big problems associated with it that we're learning how to address. I want to know, so are there particular industries will lead or organizations that are going to be more vulnerable than others to the quantum challenge, or industries or organizations that are going to experience more problems than others as they implement quantum- safe standards?
Dr. Walid Rjaibi: That's a great question. I would say that organizations that have data with a long time value are the ones that need to act with most urgency. And the reason is that bad actors can harvest the data now and decrypt it later when a cryptographically relevant quantum computer is available. So this is the harvest now and decrypt later. So any organization that deals with data that has a long time value, I would think that these are the ones that would need to act with most urgency because they're actually at risk right now, right? So we mentioned passports. So government sector is an example. Insurance, banking sectors. So all organizations that deal with data that has a long time value would need to act with most urgency.
Mitch: All right, I guess that makes sense because the longer the lifespan, the more at risk it is. So from an organizational structure, on whose shoulders do you think implementation of quantum- safe standards will fall in a company and is that the right place? What would be an organization's ideal state for successful rollout of this?
Dr. Walid Rjaibi: Ultimately it's going to be the business leaders that will make sure that this transition to quantum- safe encryption does take place. I also think that this challenge that we are facing is also an opportunity to create what I'd like to call cryptographic governance programs, right? So today, pretty much in all major organization there is what is called a data governance program. Data governance program make sure that there is a continuous process in place where you discover the data, you do data classification, you do data quality and so on. ICE can see a parallel to this program. Another program that we call crypto governance program, and this program will make sure that there are tools and processes in place to discover the cryptographic inventory, assess that inventory for cryptographic vulnerabilities such as those related to quantum safety, and then ultimately driving remediations of those vulnerabilities for example through integrations with ticketing systems and so on. So in short, it's really the business leaders that will really make sure that the transition happens. Different organization will probably organize this differently, but I really, really do see an opportunity for as we go through this challenge to put in place or create this crypto governance program.
Mitch: So you talk a little bit about governance and that of course makes me think of policy, so I want to touch on that too. What sort of policy regulations have we seen to date and are those going to be effective in your opinion? And do we need more and if so, what?
Dr. Walid Rjaibi: So the good news is that more and more governments from around the world actually are mandating actions on transitioning to quantum- safe encryption. And I think this is sort of expected given the risks that we discussed at the beginning of this conversation, right? So for example, in the US we have what is called the Quantum Computing Cybersecurity Preparedness Act, which was followed by specific guidelines from the Cybersecurity and Infrastructure Security Agency as well. Be honest, I'm not sure that more policies are needed at this time. I think there is sufficient mandates from various levels of governments around the world to pay attention to this very important problem. I feel more that the ball is actually in the court of all of us to actually start this transition to quantum- safe encryption.
Mitch: All right, that's good. A lot of people out there don't like policy, so I'm sure they'll appreciate hearing that you're not advocating for more. All right, so one last question for you. So let's say you were approached by the technology leader from a large or even small organization who's like me, right, who knew a little bit about quantum but not a ton. And you were asked the question, " Hey, Walid, you're a smart guy. Where do I start?" What would your counsel be?
Dr. Walid Rjaibi: That's a great question. I would say three things. First one, I would say educate the organization about the upcoming transition. It's important that everyone is aware that this is coming so that they can do their part as well. They can do their share. I would say the second thing, identify someone or some team to champion the transition in the organization. And this might be the opportunity to set up this crypto governance program that I just mentioned. And then the third thing is to actually create the transition plan. I would say that this plan would have at least three core pillars in it. There may be more, but at least three core pillars. The first one is the discovery. There needs to be processes and tools in place that allow the organization to continuously discover the inventory of cryptography that is used across the organizations and the application systems, databases and so on, so that you have visibility into what is being used. There also needs to be an assessment component, which will look at that inventory and assess it for vulnerability such as those related to quantum safety. And equally important to prioritize the risk. It's not sufficient to just have a laundry list of vulnerability, but that ought to be prioritized. And prioritization should take a number of input and one of them ought to be the time value of data as we discussed it earlier, because data with a long time value, you need really to prioritize ensuring that it is safe first. And then last but not least, the remediation. And remediation is inaudible after you have prioritized the fixes that you are going to work on. This is the actual work to do the transformation. And here you have two cases. There is one case which applies to applications or systems that you have built yourself and for which you have the source code. So in this case, you actually own the task to go and change the code to use the new algorithms. And then the second case are products or components that you are getting from somebody else. In this case it's that somebody else that is actually responsible for ensuring that their product or their component is transitioned to quantum- safe cryptography. But you still owe it to yourself to make sure that you do validation and testing to make sure that that is the case. So those are the three things that I would recommend is the education, identification of a champion, and then the actual transition plan with those core pillars that I just described.
Mitch: That's perfect. Educate, champion, transition. I like it. Of course, the transition part sounds a little complicated, but I suspect that you probably have some ideas on how folks can do that as well. So expect some emails after this podcast.
Dr. Walid Rjaibi: Yeah, please, please feel free to share them. Yeah.
Mitch: Walid, thank you very much for being part of Into the Breach. I appreciate your time and this has been an excellent learning opportunity. So thank you so much. Any parting counsel for those of us out there listening to the podcast today?
Dr. Walid Rjaibi: I think this is a good time that we are fortunate to be in the birth of quantum computing. I think quantum computing will have many benefits. We expect that it will revolutionize many fields including medicine, chemistry, AI, and possibly others. Hopefully this will lead to things like drug discovery, which will benefit us as a society. Of course, there is the risk that we just talked about and these are things that we ought to do to make sure that our encryption is quantum- safe and I'm sure we'll be able to do that.
Mitch: Thank you for sharing that with us today, Walid. Appreciate you being on.
Dr. Walid Rjaibi: My pleasure. Thank you for having me.
Mitch: A special thanks to our guest, Dr. Walid Rjaibi, for his time and insight for this episode. If you want to hear more stories like this, make sure to subscribe to Into the Breach on Apple Podcast, Google podcast, and Spotify. You've been listening to Into the Breach an IBM production. This episode was produced by Zach Ortega, and our music was composed by Jordain Wallace. Thanks for venturing Into the Breach.
DESCRIPTION
Quantum computing relies on quantum physics for computational power and computes much faster than classical computers. It’s predicted to provide major breakthroughs across society, science and business. At the same time, it poses a risk to key cryptographic algorithms we depend upon for the safety of our digital world. Meaning, it has the potential to render existing communications as insecure as if they weren’t encoded at all.
In this episode, host Mitch Mayne talks with one of the scientists working on quantum-safe encryption algorithms. Dr. Walid Rjaibi has spent considerable time experimenting with these algorithms and creating prototypes for transitioning current software to quantum-safe standards.
They talk in-depth about the security risk quantum poses, how researchers are addressing that risk, how policy can (or should) shift to make standardization a reality, and what organizations might struggle with as they shift toward quantum—and how some of those struggles might be addressed.