Quantum computing: A threat to asymmetric encryption.
Rick Howard: You're listening to the main theme song to the 2008 James Bond movie Quantum of Solace, written by Jack White and performed by Mr. White and Alicia Keys. Which can only mean that I have taken on the task of discovering what all the hubbub is about regarding quantum computing and its potential impact to enterprise cybersecurity. Quantum computing is in a class of near future technologies that, when and if they ever get here, will fundamentally change how we all live our lives, not just in the cybersecurity and tech worlds, but for everybody on the planet. But for as long as I can remember, these technologies have always been just over the horizon, maybe 30 to 50 years away, depending on what expert you listen to. Technologies like artificial general intelligence (AGI), 5G networking, autonomous vehicles, and abundant solar energy. And it doesn't seem to matter how many years go by, the tech is always still 30 to 50 years away. But I've noticed this past year or so that a collection of quantum experts have started to cautiously reduce their estimates about when quantum will be ready for the masses. Many are saying that it's likely five to 10 years away. For cybersecurity professionals then, this is the perfect time to do some preliminary planning so that we don't get run over by this world-changing technology when it finally gets here. So hold onto your butts! >> Hold onto your butts, butts, butts. This could get complicated. [ Music ] My name is Rick Howard. And I'm broadcasting from N2K Cyber's Secret Sanctum Sanctorum Studios, located underwater somewhere along the Patapsco River near Baltimore Harbor, Maryland, in the good old US of A. And you're listening to CSO Perspectives, my podcast about the ideas, strategies, and technologies that senior security executive wrestle with on a daily basis. Dr. Georgiana Shea is a longtime friend and colleague of mine and a regular here at the CyberWire Hash Table.
Dr. Georgiana Shea: My name is Georgiana Shea. I work at the Foundations for Defense Democracies as the chief technologist for the Transformative Cyber Innovation Lab.
Rick Howard: And as just a side note on background noise, she lives by a US airbase in Colorado. So periodically, you're going to hear jets landing and taking off in the background. But she is also one of those quantum experts I was talking about at the top of the show.
Dr. Georgiana Shea: I tell people, I'm not a quantum expert, I just play one. And I stayed at a Holiday Inn Select. Just trying to get into the space and understand cybersecurity, ramifications of it. But not an expert. So don't ask me like Shor's algorithm, Grover's algorithm, or the super technical stuff.
Rick Howard: George is being modest. Just this past year, she cowrote a paper called Protecting and Securing Data From the Quantum Threat. So I got her on the phone and asked her what the significance of quantum computing was compared to the current model of computing that we use today. Something generally referred to as "classical computing." In classical computing, the computer processes bits of information, ones and zeros, using transistors and logic gates in a sequential manner. Quantum computing, on the other hand, utilizes qubits, or quantum bits, that can exist in multiple states simultaneously based on the phenomenon of superposition and entanglement. And I don't even pretend to understand what those two words mean. But George and her coauthor, Annie Fixler, referred to a metaphor in their paper that I thought was brilliant.
Dr. Georgiana Shea: Okay, you're talking about the mouse through a maze versus smoke through a maze?
Rick Howard: Yes!
Dr. Georgiana Shea: So your classical computing is going to be binary ones and zeros, decision gates, yes/nos, what's your mouse going through, do I take a left, do I take a right, dead end, turn around? So it's very sequential. Whereas quantum, it's no longer binary. You could have multiple states at one time. So you can go in multiple directions in the maze at one time. Sort of like smoke. So the more than likely -- I don't want to say every single time, depending on where the cheese is or the end of the maze -- but the smoke is going to beat the mouse because they can go through and explore all possible solutions at one time.
Rick Howard: If you don't like the mouse in a maze smoke metaphor, here's another one for the Star Trek nerds out there, of which I count myself as one. I got this from my old friend, Retired Air Force General Zan Vautrinot. She says that the difference between classical computing and quantum computing is like the difference between how the USS Enterprise fights compared to how the Borg fights. A Federation ship leadership team is hierarchical. There are parallel processes, of course, but defensive and offensive actions are kind of sequential. The decision to use shields, deploy defensive positions, use phasers or photon torpedoes, is a step-by-step process. The Borg collective functions, by contrast, as a hive mind, where all Borg drones are interconnected and share thoughts, experiences, and information instantaneously. >> I am a Locutus of Borg. The knowledge and experience of the human -- Picard -- is part of us now. It has prepared us for all possible courses of action. Your resistance is hopeless -- Number one.
Jonathan France: I'm Jonathan France. I'm the chief information security officer at ISC2. I've been with the organization a year and a half now.
Rick Howard: I ran into Jon back at the RSA conference in the spring. He's done quite a lot of research on this quantum computing thing in relation to cybersecurity. And his explanation of things is a bit more grounded compared to General Vautrinot's Star Trek metaphor. I still love the comparison to the Borg, but if you're more practical, Jon is your man. So, Jon, let's just jump right into this. Maybe we should start with, can you give a layman's explanation of what quantum computing is compared to regular computing?
Jonathan France: That's a great question, and I will try is probably the best way I can put it.
Rick Howard: [Laughing] I know. Every time I think I know, I go, oh, that's not really it. So, yeah, give it a shot.
Jonathan France: Yeah, I mean, so on the one hand, you can put in the bucket of magic. It makes stuff happen. But if we sort of get a little bit under the covers of that, it's using a few technologies. It's a little bit different from silicon and classic gates into something called qubits and something called entanglement and superposition in quantum, so quantum mechanics, in the realms of math but expressed in the physical world by some technologies. The important thing is not sort of what is down in the guts, but how it's different, I suppose is probably where you're really pointing to. Which is, it can do some pretty amazing calculations. In essence, shortcuts what a classic computer can do. And that's where it's really different. So it can tackle some really complex math questions really, really quickly, in the orders of magnitude quicker than classic computers.
Rick Howard: Well, you read through analogies of what quantum computing is, and one I heard -- and let me see if you agree with this -- is that, you know, classic computing that we're doing today, that's kind of step-by-step. Do one thing, do another. We do it really fast so it feels like it's happening, but it's still one thing at a time. Where quantum computing, because of this weird quantum state, it's basically doing all the steps at the same time. Is that a correct analogy?
Jonathan France: That's the one I would buy, which is instead of doing it literally one after the other, it does it, in essence, parallel, all at the same time, a lot at the same time. Therefore, can shortcut in terms of time some of those problems. There are some problems quantum computing is really bad at, by the way, so it's not panacea of it's going to solve all of our compute problems. But for certain problem types, yeah, really, really quick.
Rick Howard: The way that quantum works means that it can't solve all problems better than today's classic computers. But there are a certain set of problems that the quantum community, and by the way, the US intelligence community, believe it will solve. And the main one is the breaking of modern-day asymmetric encryption schemes that are the engine of everyday Internet commerce and the linchpin technology to protecting many government secrets worldwide. When we get there, the world is going to change. In George's paper, she and her coauthor describe that milestone as the creation of a "cryptanalytically relevant quantum computer," or CRQC for short. Whew! That's a mouthful. I asked George to explain the significance of what a CRQC is.
Dr. Georgiana Shea: So we currently have quantum computers in existence today, they are just not at the strength to go through and break our modern-day encryption. That's what the CRQC represents, that, you know, quantum computer that is able to go through and break our encryption that has the robustness that the qubits required. So it's -- I don't want to say a supercomputer, because we have supercomputers. I guess you can call it the super duper computer.
Rick Howard: [Laughing] So the CRQC will be able to pretty much break any of the encryption schemes for the data we've already encrypted. That's what we're afraid of, right?
Dr. Georgiana Shea: Right. So right now, we have encryption that would take probably, you know, a billion years for you to go through and decrypt it. But once we have quantum computers, it'll take eight hours. So much faster.
Rick Howard: So the thing that I was having a conversation with some CISOs about this just the other day. And I'm not as worried about the future encryption schemes -- we're going to talk about what other people are doing and what you guys are recommending about how to protect ourselves against this. But it's all the data that's already been encrypted that may have been hoovered up by, you know, adversaries in the world, you know. That if they stored it somewhere, if some bad guy stored a giant treasure trove of data that's all encrypted, all you have to do is wait for this CRQC to come along and they can go back and see all those secrets. That's what I think the big deal is. What do you think about that?
Dr. Georgiana Shea: No, that's absolutely correct. There's a lot of big deals -- breaking the future encryption, breaking the, you know, past encryption, you know, going through and compromising our cryptocurrency. There's just a ton of different impacts that quantum computing's going to bring to us, both good and bad. [ Music ]
Jonathan France: The headline story and the one that's always sort of pointed at is breaking of encryption. Let's get a little bit specific. It's good at breaking asymmetric encryption. So that's things like public cryptography and a lot of the certificates and structures that we rely on, you know, to keep your browsers secure, the HTTPS bit. And TLS is asymmetric. Symmetric encryption not so good at cracking. So that's relatively safe.
Rick Howard: Why is that? Because I would expect, you know, if it's able to check all the combinations at the same time, why wouldn't it work for that also?
Jonathan France: Yeah. Math is probably the answer. You know, I don't propose to be a math professor. But one thing in asymmetric encryption generally relies on this factorization, which is finding the factor pair to generate a number. So computationally going one way, factorizing or encrypting one way is computationally easy. Finding the root factors is computationally difficult in classic terms. So that's how asymmetric relies on that. You get some really good benefits on that, which is speed is one of them. You know, it's really, really quick. The downside in quantum land is quantum computers are really, really good at breaking factorization problems.
Rick Howard: Everybody's racing, all the big countries are racing, to solve quantum computing, right. I'm not as worried about when they do, because, you know, people will figure out how to write anti-quantum algorithms for encryption at some point. The point I'm worried about is this transition period, that's one thing to worry about, where there's going to be a set of time where we don't have a solution for this, okay. So that's one problem we have to worry about. And then the second problem is, all the data that was stored in the old ways, okay, without benefit of anti-quantum algorithm -- however you want to say this -- but any data that was stolen and stored for later encryption breaking, I guess, is going to be vulnerable to this. So those are the two problems I see. Did I say all that right?
Jonathan France: Yeah. So there's a couple things you sort of put in there. One is the capture now, break it later problem. So even if quantum computing isn't in a state that is readily and commercially available or powerful enough to break some of these encryption methods now, it will be in the future. So if you capture the traffic now, you know, in several years' time.
Rick Howard: And we've seen big attack campaigns where large swaths of data has been stolen, right.
Jonathan France: Stolen, stored intercepted, you know. And don't get me wrong, you know, some of that data is not going to be useful in the future. You know, me chatting to my wife on an encrypted channel about what I'm going to have for dinner is probably not going to be very interesting to people. So people that are using crypto methods have become vulnerable or vulnerable in the future to secrets.
Rick Howard: Government secrets.
Jonathan France: Yeah. That's the big worry. And that kind of plays into it a little bit on that horizon. So we're probably looking at five to 10 years before commercial availability, and a little sooner for governments that are going to obviously invest in this technology. So you've got a few years of where stuff that we use now is relatively safe. But it is that capture now, break later is the problem. And we've got a transition window. Because actually, if you look at where some of this asymmetric encryption is deployed, it's all over the place. And that's going to be difficult to change. It's the logistics of change. You know, conceptually simple, oh, just change to a secure algorithm or quantum safe algorithms, change to one of those and we'll all be good, right. Well, actually, practically, that's really difficult to do in the field.
Rick Howard: Yeah.
Jonathan France: Yeah, it's out there, it's embedded in lots of devices. And if we just touch on things like IoT devices that may be in environmentally challenging locations, difficult to update, or even know where they are, that's some of the challenges we've got. It's not just the known stuff that we might be able to address, it's some of the stuff that we know is out there, just not specifically where or how to update it. So I think that's the kind of problem that we're facing.
Rick Howard: So I went out to bard.google.com and asked to get the expert consensus about when we would see our first CRQC relevant computer, and it said between two years and a couple of decades. Where does your expert opinion say that's going to fall?
Dr. Georgiana Shea: Well, let me first caveat that with I'm not a quantum expert, so all I do is read the quantum expert papers and then I talk to quantum expert companies, quantum technologies. And I think the general consensus if you were to -- there's a couple papers, they talked to quantum experts, polled them, and they said that we will have CRQCs anywhere between five and 30 years, and that was a couple years ago that paper was written. So when I talk to quantum technologies, they usually say, yeah, but it's closer to five, we'll say five to 10, and maybe closer to five. But it's not just the quantum piece, there's also advances in technologies that are taking place that will expedite quantum. You know, for example, IBM has a hybrid approach that they've been working on, the circuit knitting. If my IBM colleague is listening, he can email me and correct me on this. But in super layman's terms, you can use the classical computing and then sort of outsource some of the computation to the quantum pieces in those, you know, lower qubit capabilities that they have right now versus waiting for that QRQC. So that's going to expedite the capabilities of what the computing industry can do.
Rick Howard: So make it go faster by taking advantage of what a quantum computer can do and have other kinds of computers do the stuff we know how to do, and therefore it'll be faster?
Dr. Georgiana Shea: Right.
Rick Howard: I get it, okay.
Jonathan France: But good news is, there are some algorithms out there that are now QC -- sorry, post quantum computing, post-QC, are quantum safe. NIST and ram, and it is still running, actually, the competition to find some replacement algorithms. And they've come out with a set of candidates that are currently being qualified. CRYSTALS is one. Kyber is another. You can go look on various sources.
Rick Howard: Well, that's what I'm saying. That's why I'm not too worried about it. We're going to find algorithms that work here.
Jonathan France: Yeah, already have. It's coming.
Rick Howard: Yeah. And the part that we're worried about is the transition period, right?
Jonathan France: Correct, yeah.
Rick Howard: How do you get everything changed over to the new stuff? And that's going to take years, from what you were saying.
Jonathan France: Yeah. And as, you know, technology industry is probably really bad at getting rid of the legacy problem.
Rick Howard: What? What are you saying?
Jonathan France: Shocker, shocker, I know. I mean, if you look at some of the problems we face in the world of security and technology, things like border gateway, DNS, email security, you know, you can name a few protocols in certain suites that are still somewhat less than optimal in terms of their design. And we're really bad at sort of saying, no, we're not going to do that. So I think that's the real challenge is we'll come into sort of legacy drag, even though the solution is known.
Rick Howard: What I think is fascinating about this and really scary is that, presumably, one country is going to get there before some other countries. And there is going to be a period, okay, where they'll be able to, let's say, break everything, and nobody knows, nobody knows it's been done.
Jonathan France: There are a few commentators that say, oh, that's already the case. You know, take it with a pinch of salt. But you're absolutely right. Again, if we look at history of code-breaking things, you know, back to the Enigma and some of those type of things, you know, they were broken but kept secret for a very long time. So yeah, undoubtedly, there will be a point where one gains sort of quantum supremacy. It's a little bit of a mash of one of the terms that's used to look at how powerful leaders are. But yeah, one state, person, company is going to get ahead of the other, that's without a doubt.
Rick Howard: Even without quantum, I just read Ben Buchanan's Hacker and the State. And he kind of goes through the Snowden documents in detail, okay, the Snowden leaked documents. And he makes a pretty strong case that even today without quantum, that the NSA can routinely break asymmetric encryption whenever they want to, right? So maybe we're already there just with a different set of attack. I don't know what you think about that. So far, we've talked about why quantum computing is different from our current classic computing model -- mice through the maze versus the smoke through the maze metaphor, or the Borg for you Star Trek fans out there. And we've talked about what's at stake when quantum computing is fully realized, the CRQC state (the cryptanalytically-relevant quantum computer. The quantum experts that George has been talking to believe that the CRQC is only five to 10 years away. And according to both George and Jon, the biggest risk in terms of cybersecurity is that CRQCs will be able to easily break asymmetric encryption, not only for the now legacy Internet communication system that we all use, but also for any stored encrypted asymmetric traffic that cyber espionage adversaries have hoovered up in the meantime. Something that Jon calls the "capture now, break at leisure tactic." So the obvious question is, what should security executives be thinking about now in terms of defense? Is there anything that we can do to protect our material data in the next couple of years to buy down the looming risk rapidly approaching over the horizon? There are two approaches. The first is to invent CRQC resistant algorithms for our asymmetric processes. Something that George calls "information theoretic security." Essentially, using better math to make stronger algorithms. The National Institute of Standards and Technology (NIST) has already been working on this one. According to George, they aim to develop encryption of such great complexity that no amount of computing power, including CRQCs, is realistically sufficient to breach it. They call that "computational infeasibility." The second approach is something that George and her colleagues refer to as "augmented improbability of access" (or AIA). Which extends the principles of information theoretic security. It's a riff off the old RAID array hard drive storage model. Back in the day when I used them, instead of having one big hard drive to store all of your data, you would install multiple hard drives and stripe the data across all of them. The way the RAID array worked was that if any one drive failed, the other drives collectively had enough information to keep working. The administrator would just replace the bad drive with a new one and the RAID array would reconstitute the new drive on the fly. That's what George's idea of augmented improbability of access is. Don't store all of your material data in one place. Instead, stripe it across multiple locations and encrypt each location separately. For each new location you add, you reduce the probability that a cyber espionage adversary could hoover up all the pertinent information to be useful, and you reduce the probability that CRQC can break the entire data set. Here's George.
Dr. Georgiana Shea: Well, so there's, I'll say, two ways you can go through and you can protect your data. One is the computational -- I can't speak [laughing] -- infeasibility. So that's using, you know, the math, the algorithms, that say, okay, this is going to make it super difficult for the algorithms to break this. We're relying on math, relying on the computation of quantum computers. But then there's an alternative to this, much like the one-time pad. And that's an information theoretic secure state. So given that the adversary may have infinite amount of time and infinite computational capability, it would still not be able to go through and, you know, get your data, compromise your data, break into your systems. So the paper takes it out of the quantum computational area and brings that information theoretic secure state to introduce the strategy of shredding, sharding, fragmenting your data, storing it across multiple platforms inside and outside of your organization, to really -- and I want to say use the essence of, you know, information theoretic secure state. Because I have very smart friends who will go through it and identify, no, you said infinite time and infinite computational capability. Yes, but the probability that an adversary would be able to go through, break into your system, all the different platforms within your system, and other organizations -- you know, the cloud, other organizations that it might be stored on, other systems -- that is a defense in depth. And so you're not putting all of your eggs in one basket, and you're not relying on the computational power of your current algorithms to protect that data.
Rick Howard: And the reason we need another approach, this information theoretic security approach, is because even if NIST and others are working on these computational infeasibility algorithms now, but they're five to 10 years away, right? So if some organization gets to the CRQC now before we get to these NIST algorithms, then there's going to be a period of time where everything is exposed, right? So that's why we want a second approach, like you said, a defense in depth approach, like you said. So what are the key points to the information theoretic security approach? You guys talk in the paper about the improbability of access (AIA for short). And I wonder if you could describe that a little bit? It's kind of like distributing your data in multiple places, encrypting it, so that the bad guys would have difficulty getting the whole thing.
Dr. Georgiana Shea: It's not putting all of your eggs in one basket and ensuring that the adversary would have to get a quorum of data in order to go through to even start to decrypt it. And denying of that quorum by, you know, placing it in different storage, organizations, systems. And that's, you know, inside and outside of your organization. So, you know, I mention that because you may have the same security posture for your systems within your organization. So if they get in, they may be able to get into multiple systems. But if you're now saying that in order for someone to get your information, they have to hack into Google, they have to hack into Amazon, they have to hack into the military, the DISA cloud, they have to hack into your organization, that's a bigger problem than just you losing your data. That's a huge problem. But the probability of them being able to do that just to get to your data is less. I'll say less because I don't want to say absolutely impossible. Because again, the information theoretic secure state is, you know, the definition of unlimited time, unlimited computational power.
Rick Howard: Would you say it's exponentially harder, exponentially?
Dr. Georgiana Shea: I would.
Rick Howard: That's what I think, too. And what I like about this discussion is that the NIST approach is kind of a defense approach -- you know, we're going to prevent it from happening, because we'll have better algorithms. This information theoretic security approach is more of a resilience approach. Well, in this particular path, we won't prevent it, but we will resist it with a different way, which is not even that complicated. I mean, even I understand, you know, distributing your data in multiple locations. Even I can get behind that operation. So it's a resilience strategy.
Dr. Georgiana Shea: It is, yeah. I did a similar paper to this I think last year, and it was entitled Secure the Data, Not the Device, which actually talked about the advantages of distributing your data in storage so that you can, you know, mitigate the impacts of ransomware attacks. You know, understanding that with resilience, you have to plan that you will be a victim, you will be compromised, you will get malware in your system, you will have ransomware. So how do you work around it? Like, who cares? Like you've been hit with ransomware. So instead of putting all of your protections on the system and relying on that location, focus on the data, and ensure that, you know, you have access to all the data at all times, versus the actual device.
Jonathan France: So one of the things is awareness. Probably the reason we're talking about this kind of thing now is we know it's on the horizon, is to kind of get familiar with what quantum may or may not be good at. We talked about code breaking a little bit. But there are other problem state sets that it's going to be good at predictive modeling the rest of it. And it'll cross into the realms of AI. I'm sure those two terms are going to come together. And so become aware, become aware of what is good and not good. Undoubtedly, there's going to be some opportunities in this space as well, so it's not just a problem to solve, it's an opportunity to exploit for gain. But for security people, I think that problem of changing over stuff is going to come to the fore. So if you're a consumer, you know, have a chat with the vendors maybe a little closer to the time what's going to happen, keep up to date with what's going on in the world of things like the cipher suites that are going to be coming out. If you're a product developer, start looking how to adopt them and how to potentially change out insecure methods. And then probably one of the things we've got to look at is our long-term road mapping where we go with technologies and how that might factor in. And knowing where data is and what value it has to the organization and how to protect it is kind of in our bones or should be. This is just another reason to do that. And maybe the horizon is where we're talking about, which is kind of over what time period.
Rick Howard: Are you panicked about this? Or are you just, well, we know what this, we're going to be able to fix this? Where are you in the range of responses here?
Dr. Georgiana Shea: Well, I've worked in cybersecurity going on 24/25 years now -- 24 years. So everything is a doomsday problem. Every day, I'm like, well, it's really exciting, and it's job security, and I'm never surprised. Let's just say, 2010, we had Stuxnet. 2020, we had the SolarWinds. You have these major cyber incidents. Quantum's going to be one of them. And then people are going to have to take action like we've done on other things and do a course correction on where they are. So the best they could do now is just be smart about it and prepare. [ Music ]
Rick Howard: Excellent. That is a perfect way to end this discussion. I'd like to thank Dr. Georgiana Shea, the chief technologist for the Transformative Cyber Innovation Lab at the Foundation for Defense of Democracies, and Jonathan France, the chief information security officer at ISC2, for coming on the show and helping us understand this crazy thing called quantum computing. One note: You all know that we have a collection of subject matter experts that regularly come to the CyberWire Hash Table and offer their wisdom and experience for whatever we are discussing that day. We have a special room in the underwater Sanctum Santorum where we record these episodes. You can see the complete list of experts on the CyberWire webpage. On the menu, click "Pro," and then "Hash Table." Anyway, when I put a call out to them to help with this episode on quantum, they all came out of the woodwork to offer their advice. And I want to give special thanks to Bob Turner, Fortinet's Field CISO, for education; Don Welch, New York University's CIO; Rick Doten, the CISO at Healthcare Enterprises and Centene; and finally, Zan Vautrinot, Major General, Retired. [ Music ] So that's a wrap. Don't forget, you can buy copies of my new book, Cybersecurity First Principles: A Reboot of Strategy and Tactics. Order it now at Amazon or wherever you buy your books. Also, we'd love to know what you think of this podcast. Send email to firstname.lastname@example.org. Your feedback helps us ensure we're delivering the information and insights that help keep us a step ahead in the rapidly changing world of cybersecurity. We're privileged that N2K and podcasts like CSO Perspectives are part of the daily intelligence routine of many of the most influential leaders and operators in the public and private sector, as well as the critical security teams supporting the Fortune 500 and many of the world's preeminent intelligence and law enforcement agencies. N2K strategic workforce intelligence optimizes the value of your biggest investment, people. We make you smarter about your team while making your team smarter. Learn more at n2k.com. N2K Cyber's CSO Perspectives is edited by John Petrik and executive produced by Peter Kilpe. Our producers are Liz Irvin and senior producer Jennifer Eiben. Our theme song is by Blue Dot Sessions, remixed by the insanely talented Elliott Peltzman, who also does the show's mixing, sound design, and original score. And I'm Rick Howard. Thanks for listening.