Transcript: Will our secrets survive the quantum computing leap?

DAVID ELLIMAN

Hello and welcome to a very special episode of Tech Tomorrow. I'm David Elliman, Chief of Software Engineering at Zühlke. By now, you'll know this show is all about helping leaders and executives make sense of emerging tech, but today we're taking a slightly different, more whimsical route, diving headfirst down the quantum computing rabbit hole in a one-off Alice in Wonderland themed episode.

Why? Well, partly because it's fun, but also because quantum tech, and in particular the security challenges of a quantum world, have a lot in common with Louis Carroll's universe, where logic bends and nothing is quite what it seems.

From the Red Queen's race, where running as fast as you can still gets you nowhere, to the garden of talking flowers where the paths make no sense, we can find a lot of parallels in these classic tales. You'll see what I mean a bit later on.

Of course, as with every episode, we're still trying to get to the heart of a big central question, and today that question is: Will our secrets survive the quantum leap?

To help me navigate this wonderland, I've enlisted the help of Dr Sarah McCarthy, a quantum cryptographer, and leader of Citi's Quantum Readiness Program. Sarah's journey is fascinating, starting in pure maths, moving through the rigors of academia, and now helping businesses shore up their defenses against the next generation of cyber threats. In short, she knows how to make sense of a world that can seem utterly nonsensical.

So, let's start at the beginning of the story and learn a little bit more about what quantum computing actually is.

DR SARAH MCCARTHY

The fundamental unit of information in quantum computing is known as the qubit. We can compare this to bits in classical computing, which can be either a zero or a one. But a qubit, somewhat like the Cheshire cat can exist in both states, both a zero and a one simultaneously. And this is a property known as superposition.

And because of this property, it is very good at optimising specific types of computations, well beyond the speed and effort which classical computing techniques can tackle these problems and mathematics at. So this can bring potential benefits. Just like the Cheshire Cat, it can help us or it can hinder us.

So, some of the benefits that quantum computing technologies could bring are drug trial simulations, optimising trading of markets, and even accelerating AI processes that we are using today. But on the flip side, it can also solve the underlying mathematics of today's public key cryptography.

And this underlying mathematics, it's too difficult for a classical computer to break. It would take a classical computer millions of years, but a quantum computer can solve these problems in seconds or hours. So, this is pretty scary.

DAVID ELLIMAN

Moving into quantum cryptography just a little bit more. Give us an example of what a secure communication might look like in the quantum world. Because communication now relies on existing cryptography. We trust that our messages, for the most part, are encrypted somehow, some way, and only the person intended to read the message is allowed to do so, et cetera.

What does that secure communication look like in the quantum world?

DR SARAH MCCARTHY

We have cryptography today, which is based on existing problems. And these mathematical constructs provide us with digital signature algorithms, which are used for authenticating documents or encryption mechanisms, which are used to encrypt and somewhat scramble up the information so it can't be read by an outsider.

But as the problems underline, today's cryptography will no longer be difficult for a quantum computer to break. We need to look at more advanced and sophisticated types of mathematics upon which to build our post-quantum cryptographic primitives.

DAVID ELLIMAN

A post-quantum cryptographic primitive is the basic building block we use to create larger security systems that can stand up to a quantum computing attack. It's the core ingredient that keeps everything else safe in this quantum world.

DR SARAH MCCARTHY

There's been a lot of progress in the past decade in developing post-quantum cryptography, from research and standardisation to commercialisation and real-life deployments. So, this effort of standardising post-quantum cryptography was spearheaded by NIST, which is the National Institute of Standards and Technology in the US.

And they invited submissions for these new post quantum primitives from the community, and these submissions were subject to intense scrutinisation, both by internally at NIST and the external research community resulting in a handful of the algorithms which were chosen to become the new FIPs standards.  

DAVID ELLIMAN

Back in 2016, during a NIST conference in Japan, Sarah actually found herself in an Alice in Wonderland themed restaurant. A fantastic coincidence and perhaps a neat metaphor for the quantum world, where logic turns itself inside out and rules seem to rearrange overnight. Nothing quite behaves as you'd expect.

This also leads us neatly back to something we touched on earlier, the Red Queen's race, where even giving it everything you've got doesn't guarantee you'll get anywhere.

In through the looking glass, the Red Queen challenges Alice to a race, and when Alice wonders why she's isn't getting anywhere, the red queen replies: “Now here you see it takes all the running you can do to keep in the same place. If you want to get somewhere else, you must run at least twice as fast as that”. Alice runs with all her might yet never moves forward. She slips behind even as she pushes ahead.

It's a spot on reflection of where we stand with quantum cryptography today. A field that races ahead at full tilt while constantly challenging us to keep pace with its shifting counterintuitive rules.

DR SARAH MCCARTHY

This is a great metaphor for cryptography generally, because attacks are continuously evolving, not just from quantum computers, but just general crypto analysis, or side channel attacks, and attackers trying to find different ways to breach a system. So, I think this is a great warning from the Red Queen.

You can't just plan for post-quantum cryptography once and forget about it. You need continuous investment, experimentation, and preparation. Security is a moving target, and only by running consistently and keeping your teams’ skillset and systems up to date can you remain resilient against these emerging threats.

It's a constant race for mathematicians, engineers, and security experts to keep cryptographic systems ahead of potential threats, or at least to keep up with them. This is the case with today's cryptography, but with PQC, we need to. Have extra care around this.

Unlike the cryptography we use today, it hasn't had a chance on the battlefield, and we don't have the CM seal of approval, by the test of time.

So, throughout the NIST process itself, several candidates which were being considered for standardisation were indeed broken by classical computing techniques, not even quantum computers. So, this might cause a bit of distrust in these standardised algorithms, but there's no need, because they have been scrutinised by the smartest brains in the world.

But it does give you more of a motivation to adopt a cryptographically agile stance and be prepared to go through transitions to even your cryptography in the future.

DAVID ELLIMAN

We hear about breakthroughs, different companies making claims, and you made the point that it's not just a single investment. You need to constantly work at this overtime as the entire industry and the thought processes behind it evolve.

So, it's almost like, it feels like you need a kind of cryptographic agility with the ability to sort of maybe plug in different cryptographic algorithms in some way through some sort of abstraction. Does that make some sort of sense?

DR SARAH MCCARTHY

Cryptographic agility is just like Alice navigating Wonderland. She must adapt to growing, and shrinking, and shifting paths. And similarly, organisations must be able to swap out cryptographic components and adjust protocols and stay ahead of the ever-evolving landscape of quantum threats.

A popular tactic for facilitating cryptographic agility is employing hybrid solutions, so that's deploying PQC alongside existing cryptography. That way Wonderland doesn't feel quite so unknown.

And if anything gets broken, we can simply fall back to the security principles that we were using beforehand. And if any of the post quantum cryptography needs to be updated or patched, or we're swapping in new algorithms, you have this safety net of the classical techniques during the update.

So this just reiterates the fact that continuous monitoring of these emerging quantum and classical attacks combined with staff training and planning for scenarios like this, like if something gets broken, this ensures that teams can respond rapidly as the new risks arise.

DAVID ELLIMAN

This takes us to the heart of the threat. What a lot of people talk about, it's the “harvest now, decrypt later” scenario. So why is this so urgent?

DR SARAH MCCARTHY

When we talk about a quantum computer that can break public key cryptography, we tend to refer to this as a cryptographically relevant quantum computer. And one of these does not yet knowingly exist. But adversaries can start preparing for them now. And this looks like them harvesting today's encrypted data and storing it with the intention to decrypt it once a cryptographically relevant quantum computer does exist.

So if the data is long life, such as medical data, financial records, and probably more seriously, national secrets, then this data is still valuable to the attackers in 10 or 20 years time, and they can use it for their own personal gain.

There is another attack that applies to authentication techniques called “trust now, forge later”, and this is similar if we think of a long-term contract, let's say a mortgage contract or a long-term loan. Today, we digitally sign it and that gives us assurance that the contents of the document have not been tampered with. And we know that the person who signed it, absolutely it was them who signed it, and they can't deny having signed it. But if we think about this contract that we signed today, let's say in 10 years’ time, someone has a cryptographically relevant quantum computer, they can forge the signature, so they could tamper the doc, the document, they could change the terms of the loan, they could change the amount of money that's owed and re-sign it with a signature which looks valid.

Now we're thinking if we aren't signing with post quantum solutions today, can we still trust these digital signatures in 20 years' time when a cryptographically relevant quantum computer may exist?

So it's very much like Alice eating the cake. It maybe wasn't obvious what the consequences were until a little bit later on, when she grew too large to fit through the doorway, and similarly, we might not be able to trust these signature schemes in the future, and it's only in the future that this will become apparent.

DAVID ELLIMAN

And I think that's probably one of the challenges as executives encounter this. It's very difficult in the way that people have to plan sort of sociopolitically to legislate for or even govern for something that's so far ahead into the future. Whereas, as you say, acting now prevents the problems potentially or limits the damage in the future.

So, why must they act to protect their organisations before quantum computing changes the rules? What drives the urgency from your perspective?

DR SARAH MCCARTHY

Organisations that adopt post-quantum cryptography early can gain a competitive edge. First of all, they can offer their clients and partners stronger future proof security, and they can look more trustworthy and technologically advanced than others who are further behind the curve. This is obviously great for business, but internally, they have to deal with regulators.

And for example, in the financial industry or the telecommunications industry, if they don't adhere to the compliance, then they suffer hefty fines.  

Even though an executive might not truly comprehend the impact of quantum computing attacks, they usually understand fairly easily what a penalty looks like and the impact of not adhering to regulations. So sometimes this can be just as good a driving force as what a cyber attack would look like.

DAVID ELLIMAN

When Alice wanders into the garden of the talking flowers and through the looking glass, she tries to make her way up to the top of a hill, but she simply can't find a route that makes sense. The paths twist in odd directions. And no matter what she tries, she keeps ending up exactly where she began.

Managing a digital estate can feel remarkably similar. New data keeps appearing, legacy systems stubbornly hang on, and things shift in ways you didn't expect, leaving you with a sense that you're forever looping back on yourself.

So how can leaders navigate this topsy-turvy garden and actually find a clear path forward?  

DR SARAH MCCARTHY

It is a very complex and vast process, but there are definitely actionable steps that executives can take today.

One of the big driving forces within an organisation is support of executives and leadership teams, and this can look like providing budget for trials and experiments, maybe in setting internal mandates for these individual teams to have to place quantum computing threats as a priority and also, providing internal training opportunities and raising awareness and understanding of what this cryptographic migration does entail.

You mentioned inventorying your current cryptographic assets. This is a great first step because a lot of today's cryptography was just added on as it was needed, or it's buried very deep within some legacy software.

So even before we think about deploying post quantum cryptography, we need to know what we have at the minute, and where this sits, and how we manage our keys and our certificates, and what third party libraries we use. So, all of this is really just a mapping and inventory of the landscape today, nevermind how we are going to upgrade this landscape.

Another important step is considering your high risk use cases. So, within a financial organisation, this might look like highly confidential transactions or those long-term contracts, or sensitive data about clients.

Medical data is another great example of highly confidential long lifespan data that we need to place as a priority when migrating to post-quantum.

We also want to liaise with industry-working grips. One of the key elements of migration is coordinating with others, because it's all about communication and none of that communication happens in silo. So there's no point in me upgrading some part of my infrastructure when everyone else is working on a different part.

I'm still going to have to use my legacy cryptography until they've caught up. And then I don't want to be behind in other elements of my organisation. So, engaging in working grips and also engaging your vendors in discussions about their roadmaps and what their plans are to ensure that the whole sector and other sectors can migrate together, will create the most seamless, smooth transition.

DAVID ELLIMAN

It's like a non-competitive collaboration, isn't it? Because of the breadth and depth of the threat. We're seeing working groups and standard bodies, consulting working groups in a way that I think transcends competitive advantage.

There is a competitive advantage in somebody achieving Q-Day, so I wonder if you just want to spend, you know, just a few seconds defining Q-Day for our listeners.

But also, what the potential threats and advantages to achieving that for either an individual company or indeed a nation state might be.

DR SARAH MCCARTHY

Within the cryptography world, Q-Day is when our cryptography will no longer be considered secure.

For something like a hostile nation's state, trying to decrypt top secret information, they're very unlikely to publicize the fact that they have a cryptographically relevant quantum computer.

So, in fact, Q-Day could happen without us really being aware. But I often like to bring the focus off Q-Day, because as I explained, a lot of the work can be done in advance. And we don't need quantum computers to be able to deploy post-quantum cryptography.

We have the mathematical tools; we have the standards. We are already seeing real-life deployments of these new technologies. So, using Q-Day as a reason to stall is not really acceptable anymore.  

Another reason to start moving today is that early movers can help to influence and shape further standards and regulations, in a way that suits them, whereas those who delay are just forced to accept what they're told to do by these regulators.

DAVID ELLIMAN

When is Q-Day? Obviously, that's a very unfair question, but in your opinion, are we looking at months, years, decades?

DR SARAH MCCARTHY

I want to say years, 10 years, 15 years? I think one of the issues predicting when Q-Day is that it's not like a linear problem. It's not a case of just obtaining more qubits. There are a lot of environmental factors and engineering challenges which need to be solved. And once we pass that threshold, then we might be able to see the possibility of scalable quantum computers.

DAVID ELLIMAN

Clearly, there's a lot to do and learn here, especially when we can't be certain when Q-Day might arrive.

Post-quantum wonderland is tricky to navigate, yet some characters seem to manage it effortlessly. The white rabbit may be perpetually late, but he threads his way through theological doors and obstacles without the struggles that trip Alice up.

In the same way, there have been some organisations that have made headway in preparing for a quantum future when it comes to security.

DR SARAH MCCARTHY

Several organisations have already stepped through the looking glass and have begun navigating this quantum landscape, and this offers valuable lessons for those preparing to follow.

CloudFlare has already deployed hybrid PQC within TLS 1.3 by default. And this means if you are using one of these major web browsers like Chrome, Edge or Firefox, there's a strong chance that you're actually using quantum resistant key exchange today, and you probably don't even realise it, which just speaks to the fact that these technologies, although we've got the word ‘quantum’ in it, can run perfectly fine on today’s systems.

We also have security vendors preparing the foundations, for example, in hardware security modules. In that field we have vendors developing PQC enabled hardware, and they can demonstrate how this hardware can operate within critical infrastructure with very little impact.

In the financial sector, central banks are conducting trials for financial transactions across borders.

Executives can learn a lot from these early explorers. They can learn from both the successes and the failures of these organisations and think about how they apply to their own setups and challenges.

DAVID ELLIMAN

Do you think that we can get ahead in the Red Queen's race and make sure our secrets survive the quantum leap?

DR SARAH MCCARTHY

Yes, they definitely can, but only if organisations act early.

As we’ve learned today, quantum computing will not instantly break today’s security, but it does force us to rethink those long-lived systems and the data with a longer lifespan.

We do have what we need to act. We have post-quantum standards, and we have examples of deployments across enterprise use cases.

The organisations that inventory their cryptography, identify the high risk use cases, and adopt crypto agile architectures, are the ones who'll be able to transition the most smoothly, and without risking data exposure and rushed migration, which could introduce further vulnerabilities in this world. Just waiting until quantum computers mature is not an option.

DAVID ELLIMAN

At the end of Alice's adventures, we're left wondering, was it all just a dream?

In many ways, the leap to quantum feels much the same. It's abstract, mathematical, and can seem distant. Yet, as Sarah reminds us, Q-Day is coming, and we might not even realize it.

Executives therefore need to prepare and there are several ways to do so: running experiments, cataloging legacy software, and keeping an eye on what others in the industry have done successfully. They're all practical steps towards making the quantum leap.

Thank you for following me down the rabbit hole on this special episode of Tech Tomorrow, brought to you by Zühlke. Sadly, this is the final episode of season three. I want to say a big thank you to Dr. Sarah McCarthy and all the brilliant guests who've joined me along the way.

If you'd like to explore more of what we do, links to our website and additional resources can be found in this episode’s show notes. Until next time.