17 june 2019 michele mosca - etsi€¦ · • microsoft research [october 2015]: ”recent...
TRANSCRIPT
![Page 1: 17 June 2019 Michele Mosca - ETSI€¦ · • Microsoft Research [October 2015]: ”Recent improvements in control of quantum systems make it seem feasible to finally build a quantum](https://reader033.vdocuments.us/reader033/viewer/2022050211/5f5dc04649f3e6587d4ab488/html5/thumbnails/1.jpg)
Toward a Safe Quantum Future
17 June 2019
Michele Mosca
![Page 2: 17 June 2019 Michele Mosca - ETSI€¦ · • Microsoft Research [October 2015]: ”Recent improvements in control of quantum systems make it seem feasible to finally build a quantum](https://reader033.vdocuments.us/reader033/viewer/2022050211/5f5dc04649f3e6587d4ab488/html5/thumbnails/2.jpg)
Quantum paradigm brings new possibilities
Designing new materials, drugs, etc.
Optimizing, Learning, etc.
What else???
Sensing and measuring
Secure communication
![Page 3: 17 June 2019 Michele Mosca - ETSI€¦ · • Microsoft Research [October 2015]: ”Recent improvements in control of quantum systems make it seem feasible to finally build a quantum](https://reader033.vdocuments.us/reader033/viewer/2022050211/5f5dc04649f3e6587d4ab488/html5/thumbnails/3.jpg)
![Page 4: 17 June 2019 Michele Mosca - ETSI€¦ · • Microsoft Research [October 2015]: ”Recent improvements in control of quantum systems make it seem feasible to finally build a quantum](https://reader033.vdocuments.us/reader033/viewer/2022050211/5f5dc04649f3e6587d4ab488/html5/thumbnails/4.jpg)
![Page 5: 17 June 2019 Michele Mosca - ETSI€¦ · • Microsoft Research [October 2015]: ”Recent improvements in control of quantum systems make it seem feasible to finally build a quantum](https://reader033.vdocuments.us/reader033/viewer/2022050211/5f5dc04649f3e6587d4ab488/html5/thumbnails/5.jpg)
![Page 6: 17 June 2019 Michele Mosca - ETSI€¦ · • Microsoft Research [October 2015]: ”Recent improvements in control of quantum systems make it seem feasible to finally build a quantum](https://reader033.vdocuments.us/reader033/viewer/2022050211/5f5dc04649f3e6587d4ab488/html5/thumbnails/6.jpg)
![Page 7: 17 June 2019 Michele Mosca - ETSI€¦ · • Microsoft Research [October 2015]: ”Recent improvements in control of quantum systems make it seem feasible to finally build a quantum](https://reader033.vdocuments.us/reader033/viewer/2022050211/5f5dc04649f3e6587d4ab488/html5/thumbnails/7.jpg)
Cryptography:RSA, DSA, DH, ECDH, ECDSA,…, SHA, AES
Secure web browsing, Auto-updates, VPN, Secure email, Blockchain, etc…
Cloud computing, Payment systems, Internet, IoT, etc…
![Page 8: 17 June 2019 Michele Mosca - ETSI€¦ · • Microsoft Research [October 2015]: ”Recent improvements in control of quantum systems make it seem feasible to finally build a quantum](https://reader033.vdocuments.us/reader033/viewer/2022050211/5f5dc04649f3e6587d4ab488/html5/thumbnails/8.jpg)
• User errors
• Corrupt users
• Admin errors
• Corrupt admin
• Platform implementation errors
• Platform design errors
• Cryptography implementation errors
• Fundamentally vulnerable cryptography
So many different vulnerabilities
![Page 9: 17 June 2019 Michele Mosca - ETSI€¦ · • Microsoft Research [October 2015]: ”Recent improvements in control of quantum systems make it seem feasible to finally build a quantum](https://reader033.vdocuments.us/reader033/viewer/2022050211/5f5dc04649f3e6587d4ab488/html5/thumbnails/9.jpg)
• User errors
• Corrupt users
• Admin errors
• Corrupt admin
• Platform implementation errors• Platform design errors
•Crypto implementation errors•Fundamentally vulnerable
cryptography
Ranked, from bad to worse?
![Page 10: 17 June 2019 Michele Mosca - ETSI€¦ · • Microsoft Research [October 2015]: ”Recent improvements in control of quantum systems make it seem feasible to finally build a quantum](https://reader033.vdocuments.us/reader033/viewer/2022050211/5f5dc04649f3e6587d4ab488/html5/thumbnails/10.jpg)
Do we need to worry now?Depends on*:• security shelf‐life (x years)• migration time (y years)• collapse time (z years)“Theorem”: If x + y > z, then worry.
y
time
xz
*M. Mosca: e‐Proceedings of 1st ETSI Quantum‐Safe Cryptography Workshop, 2013. Also http://eprint.iacr.org/2015/1075
![Page 11: 17 June 2019 Michele Mosca - ETSI€¦ · • Microsoft Research [October 2015]: ”Recent improvements in control of quantum systems make it seem feasible to finally build a quantum](https://reader033.vdocuments.us/reader033/viewer/2022050211/5f5dc04649f3e6587d4ab488/html5/thumbnails/11.jpg)
Bottom line
• If Y>Z then cyber systems will collapse in Z years with no quick fix.
• Rushing “Y” will be expensive, disruptive, and lead to vulnerable implementations (i.e. won’t need quantum computers to hack)
• The emergence of the first scalable quantum computers will challenge the trust in the tools and institutions underpinning our digital economy.
![Page 12: 17 June 2019 Michele Mosca - ETSI€¦ · • Microsoft Research [October 2015]: ”Recent improvements in control of quantum systems make it seem feasible to finally build a quantum](https://reader033.vdocuments.us/reader033/viewer/2022050211/5f5dc04649f3e6587d4ab488/html5/thumbnails/12.jpg)
What is ‘z’?
• M. Mosca [Oxford, 1996]: “20 qubits in 20 years”
• Microsoft Research [October 2015]: ”Recent improvements in control of quantum systems make it seem feasible to finally build a quantum computer within a decade”.
• M. Mosca ([NIST, April 2015], [ISACA, September 2015]): “1/7 chance of breaking RSA‐2048 by 2026, ½ chance by 2031”
• M. Mosca [London, September 2017]: “1/6 chance within 10 years”
• Simon Benjamin [London, September 2017]: Speculates that if someone is willing to “go Manhattan project” then “maybe 6‐12 years”
![Page 13: 17 June 2019 Michele Mosca - ETSI€¦ · • Microsoft Research [October 2015]: ”Recent improvements in control of quantum systems make it seem feasible to finally build a quantum](https://reader033.vdocuments.us/reader033/viewer/2022050211/5f5dc04649f3e6587d4ab488/html5/thumbnails/13.jpg)
Quantum‐safe cryptography tool‐chest
conventional quantum‐safe cryptography a.k.a. Post‐Quantum Cryptography or Quantum Resistant Algorithms
quantum cryptography+
Both sets of cryptographic tools can work very well together in quantum-safe cryptographic ecosystem
http://www.idquantique.com/photon‐counting/clavis3‐qkd‐platform/
Courtesy of Qiang Zhang, USTC
![Page 14: 17 June 2019 Michele Mosca - ETSI€¦ · • Microsoft Research [October 2015]: ”Recent improvements in control of quantum systems make it seem feasible to finally build a quantum](https://reader033.vdocuments.us/reader033/viewer/2022050211/5f5dc04649f3e6587d4ab488/html5/thumbnails/14.jpg)
openquantumsafe.org
Can test and prototype post‐quantum algorithms now
Other open source implementations:https://github.com/mupq/pqm4https://libpqcrypto.orghttps://github.com/safecrypto/libsafecryptoIndustry tool‐kits also available.
![Page 15: 17 June 2019 Michele Mosca - ETSI€¦ · • Microsoft Research [October 2015]: ”Recent improvements in control of quantum systems make it seem feasible to finally build a quantum](https://reader033.vdocuments.us/reader033/viewer/2022050211/5f5dc04649f3e6587d4ab488/html5/thumbnails/15.jpg)
QKD Link Layer(QLL)
QKD Network Layer (QNL)
Key Mgmt. ServiceLayer(KMS)
Host Layer
OpenQKDNetwork.com
Can design QKD into systems now
Full protocol stack for QKD
![Page 16: 17 June 2019 Michele Mosca - ETSI€¦ · • Microsoft Research [October 2015]: ”Recent improvements in control of quantum systems make it seem feasible to finally build a quantum](https://reader033.vdocuments.us/reader033/viewer/2022050211/5f5dc04649f3e6587d4ab488/html5/thumbnails/16.jpg)
“But we’re risk‐averse!”
Hybrid deployment of quantum‐safe with currently deployed crypto provides strictly better security.
Advisable until quantum computers have been around for several years and are easily accessible.Several practical considerations in how to implement (e.g. FIPS 140‐2 certification, backwards compatibility).
![Page 17: 17 June 2019 Michele Mosca - ETSI€¦ · • Microsoft Research [October 2015]: ”Recent improvements in control of quantum systems make it seem feasible to finally build a quantum](https://reader033.vdocuments.us/reader033/viewer/2022050211/5f5dc04649f3e6587d4ab488/html5/thumbnails/17.jpg)
Security is a choice
• Will you be ready for the NIST standards around 2022‐2023?• If “phase 4” for quantum computing is achieved in the next 2‐4 years,
will key stakeholders trust that your sector will be ready in time?• Will your systems be quantum‐ready by 2024? 2026? 2028? 2030?
![Page 18: 17 June 2019 Michele Mosca - ETSI€¦ · • Microsoft Research [October 2015]: ”Recent improvements in control of quantum systems make it seem feasible to finally build a quantum](https://reader033.vdocuments.us/reader033/viewer/2022050211/5f5dc04649f3e6587d4ab488/html5/thumbnails/18.jpg)
Quantum Risk Fundamentals:Identify:• Your organization’s reliance on cryptography• The sources and types of technology in use
Track:• The state of quantum technology development• The timeline for access by specific threat actors • Advances in the development of quantum-safe technologies
and algorithms
Manage:• IT procurement to communicate the issue to vendors• Technology upgrades and lifecycles to facilitate the
incorporation of quantum-safe algorithms.
https://globalriskinstitute.org/publications/3423‐2/
![Page 19: 17 June 2019 Michele Mosca - ETSI€¦ · • Microsoft Research [October 2015]: ”Recent improvements in control of quantum systems make it seem feasible to finally build a quantum](https://reader033.vdocuments.us/reader033/viewer/2022050211/5f5dc04649f3e6587d4ab488/html5/thumbnails/19.jpg)
Historic opportunity
![Page 20: 17 June 2019 Michele Mosca - ETSI€¦ · • Microsoft Research [October 2015]: ”Recent improvements in control of quantum systems make it seem feasible to finally build a quantum](https://reader033.vdocuments.us/reader033/viewer/2022050211/5f5dc04649f3e6587d4ab488/html5/thumbnails/20.jpg)
Thank you!Comments, questions and feedback are very welcome.
Michele MoscaUniversity Research Chair, Faculty of MathematicsCo‐Founder, Institute for Quantum Computing, University of Waterloo www.iqc.ca/[email protected]
CEO, evolutionQ Inc. @[email protected]
Co‐founder, softwareQ Inc. softwareq.ca