Quantum Computing: What s the deal? Michele Mosca ICPM Discussion Forum 4 June 2017

Similar documents
The Quantum Threat to Cybersecurity (for CxOs)

Managing the quantum risk to cybersecurity. Global Risk Institute. Michele Mosca 11 April 2016

The quantum threat to cryptography

Evolution of Cryptography April 25 th 2017

PQ Crypto Panel. Bart Preneel Professor, imec-cosic KU Leuven. Adi Shamir Borman Professor of Computer Science, The Weizmann Institute, Israel

Quantum Cryptography

The science behind these computers originates in

Quantum Technologies: Threats & Solutions to Cybersecurity

ALICE IN POST-QUANTUM WONDERLAND; BOB THROUGH THE DIGITAL LOOKING-GLASS

Quantum Computing: it s the end of the world as we know it? Giesecke+Devrient Munich, June 2018

Post-Quantum Cryptography & Privacy. Andreas Hülsing

Cryptography in a quantum world

Cryptography in the Quantum Era. Tomas Rosa and Jiri Pavlu Cryptology and Biometrics Competence Centre, Raiffeisen BANK International

Cyber Security in the Quantum Era

Everything is Quantum. Our mission is to keep KPN reliable & secure and trusted by customers, partners and society part of the vital infra of NL

ETSI/IQC QUANTUM SAFE WORKSHOP TECHNICAL TRACK

Risk management and the quantum threat

Post-Quantum Cryptography & Privacy. Andreas Hülsing

Lattice-Based Cryptography

POST-QUANTUM CRYPTOGRAPHY HOW WILL WE ENCRYPT TOMORROW?

Everything is Quantum The EU Quantum Flagship

The quantum threat to cryptography

Information Security

Information Security in the Age of Quantum Technologies

WHITE PAPER ON QUANTUM COMPUTING AND QUANTUM COMMUNICATION

What are we talking about when we talk about post-quantum cryptography?

Quantum threat...and quantum solutions

1500 AMD Opteron processor (2.2 GHz with 2 GB RAM)

A brief survey on quantum computing

Random Number Generation Is Getting Harder It s Time to Pay Attention

Quantum Computing and the Possible Effects on Modern Security Practices

Quantum Networking: Deployments, Components and Opportunities September 2017

Cryptographic Hash Functions

Blockchain and Quantum Computing

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

White paper Quantum computing in financial services

Quantum-Safe Crypto Why & How? JP Aumasson, Kudelski Security

CustomWeather Statistical Forecasting (MOS)

Post Quantum Cryptography. Kenny Paterson Information Security

Elliptic Curves and Cryptography

Overview. Public Key Algorithms II

Introduction to Quantum Information Processing QIC 710 / CS 768 / PH 767 / CO 681 / AM 871

Public Key Cryptography

Quantum Computing. Richard Jozsa Centre for Quantum Information and Foundations DAMTP University of Cambridge

Quantum computing and the entanglement frontier. John Preskill NAS Annual Meeting 29 April 2018

Summary of Hyperion Research's First QC Expert Panel Survey Questions/Answers. Bob Sorensen, Earl Joseph, Steve Conway, and Alex Norton

Side Channel Analysis and Protection for McEliece Implementations

Table Of Contents. ! 1. Introduction to Quantum Computing. ! 2. Physical Implementation of Quantum Computers

A brief survey of post-quantum cryptography. D. J. Bernstein University of Illinois at Chicago

QUANTUM COMPUTING & CRYPTO: HYPE VS. REALITY ABHISHEK PARAKH UNIVERSITY OF NEBRASKA AT OMAHA

Mathematics of Public Key Cryptography

Public-key Cryptography and elliptic curves

Selecting Elliptic Curves for Cryptography Real World Issues

Challenges in Quantum Information Science. Umesh V. Vazirani U. C. Berkeley

Foundations of Network and Computer Security

Introduction to Quantum Computing

From NewHope to Kyber. Peter Schwabe April 7, 2017

A Reconfigurable Quantum Computer

America must act to protect its power grid

A DPA attack on RSA in CRT mode

Quantum Preimage and Collision Attacks on CubeHash

10 - February, 2010 Jordan Myronuk

PKCS #1 v2.0 Amendment 1: Multi-Prime RSA

The Open Sourcing of Infrastructure

Quantum computing with superconducting qubits Towards useful applications

Enabling Web GIS. Dal Hunter Jeff Shaner

FPGA-BASED ACCELERATOR FOR POST-QUANTUM SIGNATURE SCHEME SPHINCS-256

Hacking Quantum Cryptography. Marina von Steinkirch ~ Yelp Security

Foundations of Network and Computer Security

Fast, Quantum-Resistant Public-Key Solutions for Constrained Devices Using Group Theoretic Cryptography

ETSI GUIDE CYBER; Quantum Computing Impact on security of ICT Systems; Recommendations on Business Continuity and Algorithm Selection

2018 Project Prioritization and Budgeting Process

Standardization of Quantum Cryptography in China

Ping Pong Protocol & Auto-compensation

EU investment in Quantum Technologies

2014 Russell County Hazard Mitigation Plan Update STAKEHOLDERS AND TECHNICAL ADVISORS MEETING 2/6/14

Quantum Cryptography

An Introduction to Elliptic Curve Cryptography

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

The Quantum Age Technological Opportunities

H2020 FET Flagship on Quantum Technologies Infoday

Efficient Application of Countermeasures for Elliptic Curve Cryptography

Code-based post-quantum cryptography. D. J. Bernstein University of Illinois at Chicago

Statement (India) at the 1 st High Level Forum Meeting of United Nations Global Geospatial Information Management held at Seoul on 24 th October 2011

Quantum Computing: From Science to Application Dr. Andreas Fuhrer Quantum technology, IBM Research - Zurich

Quantum Wireless Sensor Networks

An Original Numerical Factorization Algorithm

Quantum Computing. Separating the 'hope' from the 'hype' Suzanne Gildert (D-Wave Systems, Inc) 4th September :00am PST, Teleplace

L E A D I N G T H E C O M P U T I N G R E V O L U T I O N

Quantum and quantum safe crypto technologies in Europe. Ales Fiala Future and Emerging Technologies European Commission

Post-Snowden Elliptic Curve Cryptography. Patrick Longa Microsoft Research

Climate Risk Visualization for Adaptation Planning and Emergency Response

Quantum Key Search with Side Channel Advice

Post-quantum RSA. We built a great, great 1-terabyte RSA wall, and we had the university pay for the electricity

Further progress in hashing cryptanalysis

CRYSTALS Kyber and Dilithium. Peter Schwabe February 7, 2018

Week 12: Hash Functions and MAC

Big Data Paradigm for Risk- Based Predictive Asset and Outage Management

Practical, Quantum-Secure Key Exchange from LWE

RSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis. Daniel Genkin, Adi Shamir, Eran Tromer

Transcription:

Quantum Computing: What s the deal? Michele Mosca ICPM Discussion Forum 4 June 2017

What is quantum?? E. Lucero, D. Mariantoni, and M. Mariantoni 2017 M. Mosca

New paradigm brings new possibilities Designing new materials, drugs, etc. Optimizing Sensing and measuring Secure communication What else??? 2017 M. Mosca

Quantum Cryptography Quantum Random Number Generation (QRNG) Quantum Key Establishment (QKD) Other www.quintessencelabs.com whitewoodsecurity.com Courtesy of Qiang Zhang, USTC Beijing-Shanghai SwissQuantum QKD Backbone Network Tokyo QKD Network Battelle QKD Network Columbus, Ohio, USA swissquantum.idquantique.com/?-networkhttp://www.uqcc.org/qkdnetwork/ http://www.battelle.org/our-work/nationalsecurity/cyber-innovations/quantum-keydistribution http://www.idquantique.com/photoncounting/clavis3-qkd-platform/ http://www.quantumcomm.com/index.php/cate/index/pid/1 http://www.qasky.com/product.aspx?id=94

Scalable fault-tolerant quantum computer Known to solve many problems previously thought to be intractable 2017 M. Mosca

Non-fault-tolerant quantum devices Not a known threat to cryptography Can they capture some of the power of quantum computation? Can they simulate themselves or similar systems faster/cheaper than conventional computers? Can they solve useful problems better than conventional devices? 2017 M. Mosca Similarly, although there is no proof today that imperfect quantum machines can compute fast enough to solve practical problems, that may change.

How secure will our current crypto algorithms be? Algorithm Key Length Security level (Conventional Computer) RSA-1024 1024 bits 80 bits 0 bits RSA-2048 2048 bits 112 bits 0 bits ECC-256 256 bits 128 bits 0 bits ECC-384 384 bits 192 bits 0 bits Security level (Quantum Computer) AES-128 128 bits 128 bits 64 bits AES-256 256 bits 256 bits 128 bits

What will be affected? Products, services, business functions that rely on security products will either stop functioning or not provide the expected levels of security. Clouding computing Payment systems Internet ehealth etc. Secure Web Browsing - TLS/SSL Auto-Updates Digital Signatures VPN - IPSec Secure email -S/MIME PKI Blockchain etc RSA, DSA, DH, ECDH, ECDSA, AES, 3-DES, SHA,

What will be affected? Products, services, business functions that rely on security products will either stop functioning or not provide the expected levels of security.

Do we need to worry now? Depends on: X = security shelf-life Y = migration time Z = collapse time Theorem : If X + Y > Z, then worry. EPRINT.IACR.ORG/2015/1075 y z x time 2017 M. Mosca

Bottom line Fact: If X+Y>Z, then you will not be able to provide the required X years of security. Fact: If Y>Z then cyber systems will collapse in Z years with no quick fix. Fact: Rushing Y will be expensive, disruptive, and lead to vulnerable implementations. Prediction: In the next 6-18 months, organizations will be differentiated by whether or not they have a well-articulated quantum risk management plan. 2017 M. Mosca

How large of a quantum computer is needed? https://qsoft.iqc.uwaterloo.ca/ Simulator Quantum++, etc.) (Quantum Compiler tools, Quantum Computer 2017 M. Mosca

How close are we to having sufficient quantum resources? 2017 M. Mosca

What is z? Mosca: [Oxford] 1996: 20 qubits in 20 years [NIST April 2015, ISACA September 2015]: 1/7 chance of breaking RSA-2048 by 2026, ½ chance by 2031 EPRINT.IACR.ORG/2015/1075 Microsoft Research [October 2015]: Recent improvements in control of quantum systems make it seem feasible to finally build a quantum computer within a decade. Use of a quantum computer enables much larger and more accurate simulations than with any known classical algorithm, and will allow many open questions in quantum materials to be resolved once a small quantum computer with around one hundred logical qubits becomes available.

Quantum-safe cryptographic tool-chest conventional quantumsafe cryptography a.k.a. Post-Quantum Cryptography or Quantum- Resistant Algorithms + quantum cryptography Courtesy of Qiang Zhang, USTC http://www.idquantique.com/photoncounting/clavis3-qkd-platform/ Both sets of cryptographic tools can work very well together in quantum-safe cryptographic ecosystem

But we re risk-averse! Hybrid deployment of quantum-safe with currently deployed crypto provides strictly better security

Quantum Risk Assessment Phase 1- Identify and document assets, and their current cryptographic protection. Phase 2- Research the state of emerging quantum technologies, and the timelines for availability of quantum computers. Phase 3- Identify and document threat actors, and estimate their time to access quantum technology z. Phase 4- Identify the lifetime of your assets x, and the time required to migrate the organizations technical infrastructure to a quantum-safe state y. Phase 5- Determine quantum risk by calculating whether business assets will become vulnerable before the organization can move to protect them. (x + y > z?) Phase 6- Identify and prioritize the activities required to maintain awareness, and to migrate the organization s technology to a quantum-safe state. http://www.evolutionq.com/methodology-for-qra.html 2017 M. Mosca

Testing new tools openquantumsafe.org 2017 M. Mosca

Security is a choice Problematic choices: Do nothing: my vendors will take care of this for me Do nothing until NIST standardization is done Get it over with 2017 M. Mosca

Historic opportunity 2017 M. Mosca

The choice is ours Embrace quantum technologies that will help humanity and live in a safer cyberenhanced world? 2017 M. Mosca

Thank you! Comments, questions and feedback are very welcome. Michele Mosca Co-founder and CEO, evolutionq Inc. Michele.Mosca@evolutionQ.com University Research Chair, Faculty of Mathematics Co-Founder, Institute for Quantum Computing www.iqc.ca/~mmosca Director, CryptoWorks21 www.cryptoworks21.com University of Waterloo mmosca@uwaterloo.ca

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback