Created on 2019-10-27 04:17
Published on 2019-10-27 04:38
Have you noticed? There have been an ever-increasing number of quantum physics-related news articles lately. This week alone there were at least ten unique articles, mostly covering new discoveries, scientific breakthroughs and general advances. For example, a Washington Post article on Wednesday called attention to a recent peer-reviewed paper documenting Google AI Quantum team’s experiment; running an algorithm on a quantum processor in 200 seconds that would take 10,000 years to perform on a supercomputer[1]. Google claims they have achieved “quantum supremacy” with this experiment (the point in which quantum computers outperform classic computers), although IBM rebuked the claim[2]. Even if we are five to ten years away from such possibilities, the potential effects of such incredible performance increases on the security and privacy of information [or lack thereof] should be eye-opening.
Regarding breakthroughs, there were two recent articles describing the potential for room-temperature-based optical quantum computers; one in SciTechDaily[3] and one on the University of Denver’s news site[4]. Once materialized, such capabilities would significantly reduce the cost of quantum computers due to the lack of refrigeration, and therefore power, historically required. Scientists may only be at the beginning stages of such research, but again, this demonstrates that the science is advancing rapidly, even before the development of practical uses of quantum technology.
Needless to say, we are at the forefront of the quantum computing era. Quantum physics is important enough to necessitate the White House appointing a UC Berkeley professor and quantum expert, Birgitta Whaley, to the President’s Council of Advisors on Science and Technology (PCAST)[5]. And, the U.S. Army is also studying quantum communication[6].
Of course, many consider the application of quantum computers in solving meaningful problems still years away; however, as the next few years unfold, I think quantum-based technologies will most certainly have increasing impacts on the security and privacy of information. As security professionals, we must contemplate and plan for these impacts, sooner rather than later. I know that many people are, but I think more is necessary.
Code eventually will be developed to instruct quantum computers to break today’s encryption. There is a good article[7] by Patrick Nohe on the subject of 256-bit encryption and potential issues related to quantum computers. In it, he states, it would take “millions of years” using the world’s fastest supercomputer to break 256-bit AES encryption (2^256 possible combinations), but that, “quantum computing is going to change all of this”. This is because the quantum computer is based on quantum bits (qubits), and unlike traditional bits—which can only be 0 or 1 at a given time—qubits can be 0, 1 or any number in-between. The more qubits, the more exponential compute power available. For example, Google’s Sycamore quantum computer chip, which has 53 qubits, can perform 2^53 computations simultaneously. Ramp this up and millions of years may be reduced to mere days or less. Of course, the good news is that we are not there yet (to my knowledge, no quantum-based encryption cracking programs have been developed, but we appear to be close), and we likely have ten or twenty more years to go. Thankfully, some very smart people at the US National Security Agency (NSA), the National Institute of Standards and Technology (NIST) others[8] have been thinking about and preparing for the issue for a few years and hopefully will have a quantum-proof algorithm ready when the time comes.
Of course, once the new post-quantum cryptographic (PQC) algorithms are finalized, they will need to be deployed and configured on every device encrypting or decrypting data at rest and in motion. That will include every piece of compute and network infrastructure, every endpoint computing device, smartphone, IoT device, authentication framework, digital signing mechanism and practically everything in-between. This transition will surely take significant time and effort. In a report[9] by the Coalition for Networked Information (CNI), Clifford Lynch states this will be, “a very large, complex undertaking”, and is, “a critical problem”. Although NIST is working to address the replacement algorithms, it does not appear that enough research has gone into addressing the migration challenge. The Computing Community Consortium (CCC) is working on this and has developed a report on current research[10]. The report reminds us of the ten or so years it took to successfully transition from 3DES to AES, as well as outlining important questions on social and policy aspects, migration timing and incentives. However, again, further research and efforts are necessary to determine the best possible solutions and methods to address the challenge.
What about quantum communication? What is it and how will it impact information security?
Quantum communication currently takes on two forms; one based on the general laws of quantum physics and the other on quantum entanglement, called quantum teleportation. General quantum communication uses light particles (photons, again called qubits) to transmit data along optical cables. According to Martin Giles[11], the benefit of communicating this way is that it has a built-in breach detection mechanism; if the qubits are tampered with (e.g., observed) by anyone in the middle, this will “collapse” the state, which in-turn will be detected by the receiver. This technology can and is being used to create and share encryption keys to protect sensitive data between sending and receiving parties (called quantum key distribution or QKD), such as banks in the US and China[11]. For example, Huishang Bank in China is using a quantum communications link between its primary and backup data centers, as well as quantum encryption between branches[12].
To understand quantum teleportation, you first must understand quantum entanglement. What entanglement means is, for pairs of quantum particles that are created (e.g., as a result of quantum collisions), interact or share proximity, they do not behave as two independent particles, but one. Whatever the state of one of the two particles in the entangled pair is upon measurement (e.g., up-spin state), the other will directly relate (e.g., down-spin state), no matter the distance between the two. Albert Einstein referred to this as, “spooky action at a distance”. And, it does not seem to matter how far apart the particles are from each other; once one of the two is observed, the second particle directly correlates to that of the first. Even spookier, it does not appear that the particles are communicating with each other to transmit this state, or if they are—based on what scientists have measured—the communication is occurring 10,000 times more quickly than the speed of light! (As a reminder, Albert Einstein theorized that light moves at a constant speed, and nothing can travel faster than it). I speculate that the space between the particles is only an illusion and the link between these particles occurs instantaneously through the fabric of dark matter, or through mini wormholes, but I will save that for another article.
Considering several pairs of these entangled photon particles, it should be possible to imagine them being in the control of two individuals, such as Alice and Bob. If Alice manipulates the states of her qubits (i.e., up-spin or down-spin), Bob’s entangled qubits will instantaneously be in the exact opposite states. Currently this cannot be used to “transmit” data without the use of a classical transmission medium; however, it may be possible with the use of quantum teleportation. As Scott Simonsen writes[13], there are still many issues and challenges with this technology; however, as we have seen so many times in the past, given enough time, these challenges too will be overcome.
In summary, there is a ton going on in the world of quantum physics as it relates to information security and data privacy. Quantum computers are demonstrating computational prowess lightyears ahead of classic computer systems, although the capabilities and usefulness of the qubit-based computers are still fairly limited. In time, as more qubits are added[14] and as more functional software is developed, we will have challenges with the transition to new cryptographic algorithms, from a time and cost perspective. We will certainly need to re-encrypt existing data stores (i.e., disks, backups and archives) using the new PQC algorithms and transition all systems performing data-in-transit encryption. Perhaps quantum communication will help with some of this through teleportation, but only time will tell. We are at the advent of this incredibly transforming technology and there are many potential upsides, as well as significant downsides; however, I believe that we will overcome the obstacles and realize the full potential, both good and evil. As security professionals, we must begin to plan (contemplate, keep current on related articles, risk assess, set aside capital, etc.) for these forthcoming changes so as not to be blindsided.
References
1. Google scientists say they’ve achieved ‘quantum supremacy’ breakthrough over classical computers; Kaplan, Sarah; Washington Post; October 23, 2019; https://www.washingtonpost.com/science/2019/10/23/google-scientists-say-theyve-achieved-quantum-supremacy/
2. On “Quantum Supremacy”; Pednault, Edwin, Gunnels, John, Maslov, Dmitri, and Gambetta, Jay; IBM Research Blog; October 21, 2019; https://www.ibm.com/blogs/research/2019/10/on-quantum-supremacy/
3. Blanket of Entangled Light Pulses for Larger and More Powerful Quantum Computers; Technical University of Denmark; SciTechDaily; October 22, 2019; https://scitechdaily.com/blanket-of-entangled-light-pulses-for-larger-and-more-powerful-quantum-computers/
4. Q&A: DU Professor Uses Lasers to Democratize Quantum Computing; Hurst, Alyssa; University of Denver; October 24, 2019; https://www.du.edu/news/qa-du-professor-uses-lasers-democratize-quantum-computing
5. Quantum expert Birgitta Whaley appointed to White House science advisory council; Sanders, Robert; Berkeley News; October 22, 2019; https://news.berkeley.edu/2019/10/22/quantum-expert-birgitta-whaley-appointed-to-white-house-science-advisory-council/
6. Blink 182's frontman and extraterrestrial researcher inks contract with military; Wolfgang, Ben; The Washington Times; October 25, 2019; https://www.washingtontimes.com/news/2019/oct/25/army-study-beamed-energy-propulsion-metamaterials-/
7. Just how strong is 256-bit encryption?; Nohe, Patrick; Hashedout by The SSL Store; May 2, 2019; https://www.thesslstore.com/blog/what-is-256-bit-encryption/
8. NIST Reveals 26 Algorithms Advancing to the Post-Quantum Crypto ‘Semifinals’; NIST; January 30, 2019; https://www.nist.gov/news-events/news/2019/01/nist-reveals-26-algorithms-advancing-post-quantum-crypto-semifinals
9. Report on Research Challenges in Post-Quantum Cryptography Migration and Cryptographic Agility; Lynch, Clifford; Coalition for Networked Information; October 20, 2019; https://www.cni.org/news/report-on-research-challenges-in-post-quantum-cryptography-migration-and-cryptographic-agility
10. Identifying Research Challenges in Post Quantum Cryptography Migration and Cryptographic Agility; Computing Community Consortium; February, 2019; https://cra.org/ccc/wp-content/uploads/sites/2/2018/11/CCC-Identifying-Research-Challenges-in-PQC-Workshop-Report.pdf
11. Explainer: What is quantum communication?; Giles, Martin; MIT Technology Review; February 14, 2019; https://www.technologyreview.com/s/612964/what-is-quantum-communications/
12. Huishang Bank turns to quantum communication; DigFin; April 24, 2019; https://www.digfingroup.com/huishang/
13. Quantum Communication Just Took a Great Leap Forward; Simonsen, Scott; SingularityHub; December 26, 2018; https://singularityhub.com/2018/12/26/quantum-communication-just-took-a-great-leap-forward/
14. How a quantum computer could break 2048-bit RSA encryption in 8 hours; Emerging Technology from the arXiv; MIT Technology Review; May 30, 2019; https://www.technologyreview.com/s/613596/how-a-quantum-computer-could-break-2048-bit-rsa-encryption-in-8-hours/