Cybersecurity in the Quantum Future

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

welcome to csis online the way we bring you events is changing but we'll still present live analysis and award-winning digital media from our drakopolis ideas lab all on your time live or on demand this is csis online great welcome to csis thank you for attending this event on cyber security and quantum cryptography uh quantum computing is going to change the parameters of cyber security uh if you i was going to say if you remember which you probably don't but if you know the the origins of the internet uh cryptography classic cryptography is the backbone of much of what we do and quantum is going to change that considerably i was going to change it is what we'll hear from three experts uh we're lucky today to have lisa o'connor who's the managing director of global security research and development at accenture and leads their global security and research development lab uh j.r rao who is the cto of security research at ibm and also has a global team that works in cryptography a cyber security cloud mobility mobile security um and finally uh dustin moody who is a mathematician and the project lead for post-quantum cryptography at the post quantum crypto you would think i'd never done this before right um post quantum cryptography uh project at the national institutes for standards and technology so thank you to all three the format today will be conversational um i will open up with a few questions uh if we have time we'll get to questions from the audience you can send them in the chat function or in some other activity let me start with uh dustin because dustin in december you wrote a piece entitled uh the future is now right how how close is it how much do we need to think about quantum computing and quantum cryptography is the future now or do we have a couple minutes uh well good question um researchers and and very smart scientists have been working on building a quantum computer for a long time a few decades and they have been making more and more progress in the past few years we've seen companies like ibm and google and others having announcements of progress in the number of qubits and other metrics getting larger and larger quantum computers they're still relatively small scale in terms of the impact they would have to cryptography they are big enough to do some applications i believe but i would say in terms of getting a large-scale quantum computer that would do all sorts of computation we're maybe a decade or more ish roughly no one knows for certain but we still have a little bit of time great lisa or jr did you want to pitch in on that sure so i i think we may be closer than we think and let me let me just be a little provocative so so what we know in the research community and what we've been doing we we are we're operating with smaller qubit space right and to get to this impact point where we think we're going to be really impacting cryptography at scale that requires a little more processing power but i i think we have to go back and look at cyber threat and think about what the threat is and again whether that's the academic sector or the public sector we appreciate that there is probably more going on in other sectors and i think that's kind of that that's sort of our lens for thinking about readiness and getting prepared for this inflection point where we're going to be vulnerable in our cryptography because it doesn't take oh it doesn't take solving all it takes targeted focus and it takes targeted focus at an adversary going after that communication or that thing um that they want pastor or present right and so again i think everyone has to appreciate sort of what the threat is against um businesses nation states other things and then think about what investments are being made and what that feels like so it may be closer yeah i i'll just add a little bit uh more to this trying to make a distinction i mean we do have uh quantum computers today we have you mean you can for example speaking for my own institution at ibm you know you have something called quizkit which is a a a toolkit that one can use to write quantum computing programs and these are quantum algorithms for things like simulation or optimization in various fields and you can have them actually run on a quantum computer the key the key aspect here is that traditionally if you look at the programs that you're right now they really will not give you a advantage over classical computers so what we're trying to talk about here is when we say how close are we to quantum computing especially in the context of security when can we when do we expect to expect quantum computers to have evolved to the uh to the level of accuracy to the level of qubits that we need so that they start posing a significant threat to the id systems that we have into the cryptography that we've deployed now and that's where you know i i connect back to what my colleagues here what dustin and lisa have said which is you know it's not just the number of qubits it's also the error rates and the accuracy that one needs to get and uh so breaking something like 20 48-bit uh rsa for 2048-bit keys for rsa would require almost like 6200 qubits and 2.7 billion operations and you know my colleagues tell me the error rates are going to be 3 into 10 to the power minus 9. given that the error rates today are like 10 to the power -2 we are talking about seven orders of magnitude and and so we do have some ways to go before we are able to get to the error rates that we would need to standard to uh to be able to field a machine and run programs that can actually uh pose a threat to crypt to the uh to the security and cryptography that we've deployed today well let's talk for a minute about what that threat looks like it may be some years out i i will say that one of the things that always preoccupies people who do national security is the idea of technological surprise so i i hope you're right about how far out this is i expect you are but lisa where do you start what is what is the threat from quantum computing how will it power manifest itself and then dustin and jr if you could if you could touch on that one too so the threat from quantum computing again with the with what quantum computing does well and so the the things that quantum brings in terms of optimization um factorization other things that actually affect our cryptography affect many of the underlying services but it's not just our cryptography and this is where we kind of have to think broadly of where cryptographic methods are embedded in many things that we do in our business processes and our communications and our identity um let alone encryption right um just sort of thinking about data protection and communication security but we have to look at where all of those methods are that could be vulnerable and so when we hit that inflection point that's why we're talking about confidence and trust and and error correction and the scale of quantum compute because as we hit that inflection point we we are we're faced with a lot of risk to those services and so um i think the the the important thing is as i look at it is we're sort of in this borrowed time space right now as we're as we're preparing and we're planning we're ready for whatever dustin's team approves and hands out and says this is the algorithm we're going with it um that we need to be preparing understanding where the cryptographic methods are within our infrastructures prioritizing those figuring out what the exposure really is um and then thinking about re-architecting taking methods now to potentially harden them a little bit more or get to crypto agility and and crypto agilities really you know we think of the the the y2k challenge that we had and this is probably ours to really look at how do we extract these services and really modularize them and so your cryptography or cryptographic methods are as a service so that we're ready for what nist comes out with and we're ready for future changes because we anticipate those too i agree with what lisa said um to be a little more specific in terms of the impact of quantum computers on cryptography many cryptosystems are broken down into one of two different types what's called public key or asymmetric cryptography as well as what's called symmetric key cryptography and the impact on public key cryptography is quite dramatic a large-scale quantum computer would be able to completely break all the public key crypto systems that we use today that includes rsa it includes elliptic curve cryptography any other discrete log based system and so that's part of the challenge is that we will need to completely replace those algorithms with new um cryptosystems which are resistant to attacks from quantum computers symmetric key crypto systems will also be impacted just not as drastically you'll be able to run an algorithm called grover's algorithm on a quantum computer and we won't have to swap out aes for example we'll just need to use a little bit longer key no more than doubling the size of the key so quantum computers will have a definitely a disruptive aspect in terms of cryptography jr yeah so let me um i fully agree with what lisa and dustin say but let me add a little bit more to this so you know when you ask you know what is the threat from quantum computers to cryptography and when are we going to see it i think what my colleagues are saying and i reinforce as well is that the threat that we see from quantum computers is not when quantum computers come the threat is today the impact is something that's going to happen in the future that's very important the threat is today and what is the threat today because we have we are using traditional key cryptography to secure our communications to secure our data and and if this data which is stored and secured is harvested and set aside we will see the impact the risk of that in the future when um quantum computing can be used to break the cryptography and and reveal the secrets and and really now you take that point that the threat is today and you couple that with this other point which is when we look at many of our uh critical infrastructure systems uh whether we look at uh some of the uh systems that we use that the financial services sector uses like atms or we look at even uh mundane artifacts like passports or credit cards and you look at the crypto that is actually deployed in in all these different scenarios to add to lisa's point the life cycle when you actually upgrade this infrastructure is not as frequent as how you you might uh you know replace uh cryptography so so you really need to be able to align the la the uh updates that you make to your uh to your infrastructure life cycles whether it's your atm networks whether it's or it's your mobile phone with how you upgrade the the the crypto and that cannot wait until what we say q day a quantum day to come it has to start now and so because the threat is now and and we need to start preparing for it now we know that it's a pretty standard practice for uh big intelligence agencies to record and store communications they cannot break uh looking forward to the time when they can break them so i think that reinforces the the point here that uh we ought to have q surprise day i hope we can avoid that um someone mentioned i can't remember if it was lisa or dustin uh quantum resid quantum resistant encryption and some people call it quantum safe encryption um can you tell us about that what is it what is entail what is quantum safe encryption and dustin maybe if you can talk a little bit about what you're doing with algorithms that would be helpful as well sure yeah so it goes by different names like you're saying quantum resistant cryptography quantum safe cryptography we frequently at nist use the term post-quantum cryptography and basically what it is is looking for new crypto systems to replace the ones that would be broken and will provide protection against attacks from a quantum computer now these cryptosystems are still going to need to be run on our classical computing technology that we all still have so they're very much similar to the crypto systems that we have they are just based on different ideas um rsa is based on factoring integers elliptic cryptography is based on elliptic curves some of these new ideas for post quantum cryptography are based on other mathematical ideas such as lattices or error correcting codes or multivariate algebra and so at nist what we've been doing to help solve this this problem this challenge is we've organized basically kind of an international competition that's been running for several years where teams from around the world could send in designs that they'd created that would provide protection new cryptosystems providing protection against quantum attacks and so for it's been going on about four years now we've been evaluating and analyzing them internally along with the cryptographic community around the world so that we can select the most promising ones and ultimately standardize them so that people can use them in their products and applications around the world so it's kind of like the aes contest of a few years ago yes very similar to that i did it's a bit more complex but that's the same idea great uh jr did you want to talk about quantum resistant or quantum safe no i mean i'm very excited you know i've had a reasonably long career in uh security and uh you know i was there when you know we participated in the aes competition that was truly a competition because we had number of algorithms and at the end of the day ryan dale was selected to be the winner and that was crowned as the aes winner and then soon after that and in fact we were looking at a nist was standardizing on hash functions and we participated in that as well i believe that as we go forward in this in the in this post quantum project and of course dustin is the authority here it's it's not as much a competition as it is a selection that we are expecting not a single winner but there would be uh more than one recommendation is what i understand dustin uh as we get towards the end of this year beginning next year and there would be and that's probably appropriate because we would need different algorithms which will have different resource requirements that will run more efficiently in different on different kinds of compute architecture which is just one thing i mean of course they could also have different security parameters and so on uh so really looking forward to this so that uh you know we can start we so we get a little more direction in terms of standards and the way we want to go uh especially in terms of helping our customers secure their uh in their quantum journeys great i'll just say you're correct yes we anticipated it will not be a single algorithm it will be a small number interesting that's different from past practice right pretty much it is it is a little bit and a couple reasons jr touched on them first one though is that we're we're looking to replace public key encryption as well as public key digital signatures so we have two different functionalities and we're gonna need different cryptosystems for each one and then also like jr said for different applications uh what we're seeing with the post quantum algorithms right now is there's no silver bullet that will just be perfect in every application so different applications one algorithm might be a little bit better as well as they're based on different mathematical properties and since this is a newer field of research it's good to not put all our security eggs in one basket um lisa do you want to touch this one no i just echo what what dustin said because again we know we know lots of algorithms that are incredibly difficult and might fit operationalizing those and putting those into a business environment and networking environment some of those are very difficult or they don't perform to the specifications where they may be beautifully secure and so this is really this is a this is a balancing act of finding the right ones that work in if you will practical implementation so we've talked a lot about the risk that quantum techniques in quantum computing poses to security into encryption um what are the benefits so in other areas you know sensors or some of the other things that might be of national security interest there are benefits potential benefits from quantum computing what are the benefits if any for cyber security lisa maybe you can go first sure i'm happy to this is this is an area that um we're really excited about and we spent a lot of times at accenture labs digging into this because quantum has some really fun properties and depending on what kind of quantum you're using you can take advantage of those properties and so you know we think about identity and how just using a very small number of cubics can really kind of catapult the quality of that identity um and and we've worked on that some of the other things that you know we're we're thinking about um is you know how do we how do we take some of our security principles that we've had all along and maybe we're implementing them in a new way and i kick around the idea of revocation revocation of access and revocation of data and things could take on a whole new light if we think about what that could mean with quantum entanglement um maybe things just disappear and and we have the ability to do that at distance i mean there could be some really fun things as we start to take a advantage of the quantum mechanics but i i think there are a lot of things that we look to the power of it of actual quantum compute um in terms of ml in terms of how we're implementing algorithms now to say what kind of effectiveness efficiency could that give us um and whether that's looking at risk calculations whether that's looking at behavior classification models all sorts of things where they're the decisions of every day of being a security a cyber security operator that if we can do it faster better high quality insights we're in a different place with cyber defense so you're looking at how quantum and machine learning might interact absolutely how will they interact what's the is it just faster or is it something else um well the efficiency so right now during during this time we're doing um simulations and looking at what are those efficiencies that can be paid so it could be that that's um a simplification of of what the calculation is or it could be a whole new level of insights that we can get to i mean the the problem for security operators has been huge data at scale and this is a big data problem right and so how do we think about that differently and and one of the other areas of research we get excited about is digital twins and there's a really neat intersection of quantum and digital twins if we start thinking about how we're efficiently moving the data the right data through the digital twin and that model of potentially enterprise security architecture the model of your ot environment now what does that do and put in the power of quantum and that and it starts getting really exciting when you get to the analytics maybe for the audience you could give them a quick uh definition of digital twin i got a white paper on it great and we'll we're happy to post the link but uh for the video in fact we might have posted the link already um yes well yeah you may have but yeah a digital twin in our case we create what we call a cyber digital twin and it's really a temporal knowledge graph so temporal being time sensitive knowledge graph where we're pulling together attributes and building a contextual model of let's say enterprise security so it is pulling the attributes of things from it or ot that are relevant to what your security looks like and that takes a lot of of course insights and intelligence to know what to pull how to put it together but that's our cyber digital twin okay great uh jr oh you're muted sorry sorry about that so uh let me just add a little bit to what uh lisa just said you know quantum mechanics and quantum mechanical principles are amazing because one of the one of the interesting concepts about quantum mechanics is that if you measure the state of a system then you can actually alter or alter the information that's actually flowing on that system so so in particular you know if you have uh let's say a classical communication line and you had a eavesdropper listening on it there'd be no way to tell whether there's an eavesdropper listening on that but then if you were if you were if you had like a fiber optic cable and which you're sending down let's say photons that represent qubits um then you know you can actually uh if an eavesdropper tries to measure some of these qubits then the state of those qubits would actually change and it would be possible for the sender or the recipient to know that somebody is actually eavesdropping so this is very very interesting because this opens up this whole new space for us so something very simple uh very fundamental and basic for us like key distribution and key management when you use quantum computing to elevate it to the next level when you say i want to do quantum key distribution and you you when you start doing that then you can start um you know getting some of the assurances that you know you were able to detect if you know you you can by using quantum means you can detect if there's an eavesdropper in that sense quantum will make the task of managing key distribution that much more easier and and you know this is not something that is a phenomena that you can't really get with something like uh traditional communication methods uh so so you know it is very interesting so these are some of the attributes that i think quantum computing itself will bring and will hopefully make some of our work fundamental work around key distribution key management easier now on the other side i mean i think a a very intuitive or a simple way of relating to the power of quantum computing is to say that you know you have problems that you used to take exponential amount of time you can get at least super polynomial speedups using uh you know quantum computing and so what that really means is that you can do things in parallel you can do things much faster lisa was alluding to big data many times you're looking at graphs in security you're looking at knowledge graphs especially with ai that you refer to knowledge graphs is a fundamental data structure in representing concepts and relationships and in in especially in the area of threat intelligence and in trying to comb through uh you know the millions of indicate potential indicators of compromise that one sees to find that proverbial grain of sand at the bottom of the ocean how can you speed this up how can you do this in parallel so there are promises that quantum brings to the table and these are some exciting uh applications um which i think the security community would benefit from as we go forward and dustin i know you're in the algorithm business but uh what would you say about this question and what are the potential benefits of quantum computing photography they've hit on many of them i mean quantum computers in general will have a very positive impact in in many science applications medicine quantum computers are not a universal machine that will solve every problem but for many problems they'll be very well suited jr mentioned quantum key distribution or quantum cryptography that's a very interesting um application that is positive where you can have your cryptography essentially guaranteed by the laws of physics so i'm sure we'll talk more about that that's a positive application i also think uh the the chance we have where we're going to be uh transitioning to new algorithms and lisa mentioned crypto agility that gives organizations a chance to look at the cryptography they're using and perhaps redesign their systems in such a way that they have more crypto agility which is the ability to rapidly switch out your crypto algorithms for new ones and that's a good practice independent of if if your algorithm is quantum resistant or not so i think the fact that we have a transition coming up there will be challenges associated with that but it also gives you a chance to make sure you're doing things correctly can there's there's one more thing i'd and we wouldn't miss if we didn't talk about it and it's random right and that quantum has superpowers when it comes literally to random to generating high quality random which happens to be the basis for so much of our cryptography our trust identity all sorts of things and go back to the strongest cryptography what is it the one-time pad right we could be back to that but faster and so thinking about that that's another another feature that we get excited about as as people in security because we're like wow high quality random all the things we could do with that and and that goes after a number of challenges to give people a little perspective i interviewed a company that made cryptography for a particular critical infrastructure and so i said so um how did you guys come up with a good random number generator and they said always easy we have a list of numbers and then we randomly select it's like um may not be what we had in mind but uh so random number generation is is would be interesting to see you could get uh how would you apply that though i mean how would it be would you is it like a cloud service i mean would it be built into a product how would it work [Music] it it certainly could be i mean we it could be seed key it could be used for a number of things um even as you know one of the ideas that we're kicking around is where are the places that you might um you might have depth you might have repetition you might not be truly generating random but you could become predictable and so we're going after some of those areas thinking about cloud and instances in cloud and how how they're generated how they propagate um and do they become predictable and so if you're able to insert high quality random into those events um we're removing a whole bunch of potentially i guess dustin can tell me if i'm using the word incorrectly but cryptographic depth or depth and kind of how we're generating that yeah and i'm glad that lisa brought up randomness it's very important to have good random numbers for cryptography like she mentioned and that's that's definitely one of the applications of uh quantum computing technologies um i want to throw out their nist has what's called a random randomness beacon that uses quantum technologies uh um to generate random numbers every minute it's published on the on the site timestamp and so you can go there for a public source of randomness and there's other countries that have since made random beacons in a similar way so if you don't trust nist you can combine other countries as well shocking who doesn't trust next so uh j.r do you want to talk a little about randomness i mean i think this this might be a little hard for some of the audience but i think it's an important part of the cryptographic future yeah i think uh um it's really you know to have a good keys that uh you know that uh cannot that are not prone to brute force attacks and which rely on you know at least in traditional cryptography on things like good prime numbers you need to have a good source of entropy and that entropy really comes from having a good source of randomness today we have in our systems today if you look at the state of the art we build true random number generators but sometimes they have what are called stuck at zero faults which means suddenly a sort of source of non-determinacy becomes very determinate and as a consequence if you don't detect that event all the randomness after that is broken and all the keys you generate after that are broken and your security suddenly plummets down to zero or becomes very guessable right so to counter that we use things like you know pseudo random number generators where we have uh we we rely upon some source of true randomness but then we also um you know use that as a seed and we use different functions such as random functions to be able to generate randomness from that i think this would take us entirely to a new level in terms of the entropy of the source of randomness and the reliability of that source as we go forward so uh yes it is absolutely right what lisa and dustin have said that entropy is the foundation and randomness is the foundation of achieving the guarantees of cryptography so a while ago it used to be said that attacking the random number generator was a a good way to achieve uh decryption uh is that going to change uh with uh crypto with uh quantum cryptography if you were if you were an attacker you might look at the random number generator as a an avenue into plain text i think that will still continue to be true not everyone will be using quantum sources to generate their entropy and so i think attackers will continue to exploit that and there have indeed been actual attacks where people have exploited bad randomness in the generation process to to get access to systems yes okay um so lisa you sent me a question that i thought was really interesting which was uh and i'd like to get all three of you to talk about this one um what should companies be doing differently now and what should companies be thinking about uh what what is the challenge so for banks for telcos for a lot of the big companies that rely on encryption for the cloud service providers what should they be doing now what should they be thinking about now yeah so i think they're kind of two sides of this one what do you do for the defense what do you do for the offense how do you use it for good right how do you take advantage of thinking about what quantum compute could do for the business on the on the defensive side i think we talked about you know crypto agility and and the homework that is needed now so if your companies or agencies have not started planning for this you're you're at t minus who knows right and you need to start because these are not small changes these are these are big efforts for identifying where these things are prioritizing them and developing the right strategies for refreshing or getting to you know that crypto agility or getting to a different architecture where you're protected and you think you're in an enclave i don't know if those exist anymore but let's pretend so but that that's again that's the um preparation for crypto agility which is literally a it is a multi-year journey it is not going to happen quickly if anyone remembers swapping out ssl certificates wasn't that fun one piece right so we remember what that took um and then on the on the kind of positive side on business i think there's an opportunity and you know when you think about what the power of quantum is and how it could change how we think about some of our business challenges and some of the problems that were really hard with classical computing yet now with quantum they're back in the realm of possibility and they're back in the realm of an efficient calculation or you know we'll say number theory math that we didn't have access to before right and that's the quantum compute so there is um there should be a process going on of thinking about you know from a business perspective where are the opportunities to engage with quantum and start doing that now in planning and thinking through what those good business processes are and picking ones that aren't too far out or too complicated to show some early wins on what the power of quantum could do to some of these complex calculations or some of these things that are large intractable kind of problems that we may have shelved um and i'd love to hear what jr has to say about this uh thank you lisa for that key up so look i i fully agree with your characteristic characterization of quantum and that is true for most technologies that we see um you know i think quantum is real this is the decade of quantum within the next decade we will see quantum be very real for us and so what in every industry it it has the power to be very disruptive and insofar as companies are planning their strategies and planning for the future they should follow the development of quantum they should look at what areas of their businesses can actually benefit from quantum they should identify the opportunities that would help them get gain competitive advantage in quantum especially so because many times you know in in some of these industries it may be that it's winner take all right and and so you know if you look at industries that rely on like chemistry or material physics right material sciences you know there are you can do large scale simulations very accurately of large molecules and you can even develop materials which have you know new desired properties and you know something like that could help you corner a significant part of the market you know you could also have much more sustainable much more energy efficient processes we've done some work with some of the car manufacturers around designing better batteries looking at thermodynamics of materials using price pricing derivatives for example so so there's a lot that can that that can there's a lot of invention that can happen that is very disruptive to the marketplace and that could see a real realignment of significant realignment of market shares of different companies as we go forward now having said that of course the flip side of it is the stick side right which is also what lisa talked about which is preparing for the threat of quantum to currently how we actually do business today and that is the threat to some of the uh the security mechanisms and that led us down the path of quantum safe cryptography dustin did you want to add anything to that i think they've they've hit most of the highlights um about doing an internal analysis to figure out you know where you stand and where you want to be making sure you're doing that i'd caution against maybe acting too quickly in terms of we're still in the process of selecting what algorithms to standardize and we would not recommend that anyone pick an algorithm and start using it in advance of having standards so that you don't end up using the wrong thing our timeline is that at the end of this year we expect to name the first algorithms to be standardized and then it will probably take us another year to to draft that document and get public comment and everything so start preparing and within a year or two you'll be able to start knowing the algorithms and that it'll start filtering out into products you can start adopting it but don't act too quickly in that regard as i was listening to this one of the things that occurred to me was well it's a three-part question so that means it probably won't make any sense so get ready um this is this is a complicated project and so a lot of companies won't have the resources or the wherewithal to undertake the kind of action that we're talking about and so um how expensive is it going to be for companies to think about quantum you can guess on that um can we ever look for something like a quantum startup do they exist i mean is that just even the realm of the possible and finally will quantum cryptography or other quantum things we're already moving in this direction but should we be thinking about quantum as a service you know which is one of the tricks now and it just put as a service after any other verb so where where do you see what's the challenge for a company or is it money is it personnel are they better off looking for an outside outside supplier what would you advise because we when we did the solar winds review we found that many companies perhaps didn't take some of these cyber security issues as seriously as we might have hoped so it's hard to see them suddenly waking up and deciding to also take quantum seriously what would you advise companies wait until it's available and buy it as a service look for the startup you can acquire or build your own capacity any views on that one i i would say build your own capacity and then i'll come over and play [Laughter] now at this point um that they're and this is a really interesting place to watch startups and what's happening in the ecosystem because a year ago hundreds right and now we're seeing some starting out in the marketplace of of what is what is sustainable and what is um showing progress and buy-in and so this is not a place where non-technology companies should be investing in literally building quantum let's i would i would leave that to the experts to build the quantum and and again um work their magic now what i would say is there are all kinds of ways that businesses can get engaged with quantum now and that is thinking through what challenges what business challenges what fits and and there you can engage lots of consultative expertise um in in the journey of thinking through what to bring towards quantum what business problem you bring towards it what's your roadmap towards that what what kind of accomplishments do you want to get in what time frame but as a service absolutely and and we're seeing that right there all of these most of them are accessible via cloud and that that makes it sort of tremendous to do the simulations and practice and sort of get your sea legs if you will with understanding what it can do for the business problem at hand and i think that's useful experiences because that's going to inform how you invest forward in the in emerging tech whether you're going all in to invest in in timeshare or invest in other things that's important for the business direction to know what roi you're going to get out of it so you really want to pick things where you can demonstrate that jr did you want to pick up yeah sure let me three part questions so let me try to address them so i agree with what lisa says that you know this is not good you you really need experts to weigh in on how you will how quantum computing is going to uh be be deployed and be used in practice across the industry now i do believe that you know when quantum becomes real in terms of uh industrial strength machines and so on it is going to really unleash upon us and it will open up possibilities the likes of which we haven't seen before and and the way that this is going to happen though is i you know i think it's not going to be a single company that does this i do believe it's it's i don't think it's within the wherewithal of a single company to achieve this i do believe the right way to do this is sort of the public-private partnership that we have seen again between experts in the space between the likes of which we are seeing with nist and academia and industry the experts that have to come together to actually advance not just the fundamental science but also to develop the road maps and and you know how we will navigate to this future where we start harnessing quantum now companies themselves look there is a lot of space for innovation here uh crypto agility of course has been mentioned uh some of the universities for example are setting up quantum ecosystems and i recently read about how university of chicago is setting things up around uh you know in the chicago area there are things in in around the university of waterloo in canada and across the board right uh you know the stakes are high uh as i mentioned it's many times it's like a winner take also there's a lot of room for innovation and and so there is a place for startups in in response to your second question now the third part you asked you know is this going to be quantum as a service so i think one has to visualize a little bit what this future is going to look like it's going to be very different from what we are used to today in terms of having compute in the hands of everybody right whether and multiple compute right my iphone my laptop my smart you know uh my ipad and so on what it's going to look like it's going to be a hybrid uh future in which we will have we'll continue to have classical uh computing mechanisms right these will not go away but then we will have uh you know centers where we have uh you know quantum computers uh integrated with what we know for example as high performance computing for example if in the united states if you look at the department of energy labs which field a lot of the doe labs which field a lot of hpc systems so hpc will be integrated with quantum and there would be workflows industry specific workflows that run across them and the results of the explorations that are conducted by them are going to be made available for consumption across industries and end to end points so that's how the value of quantum the value that quantum is going to unleash will flow across society and so if you if you keep that in mind it's not there's going to be quantum as a service it you know yes there's going to be an aspect of that but we we have to look at individual domains and we have to see what kind of hybrid architectures are going to make sense to investigate certain areas how we leverage existing investments in hpc for example think of the oil exploration you know the geophysical explorations that the oil industry does for example and then how you marry those with what are the aspects of the exploration problem that are amenable to quantum mechanical principles and can be speeded up and bring that together and then and then you make that available for uh to the benefit of society so all this work remains to be done and you know and this has started too many many of our customers are thinking about this as i men give you some examples um and and that's how we have to think about the future hey dustin let me uh tweak the question a little bit um what sort of programming skills are you going to need for this i mean when you hire somebody what do you look for and not just math i mean we got that the math is part of it but are people different programming languages same programming skills what should we be teaching people i think uh what what they're learning is good uh these these new crypto systems being proposed they require you know different types of math but it's learning lattices or learning error correcting codes so you have to learn some new ideas but no we don't need new programming languages or anything in that regard experts who are well-versed should be able to adapt it's a little bit more complicated than elliptic curves or rsa but it's not unfathomable i'm going to pick on you a little bit more when you think about what nist should be doing what are the tasks for nist moving forward both what you want to do say in the next year besides launch the algorithm uh first algorithm what do you want to do long term so what's the tasking for nist so yeah right now we're finishing up getting the algorithms but that process will continue even after we name them there are algorithms that we are interested in that still need a little bit more time for study so we will continue the process of looking at different algorithms to see if they should be standardized or not we're also very much wanting to provide cryptographic guidance about the transition and so that will be coming out you can't give that advice until there's new algorithms to transition to but once that is you'll we'll have documents for that i would point people as well to our national cyber security center of excellence kind of our partner organization has also established a project to help with the migration and transition and is actively writing a playbook to help organizations prepare and it's also a good place where you can you can give input um we would very much like to know you know will these crypto cryptosystems we're considering will they work for you are the keys too big do they run fast enough so long term we'll continue to keep our eye on any threats to our standards that we have we'll adapt as we need to revise our documents quantum was a new area you know it's we've seen it coming and we're preparing for it but i anticipate in the future there will be other attacks other challenges other new technologies and we'll continue to make sure that we have the strong cryptography that our nation and our industries around the world need let's conclude with a couple policy questions so uh you know the first one is is the u.s organized right for quantum is the national quantum initiative uh enough uh you know in my head when i was preparing for this i was comparing what we do on quantum is what we do on ai right so are we doing the right thing on quantum do we need to do more different are we organized as a government and as a country for quantum research quantum cryptography you can answer that one anonymously if you want so let me take a stab at answering this so absolutely i think you know um definitely we are doing a lot in quantum uh you know we have the uh sort of the quantum initiative look the the very fact what nist is doing is something that has been uh imitated and adopted worldwide you know the different different countries are looking at quantum trying to figure out what their own standards are you know we said that we set that trend here and the world is being uh picked up worldwide means you know we're doing some of the right things right and and so not just that you know when you know i know we know for example that the uh different uh agencies of the federal government for example are looking very carefully at what their quantum risk is what their exposure is uh and they are beginning this journey towards doing a risk assessment putting in place crypto agility mechanisms to be ready for q day so that they can upgrade and modernize and and so in that sense they are they are serving as some of the uh the guinea pigs or the early exemplars of early adopters trying to test and provide feedback into how you know some of these upgrade programs would actually run now definitely i think more could be done in term the research community is of course involved but you know in terms of making sure that we have adequate skills in the workforce um you know in terms of making sure that our one of the big things i mean we all know about the security industry is the buzzes around the white house executive order that came out on may 12th uh which a significant part of it is around securing supply chains and you know supply chain is is so critical for our well-being and our well-being and survival and so you know how to make sure that we have a healthy and sick quantum secure in a quantum sense a supply chain for example so some of some of these discussions would also uh bleed into that so i think we are at the uh we have a very good start uh as a as a nation uh i think we do we do have many initiatives underway and now we just have to follow those through um and and build up the skills and the expertise uh to make sure that uh you know you know it's going to take take a number of years i think nist makes this point in its uh in in their recent report on post-quantum cryptography it's going to take maybe even decades before we can secure all the systems out there in a quantum sense and so we're going to live in a hybrid world for a while and that could provide a very rich and fertile uh ground for attackers to exploit so how are we going to cope with this and you know how exactly are we going to migrate you know into a quantum say future you know again it's going to be through public private partnerships and again we have to show the way and and set the standards i believe um lisa another view from the private sector we'll save dustin for lasting okay yeah i think we should invest more well i was gonna say usually people i would love money more investment in this area because it is i mean the good news is this is this is research but it gets applied very very quickly i mean we think about the life cycle and you know unlike ais you used ai as a sort of a a yardstick ai we didn't have to change the compute we have classical compute we're not changing kind of thinking we are changing the whole math we're changing the system right and so number theory quantum is so different that it does take a big investment to to get moving and the good news is many private sector companies academia other places and in the government have done that right but i i asked the question what would it look like if we do more what would it look like if more were out there to to really fuel this and speed this and i think that could be interesting the one thing i would not like to see having said that as as i appreciate the innovation at hand we have many different approaches to this and we have lots of different creative thinking about how to take advantage of it how to harness the power of it in different circuits and different technologies um to get to quantum and so that's interesting too and you risk sometimes by putting a big a big monolithic pot out there and saying we're gonna do three things that you may miss some of these other creative things that are going on so again a balancing act but i would love to see more um more energy to this dustin noting that you're a public servant do you want to touch the idea of federal policy and where we could improve it if necessary oh i don't want to touch too much it's probably above my pay grade um i'd say yeah the government is doing a good amount in quantum as well as you know around the world governments are spending a lot of money on quantum from my perspective it never feels like quite as much as is being focused on post-quantum cryptography as as well as other technologies but i'm probably biased in that regard because that's what i work on um but uh yeah it's it's besides post quantum there are many exciting and interesting applications that we need to be looking at as well and government should be involved as well as private organization yes it does seem to have bipartisan support on the hill which is a good sign so i i'm tempted to ask you if you had one dollar to spend more would you spend it on ai or quantum but let's save that one that's a tough one that's what budgeters have to think about um i mean i told i warned you in advance that you can't have a csi's panel without saying the word china so um tell us tell us your thoughts about where the chinese are you know i hate the phrase race but when you compare the chinese industry chinese research to the u.s i will tell you that a couple years ago and we could still travel i met with some chinese quantum researchers and they struck me as the real deal so i i don't sometimes when the chinese say stuff it's uh for public consumption that wasn't my impression this was on uh quantum cryptography so where where do you rank china what do you think china's doing on this stuff i don't know who wants to go first because frankly they could be one of the potential attackers right we all know that uh and we're probably recording things they're certainly recording our stuff and my bet is they'll revisit it when they have a quantum capability so where do you put china on this scale well i'll go ahead and go first maybe i think in regards to quantum cryptography and quantum key distribution qkd china is investing a lot of money in this particular aspect they've launched a satellite that can do qkd with the ground they built a very large quantum backbone um for the most part these applications i think are for very high secure needs like government and military this isn't what the average user is going to be using but they are definitely investing a lot in that type of technology and they're very i think quite advanced in it but with regards to post-quantum cryptography they certainly are aware of the threat our competition has been a pretty good international competition we have had a little bit of chinese researchers that have participated but china basically has decided to to do their own thing as well they announced their own internal sort of competition that was done on a much smaller scale at a much faster scale um china historically doesn't use the same standards that the united states recommends and so that will continue so they they have their own algorithms that they will use they're similar in nature to the ones that we're looking at in our process but but different jr do you want to talk about china um i i don't know if i can add a lot more to what dasia has covered uh look i mean the chinese are up there right there is absolutely no doubt uh you know there you know the president xi has actually had announced a while ago that his ambitions was to build the world's largest quantum computing research facility and they've been and judging by their turnouts at different conferences including the american physics society meetings and so on they have you know they have been uh steadfastly marching down that goal so absolutely this is this is up there it is a matter of national security for them as dustin said and they are there and uh and yes in terms of you know the quantum safe cryptography uh i think they ended there there was a paper on archive that talked about uh you know selection of their candidates i mean i think they picked a couple of uh algorithms for um uh public key encryption and digital signatures that were being considered by nist as well and they changed them they revised them for whatever reason and and so they they have actually a paper and archive that talks about and this actually concluded end of 2019 i believe that's when they put this paper out uh so so they are marching along uh and and yes they continue to be um somebody uh that we need to keep an eye on as we go forward lisa you do threat research so when you think about through research in quantum what are your conclusions yeah so so we follow the money we follow what the spending is and how much governments are investing either into companies or back into government research programs and it is a significant amount i think what is it 10 billion and then a seven percent year over year and not that that's all towards quantum it's you know quantum ai i think it's a little bit blended but those are big numbers and those are big investments and and what we know um in studying um nation states is these are these are sustained campaigns right of investment and um acquisition of emerging tech and use of it so we need to keep an eye on it and and we do follow this in in our cyber threat scape reports that we publish so you'll you'll see things in their snippets on what quantum investments are happening and what we suspect we've reached the end of our hour so let me ask if any of you have any uh final remarks or words of wisdom you'd like to contribute here before we close the program if not i'll tell you i got three lines and then you can i'll give you a minute to think um three lines that i think will be the lines that dominate this program lisa you said quantum has real fun properties that's a great quote i thought that was going to be the the line of the week but then jerry you said uh it's a decade of quantum and that's just uh that's just too good to pass up and then uh dustin uh first algorithm by the end of the year so we covered a lot of ground uh thank you for doing this any final remarks no well lisa o'connor j.r rao dustin moody thank you for participating in this and thanks to the audience for tuning in it will be available on youtube as well uh we'll talk to you soon thank you you

Info

Channel: Center for Strategic & International Studies

Views: 3,183

Rating: 4.9473686 out of 5

Keywords: Center for Strategic and International Studies, CSIS, bipartisan, policy, foreign relations, national security, think tank, politics

Id: vMZ6DmaBw40

Channel Id: undefined

Length: 65min 55sec (3955 seconds)

Published: Tue Jun 15 2021