Rene: Hi! Welcome to season three of QuBites, your bite-sized pieces of quantum computing. My name is Rene from Valorem Reply and today we're going to talk about applying quantum security. And for this, I'm very honored to have a special expert guest today, Patrick Hynds. Hi Patrick, welcome to the show! How are you today?
Patrick: Hey Rene how are you doing?
Rene: Doing also very well. And Patrick, I know you also speak very well German so, wir könnten auch Deutsch reden (we could also speak German), but let's stick to English to be more inclusive for everyone, right?
Patrick: I was hoping to practice.
Rene: Yeah, and I always notice you speak fantastic German in fact. But can you tell us a little bit about yourself and your background as it relates to quantum computing and security and the related topics?
Patrick: Sure. I went to the United States Military Academy at West Point. And there they poured math and science down our throats; I think I took 19 credits of calculus while I was there. So, I was kind of predisposed to physics and the math that's involved. I was and Infantry Platoon Leader in the first Gulf War and that got me cemented into the security side of things, and [now] I run a software and security consulting company. So, I kind of been destined to pay attention to the security in what's going on and that's what we want to talk about today.
Rene: Yes, so like you said, let’s dive into today's topic with quantum security. And so, in the previous season of QuBites and season two, we already talked with your friend Ciprian. Who's not just also [a] fellow Microsoft Regional Director, like we both are, but also the co-host for your own quantum computing podcast called Entangled Things- which is an amazing name by the way. But can you tell us a little bit about that show and maybe share one of the highlights from one of the last episodes?
Patrick: Sure! It's been very exciting, and I’m sure you know because you've been doing this podcast on this exciting topic. We just had guests from D-Wave, talking about one of their latest discoveries with Los Alamos National Laboratory. There is a lot going on in this space, there's too much going on in this space. And so, I think the more people like yourself and us that are talking about it, the better off we'll all be, because this is going to change the world. Fundamentally.
Rene: Yeah, yeah. And you know we heard that many times in the past but for quantum computing this is definitely true because this will help us to solve the big challenges right that we cannot solve with today's computing. But let's talk about quantum security. And in the previous episodes of QuBites, we already had some guests related to quantum security for example, Lea Jäntgen, Xenia, etc. And we talked about the threat for quantum security, but also that there are opportunities. Like quantum key distribution and a couple of other things. And so, what is your opinion? And can you share some examples where you see [quantum computing] as a threat but also the opportunities for security?
Patrick: Yes, it kind of gives with one hand and takes with the other. So, as you know, RSA and other public / private key encryption is it is under threat because of Shor's algorithm, which allows us to do factoring. That's an oversimplification but effectively it puts those encryptions at risk. It also endangers shared key because it allows brute force to be conducted. That kind of gets downplayed because whether it takes 500 years or 250 years to break, a key doesn’t really matter. But when it goes from 5,000 years to 30 seconds, that matters quite a bit. But on the other hand, there's some really interesting thoughts and protocols that have come out. Like BB84 is the one I like to talk about. BB84 was [developed when Charles] Bennett and some other colleagues came up in 1984 with a mechanism for sharing bits, a stream of bits that is truly random to create a one-time pad. So, the idea would be you and I would trade bits, generate a unique key and then send a message with that. and we would continuously do that and the key strength of it is, it's not un-interceptable but it can't be intercepted without detection. so if someone were listening to our generation of those keys, we would know it, and we would know not to use those keys.
Rene: So basically, you can identify if there's a man in the middle attack happening, right?
Patrick: Mathematically. Yeah, it's based on the probabilities. There's no mistaking the signature if someone's listening. And that's very, very superior, as you can tell, to the way we do things now.
Rene: Exactly. And this is also being distributed with satellite communication, right? Like you can use actual satellites that are orbiting around earth for this super secure communication channel, right?
Patrick: Yes. The idea is that you want to, I mean the limits that are being pushed is how far and how fast. How many bits, you know? We're still not at the point where you can encrypt a video stream, I don't think. I think the Chinese government has published that they've been able to do like I think 1900 kilometers of communication. And part of the challenge here is, you can't replicate these qubits. You can entangle them further, but I can't make a copy. And that's really where the security [opportunity] comes from. The no cloning theorem means that if I intercept your entangled photon, I can't make a copy of it and then send the copy on and fool you. That's why I'll always know if you're in the middle.
Rene: Got it. Got it. And so, like you also said, it's also a threat for the security and the current basis of secure Internet communication, right? Which is based on cryptography. And that can be, with Shor’s algorithm, can be cracked easily once we have enough powerful quantum computers in the end, right? And so, my question for you is, what should enterprise users do now to be prepared for this quantum computing supremacy and to not face a surprise like we faced back in the days with the Y2K bug, right?
I hope I'm not sharing our age here, mentioning the Y2K bug and the millennial bug. But for the younger folks here, Y2K was basically a widespread computer programming shortcut that was expected to cause extensive havoc actually, as the year changed from 1999 to the year 2000. Because most systems, or not most systems, but some systems had the year encoded only with two characters instead of four, right? So, they were thinking when it switched to 2000 it [would] switch to 19:00 and not 20:00 right? That was basically the Y2K bug. In the end it all went mostly fine because major systems were actually upgraded in advance before [the new year], to handle years with four numbers and not just 2 digits. And so that, in the end, you know worked out because a lot of companies finally realized, ‘oh,we have to do something because otherwise we might face this big bug happening at midnight when we reach the millennium.’
But anyhow, so what should…you know we of course learn the lessons, right? And what do you think should enterprise users do now to be prepared for this quantum computing supremacy to not be faced over midnight basically [with], ‘hey all our security algorithms are broken now?’
Patrick: I think that's a very, very important question. Because there's a lot of different ways you can handle this. Some people would say, ‘well quantum computing's been coming for 10 years, for 50 years.’ That's not true anymore. We've got systems with qubits, and they're going up at a fairly rapid pace. Because of that, you really have to pick your poison. Do you want to dive into quantum and try to be among the first to use the quantum key distribution? I pay a lot of attention to the governments and what they're doing, and China has been very much ahead in the quantum communication side. It’s the piece that they've decided to specialize in. That could be a very expensive proposition. It's something you should definitely pay attention to. One of the things you can do is use larger keys. In order for Shor’s algorithm to break an encryption, a public/private key encryption, it needs more and more qubits the larger the key is. And so, if you're using 1024-bit encryption, maybe you want to jump up to 4096 instead. That's a delaying action. That's a ‘well, let's deal with this a little bit and buy ourselves some time.’ But it is a way to buy some time. We're still far away from a point, in terms of how many qubits are available, to how you could break a 1024-bit public/private key. But there's a prediction that it could come fast, especially as the innovations keep coming.
Rene: Yep. And just like you were saying that the progress that we're seeing with the advancements in quantum computing hardware is really mind boggling. I just saw a report, or like an announcement from IBM; basically, IBM is also one of the big players when it comes to quantum computing hardware, as well as software, right? So, they just [announced] they currently have a quantum computer with 65 qubits and they said by the end of this year, 2021, they expect to have device with 121 qubits. So, [they plan to] almost double it. And that is pretty impressive already, but what they also wrote is by end of 2023, so around two years from now, IBM is expected to have a quantum computer in the cloud with more than 1000 qubits. And this is when things get really, really interesting. And it's not a long time ahead, so definitely we business leaders should plan ahead and think about it. Also, post quantum cryptography. I mean there's a lot of research for new cryptography algorithms, but all of that will take some time until it's implemented, right? So, we gotta think about it right now, because it's coming and there's no way it's going to be stopped.
Patrick: Agreed. Agreed. And it's exciting, it's also terrifying to some people. It's going to disrupt a lot of businesses because most people don't even realize where they're using encryption. That's one of the first things they can do right now is make an inventory of where you are using encryption, what level of encryption it is, what style of encryption it is, etc. Again, the public/private key is the one most at risk. So, a shared password. Well, we've all denigrated shared passwords over the years. They're a horrible scourge and an incredibly useful tool at the same time. You need to know what your passwords are, where they are, and make them as strong as possible. I think if you start there, that's probably the best place for anybody to begin.
Rene: Agreed. Well, we’re already at the end of the show. We could talk for many more hours around this topic. But anyhow, thank you so much Patrick for joining us today and sharing your insights. It's very much appreciated.
Patrick: Vielen Dank (Thanks a lot).
Rene: There we go. Gerne geschehen (you are welcome). Thanks everyone for joining us for yet another episode of QuBites, now season three! Watch our blog, follow our social media channels, to hear all about the next episodes of QuBites season three. Take care and see you soon. Bye, bye.