The existential threat of quantum computing – interview


Quantum computers will open doors to otherwise impossible breakthroughs. At the same time, they might render our security defenses useless.

Quantum computing is an existential threat, says Denis Mandich, CTO of Qrypt, a quantum-secure encryption provider. Fully aware that quantum computers could easily break the protections we rely on today, the US government is racing to build a post-quantum encryption standard to protect against that threat.

In theory, we could have unbreakable cryptography resistant to quantum computer threats as early as the beginning of 2022. Yet, in practice, we’ve witnessed two post-quantum algorithms breached using conventional computers and sending shock waves to the cryptographer community.

“The fear right now is that these new algorithms we are transitioning to will break, and there’s no proof that they are secure,” Mandich said.

He believes that quantum computers are becoming the virtual nuclear weapons of cyber warfare, so it is crucial to start quantum encrypting your data today. I sat down with Mandich to discuss the less exciting side of quantum computing – the disruption that it brings.

Baidu introduced its first quantum computer. IBM said it would build 4000 qubit-strong commercial quantum computers by 2025. All the opportunities and excitement aside, can you elaborate on the threat and risks that the dawning era of quantum computing poses to our everyday life?

It's an existential threat to our digital lives and communications today. Believe it or not, we currently rely on just a handful of algorithms that run the entire internet, all banking transactions, and all our medical records. These were invented in the 1970s, and quantum computers break these systems.

Unfortunately, they underpin all of the digital asset security we have today for software applications, web browsers, and just about everything else you can think of. Back in the early 2010s, the government realized this and began a process to phase these algorithms out and replace them with newer ones, and they are called post-quantum cryptography.

These will theoretically be safe against quantum computers. But we don't know because there's no track record for them.

Recently, one of the strongest ones that were held in reserve, called SIKE (Supersingular Isogeny Key Encapsulation), was broken by a regular computer. We have no proof that these new algorithms we are transitioning to are secure, the fear is that one of these will break.

Since China, the US, and many other governments worldwide have been collecting data [store-now-decrypt-later], waiting for the day when they will be able to decrypt it and operationalize it. Everyone is very concerned that we might not be as safe as we thought we would be by converting to post-quantum crypto. Quantum is scaling much faster than we expected.

Maybe it's for the better that we learned now that a post-quantum cryptographic algorithm could be cracked? On the other hand, it was designed to resist a quantum threat but was broken using a conventional computer in an hour, so this must concern you, right?

It's shocking. It has shaken the entire cryptographic community because the way it was broken was based on techniques and math discovered in the 1970s. We started with over 80 of them [post-quantum encryption algorithms] and are down to a handful. The problem here is that SIKE, although less performant than the other algorithms, was considered at least as strong but was broken so quickly. What if that did happen and had not been discovered for five or ten years?

What about other algorithms? They haven't been breached yet, but does that mean they are unhackable? Maybe it's just a matter of time and persistence.

Even the government has told us to be crypto agile [crypto-agility is the ability of a security system to switch between algorithms rapidly], which means be prepared for them to fail. It could be tomorrow, it could be ten years from now, but the anticipation is that they will eventually break, and we will have to come up with stronger and stronger systems.

What does it mean for companies? If I were a company's CEO, I would probably be lost at the moment, with some experts urging to prepare for the shift towards post-quantum cryptography and, simultaneously, witnessing some algorithms being broken with conventional computers. What should companies do now – should they look into different algorithms or wait for the standard to be implemented?

Waiting would be a mistake because we know for sure, and it's publicly proven through Shor's algorithm and other means that the ones we are using today are broken. They are not secure.

Although we are not 100% sure about the ones we are transitioning to, that's way better, way stronger, and being crypto agile is a better position for all future applications development. The older monolithic ones will be deprecated and will not be used in the future. So the first step is getting your crypto inventory and figuring out what's on your system.

The standardization can be in as little as 15 months, January 2024. We are not that far out, so everyone should be trying proofs of concept and test implementations to see what kind of systems will break and what kind of software will have performance issues when we transition to post-quantum.

Start doing all those things now because if you are in the compliance industry or if you are in the US government, you have to transition to post-quantum. It is not an option. This is mandatory.

What if you are not the US government? What if you are just some private company sitting on intellectual property? You are not obliged to adopt those algorithms, and yet, at the same time, you could expose some data related to the US government, given everything is interconnected.

The transition will be gradual, and small companies that are not required to comply with government standards will start doing that in probably six months or so. It makes no sense to engineer something into your system that's quantum insecure. Virtually everyone going forward, certainly after 2024, will say they are post-quantum safe or something to that effect. In the same way you see a little lock for HTTPS on your browser, you will see HTTPQ, and if you will not, you will not click on those browsers because you will assume that your data is not safe.

This is just a matter of time. There's a significant cost for anyone who does not transition. If you are developing new software, a roadmap for something for five years, you don't want to go back and re-engineer those systems to be post-quantum secure later. You want to build in that now and figure out what will work when you scale, especially if you plan to be successful as a company.

In terms of implementing any of these solutions, is it challenging to do it? Can I choose one protocol now and then move to something else, maybe safer, a few years from now?

Yes. If you build in that crypto agility from the beginning, you should be able to swap that in and out. If you didn't, you made a huge mistake. This is part of a standard that NIST (National Institute of Standards and Technology) guidance gave. You have to be crypto agile because we, NIST, don't know, we have no idea if these can break at any time. SIKE was a huge warning and a reminder for people that you have to be crypto agile.

What's your opinion on the store-now-decrypt-later trend? Are threat actors extracting vast amounts of data and waiting for quantum computers to arrive and decipher it for them? Is that a significant threat? Will we see a massive leakage of secrets once quantum computers come?

They are storing way more than people can believe. The cost of storing data is almost zero at this point. It costs nothing to store the data, and you are not running massive systems that need to be continuously accessed with computational resources. The profit margin for storing data is exceptionally high, and the cost is extremely low.

You don't have to decrypt all that data. You have to be able to decrypt a few pieces of it. The US government did this for decades, for the entire Cold War, it was called the Venona project, and it was highly successful. This was one of the best techniques where you don't have physical access to someone's systems, but you have access to the signals coming out of a facility, over the internet, over the satellites. Collecting those is very easy, as we do everything over the internet, those pipes go through data centers worldwide, through different vendors, where they can be captured and stored.

The Chinese government's number one goal is to overtake the US economy, and they've been very successful at that. We've seen the largest transfer of wealth from one country to another, from the United States to China, through the [theft] of intellectual property. That is not going to change. That is how their system works.

The US government can only collect secrets, not help any company get richer, but they can do that in China. They can collect secrets from US entities to make Huawei a bigger company. You can't do that in the United States, you can only steal secrets for strategic decisions of the government, not to enrich IBM.