The wonderous expansion of quantum computing battles its dark side

Feb. 2, 2023
The U.S. government has issued multiple mandates and legislation to transition from classical to quantum-safe encryption

Quantum computing is the single most transformational technology in a generation, arguably far more than AI, the cloud and even the internet. It has the potential to solve entire classes of important and lucrative market problems that are otherwise technologically impossible. Quantum computing power is almost incomprehensible – just a few hundred logical qubits can outperform any classical computer, even if every atom in the universe was used for computation. The common fallacy is comparing them to fusion energy, which is always five to 10 years away. The difference is fundamental because electricity generation is a long-solved problem, and there is no market reason for fusion energy; it will be cheaper and easier to burn the black stuff from the ground for the next few hundred years. (Sorry, green energy friends.) Companies with access to large quantum computers have an insurmountable market advantage. Without them, there will be no competitors because those companies will cease to exist.

Flaws in the Equation

On the dark side, quantum computers are capable of breaking modern communications security by brute-force-attack on the underlying algorithms. The basis for virtually all global data networks relies on Public Key Infrastructure (PKI) using the same 1970s cryptographic architecture. In a very real sense, our digital lives are built on a house of cards because all our cybersecurity tools also rely on the same algorithms to monitor and manage our networks. The core problem is that we’ve been using this quantum-broken math for everything for decades that performs only a single action: distribute encryption keys, point-to-point, with no margin for error as the single point of failure for our collective security.

Any flaw in the chain is tantamount to no security at all. There is no redundancy, resiliency, or leveraging of modern networks and technologies like the cloud and globally distributed data centers. Sure, it is easy in principle, but complex to deploy and manage, often done poorly and thus continuously exploited. This dated infrastructure was designed for a bygone era; before the internet and anyone could remotely access data from anywhere in the world. The bill has come due.

The status quo is an exclusive invention of the crypto-mathematics community, which has done extraordinary work providing reasonable data security for decades. However, it has failed, both in practice and by making demonstrably false promises or badly overestimating the cyber security strength of its designs. Their overconfidence was to the tune of stating the algorithms would be unbreakable for a quattuorvigintillion years – that’s a one followed by 75 zeros – not by a factor or two, ten, billion or even a trillion, which could be an understandable if not unreasonable, mistake for a field, priding itself on proofs of accuracy. Modern science advances when the combined ingenuity of multiple fields produces unexpected results and inventions. The confidence and crowing of one community is often shattered by another. In cryptography, it was the physicists and computer scientists who nullified the security estimates of the mathematics by 75 orders of magnitude. Therefore, confidence went from many times the lifetime of the universe, to zero with the usual caveats and asterisks – “the proclamations were made before physicists told us quantum computers could even exist.” The little-known secret is there is no mathematical proof of even the original estimates; it was just a guess based on faith, not verified math.

Post-Quantum Cryptography

That being the case, NIST organized a process to replace these now archaic and obsolete key distribution algorithms with post-quantum cryptography (PQC). This was meant to address the “harvest now, decrypt later” problem, where encrypted data is collected and stored for later decryption. This tried-and-true powerful method was successfully used throughout the Cold War by all sides. While PQC is believed to be quantum-safe, there is again no mathematical proof, which NIST overtly acknowledges. Consequently, it recommends “crypto-agility” – the ability to replace the new PQC algorithms easily and quickly if they fail or a weakness is discovered. It is essential everyone transition to PQC, despite the unknowns, because the current algorithms are provably known to be broken and insecure. However, the central problem remains – any PQC encrypted data today could be exploited tomorrow because keys are being distributed like electronic mail.

In the 1980 and 1990s, physicists came up with a solution called Quantum Key Distribution (QKD) to use the properties of quantum mechanics to get keys to multiple endpoints without relying on unproven mathematical assumptions. While the design has inviolable guarantees not based on a vote of confidence from a quorum of acolytes, there are numerous physical limitations based on distance and deployment architecture. While an excellent solution, it is an impractical basis for a global quantum-secure internet because the quantum channel still relies on the classical internet to get key agreements between any two users. However, it does achieve two important goals: keys are truly random because they are made from quantum entropy sources, and they are generated separately from the data. These points solve the “harvest now, decrypt later” problem plaguing the internet today.

The Migration to Quantum-Safe Encryption

Today, more powerful tools leverage these technologies to eliminate key transmission altogether. First, encryption keys must be provably random, and the only known source in science is quantum entropy. Quantum Random Number Generators (QRNGs) are now available as Entropy-as-a-Service (EaaS) via the cloud. This is essential because predictable and duplicate keys reduce the security of any algorithm, often to nil. It is remarkable how common this simple flaw is discovered and exploited without going through the trouble and risk of hacking a network. Second, the quantum random downloaded from the cloud must not be used directly for keys, nor should a single source be trusted – it must be used as the raw materials at the endpoint to generate a key, eliminating key distribution entirely. The process must also be reproducible at multiple endpoints so many users can replicate the same key to communicate in secret. Leveraging existing commercial global fiber infrastructure and data centers instead of building new dedicated systems like those essential for QKD is the final requirement. This will ensure widespread rapid adoption, vice expensive investment, and time-consuming construction.

In 2023, the U.S. government issued multiple mandates and legislation to transition from classical to quantum-safe encryption. This step is a national economic security imperative when so much intellectual property is already on foreign servers, awaiting exploitation, operationalization, and ultimately monetization. Protecting the U.S. from foreign attacks will be a colossal effort but essential to restoring order to global data and business networks and preventing further damage to privacy and the economy.

About the author: As Co-Founder & CTO of Qrypt, Denis Mandich drives the technology roadmap and secures the global expertise to achieve the company vision. Denis is also a board member of Quside, advisor to the Quantum Startup Foundry and NSF-funded Mid-Atlantic Region Quantum Internet.

Previously, Denis served 20 years in the U.S. Intelligence Community working on singular innovative technology essential to National Security. He speaks native-level Croatian and Russian.

REFERENCES:

Qrypt overcomes these issues by using our BLAST protocol, which was proved by one of the top cryptographers in the world, Yevgeniy Dodis, an IACR fellow. Here is a link with more detail and an attachment with an overview:

 https://www.qrypt.com/wp-content/uploads/2022/03/Whitepaper-EverlastingSecurity.pdf

 The most recent government quantum security directives/legislation:

 Executive Order 14073 National Quantum Initiative Advisory Committee (4 May 2022)

2022-10076.pdf (govinfo.gov)

 NSM-8 NATIONAL SECURITY MEMORANDUM (4 May 2022)

National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems | The White House

 HR 7535 Quantum Computing Cybersecurity Preparedness Act (18 April 2022)

Text - H.R.7535 - 117th Congress (2021-2022): Quantum Computing Cybersecurity Preparedness Act | Congress.gov | Library of Congress

https://www.congress.gov/bill/117th-congress/house-bill/7535/actions

https://www.fedscoop.com/biden-signs-quantum-computing-cybersecurity-act-into-law/

Executive Order 14028 (12 May 2021) Improving the Nation’s Cybersecurity

Executive Order on Improving the Nation's Cybersecurity | The White House

Executive Order 14028: Improving the Nation's Cybersecurity | GSA

National Quantum Initiative (NQI) (21 December 2018)

About the National Quantum Initiative - National Quantum Initiative

NSM-10 on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems. 

https://www.whitehouse.gov/briefing-room/statements-releases/2022/05/04/national-security-memorandum-on-promoting-united-states-leadership-in-quantum-computing-while-mitigating-risks-to-vulnerable-cryptographic-systems/

 https://www.quantum.gov

 https://www.quantum.gov/nqco/#THE-NATIONAL-QUANTUM-COORDINATION-OFFICE

 National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems

https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/28/national-security-memorandum-on-improving-cybersecurity-for-critical-infrastructure-control-systems/

 NSPM-13 National Security Presidential Memorandum 13

https://www.wsj.com/articles/white-house-confirms-it-has-relaxed-rules-on-u-s-use-of-cyber-weapons-1537476729

 “The danger is immediate.”

https://www.cyberscoop.com/quantum-computing-threat/

https://www.govconwire.com/2022/09/cryptography-experts-urge-immediate-action-in-protecting-against-quantum-attacks/

●      Former Principal Deputy Director of National Intelligence Susan M. Gordon

●       Admiral Mike Rogers, Commander, U.S. Cyber Command and Director, National Security Agency

About the Author

Denis Mandich | Co-Founder & CTO of Qrypt

As Co-Founder & CTO of Qrypt, Denis Mandich drives the technology roadmap and secures the global expertise to achieve the company vision to protect against quantum computing threats.

Previously, he served 20 years in the US Intelligence Community, working on singular, innovative technology essential to National Security. Denis is a board member of Quside, advisor to the Quantum Startup Foundry, and NSF-funded Mid-Atlantic Region Quantum Internet. He speaks native-level Croatian and Russian.