In a recent episode of our popular podcast series, The Post-Quantum World, host Konstantinos Karagiannis spoke with Denis Mandich, CTO at Qrypt about the cryptographic apocalypse, which could be under five years away, depending on interconnect technologies that might allow quantum computers to work together. Is now the time to start planning for, or even implementing, post-quantum safe cryptography? We’re sharing some of their conversation in this post. Or listen to the full podcast here.
How did we get here?
Denis: Probably five or six years ago, no one really knew anything about quantum computing, and certainly not about what we do about standards on which computing and cryptographic resources are based that will be made obsolete very quickly. Fortunately, the government was thinking about that a long time ago. And it wasn’t until 2015 and 2016 when the NSA unilaterally announced that everyone should forget about transitioning to this current generation of crypto that we’re using and start thinking about post-quantum crypto. Then, this competition began and a new set of algorithms was proposed and many of those algorithms didn’t work through the first and second rounds — they weren’t fast enough, there were flaws found in them — and the surviving ones are the ones that we’re looking at today as being instrumental to this transition that will start next year.
What’s coming in the next five years?
Konstantinos: 2023 has turned into this new tipping point we’re all waiting for. We’re going to get IBM’s Condor. IonQ just announced they’re going to go public and they’re going to be focusing on that Interconnect idea to gain advantage between 2023 and 2025. So, we don’t know what this is going to do. Just the idea of being able to connect quantum computers together in a grid fashion, that can throw everybody’s calculations off. If you have four 1,000-qubit machines, all of a sudden, you’re knocking on the door of RSA, so it could be some sudden changes coming.
Denis: Yes. That’s a problem, because to generate random numbers is a very hard thing to do, and the systems that we have today we know are flawed. We’ve seen some of the ones that have just come out in the last few years showing the work: One in every 200 or so digital certificates shares a key, one of the prime factors in RSA for generating the public and private key pairs. This has long been known — a problem that has been exploited by many groups — so we couldn’t do what we’re doing today with post-quantum crypto software and algorithms without making quantum entropy sources that create massive amounts of random numbers from true quantum processes.
Although we use the term chaos as synonymous with random or disorder in colloquial language, it’s not. Chaotic systems, the kind that we harvest entropy from now in computers, are really very well mathematically modeled systems. We can predict from one second to the next where the system is going to be. Maybe not a thousand seconds from now, but that’s not really random. It’s predictable; it’s deterministic.
Where will onetime pad take us?
Konstantinos: How do you view the future of onetime pad?
Denis: It is the future. It’s the ultimate goal on the horizon. Obviously, the problem with the onetime pad is — well, QKD solves that if you can get the bit rates higher. If I can get up to terabits per second of QKD network infrastructure, now I’m at the end of the line with crypto. I don’t need to do anything else. I have physics inside. All the keys were generated purely randomly between the endpoints. We have key agreement. I send everything in the clear after that. I can publish it on the internet. Everyone can download it and harvest it as much as they want — it doesn’t make any difference. That is absolutely the end goal where all this is going at some point.
Learn more about our quantum computing services.