How do you create quantum resistant encryption?

MICHAEL BIRD
Hello and welcome back to Technology Now, a weekly show from Hewlett Packard Enterprise where we take what's happening in the world and explore how it's changing the way organizations are using technology.

We’re your hosts Michael Bird…

AUBREY LOVELL
and Aubrey Lovell. And this week we are looking to the future of cybersecurity and encryption. Big topic.

- We'll be asking how quantum computing could affect the current methods of encryption.

- We'll be exploring alternative quantum resistant encryption

- And we'll be asking, is there still enough time left to protect ourselves before quantum computing takes off?

MICHAEL BIRD
Yes, you might feel like your head's hurting, but I promise this is going to be an absolutely fascinating episode. And of course, if you're the kind of person who needs to know why what's going on in the world matters to your organization, this podcast is for you. And of course, if you haven't yet done so, make sure you subscribe on your podcast app of choice so you don't miss out. Right, let's get into it.

MICHAEL BIRD
So Aubrey, we do hear about quantum computing on the news every now and then often in terms of the threat it poses to maybe things like cyber security.

AUBREY LOVELL
Yeah, I mean, it's true. You do see it on the news a lot. think it's definitely a buzzword that we're seeing a lot in the market.

MICHAEL BIRD
Yeah, I think you're right. Now, I don't know you know this, Albury, but in theory, quantum computing would be able to run vastly more complex models than modern-day supercomputers by using quantum mechanics to speed up processes.

AUBREY LOVELL
Absolutely. And we aren't talking about a small increase either. One quantum computing chip revealed last year by a global tech company has been claimed by its makers to have performed a computation in just five minutes, which would take regular supercomputers 10 septillion. And that's 10 with 24 zeros after it. Years to complete. I can't even mentally process that. And we'll link to that number in the show notes. And that's longer than our universe has existed by a frankly mind-boggling amount.

MICHAEL BIRD
Okay, that is a big number. That is a very big number. What do we do with that?

AUBREY LOVELL
Well, with this huge increase in power comes obviously enormous benefits, right? I mean, we're just scraping the surface here. So potential uses could be including like modelling nuclear reactors and finding new medicines, even increasing efficiencies and supply chains could come out of quantum computing advances. However, with all these benefits also comes an increase in threats. So current cryptography is based around the idea that the encryptions cannot be cracked by current technology.

However, a sudden jump forward in tech, such as the creation of a powerful quantum computer, could render modern-day encryption techniques null and void.
MICHAEL BIRD
Now the best way to avoid these issues are to prepare for them in advance and last year the National Institute for Standards and Technology or NIST released its first post quantum encryption standard to help those designing encryption tools to prepare for a post quantum world.

Now joining us this week is Dr Sarah McCarthy who is a cryptography specialist at the Institute for Quantum Computing.

at the University of Waterloo, Ontario, and she is going to help shed some light on the topic of quantum resistant cryptography. Sarah, welcome to the show. Before we dive into any questions, what is and what does a cryptography specialist do?

SARAH MCCARTHY
I ask myself this question most days, what have I actually done today? Well, my background is mathematics. So I did my undergraduate degree and my PhD basically working out proofs of security for cryptographic systems. Now I've transitioned a little bit more into working with organizations and figuring out their needs and how we can bridge this gap between the theory of cryptography and having useful cryptography which we can deploy today.

MICHAEL BIRD
How on earth do you get into it? Were you at school and you thought, gosh, encryption, that is my jam?

SARAH MCCARTHY
So I actually, I really did fall into it. In my penultimate summer, before I finished university, I decided to sign up for an internship. One of them was in Kenya. So I took myself off to Nairobi to study coding theory. I had low levels of physical security, so I got mugged twice. But during my time there, I did some investigation into credit card numbers and kind of the pattern and the structure of your credit card numbers. And that's when I first realized, pure mathematics can be used for something useful. And then I went home and finished university and then began my PhD in post-quantum cryptography.

MICHAEL BIRD
So was it as a result of getting mugged… did that sort of, light a spark?

SARAH MCCARTHY
Well, it was either cryptography or self-defense classes, and I figured that my talents lay in the former.

MICHAEL BIRD
Can we just sort of set the scene on cryptography? Can you just sort give us a cryptography 101?

SARAH MCCARTHY
Okay, so a lot of our infrastructure today is protected by public key cryptography. So how public key encryption works is we have a public key and a private key. So let's say Alice wants to set up a secure channel with Bob. She would send her public key, which can be public over an insecure channel, and she has the private key.

So Bob takes the public key and which is... basically a bit of mathematics, and he can use that to encrypt a piece of information. He sends it back to Alice and because of the nature of the algorithm, if any bad actor reads Bob's encrypted data, they shouldn't be able to decrypt it and make any sense of it. And then, Alice, because she has her private key, which is related to the public key, she can decrypt what Bob has sent. And they can then encrypt large amounts of data; between them, without having fear of someone else reading it.

MICHAEL BIRD
And correct me if I'm wrong here, but it's sort of to do with prime numbers.

SARAH MCCARTHY
Of course, so RSA is one of our public key cryptography algorithms and it is based on the difficulty of factoring products of large prime numbers.

So let’s say we have 13 and 19 - Those are private key. No one can know those numbers

These are both large prime numbers, large in that it's hard for us to compute them in our head, to compute the product and factor it. So using a calculator for me is 247.

for us as a regular person, it's a hard problem to factor 247 And that is particularly hard because 13 and 19 are prime. We can't start kind of breaking this down.
But then if we look, go back to the primes and we take even larger primes and get them so large primes that are so difficult that when we multiply them together, a regular computer today has a hard time finding the factors. That's when we get a complex mathematical problem that we can rest the security of RSA today on.

MICHAEL BIRD
Yeah, okay, okay, and that's where you're getting… this is gonna take a millennia to decrypt because a computer basically has to try every single iteration and it just, it's gonna take too long.

SARAH MCCARTHY
exactly, exactly. A lot of the time, the problems that we're busy in our cryptography on aren'tr impossible to solve. They just take too long to solve to be useful. But by the time you've broken it, the information you're trying to decrypt is out of date.

MICHAEL BIRD
okay, that sounds pretty secure So why are we talking about quantum computing as it relates to cryptography? Like, what's the issue here with sort of current cryptography?

SARAH MCCARTHY
All right, so cryptographically relevant quantum computer or CRQC will find these problems easy. And by easy we mean that an attacker with access to your quantum computer will be able to solve these problems like the problem of factoring large primes within polynomial time

MICHAEL BIRD
can you just explain what that means?

SARAH MCCARTHY
So essentially it means that as we increase the difficulty of the problem by increasing the size of the prime numbers or whatever the parameters of the problem are, let's say we double the difficulty, it does not double the time it takes to solve the problem.

MICHAEL BIRD
I see. We talked about public key encryption… how does a quantum computer break it?

SARAH MCCARTHY
Yeah, so in the early 90s, a very smart guy called Peter Shor discovered what is now known as Shor's algorithm, which is a quantum algorithm that can easily solve this prime factorization problem and the discrete log problem.
. And for a quantum computer, of the scale that it's able to break these problems, It could break it within a matter of hours.

MICHAEL BIRD
We talked about RSA but are all current encryption methods equally vulnerable? are they all sort of largely based on prime numbers?

SARAH MCCARTHY
So we have public key encryption, And within public key, we have RSA and we have another type called ECC, which stands for elliptic curve cryptography. And similar to RSA, it has public keys and private keys and works under the same mechanism.

But rather than factoring prime, it depends on a mathematical problem called the discrete log problem over elliptic curves. We also have symmetric encryption because the symmetric key algorithms are much more effective for bulk data encryption

And that also can be attacked by a quantum algorithm known as Grover's algorithm, but it doesn't completely break, rather it reduces its security by half.

MICHAEL BIRD
Okay, my head slightly hurts from that, but I think the takeaway is you need a quantum computer to be able to break classic cryptography. So that leads me onto the question of to be able to encrypt things that are quantum computer safe. Do you need a quantum computer to do that ?

SARAH MCCARTHY
So you've hit the nail on the head, Michael. One of the solutions to this quantum threat is post-quantum cryptography, which is next generation cryptography, which we can run on our classical computers, i.e. we do not need a quantum computer, and we can give our data this higher level of protection, which is resistant to both Classical text and quantum attacks.

AUBREY LOVELL
Thanks so much, Sarah. This is a huge topic and it's already blowing my mind a little bit. We've really only set the scene so far, so I cannot wait to find out more later in the episode.

AUBREY LOVELL
All right then, now it's time for Today I Learned, the part of the show where we take a look at something happening in the world that we think yo u should know about. Michael, what have you got for us this week?

MICHAEL BIRD
Okay Aubrey, so do remember last year when there was an enormous solar flare which led to auroras all over the world? Did you see any down where you are in Florida?

AUBREY LOVELL
We actually did. This was really crazy. I remember kind of like setting my alarm to go out to see it at night. And for us, it was almost like, I know like traditionally we always think it's like the green, you know, that you see, but down here it was actually like a purple pink. It was insane. It was kind of cool

MICHAEL BIRD
Yeah, I was very fortunate to have a newborn who was waking me up quite early so I had many opportunities to look out of the window when that was happening because I was waking up at like 2am or whatever.

Anyway, it's long been known that other planets also experience the auroras, not just Earth, and there are plenty of photos you can find online of auroras on Saturn and Jupiter. However, a photo was recently taken which shows something quite special. This is the first photo of an aurora taken from the surface of another planet.

On March 15th, 2024, a solar flare from the sun led to a gigantic corona mass ejection. That's an explosion of gas and energy which carries highly energized particles from the sun out into space. When this corona mass ejection, or CME to the cool kids, slammed into Mars, it did what was expected and caused an aurora. And on the surface of the planet, the Perseverance Rover was looking up and saw the aurora. Now, we've got a photo in our script and we will link to it in the show notes if you want to check it out yourself. But the photo shows the same patch of sky with the aurora and without. If I'm honest, it does just look like a grainy photograph.


AUBREY LOVELL
It does.

MICHAEL BIRD
But I imagine there were some very excited scientists who saw that photo. Now, taking the photo itself was a feat of cooperation requiring multiple teams to predict in advance where to point the camera as well as those who had to watch the sun and predict when the right CME was going to occur. When the flare-end CME occurred, a message was sent to prepare for impact, and several days later when their CME arrived and turned the Martian sky green, Perseverance was ready and waiting to capture it.

AUBREY LOVELL
It is actually really cool. And it almost makes me wonder, you know, when's the next time that this is going to happen? Because I think you you see on the news a lot around us having more of a frequency around solar flares. And that actually also impacts technology. So I'd love to see us like talk a little bit more about that as well, maybe in a future episode, because we're even seeing alerts sometimes with the solar flares. navigation won't work. GPS is going to malfunction, et cetera. It's really interesting. And it is impacting our day to day. how do we address solar flares as they come up?

All right. Well, now it's time to return to Michael's conversation with Sarah McCarthy to find out just how encryptions are designed to be quantum resistant.

AUBREY LOVELL
All right. Well, now it's time to return to Michael's conversation with Sarah McCarthy to find out just how encryptions are designed to be quantum resistant.

MICHAEL BIRD
so this new sort of method of cryptography, post-quantum cryptography, is it harder to encode, to encrypt? Is it harder to encrypt? Like, does it take more computing power to encrypt?

SARAH MCCARTHY
Yes, so I'll talk a bit about what these post quantum algorithms look like, and that will kind of answer your question. So rather than basing it on the difficulty of factoring products of primes, we are basing the security on much more complex areas of mathematics. We are moving into abstract algebra - things that turn your brain inside out when you think about them.

And because of this, the computation is a lot heavier. So it'll take a lot more time and resources to generate the keys, encrypt and decrypt it might be a delay of a second or two seconds, but like you say, if you're using it for a real time application, that's not really acceptable. But researchers have been doing a lot of work on this in improving like the efficiency of how these algorithms run.

MICHAEL BIRD
So last year I think the National Institute of Standards and Technology, NIST, released the first post-quantum standards. is pretty exciting. You and I? Four or five years ago? And I think this was bubbling away. So what... do those standards say and sort of what's the impact of NIST releasing these standards?

SARAH MCCARTHY
Yeah, so this is a really exciting time. I think up till now, there has been a lot of raising of awareness among like large, large companies who are maybe not tech companies, but certainly have secure data, such as within the financial sector, critical infrastructure, telecommunications, and... I have been talking to many representatives from these different industries, but there's always been this, let's wait until the standards are released. But now we have standards, we don't have to wait anymore. There are no excuses. And we can start thinking about integrating these new mechanisms into our networks.

The NSA, which is the National Security Agency in the US, recently set some deadlines for their own kind of government departments and they expect a full migration to post-quantum security by 2035, So I think this is another thing that can kind of light a fire for some people. They realize that If these governments are starting to make the moves, then maybe they should as well.

MICHAEL BIRD
I'd love to just sort of ask you about the steal now decrypt later phrase that I've heard a few times. Like, can you explain what it is and explain why it's maybe a conversation that should be being had today?

SARAH MCCARTHY
I like to refer to it as harvest now, decrypt later.So what it is, is let's say we have a bad actor, I'm thinking someone in a basement who wants to steal national secrets or some long life data that is still going to be useful to them. in five or 10 years when they have a quantum computer. So they can steal, store, harvest this data and it's encrypted using our traditional cryptographic techniques. But if they had a quantum computer, they may be able to decrypt it while that information is still useful.

MICHAEL BIRD
And when do you think we'll see it being used, I guess, by the general public? when will it just basically be part of the fabric of how we interact with our technology?

SARAH MCCARTHY
So I'm going to blow your mind that you may already be using some of it today.

Some large companies within the US have already trialled and moved on to deployment of these post quantum algorithms in browsers, in messaging services.

MICHAEL BIRD
How serious do think it would be when a publicly accessible quantum computer is available? Like generative AI from a standard consumer’s perspective kind of appeared overnight… Do you think a quantum computer startup will appear over night say, hey guy, hey internet, play around with this

SARAH MCCARTHY
they kind of wouldn't know what to do with a quantum computer. So we already have access to certain elements of quantum computer technologies online but they are not the resources that we need to break cryptography.

So if let's say someone overnight created a cryptographically relevant quantum computer, it's only going to be very specific members of society who know how to utilize that to cause devastation and destruction.

MICHAEL BIRD
Do you think it's gonna be sort of an overnight thing?

SARAH MCCARTHY
so Q day refers to this day when a quantum computer will exist, a cryptographically relevant quantum computer will exist and break public key cryptography.
In fact, on that point Q-Day could have already passed because it's likely that the first CRQC will be by a state actor and they're not going to post online about their development of a quantum computer.

MICHAEL BIRD
Yeah, there's an incentive there to not shout about it and to keep it quiet for as long as possible. So how scared or excited or indifferent should we be of a post-quantum world?

SARAH MCCARTHY
I see it as an opportunity to overhaul our cryptographic infrastructure. And there's also this ability to create a sense of what's known as cryptographic agility, which means that if we do need to upgrade, I dare say there will be new classical attacks, quantum attacks, maybe something else that we can't yet see on the horizon but if we have used this upgrade as an opportunity to facilitate future upgrades, It's going to make our lives a lot easier and the process more seamless.

AUBREY LOVELL
Thank you so much, Sarah. I really do find this topic really fascinating as it involves looking at the future rather than just being reactionary. And by the time a quantum computer is built, which could break our current encryptions, it would be far too late to fight back. So this sort of research and development really is important and stunningly ahead of its time.

AUBREY LOVELL
Okay, so we're getting towards the end of the show, which means it's time for This Week in History. Michael gave us the clue last week and it had to do with some sort of atomic physics, if I remember correctly.

MICHAEL BIRD
Yeah, that's right. Last week's clue was it's 1920 and this scientist is about to present a theory about the existence of another part of an atom which would take over a decade to be proved right

Now, you graciously bowed out of guessing, but I said I thought it could be the discovery of quarks as it was too late to be the discovery of protons or electrons. Wait. It was too late to be the proton and the electron, but it was not about quarks.

AUBREY LOVELL
I did. Were you right?

MICHAEL BIRD
The story is actually about Ernest Rutherford and the lecture he gave at the Royal Society in London where he predicted the existence of the neutron. Nice. Come on Michael, you should have got that one.

So Rutherford is one of the most influential names in modern physics. Throughout his career he discovered the concept of half-lives as well as distinguishing between alpha and beta radiation. Now during his speech Rutherford theorized about the existence of a particle within the atom which had no charge and could occur in different numbers within a nucleus, resulting in the existence of isotopes. And we now know that this particle exists. It is, of course, the neutron. And it would take another 12 years before the neutron would be discovered by one of Rutherford's former students, James Chadwick, a discovery for which Chadwick would win the 1935 Nobel Prize for physics..

Aubrey, can you tell that our producer is a physicist?

AUBREY LOVELL
Definitely, I'm getting the notions.

MICHAEL BIRD
his physicist chops are really coming out in this show. Right Aubrey, what have you got for us next week?

AUBREY LOVELL
Okay, so we're moving up a little bit in our timeline. It's 1943 and this patent has just been granted for something that almost every single one of us uses daily.

MICHAEL BIRD
were used daily…. 1943.

AUBREY LOVELL
Okay, obviously maybe some appliance.

MICHAEL BIRD
Yeah, I was gonna say refrigerator maybe?

AUBREY LOVELL
You say refrigerator, I'm going to say maybe a microwave.

MICHAEL BIRD
Do you know what? I had a physics teacher at school that told me lots of interesting things were invented during the space race. I think appliances might be the right track, but I would love to be proven wrong.

AUBREY LOVELL
Well, we'll see. We'll have to find out next time.

Okay that brings us to the end of Technology Now for this week.

Thank you to our guest, Sarah,

And of course, to our listeners.

Thank you so much for joining us.

MICHAEL BIRD
If you’ve enjoyed this episode, please do let us know – rate and review us wherever you listen to episodes and if you want to get in contact with us, send us an email to technology now AT hpe.com.

Technology Now is hosted by Aubrey Lovell and myself, Michael Bird
This episode was produced by Harry Lampert and Izzie Clarke with production support from Alysha Kempson-Taylor, Beckie Bird, Alissa Mitry and Renee Edwards.

AUBREY LOVELL
Our social editorial team is Rebecca Wissinger, Judy-Anne Goldman and Jacqueline Green and our social media designers are Alejandra Garcia, and Ambar Maldonado.

MICHAEL BIRD
Technology Now is a Fresh Air Production for Hewlett Packard Enterprise.

(and) we’ll see you next week. Cheers!

Creators and Guests

person
Host
Aubrey Lovell
LinkedIn
person
Host
Michael Bird
LinkedIn
Hewlett Packard Enterprise