Transcript | Preventing Hacking with Quantum Computing and other InfoSec Topics – with Mark Carney from Quantum Village Listen We’ve talked about how quantum computers are enabling extraordinary use cases now, long before the machines will threaten cryptography. Some of these applications can even help companies protect against immediate security threats and vulnerabilities. We explore one such exciting experiment: Using quantum to stop kill chains that allow network exploitation and the Chinese paper causing all the ruckus, claiming that cryptography could be hacked any day now. Join host Konstantinos Karagiannis for a chat about these hacker topics with Mark Carney from Quantum Village. Guest: Mark Carney— Quantum Village Listen Konstantinos We’ve talked about how quantum computers are enabling extraordinary use cases. Now, long before the machines will threaten cryptography, some of these applications can even help companies protect against immediate security threats and vulnerabilities. We explore one such exciting experiment along with some other hacker goodies in this episode of The Post-Quantum World. I’m your host, Konstantinos Karagiannis. I lead Quantum Computing Services at Protiviti, where we’re helping companies prepare for the benefits and threats of this exploding field. I hope you’ll join each episode as we explore the technology and business impacts of this post-quantum era. Our guest today is the CTO and cofounder of Quantum Village, Mark Carney. Welcome to the show. Mark Thank you very much. It’s lovely to be here. Thank you. Konstantinos Yes. This has been brewing for a while. We met at IQT in New York, where I was speaking. There’s some good stuff coming in the future, which we’ll get to, but first, give us a quick intro to how you got started in quantum, because a lot of our listeners are new to it. Mark Yes. I am a mathematician by training, but, I was a violinist once upon a time — Konstantinos Same thing. Mark Yes. Same thing. It’s all just numbers. I made a transition to doing postgraduate degrees in mathematics, having done the undergraduate in music. I did some quantum computing as part of my master’s, and I thought, “That’s lovely. Isn’t that cute? Isn’t it nice that we’ve done that?” I didn’t think anything of it until I started reading around what were then the plans for NIST to do their post-quantum process, and I said, “There’s something important here maybe.” I started reading more, and went back to textbooks, went back to reading papers, but now more broadly not just in mathematics and other things I was interested in, but also in quantum computing and quantum information theory. My postgraduate studies were in information theory from an algorithmic point of view, and the computability theory in particular, so it was very natural and very easy to make that transition in certain concepts, like, “This is Turing complete, or this is Turing universal.” We’re like, “Cool.” I didn’t have to do any more reading on that. It felt very natural to read about it and try to get my head around the quantum-advantage stuff, which is interesting and fascinating. And having a background in cybersecurity as well — I was a pen tester for a while, and then working in a cybersecurity research capacity — I was, like, “There’s a lot of relevancy, suddenly, and there are a lot of things that I should be talking about and looking at doing.” I grew into it through cybersecurity, being a bit hacky with the way I interact with technology and just being curious. It just sounds so cool. Everything that is part of quantum tech sounds so cool. The first quantum revolution was lasers, and there’s nothing cooler than lasers. It’s outer space and all that. It was from the appeal of, like, in a sci-fi leaning, and then from studying and reading and seeing how I felt about things, and then quite naturally, it got involved in my work. Since the NIST process has been evolving, I’ve been reading up on it, keeping tabs on it, and now I’m more or less moving into a very quantum-oriented headspace and professional space. Konstantinos Yes. We have a lot of overlap in our past. I did the whole hacking thing for many years too. I’ve been going to DEF CON since 2000 or so. I’ve been going there quite a long time. Mark That’s great. Konstantinos Yes. It’s amazing. You’re here representing Quantum Village. Let’s talk about DEF CON for those who don’t know. This could be a fun answer: How would you describe DEF CON to someone who’s never been there? Mark How would you describe DEF CON? Twenty-five thousand of the world’s finest hackers descend up on Las Vegas once a year, and they do two things: They talk to each other very technically, and they go to parties. Now, there’s more than just DEF CON: There’s Black Hat and there’s BSides Las Vegas that take place. It’s affectionately known as the hacker summer camp. Konstantinos Yes. Mark Quantum Village itself is born from that ethos, and it’s born from that space. For those who’ve never heard of DEF CON, they’ve probably never heard of the villages. There are lots of what you’d normally call special-interest groups: There’s a car hacking village, and every year, they bring two or three Teslas, Fords, Dodges, whatever, and you can hack them. You can take them apart. You can go, “I want to see what this thing does,” and they’ll give you a screwdriver and go, “Here you go. Go and tell us.” Stuff that doesn’t necessarily fit into the main tracks — it might be a little specialist, or it there might be a run of talks about the same manufacturer. Tesla is very popular. Ford is very popular, and then there’s quite a few of these. There are 35 now: There’s Misinformation Village. There’s an AI Village. Now, there’s a Quantum Village. What we’re trying to do is bring quantum tech to 25,000 hackers in Las Vegas. We did it last year, and it was a lot of fun. We were successful, and we’re looking to do it again this year as well. Konstantinos For anyone who hasn’t been there, it’s a huge show. There are three or four gigantic rooms. You feel like you’re at a concert or something — that’s how big they are. And you’re watching these big talks. I gave a talk at DEF CON 25 on hacking smart contracts, and it’s a big, fun party, and you get your shot of whiskey or whatever when you first go on as a speaker, so that loosens everyone up immediately. But then, yes, these villages are these offshoots: You go down the hall—sometimes do a different building — and there are these rooms where there are other tracks of talks going, and activities, like you said. Quantum Village is one of those. It’s a new one, and I expect it’s going to grow in popularity because, hey, I’m a champion of this industry, so I’m certain of it. I’m positive it’s going to go. Mark There we go. It’s been said now. You have to come. Konstantinos Yes. We’ll be doing some stuff there, I’m sure. Then, you do this, and then you work still in a hacker role at a global bank too. We’ll just leave it at that now. Mark Yes. I do, at the moment, more cybersecurity research. I do reverse engineering. I had a time when I was specialising in hardware hacking — reverse-engineering microchips and extracting cryptography keys, for example, like a party trick. It’s now a much more done thing than it used to be, which is good, because it means that you’re getting more eyes, more people, looking at these things. As long as you have a responsive view and active take on security, then you’re going to naturally be able to try and improve that. That’s where we took the view for Quantum Village. My cofounder, Victoria, and I took this view of trying to be more pragmatic and more forward-looking and not just go, “Quantum’s going to ruin the world! It’s going to break all cryptography in two months” or two years or 20 years, or whatever the estimates might be. We want to be more pragmatic about it and go, “What does that mean?” What does it mean to compute something in a quantum space, and how does that affect notions of, for example, privacy or computational cost and offsets, and how is that going to affect things? We call that project Quantum Life: What are our lives going to look like? Some people might say, “Why do you care? Who cares?” and that’s a perfectly valid point. Maybe nobody cares, and maybe everybody at some point might care, and we’ve learned so much from previous technical revolutions, various bubbles in various tech developments, that we can go, “This works, and this didn’t work — this was a bad idea,” and can we apply that looking ahead by considering what’s gone before to quantum. That’s where our activities lie. We run competitions like the world’s first quantum Capture the Flag. Rather than having a hackathon, we managed to get a sponsor together to run a quantum Capture the Flag, where you had challenges. My favorite was that you had a picture round. It was very in-depth quantum challenges, and then there was a picture round because it was fun, and that, “Who’s this? This is Peter Shor.” And yes, you can reverse-search it on Google. That was fine, but we were still trying to trip you up: Who’s this? It’s Kitaev, but you have to put his name in Cyrillic to get the points. It is having fun with it. It’s being a bit adventurous, being a little bit poking what could be and what might be. I’m trying to draw out the interesting quantum tech. That’s something I’ve developed and my cofounders developed, and this way of looking at technology that is very sane and very practical, but also getting excited about it. There’s a lot to be excited about as well as potential doom and gloom. Konstantinos Do you find that you’re bringing some of this quantum to your day job, then? Are you trying to push the issue at work? Mark Very much so. As the investment’s gone up, so has the interest in quantum. As one competitor picks it up, “Maybe we should have a look at this.” As other people start looking at, “We’ve got this post-quantum competition,” and for a while, people were, “That’ll fix it. It’ll be fine.” And then you start having things like a site being broken in a weekend over a laptop — “That’s bad. Oh, dear.” We’re realising a lot of things that we didn’t think about, and when it comes to cryptography, in particular, from a defense point of view and the future being cryptoagility. The problem isn’t the quantum computers. They’re just sitting there being very cold or very empty or both, then doing their thing and being very cool— or supercool — whereas what we’re trying to do is go, “The fact that I can’t easily sub out or swap out a particular cypher or a particular piece of cryptography very easily means that I am going to be caught up in a very lengthy process only to find out maybe on Friday, I have to do it all over again because some very talented researcher somewhere has words on how to do it on a potato.” The way I approach it is pragmatic. There are a lot of benefits as well. This is what we want to communicate. It isn’t just, “Everything is terrible. The world is going to be in flames. It’s all going to be downhill from here.” There’s a lot of opportunity as well, and that’s where some of our research activities have come about, where we’re publishing our own preprints. They’re submitted to journals. Trying to build into a narrative of, quantum is as much a threat as it is just generally a tool. And so, we can go, “Can we utilise this tool to help us solve problems in cybersecurity?” Not just fall victim to quantum crime effectively — but go for, “Suppose you were a talented whatever. How would you develop a solution that would blend this in? What are the problems that we’re facing now inside cybersecurity beyond just post-quantum cryptography to be able to go, “Here’s a use case where we can go, ‘Right, let’s fix this with quantum.’” Konstantinos Yes, and I’ve been saying this for a while — that the use cases are going to come way before the crypto threat is going to happen: These machines are getting more powerful. We’re looking to find things. What’s interesting here is, everyone knows about that quantum threat to cryptography. You’re considering, and my team is considering this too — different ways we can use these machines to help the infosec world. Right now, we’re working on one to try and help detect indicators of compromise better, and I wanted to have you come on to talk about the paper you wrote, which I thought was pretty cool. Mark Thank you. Konstantinos Yes. It’s called Cutting Medusa’s Path — Tackling Kill-chains With Quantum Computing. First of all, great job giving it a DEF CON–like title. Normally, scientific papers are a little dry in their titling. I know mine are. I’d love to talk about that to try to explain, first of all, what kill-chains are. That’s a way to start in general in infosec. Mark A kill-chain is probably the most unfortunate sequence of events you could imagine on a cybersecurity point of view on a network. A kill-chain is when you go from being like any other user, say, accessing a website or connecting to Wi-Fi or whatever, and there’s a sequence of events because of not just vulnerabilities, but also misconfigurations, lack of segregation — common network issues that usually do get identified and maybe not fixed — and when they do, I’ll come to that later, but you have a sequence of unfortunate events that lead you to some significant control over, say, a network. In case of a Windows network, which quite a few people might be familiar with, it would be a sequence of events where you start with connecting to a website, connecting to Wi-Fi, something similar to that, and ending up with domain admin — complete cyber control over the network: All the users, all of the IP, all the data, the databases, the financial stuff, everything is controlled by that. That is what’s meant by a kill-chain, as in, you’ve gone in for the kill. You’ve arrived at that point that you’ve attained what you might refer to as an unreasonable level of control. That’s when if it gets discovered and gets leaked, say, to the press, that’s when you get headlines like, “This company was hacked” and that kind of thing. That’s a kill-chain, and that’s something that is a very hot topic in terms of both on the attacking side, finding them, and on the defensive side, preventing them. You’ll see lots of solutions talk about kill-chains — kill-chains in your network, in your supply chain now, is a hot topic as well because a lot of these things are very well-interconnected. A lot of people have started realising, “We need to have this more holistic view in order to be able to attain knowledge of, ‘Here’s our kill-chain, and here’s how we’re going to fix it,’” and then rinse, repeat for all kill-chains. That’s what a kill-chain is, as broadly as I can put it. Konstantinos Yes. Traditionally, you would do some kind of vulnerability assessment, pen test, whatever. Then, you would have all these vulnerabilities that you identify, and then you would have to figure out, what’s the sequence of events that could lead to the worst outcome, and you’ve got to fix that first. Is that simplifying it enough? Mark Yes. Konstantinos What part of that process did you want to improve with quantum computing? Mark What we were looking at was the notion that first occurred to me, I think it was at a bar, speaking to a CISO who’s a friend of mine at another financial institution quite a few years ago. We arrived at the conclusion that a lot of cybersecurity is about to become a data problem. In the ensuing years, a lot of it has become a data problem. When you have data problems, you have chances to apply optimisation, and you have very hard problems that have lots of combinatorial strength, to put it mathematically. To put it more simply, things that have lots and lots of options that grow exponentially as you start traversing these various parts to a network. We wanted to try and see, is there a way that you could not just tackle certain kill-chains, but also tackle as many as possible by looking at the graph, as in network graph connectivity, of issues? Obviously, if you’re going to have a kill-chain, each step has to have some kind of visibility on the next step. Otherwise, it doesn’t work. We wanted to try and see if there was a way, or what problems we could look at, and something that’s a very old problem is a problem with patching, often referred to as patch analysis. Patch analysis is a slightly broader term. It includes things like being able to go, “This patch won’t bring down production, we hope, we think, we’re 90% sure.” It’s the ability to go, “This patch is important.” There are things called CVSS scores, which is literally a 1 to 10 for, if it’s 1 to 4, it’s not a problem. It’s OK. You should fix it, but there are other things, probably. If it’s a 10 out of 10 or 9 out of 10, it’s, “You’re coming in this weekend, please, because we need to fix this.” There’s a whole vast scale of potential issues, and it’s a lot of data. A lot of companies now — having done thousands of days of pen tests and written hundreds of reports, I’ve generated a lot of data for customers, and now, they’re getting it basically live. We have providers which have active scanning regimes where they will just pipe you data all the time coming in from various detectors and sensors and scanners and all the other stuff that they’ve brought. You’ve got all these data, and it’s great. You know where all your problems are, but that’s now just an infinite to-do list, potentially, and that’s a problem. Knowing what kill-chains affect what is one way of doing it, but the problem with that is that kill-chains are — I don’t want to say that they’re Turing complete, but they’re pretty close, as in, there are lots of different ways of enumerating different problems and putting them together, and hackers are very good at doing that, but the hacker only has to be right once, whereas the defense team can only be wrong once and they get hacked, whereas the attacking can keep going and keep trying and changing IPs and routing themselves around the world. There’s this huge inequality when it comes to how much success is required to prevent a massive problem. We looked at this problem of patch analysis from that view, and what we found was, there’s a good way of representing that as a network graph problem. Once we have that, it was, like, “Maybe we can apply quantum to that in some way, shape or form.” That’s how the paper began. Konstantinos That step of the problem that you are trying to solve, how did it compare to the classical approach? I’m assuming you want to share some benchmarking ideas here. Mark The possible ways of getting around a network start growing exponentially when you start tracking more than three or four layers of kill-chain. I’ve popped kill-chains that have been five, six, seven, 10 layers deep, where I’ve had to work a way around the network and rely on things that people don’t normally think of, like stealing entire browser sessions from users I can connect to or because I could get a joint local admin access — which is a very common network misconfiguration, for example. But in order to get to that point, I had to get onto the network where it was locked down with segregation. I had to work around, had to flip around, and so you’re always flipping between software vulnerabilities, misconfigurations, library issues or just human error, like a bad password that nobody noticed. It doesn’t matter if none of your staff on the network noticed. If the hacker notices it and it happens to be, say, PASSWORD1!, because that’s secure, then you certainly have a problem, and you might not have even detected that. The way that we were looking at it was much more to go, “What kind of graph problems could give you an ample coverage?” Thinking that maybe there was a quantum speed and not necessarily focusing on one, but going, “How would you fix it all?” The problems become things like, the one we used was a minimum vertex cover. That’s the mathematical name, but basically, it’s the minimum number of nodes you need to remove so that every edge disappears. That is how you remove every kill-chain, obviously, because if there are no edges, there’s no traversal. If there’s no traversal, there’s no kill-chain. That would be like that we went, “That’s the extreme example — that’s the logical conclusion,” so you just do that, and you try to start looking at how easy it is to compute. You might set up some network X Python environment and go, “Ten nodes — how does that work?” Depending on the density of the graph, it’s either quite straightforward and very quick or it takes a few seconds, and then you add a node and it takes quite a few more seconds. There are some where when you add a node and it goes in taking a few dozen seconds to a few minutes, and then it takes tens of minutes by just adding a node each time. By the time you get up to, say, 30 or 40 nodes, you’re waiting quite some time, and every one you’re adding is adding even more complexity that has to be taken into account to find the cover. This works both whether you use the exact algorithms or an approximation. There are lots of approximation algorithms you can use that can do a good enough job. It might not be perfectly minimum, but it’s a vertex cover, and that is probably enough, but again, all it does is kick the can down the road. They start getting longer and longer when you start getting past nodes and graphs of when you get to a hundred, it’s like, “I’m just going to go and get coffee and dinner.” Konstantinos And go to bed. Mark I’ve got plenty of time. Konstantinos Yes, and see you tomorrow, really. Yes. Mark Yes. Pretty much. That’s where you start getting the complexity exploding, and that’s where we look to see if there was a way of going, “I’ve heard that there are these quantum variants that can be solved quite quickly.” We assessed various ways of doing it. That was how we got to the point of going, “Now, let’s try quantum.” Konstantinos In as simple a way as possible, what would you say your results are, for listeners to understand? Mark We presented a paper that basically shows you that there is a potential for quantum optimisation on these problems. We use a D-Wave — not the universal quantum computer. We use a D-Wave because they’re a lot bigger, there’s more qubits, and the kind of problem we’re trying to look at is one that fits very well on to a quantum. The first stage was to go, “Let’s go and try for that.” The next stage was to then go through and recode the data. The problem with vulnerability data in particular is, there’s no real publicly available data set. I had to make a few little guesses there, but I went with my experience and I formulated an idea that you have two main data points: You have vulnerabilities, and you have hosts. For anyone who’s done some graph theory, they might go, “That might be a bipartite graph,” which in simple terms is just a graph with two sides. You take one side as the host, and then for every host, you attach it to the other side, which is representing vulnerabilities. The data you get is usually host first, and your questions are vulnerability first. There’s a validation in that you should use graph structures to get your vulnerability data stored and utilised, because you tend to get, say, “This host has these issues” and “This host has these issues” and “This host has all of these” and then move on from there, whereas the questions are, “We just read a headline that says that this issue is a major problem. Where are the hosts with that?” If you don’t use a graph, you have to go through every single host record every time you want to ask a question and look for the thing you’re looking for, which means that you have to go to the database every single time, which means it’s very slow. Even with well-indexed databases, it just doesn’t help all that much. Moving to graphs is very natural, but the bipartite graphs don’t fit too easily into the problem we want to solve, which is a very nice, neat quadratic unconstrained binary optimisation, QUBO, which is what we wanted to use. That’s where we went for any of that. The idea of getting to that point was to do a transformation, and that’s where there’s the interesting idea from a mathematical point of view in the paper, which is, there’s this nice way of coding these things that, if it applies to your problem, allows you to solve certain cuts on the bipartite graph by finding a total minimum vector cover on the dual graph — the graph you generate from the bipartite graph. That doesn’t take much more processing overhead. You just iterate around the whole graph and construct the second graph, and then you solve that. We almost organically grew toward this idea of being able to go, “Here’s a gnarly problem. Let’s look at this subset, vulnerabilities and hosts, and we’re going to try and remove kill-chains.” What’s a kill-chain there? A kill-chain is when two vulnerabilities are connected by a host. Then, we took that problem and went, “We’ll make another graph that connects vulnerabilities if, and only if, they’re connected via a host.” That was easy enough to do. Then, when you solve that, we wote a short proof that says, “If you remove all the edges here, you totally disconnect all of the vulnerabilities from each other on your original bipartite graph.” With that, you’re then able to say, “I haven’t fixed every patch, because that’s a hard problem, but what I have done is, I have removed all of the well-connected patches.” There’s no kill-chain here because literally no vulnerability can see any other vulnerability, and that’s the kind of totality you’re able to gain. That’s an exponentially hard problem as the graphs grow, but with a quantum computer, the lines stayed pretty flat when we were measuring time. Konstantinos Yes. That was pretty much the most noticeable result that should make people’s eyes open up, because with a large corporation, this could be monstrous. Mark It grows really fast. There was a part of adjusting the density of the graphs we were testing with. I would just generate random graphs and test them with the algorithm and generate the graphs, send them to a D-Wave, solve it classically as well. I noticed the classical solver was very quick for very small graphs, and the D-Wave was always taking this time: You’ve got to wait in the cloud queue and go around and come back. Then, by the end of it, for lower-density graphs, the D-Wave was coming back in a very short order of time with completely correct results that were almost identical to the classical version, except with the classical version, I’ve done all this extra work, and the D-Wave, well, hadn’t. It had just gone, “Here’s the answer to your QUBO in 33 variables, sir.” I was, like, “Thank you very much.” Konstantinos Yes. That’s a pretty consistent choice then. We see this a lot with D-Wave lately. People are just picking it for things because it’s giving that same performance. This kind of problem doesn’t have the normal bottlenecks that people worry about with quantum — this isn’t a 24/7 real-time requirement. You don’t run this all the time. This would be something you’d run every once in a while. You’d figure out that first layer, and then you go to the normal CVSS order: Fix your highs within 30 days, your mediums in a couple months and then your lows in whenever — six months. Mark Whenever you can. The nice thing is that any low that appears on your minimum vertex cover graph — the output from this algorithm — is well-connected, and you should fix the lows on that first before looking at the other ones. Konstantinos Yes. You would fix the kill-chains, and then you would go through the order as time allows. Yes. This could be huge. Mark It lets you take the sprawling problem where every machine is giving you a bad day, multiply that by tens of thousands — hundreds of thousands for some organisations — down to, here’s a memorandum — put it out there: “Please fix these 10, these 20.” You’re not going to remove all the kill-chains even there, but because it’s a minimum cover and I did a weighted version of the algorithm as well — which works quite nicely — you can actually go through and say, “Here are the things that are well-connected. These would appear on the most kill-chains.” You’re doing it without having to make an idea of centrality notional. For those who don’t know, there’s a thing called centrality in graph theory, which is to say, there is one node that is, in some sense, in the middle of these networks, but depending on which one you choose, you get a different answer each time. There’s a famous example from 2010, which is, there’s a graph where depending on which centrality algorithm you choose, it gives you a different node every time, no matter what. It’s a contrived example, but it means that you’ve made some kind of assumption there. Whereas here, we’re just going, “If it sits between something, it gets removed according to the weights and its own CVSS scoring.” It lets you be a lot more proactive from a blanket-defense point of view without having to churn through imagining, “What could an attacker do here? What can an attacker do over there?” Or spending infinite money on pen tests, which is the other way of doing it: Just keep spending more on pen tests and let the hackers tell you everything. Konstantinos Plenty of companies are fine with that on both sides. Since we’re talking so much about security in quantum, I figured it would be a good time to bring up that paper. Over the holiday break, a Chinese paper came out. It’s called Factoring Integers With Sublinear Resources on a Superconducting Quantum Processor, and they claim that if you extrapolate from the work they did on 10 qubits or so, it should be possible to crack 2048-bit RSA with 372 qubits. And this is, of course, building on some of the work from that infamous Schnorr paper — not to be confused with Shor — that everyone was talking about a while back. I thought you might want to share a thought or two on this. Mark It’s interesting looking at the reactions more than anything else. The paper itself, I read it and I was, like, “This seems correct,” and it was when you pay attention to what isn’t there — and this is what Scott Aaronson, and Peter Shor himself, pointed out — it doesn’t tell you how long the circuits are going to be. There’s this kind of analog — for want of a better pun — for a time when we trade off into another circuit, which is, you take the depth and the width of the circuit, the number of qubits and the number of gates. You can take that and you can adjust things a little bit, and you can usually trade off one for another. You can make things work on fewer qubits, but you have to do more gates and more resets and do more with the quantum computer while you have it. They don’t talk about the gate depth, and they use QAOA, which is almost notorious at this point for having very-hard-to-pin-down estimates for actual advantage. Even the algorithm itself, Schnorr’s algorithm, does a lot of work outside of the thing that they’ve optimised, which is just one of the harder parts of it, which is this [Barby’s] algorithm section. They’ve gone, “We’re going to do this, but there’s always the chance that the [Barby] algorithm is already too close, and so your annealer might not actually get to the ground state necessarily for various reasons.” I’m not discrediting any of your quantum QAOA, by the way, but you might not necessarily find the graphs out of that Hamiltonian. The fact that you can do it on 10 qubits is cool. It’s a nice idea — you can do it with minimal resources. That’s fun as an idea, but in terms of its usefulness, I don’t know. I’m not convinced that it’s going to add much to that, because there’s so much that still has to happen on those 370-odd qubits to make them last long enough, to make them stable enough, that you could actually get a meaningful result. And then, of course, you’ve got to run it so many times, because it’s a random vector input, to be able to get anywhere near a stable result. There’s a lot of ifs and buts, and they do document quite a bit of this in the paper. Konstantinos The gate depths too — 1,100 gate depths or something for RSA. Mark Exactly. The in-depth bit is more in the addendum part of the paper, which is 24 pages. That’s where most of the caveats are — less so in the leader, which is a little, I don’t know, a little pushy. Konstantinos When you hit that first conclusion, they even have a line in there. I’ve pulled it out just to bring it up. It says, “It should be pointed out that the quantum speed-up of the algorithm is unclear due to the ambiguous convergence of QAOA.” That’s a big word. What are you talking about? Thousands of days or whatever to run it. Millions of years — I don’t know. Mark Exactly. There’s a misnomer. What they’ve shown is that you don’t necessarily need hundreds of qubits, but you also don’t necessarily need a quantum computer. My CPU will factor numbers just fine. I could factor numbers on an Arduino 8-bit microcontroller. Eight bits are enough, but that’s not the point. There are other things to do first. I like some of the work that’s there. There are some nice ideas in the paper. I don’t want to just say, “This is rubbish,” because the hype around it is a bit rubbish, but the paper itself has got some cool ideas. It’s a nice way of going, “Here is how we can swap these things together,” but is RSA broken in the near term on these quantum computers? We’re probably OK — modulo some very fancy engineering or a lot of work on the algorithm side itself to reduce the depth of the circuit. Konstantinos It could be a start of something scary. It could be. We’ll see, but, yes, there have been some headlines a month ago or so — creating a black hole, a wormhole. That’s not at all what happened. Mark No. It was cool, but it’s, like, “We call it ‘mind the next spin,’” because the equations look similar to spinning a basketball on your finger or something. Konstantinos Yes. It was just a two-dimensional representation of a multidimensional wormhole, so it doesn’t do the same thing. Mark No. As a mathematician, I could tell you there’s a lot of stuff in topology and in algebraic geometry of various dimensions, that things do change between two and three dimensions, three and four dimensions. There are some things that are totally unsolved in four dimensions, but solved five and above and one to three. Just in the four-dimensional case, we have no idea. It happens to be we’re in what is probably largely a four-dimensional space-time. There are plenty of questions that we can ask still. I don’t think we’ve quite eradicated ourselves. It was an interesting paper, but the very sublinear resources is the thing I would change. Konstantinos Yes. We danced around on some stuff here. I don’t know if we’re going to see any wormholes at Quantum Village this summer, but we are going to try to do some cool things. I want to have you come back with your cofounder, Victoria, and then we can have a chat as we get closer to the show, because it’s going to be worthwhile to let everyone know what’s coming. Is there anything you wanted to tease right now before we sign off? Any ideas you have for the summer yet? Mark We’ve got lots of ideas that we want to put out there slowly. We’ve released the first embedded quantum simulator — which means you would hold a quantum computer in your hand, which is fun. We’ve got ideas for a badge — a little circuit board that you can wear. It’ll have a little battery. It’ll have Wi-Fi. Konstantinos That’s dangerous at DEF CON. Mark That’s the most fun you can have at DEF CON. We are looking at developing some very cool software for it to do quantum networking, and to do with a quantum art project, which is still very hush-hush, but we’re working with some cool people to help out. If people want to get involved, they can come and have a look at our Slack or our website, Quantumvillage.org. We’d love to hear from people. The Discord is really active. Well, you might consider it a very niche Discord — it’s quantum tech, but we’re from a hackers and security perspective, but we have a lot of interested people. We’re going to try and do it again. We’re going to try and bring lots of cool things to both the CTF and to DEF CON. If you want to hear more or want to get involved, they can contact us over social media or our website. There are loads of ways for them to come and get involved. Konstantinos Yes. I’ll put that in the show notes, and I’m going to be pretty much living there for a couple of days in the summer, so we we’re going to have a lot of fun, and I can’t wait to see you in person again. Mark It was interesting. First year, we didn’t know what to expect: Are we going to get eggs thrown at us? Are they going to go, “This is bollocks”? We had no idea, but people loved it. People camped out. They canceled all their other plans and stayed at QV, and we had some interesting sponsors. We had exclusive time on Oxford Quantum Circuits’ Lucy arranged. We had cool talks from people at Quantinuum and Sandbox and Quintessence — some nice ideas about quantum machine learning, talking about this quantum life. People connected with it in a way that we just didn’t anticipate. When we ran the Capture the Flag, of the five people who won, only one — and not the guy who came first — had ever written a quantum circuit before. Konstantinos That’s amazing. Mark This was cool. We’re always open to people who want to come and help out — even sponsor — but we’re always open to having people connect with us and take part. We’re open to just helping people lift that quantum literacy. Konstantinos Sounds great. I can’t wait. It’s going to be quite a party. Mark We have a party planned as well, but more on that later. Konstantinos Thanks so much for joining, and I’ll be seeing you soon, definitely. Mark Thank you so much. Konstantinos Now it’s time for Coherence, the quantum executive summary, where I take a moment to highlight some of the business impacts we discussed today in case things got too nerdy at times. Let’s recap. Mark created the Quantum Village to bring quantum curiosity to the infamous DEF CON hacking conference. Participants can learn from talks, sure. They can also participate in a quantum Capture the Flag context and other hands-on aspects that make hacker conferences so much fun. It turns out that quantum computing might have a few uses in the infosec community too. Mark’s paper, linked in the show notes, shows one way quantum can help solve a problem faced by organisations dealing with the remediation phase of a vulnerability assessment for penetration tests. How do you prioritise fixing what could be hundreds or thousands of vulnerabilities? Before you resort to the old rule of fixing issues ranked high, then medium, then low, it makes sense to fix the vulnerabilities in all categories that could lead to a kill-chain or path to exploitation. Trying to prioritise these with classical computing can quickly become challenging. The more nodes you add, the more exponentially runtime can go up in solving for the targets that need patching. Mark’s approach uses D-Wave and a QUBO to solve the problem, and remarkably, it stays flat as far as the required runtime with increasing nodes. Think of what we’re all hoping for with speed-ups in quantum use cases. We want to go from classical processes that run overnight, say, to quantum ones that complete within an hour while we’re answering emails in the morning. This experiment shows hope for this type of use case in information security. When is the overall threat in encryption coming? The first date everyone has to worry about is when NIST publishes its final post-quantum cryptography standards, possibly within a year or so. Regulators will come knocking when this occurs, and those in cybersecurity will have to have a plan for moving to post-quantum cyphers. A recent paper from Chinese researchers seems to warn of factoring numbers sooner than the 4,000 error-corrected qubits we’re waiting for. They claim as few as 372 qubits and a noisy NIST machine will be able to decrypt RSA-2048. However, the quantum approximate optimisation algorithm, or QAOA, speed-up involved is unclear — meaning, it might take just as long as a classical system, for all we know. Future experimentation will tell if the new approach leads to anything promising — or shall we say threatening? That does it for this episode. Thanks to Mark Carney for joining to discuss stopping kill-chains with a quantum computer, and the Quantum Village, and thank you for listening. If you enjoyed the show, please subscribe to Protiviti’s The Post-Quantum World, and leave a review to help others find us. Be sure to follow me on Twitter and Instagram @KonstantHacker. You’ll find links there to what we’re doing in quantum computing services at Protiviti. You can also DM me questions or suggestions for what you’d like to hear on the show. For more information on our quantum services, check out Protiviti.com, or follow ProtivitiTech on Twitter and LinkedIn. Until next time, be kind, and stay quantum curious.