Transcript | Preparing for the Quantum Threat to Cryptography and Cryptocurrency

Cybersecurity continues to be a critical area of concern for organizations and virtually any leader you ask — board members, CIOs, CFOs and many more. As elevated as those risks are today, the real threat maybe just around the corner, particularly concerning cryptocurrency. This is Kevin Donahue, a senior director with Protiviti, welcoming you to a new edition of Powerful Insights.

Crypto has been viewed as highly secure, but the rapid emergence of quantum computing, which is set to deliver practical applications and capabilities within just a few years, is changing the game. Protiviti recently conducted a webinar on this topic titled Preparing for the Quantum Threat to Cryptography and Cryptocurrency. The lead expert and host of this webinar was Protiviti Associate Director Konstantinos Karagiannis, who is the head of quantum computing services at Protiviti and hosts his own podcast, called The Post-Quantum World, available wherever you get your podcast content.

Konstantinos has been helping companies with quantum computing threats and opportunities since 2012, and I had the great pleasure of speaking with him recently about this topic — specifically, related to cryptocurrency. What we wanted to do is address some of the many questions that came in during the webinar that Konstantinos was unable to get to during the webinar itself. I should add that Konstantinos was joined on the webinar by Emily Stamm, a senior consultant with Protiviti. Konstantinos is not new to the quantum computing game. In fact, he’s been helping companies with quantum computing threats and opportunities since 2012.

Konstantinos, thanks for joining me. It’s great to speak with you today.

Yes, great to be here.

To kick things off, I thought it’d be fun to start with a short icebreaker. You’ve been in the quantum computing technology arena for nearly a decade. What motivated you to go down this path?

So, when I first started out, I was studying physics before I shifted over to more technology and hacking. Then, in my last job, I was there for quite a while, and as I moved up the ranks, I started focusing on emerging threats. So, around 2012, I started talking to customers about the quantum threat to cryptography. Also, I got to work on hacking very unique and emerging technologies too. I was involved with securing QKD and that other side of quantum computing.

Thanks, Konstantinos. Let’s type in to some of the questions we have from your webinar that came in from members of the audience there. Again, for you, probably a basic one, but I think a lot of people would be interested in knowing: How many quantum computers are in existence today, and where and how can organizations leverage them?

That’s a good question. There are about three dozen quantum computers on the cloud right now. When I was first interested in quantum computing, I couldn’t have even fathomed them being available on the cloud freely or even with pay tiers like some of them are available through. So, those are primarily the major providers. When I say that, I mean both hardware providers who have their own setups — like IBM, for example. They have about 20 machines that are available right through them.

Then, there are other companies that are taking advantage of this new movement in cloud providers, where they allow multiple hardware providers to be in one service — for example, with Microsoft Azure Quantum, you can log in and access machines from different vendors, and same with Amazon Braket, which is another cloud service. What’s great there is, you can be doing traditional coding in either Azure or AWS, and then you can hand off part of your workload to quantum computers when there is actually an advantage to be gained.

We expect to see different types of advantage evolving over the next couple of years. So, providers like Honeywell, IonQ, Rigetti, you can get these machines through multiple cloud providers as well as through the source if you have some kind of arrangement or partnership. What’s interesting about this availability is, though, depending on how you access these machines, sometimes you get different levels of access to the inner workings.

Quantum computing is pretty complex. There’s a lot involved in maintaining the qubits. Sometimes, when you access through a cloud provider, you get a very high-level, easy interface with a lot of abstraction, which means you write simple code, and then, in the background, a lot of optimization and things like that happen to it. But if you access the machine directly from a hardware provider, sometimes, you get extra inner workings where you can adjust pulse level and other things like that that controls the extra qubits themselves — sometimes, squeeze a little performance out. So, that also sometimes helps people decide how they access these machines.

Konstantinos, a quick follow-up: I asked how can organizations leverage them today. Are individuals, whether graduate students or just individual researchers, looking to try to leverage these quantum computers as well that are available?

Yes. One of the most amazing things that came out of the early days of IBM putting these machines online about five years ago was, we started to see a lot of papers being published. These machines were freely available at first, and then a pay tier was introduced for the more advanced ones. So, students and researchers in universities were accessing them, doing experiments, running algorithms, writing up the results and publishing papers in the field. As a result, it advanced it, and I’d like to see that continue. It is absolutely possible for students, if they’re willing to put in a little bit of wait time on a queue, to access some of these machines for free and run real programs instead of using something like a quantum stimulator.

That’s great. What an opportunity for them. Going into some of the topics from the webinar and looking at cryptocurrency, in practical terms, how far away are we from quantum computing being able to break cryptocurrency?

That’s interesting, because cryptocurrency is going to be threatened before general cryptography. Most people would think about the threat to RSA being able to intercept credit card numbers or whatever else you’re sending securely with data in motion. With cryptocurrency, you’re going to need smaller quantum computers, if you want to call them that, to attack cryptocurrency. So, we think you’ll need around 4,000 quality or logical qubits — those are qubits that are error corrected — to crack something like RSA. But for something like Bitcoin, we think you’ll only need about 2,500 qubits. So, that’s going to be a lot sooner. IBM expects to have around 1,100-qubit machines in 2023.

We’re still not sure how many of those qubits will yield logical or quality qubits after error correction, but all the different hardware manufacturers have different claims about how many qubits they’ll need to do error correction. So, somewhere in the 2023–24 period, we’ll have these several-hundred-at-least-qubit machines that are logical.

When you introduce something like the constative interconnect, it becomes a completely wild card situation. You can end up chaining these machines together and effectively creating a multithousand-qubit machine if interconnect works well. So, it could be as soon as two or three years that someone finds a way to combine these machines and have the power to do something like attack Bitcoin.

Just to make sure I heard you right, you said this is going to happen before the cryptography end of things is resolved or solved, correct?

Yes, because you’ll need about half the qubits — 2,500 compared to 4,000. So, if you’re going to be able attack cryptocurrency first, there won’t be a way to solve the cryptocurrency problem fast enough. When it comes to attacking general cryptography, we’re going to have a little more time. So, people right now need to start worrying about what they’re going to do in the future.

Yes. Because that, in essence, is a pretty significant red flag, if I’m hearing that right.

Yes. Cryptocurrency will be threatened first, 100%. The more general secrets, we have a little more time.

Moving into some of the specific industry perspectives, how does quantum computing affect industries like airlines and hospitality? I’m also interested about financial services, even media and technology companies.

There are three general areas that quantum computing can have impact: Those are in areas of optimization, machine learning and simulation. Simulation can have two subcategories: There are things like risk simulations, like Monte Carlo simulations, and then there are things just simulating a molecule. When you look at all those use cases, you can instantly see ways to apply them to all industries.

Financial is interested — emphasize interested — right across the board. There’s an optimization they want to do — things like portfolio optimizations. Machine learning — they want to do things like better fraud detection or credit scoring. Then, with simulations, they want to do things like I mentioned with Monte Carlo risk simulations.

When you get into airline and hospitality issues, they’re going to benefit greatly from optimization because instead of optimizing portfolios, they might want to optimize the best routes — the best way to book systems for maximum efficiency to not have hotel rooms empty or whatever the case may be. We’ve already seen some amazing results in optimization using a hybrid solver, which is D-Wave, the combination of a classical computer and an annealer, which is a type of quantum computer that is best situated or used for optimization.

Healthcare, for example, could take advantage of the machine learning side. They could optimize. They can discover potential indicators of illness. You can imagine that if machine learning can look at a bunch of MRIs and detect a potential problem in six months from now, quantum computing one day will be able to do it even better. So, that’s the big promise of machine learning in general. We have this idea that as quantum computing explodes in power and passes classical by orders of magnitude, the machine learning benefits will be hopefully similar.

Konstantinos, another quick follow-up to that. I would imagine that maybe with the exception of financial services and some different organizations, most are very much unaware of the long-term opportunities quantum might provide their organizations and their industries. Is that a fair assessment?

Yes. A lot of people worry about the fears like quantum breaking cryptography. That’s all you’ve been hearing about since I got into the game about a decade ago. Now, we’re realizing that the use cases are going to come way before the threat. We expect to see benefits or advantage in optimization this very year. We think by the end of 2021, someone will have some kind of combination of accuracy and speed that proves that quantum optimization shows advantage. Then next year, the year after, somewhere around there, we should start to see advantage in the other types of applications I told you about. So, people have to realize that now is the time to get in on the benefits of quantum computing while, in parallel, you’re working on preparing yourself for the coming apocalypse, if you want to call it that.

Well, I did want to touch on some of the cryptography aspects of this, since that was the topic of the webinar and certainly the nature of some of the questions received. So, one of the questions was, will quantum computing break financial institutions and confidential assets equally?

Yes, because at that point, it’s just technology. At that point, it’s what you’re using for data in motion. The major threat here is data in motion. Anytime you’re sending information, it can be harvested. When a quantum computer of sufficient power is available, you can reverse it and read what the secrets are. The same threat applies to data at rest, because when data is at rest, you can send keys to access the data at rest and then you can unlock it and read it the same way.

It’s going to be basically equal — it’s just, what is an attacker looking for? If you’re a nation-state, you’re looking for certain types of secrets. If you’re motivate to steal money, you’re looking at certain types of secrets. Things like credit card numbers, I wouldn’t really worry too much about those, because let’s say it does take five years to reverse them, chances are they’re not going to be valid anymore, but there are certain types of secrets that have a long shelf life. If you’re a person who’s sending healthcare information, that has a very long shelf life — basically, your lifetime. Another great example is the recipe to Coca-Cola: If you send that, encrypt it today, someone can harvest it and, in a few years, have their own Coca-Cola because they reversed it.

That, actually, is a good segue to this next question, which might be one of the magic ones: If hackers are already collecting this type of confidential data today with the intent to use that data when encryption can be broken by quantum computing sometime in the future, is it already too late? I mean, what should companies do today?

It sort of is too late. What you’re playing is a numbers game. Like in the early days of the internet, people would say, trying to catch a credit card number was like spotting one apple rolling down a hill in a sea of oranges rolling down a hill, or something like that. So, yes, there’re some truth to that. You’d have to get just the right packet with just the right information or whatever, but of course, encryption was still needed. So, if some of these packets are being captured and stored and looked at later, there is a chance that some secrets have already been sent that are out there that someone has. So, the best we can do is play that numbers game of protecting as much as we can immediately.

If you have something that’s super critical right now, you want to look into at least some kind of hybrid solution that protects you somewhat. There are ways to do a hybrid keyless approach, where it’s doing a handshake with both classical elliptic curve and one of the post-quantum ciphers we think will be a finalist from this — something like BIKE, SIKE or Kyber — and then that way, if the classical algorithm falls, we’ll still have the cipher protecting it on the quantum side.

In some ways, yes, it is too late, but you have to do the best you can and start ramping up those other options. Also, looking at what you can do for the future. At Protiviti, we’re trying to help customers with crypto-agility. We go in and we help you figure out what your keys to the kingdom are, where your crown jewels are, and how you can best protect them now and in the future, when it’s time to plug in the new finalists that NIST is going to announce within a year or two.

I would expect, asking this as a layperson here, that if it’s too late for many things today, it’s going to be even more in the too-late realm a year from now, two years from now, if you’re not acting on some of these things today.

Yes, because like it’s like Maschke’s theorem: You have to take into account the amount of shelf life a secret has, plus the amount of time you expect to implement a new solution in the future. When you add those two together, you end up with a number of years that most likely passes the marker of when quantum computing becomes powerful enough to reverse encryption. The time to start looking at this was yesterday. That’s why we’re trying to roll out and help customers with this problem right now.

Great. I think, on a brighter note here, asking this next question, can the same quantum computing power that will break existing encryption be used to create new quantum-powered encryption that can still provide protection in a quantum computing world?

It’s possible. The thing is, no one is seriously focusing on it right now, because if you think about it, you want encryption to work everywhere. That was one of the promises of quantum key distribution. It was like a box at one end of the fiber-optic cable and a box at the other end, and they would send pulverized photons, and that would be great — it can’t be cracked — but it’s kind of limited. You have two buildings connected by a fiber-optic cable. That’s not really a great solution.

You want encryption everywhere. We want it in our cell phones, on our laptops, we want it going over satellites, we want it in every any way possible. So, using a quantum computer to generate any kind of encryption wouldn’t be a great solution. It would be very expensive. You have to have a bunch of quantum computers somehow interacting. Systems like that don’t make a lot of practical sense. Instead, our post-quantum cryptography that we’re interested in is more like standard cryptography. It’s math-based, not physics-based, and it’s new ciphers that seem to be post-quantum safe like that. A quantum computer can’t crack that. That’s where we’re focusing on with this NIST challenge to find the new ciphers.

That said, you could use quantum computers right now to generate really robust random numbers, and those have some applications for certain types of cryptographic and other technological uses. That’d be the best approach right now if you just need a lot of good, solid random numbers, because regular computers generate random numbers in a not-so-random way. Sometimes, they’re based on a clock and other factors, whereas a quantum computer is like a nuclear event that generates a zero or a one. There’s better random there — better entropy, if you will.

Got it. This has been a great conversation today, Konstantinos. I’m going to remind our audience that they can hear you every two weeks as host of The Post-Quantum World, where you dive deep into these topics with your guests from the quantum computing world — different companies, individuals that are focusing on this space. One last question for you: How do you develop a crypto-awareness program for a highly decentralized IT environment?

It’s the same approach you would use for anything. In the early days, we had to worry about security awareness. We had to make sure that everyone was onboard. In this case, it’s about education first — getting all stakeholders to understand that this is a very real threat that will face every industry and every department, depending on what kind of secrets you’re sharing, etc. It’s about finding those right stakeholders in a company who are willing to participate in these early days and being the champions in their own organizations. We do definitely take people down that path when we go into a company and help them with crypto-agility, which is literally the ability to be agile in shifting and changing your cryptography as needed.

Well, this has been a fascinating discussion, Konstantinos. You’ve certainly given me and I’m sure our audience a lot to think about, and I look forward to hearing from you on your podcast and reading more on this topic and quantum computing as it evolves in the coming months and years.

Thanks for having me.

Thank you for listening today. What a great conversation with Konstantinos, who certainly raised some important issues in my mind — some things to be mindful of, some things to be a little scared of, but also some things to keep an eye on in the months and years to come.

I, again, urge you to tune in to and subscribe to The Post-Quantum World, the podcast that Konstantinos hosts with a new episode every two weeks. As Konstantinos explains, quantum computing capabilities are exploding. They’re causing disruption and opportunities, but many technology and business leaders don’t understand the impact quantum will have on their business, and very soon. These are the very issues that Konstantinos explores with his guests on his new episodes. Finally, I want to encourage you to subscribe to our own Powerful Insights podcast series, and to review us, wherever you get your podcast content.