Quantum Computers Are Coming. Should We Panic About Security? | Intel Technology
(bright music) - [Voiceover 1] You're watching Cyber Security Inside, a videocast where you can discover what you need to know about cyber security. Here are your hosts, Tom Garrison and Camille Morhardt. - Hi, and welcome to the Cyber Cybersecurity Inside podcast.
I'm your host, Tom Garrison, and with me as always as my co-host, Camille Morhardt. And today, we are gonna talk about a really mind blowing technology called quantum computing. And to walk us through that, we have our guest, Michele Mosca, who is co-founder and president and CEO of evolutionQ, and co-founder of the Institute of Quantum Computing at the University of Waterloo. Would it be fair to say that computers today do very good at sequential things, whereas, I've heard it described before, that quantum computers, they don't do things sequentially.
They basically do them all at the same time. And so when, sort of, instead of doing step 1, 2, 3, 4, 5, or something like that, they do one through five, but, you know, at the same time, is that a fair way to think about quantum computing? - So yes and no. So it's a very quantum answer.
If you want to test a trillion configurations, you have to, one way or another, compute a trillion things, right? What one quantum computer could do, it can kind of embody all trillion or more of those configurations and calculate their properties all at the same time, right? But there's a tremendous caution there. So in some sense, you're getting a little taste of all these trillions of different computational paths in parallel but you don't get the full meal deal. Like, you don't get all the information out. So I sometimes call it seeing the forest but not looking at the trees. So you can start to extract some sort of global properties of these trillions of configurations without actually learning much or anything about any specific one.
Of course, over time, you'd like to finally converge to one good one. But what quantum parallelism does is it gives you, again, a sense of, the quantum computer is embodying a little bit of all of these different configurations but not a hundred percent of all the configurations. So you can, it's a really difficult art to find, like, what are these? How do I somehow interfere all these different combinations and extract a property that I care about? And that would've taken me, you know, trillions of different classical parallel computations to extract that same property. Quantumly, you can really, with one glimpse, sense that, you know, determine that global pattern, that periodicity.
That's one property where quantum is absolutely amazing at, right? So it's not good at all sorts of other pattern recognition problems, but that's one kind of pattern that it's actually just, you know, almost built for. - And so are there types of problems that are well suited for quantum computers? - And we're starting to get some insights into it. I think I would caution anyone who thinks we have all the answers, that we're almost certainly wrong.
It's like asking in the fifties and sixties, do we know what computers are gonna be good for? Or in the eighties and nineties, what's the internet going to be good for? So we, we have some ideas, you know, one is building on Feynman's original idea, is you can use a quantum computer to really, you know, efficiently simulate, according to some notions of simulate, other physical systems with quantum properties. So maybe we can design new next generation materials, new substrates for the technologies you develop at Intel, or materials for capturing energy, or transporting energy, and so on. If you wanna design a new material with all sorts of properties that are possible, you can easily define trillions and trillions, and trillions of different configurations of atoms, right? And then you wonder, does this have the properties I want? Well, you can't, you know, synthesize and test trillions of materials, right? So you wanna simulate them on a computer and have a good guess as to what their properties might be. And then you implement a short list of these things. But except it's hard, you can't, if it's truly a quantum material, there's no general purpose way to figure out, is it super conducting? Does it have this property or that property? But a quantum computer, again, it's not a magic box but it gives us a really a good fighting chance at simulating and answering questions about these materials we are interested in potentially synthesizing.
So there's that whole, there's many different sub sectors, let's say, of quantum simulation. Then there's other problems which aren't so blatantly physics in nature or quantum in nature, but there's an array of optimization problems we continue to explore, where you wanna optimally allocate resources. Can quantum help with those? In some cases, yes. Again, sometimes the known advantage is exponential.
Again, the point is not that it's a faster processor. It's that if you explore it in a quantum mechanical way, you can actually get the answer with vastly fewer steps. So instead of trillions and trillions of steps, you can get that answer with thousands of steps.
- Is there a type of compute that we already know quantum would not be good at? - There are things where we kind of at least don't think they're going to be tremendously good at. And that's, for example, just well mundane in a sense of just processing vast amounts of data bit by bit, right? So if it's, you know, word processing or like some, a lot of the basic tasks that we do day to day, we're not aware of a quantum speed up. In fact, one might argue for most things we're not aware of a quantum speed up. But the point is for some really, really important things there's an immense potential quantum speed up. - I think it's fascinating, the picture you're paint painting, which is this, you know, these types of problems that are good for quantum computing, pose a significant risk to the established security industry that exists today.
But you've mentioned that there are at least research around quantum resistant algorithms or quantum resistant. Do we have a, is that an active area of research, first of all? And second, is there such a thing as something that is quantum resistant and also resistant to more traditional attacks? Or is it kind of one or the other? - There's two flavors of answers. One is let's replace the current public key crypto with new public key crypto designed to be resilient to quantum attacks, at least the known quantum attacks.
That is already a 10 year plus process, that has already been underway for many years. The National Institute of Standards and Technologies is going to announce it's finalists in a few months. It'll still take another year or two to finalize the right, you know, the completion of the standards, but we'll know what the algorithms are for this first generation of standards. It's too soon to pick a winner and stop working on this, because we still don't fully understand the power of quantum computers, right? So we're going with the best thing we know today, and we need to continue exploring and standardizing new algorithms as we gain better insights into what algorithms are secure against quantum attacks.
Again, these are algorithms where you use classical technology, send a few signals, you know, a few messages back and forth and establish a key, and you can use that key to encrypt, for example. So that's kind of the, that'll form the new first layer of defense, that'll replace how we do https today. I mean, it'll still be https, just how you achieve the s part will be new algorithms. It's kind of more or less reestablishing the status quo.
We can do it better actually, in that we can make things a little more agile add a few extra, you know, maybe include two algorithms and so on. So we can actually emerge more robust than we went in. But I would say, that's probably not good enough anymore, right? It's good.
It's a great first layer of defense. It is beautiful because you can do it with any classical technology. But if you think in the nineties, what would've happened if public key crypto was broken? Most people couldn't tell you, right? Now, it's like, well, look at any technology, you know, any digital technology you're using, IoT or operational technologies, which are now more and more connected. Pretty much everything, any, every critical infrastructure. I don't just mean energy, I mean, you know, water or food, like transportation, like everything, directly or indirectly, depends on these digital technology. So it's a big problem.
IoT, driverless cars, 5g, implanted medical devices. Like we can't say, oops, you know, a smart mathematician figured out how to, well factoring, again, we know how to do it with a quantum computer but figured out how to find short vectors in a lattice, that's one of the new math problems we're basing these algorithms on. Oops, like, you know, we need, for critical systems where there's lives at stake, or other really important, you know, assets at stake, you need something else. And there's several ways to achieve additional layers of defense, but quantum cryptography is one of these new methods enabled by not, well, in general, you don't need quantum computing, for some you do. But for quantum key agreement, so an alternative way to do key agreement is called quantum key agreement or quantum key distribution. That's been commercialized honestly for about 20 years with very modest adoption.
But now, it's becoming showtime for deploying large scale QKD networks as an additional layer of defense in addition to these, you know, conventional cryptographic algorithms. And they're very complimentary. So to answer your question, we never know if a mathematical algorithm is unbreakable, right? Typically over time, eventually somebody finds a way to break it one way or another. Again, we hope not. And usually, it takes a few years, and sometimes we get surprised, and it's broken sooner than we, before it's been sort of deprecated. But the nice thing about quantum key agreement is there's no mathematical assumption underlying it anymore.
So that's why, even though I didn't come from the quantum world, I really like this primitive because it's an alternative to key agreement where we don't have to go to bed at night and worry about whether a smart mathematician, somewhere in the world, has figured out how to break all these cryptographic, well, this cryptographic algorithm that underpins our digital technologies. So again, you can't easily deploy this everywhere but you can at least deploy it in covering, you know, many of the critical systems. And of course, I say that QKD ages well. As technology advances, it becomes faster, better, cheaper, and more ubiquitous to be able to, you know, is a more ubiquitous technology that we can use. - Well, I have to say, I actually am dying to get a really quick description from Michele on entanglement, because I think you did kind of address superposition, but I want to have you tell us what entanglement is.
- Sure, sure. Then often, you know, academics will start arguing about what's the essential feature of quantum physics? Is it superposition, is it entanglement? And you're really looking at the same phenomenon, implications of the same phenomenon. So entanglement is really a special kind of correlation. We're used to correlations, right? You know, when if I send you an email, the email you have on your computer is a hundred percent correlated to the one I sent you. So we're used to having correlated bits at a distance. So entanglement is just a quantum type of correlation which you cannot simulate with classical correlation.
So in general, the only way we know in a classical world to simulate quantum correlations is to communicate, right? So if we're at a distance, like we can fake entanglement, but we need to communicate. But it takes time to communicate. And there's been some amazing experiments, started since the 1970s. So I mean, Einstein and others, they didn't like quantum theory, even though they pioneered it. And in the sixties, an Irish physicist at CERN said, look, let's, you know, let's, 'cause it was really just a, almost a metaphysical debate. He said, look, if quantum mechanics is correct, here's an experiment you could do to distinguish your classical explanations with quantum theory.
And, you know, a decade later, Alain Aspect in France started doing the experiments and validated the quantum hypothesis. But it's a special correlation where, you know, you can transform each to these bits and they're still a hundred percent correlated, like classically you can't do that. So it's a very strong kind of correlation between bits where you can query the bits in different ways, in quantum mechanical ways, and still get a hundred percent correlations. Like if you and I share a bit and they're either both heads or both tails, if we both flip the bits, they're not gonna be correlated anymore, right? So that's kind of an analogy for how the kind of correlations entanglement enables are stronger than anything you could enable classically. - But if you took the, to use your example, right? It maybe this is totally wrong, but if you change bit one, - Yeah.
- Does bit two simultaneously change? Is that true? - That's sort of a very interpretation dependent statement. And there's distinguished physicists who would say yes, and there's distinguished physicists who would say no. I'm in the no camp. I think you've changed the way these bits are correlated but you haven't, there's no action at a distance. People will say, oh no, it's like there's action at a distance, except when you try to actually use it as an action at a distance, you can't.
So then you have this long explanation for why it doesn't actually let you signal at a distance, right? So I prefer to, I gravitate toward the interpretations that say, no, there isn't an action at a distance. You've changed how two things are co-related at a distance. So maybe I'm trying to make it sound less interesting but I think I prefer to demystify and make things as simple as possible, as close to what we've seen as possible. So then we can zero in on what the real novelty is. Great question because there actually is no, it's more of a metaphysical question and there's no consensus on it.
One thing we do agree on is you can't signal at a distance with entanglement, but you can do other things at a distance. This is a subtle point. You can do things at a distance and instantaneously, that in a classical world would require communication, right? That's subtly different from saying you can communicate with it, right? And that's how we can do tests of entanglement.
'Cause we perform tasks instantaneously, and you're like, this is impossible in a classical world if you don't communicate, but we've isolated you, we space like separated you. And you're solving these problems with a success rate that is impossible classically without communication. And then, so, you know, either you're secretly communicating faster than light or something, right? And of course the quantum mechanical hypothesis is the simplest explanation of that phenomenon. - Well, as expected, this topic has totally blown my mind. So before we let you go, we do have one last segment that we like to do, that we call fun facts. And so Michele, do you have a fun fact that you would like to share with folks? - One, actually I might give you two fun facts if that's okay.
They're related. So there's public key cryptography, which was, you know, developed in the United States in the late seventies, just transformed how we do digital communications and just digital technology in general and security. We learned 20 years later that the British mathematicians at GCHQ, the Government Communications Headquarters, had discovered very similar methods both the factoring based methods and sort of the discreet logarithm based methods, sorry for the buzzwords.
These are mathematical problems which underpin today's public key cryptography. So that was, you know, a surprising thing to learn about in the late nineties, that actually the British a few years before, almost a decade before, had developed very similar methods. And another fun fact about the British, you know, crypto analysts is many people have, you know, seen movies and so on about the Enigma code, that Alan Turing and others figured out how to break. And the British built the machine to break it.
But often people oversimplify it and they're actually conflating two different codes. The Enigma code was for tactical communication as you would've seen in the movies, because they had to get it within 24 hours, 'cause it was only good for 24 hours. It was, yeah, information about U-boats the next day.
But the strategic codes were using a family of codes called the Fish codes. And a young British mathematician at the time, Bill Tutte, and, you know, a team of people, they figured out how to break these codes and the government built Colossus in order to implement those algorithms, to break those codes. And it's said, this is one of the greatest, you know, intellectual feats, you know, of the Second World War. And then Bill Tutte didn't tell, you know, he moved to Canada actually to Toronto and then to Waterloo. And he was actually a formative figure in our mathematics faculty here. And nobody knew he had done this, until like the late 1990s, right? And then it was just holy, you know, this is, you know, one of the greatest mathematicians of the 20th century and no one, he just never bothered, you know, well, not never bothered, he wasn't supposed to tell anyone.
And very serendipitously, he supervised people who supervised, you know, supervised me and got me into cryptography, right? And people who ended up getting by a fluke, ended up getting into cryptography, and then developing elliptic curve cryptography from an academic, you know, an ingenious academic idea into a globally deployed commercial product. So yeah, Bill Tutte, there's, you know, a BBC video about it as well. It's really fascinating. - That's great. That's a great fun fact. Camille, how about you? - Well, I was just gonna share a fictional novel that I'm reading because I really like it. I'm in the middle of it.
It's called "The Five Wounds" by Kirstin Valdez Quade. And it's just really, really well written and a good story. That's my fun fact.
- Excellent. Well, I found actually that the use of evergreen trees to celebrate the winter season actually occurred even before the birth of Christ. So that was interesting. But it goes on even further.
The first decorated Christmas tree was, I'm sure I'm gonna say this wrong, it's like Riga, R-I-G-A, in Latvia. and that was in 1510. And the first printed reference to the Christmas tree appeared in Germany in 1531. So the whole tradition around, first of all just, you know, what we now call Christmas trees actually is well over 2,000 years old, but as we would call them Christmas trees, and the decoration of those actually started all the way back in the 1500s.
So I thought that's fairly interesting. Probably by the time this podcast airs will be past Christmas, and people will be like, why are we talking about Christmas trees right now? But anyway, that's why we're here. So Michele, thank you very much for opening our eyes to this quantum world of 1s and 0s, and everything in between, and how it will impact security and evolve things the way we think about today. It was a fascinating conversation.
- [Voiceover 1] Thanks for joining us for Cyber Security Inside. You can follow us here on YouTube or wherever you get your audio podcasts. - [Voiceover 2] The views and opinions expressed are those of the guests and author and do not necessarily reflect the official policy or position of Intel Corporation. (bright music)
2022-10-05 04:00
