Quantum pathfinder

 

Photo Petra Wevers

The Dutch word ‘kwantum’ easily translates into the English quantum, meaning quantity, although I mainly think of large quantity. This is probably due to the term quantity discount: buy a lot of something and it becomes cheaper. There is also something orange in my mind's eye, and that is due to that Dutch home furnishings store chain with its orange logo, which once started under the name Kwantum Hallen (‘Quantum Halls’).

For some time now, the word has been buzzing around the international IT community in its English spelling. It's all about the quantum computer, that strange machine that came straight from the film set of Back to the future, with its system of elegant pipes that provide cooling. Because the quantum computer likes it cold: in the heart of the machine the temperature is only ten milliKelvin (a tiny bit colder, 0 K or rounded off -273 °C, is absolute zero: it can't get any colder). 'Quantum' in this context depicts not at lot, but rather revolves around minimal quantities.

In addition to its bizarre appearance and the conditions required to function, the quantum computer has another peculiar property. As long as computers have existed, we have been used to the bit: a value that can be 0 or 1 and with which the computer can do calculations. But that crazy quantum computer works with qbits, which can be 0 and 1 at the same time, and everything in between. Until you look at it, because then the qbit has to show its colour. Sort of like Schrödinger's cat, which is in a closed box and is therefore simultaneously dead and alive to an observer, until the moment he opens the box and determines the state of the animal. With those qbits you can perform some calculations very quickly, because you can follow multiple paths at the same time. While ordinary computers work according to the pattern 'if this is true, then do this, else do that', the quantum computer simply does both and ultimately sees where it ends up. As a result, it makes many mistakes, but because it performs the calculations very often, a winning outcome emerges.

I talked about this with our brand new team member Petra Wevers, who calls herself a pathfinder in the field of quantum security. Quantum computers threaten the current way we protect our data which is, to a very important extent, based on a complex mathematical problem. To encrypt files you need keys, which are created by multiplying very large prime numbers. An attacker who wants to obtain the key does have the outcome of that calculation, but finding the two prime numbers (factorization) is extremely difficult. At least, for regular computers. For quantum computers, however, it is a piece of cake. The quantum computer therefore poses a major threat to the confidentiality of our data.

Current quantum computers cannot yet do that. Predictions vary widely, but you often hear that it will take somewhere between 7 and 10 years. Elsewhere I learned that from 2030 there is a real but small chance of breaking cryptography. Breaking RSA 2048 (a certain cryptographic algorithm, with a key length of 2048 bits) is expected to require a quantum computer with a million qbits, while the most powerful known (!) computer has only 433. Oh, you think, so we're not in a hurry. Think again. A lot of information that is confidential now will still be confidential in ten years. Long-term attackers, such as certain countries, are already stealing that information, even though they can't do anything with it yet. But if they can read that information a decade later, it will still be useful to them. Steal now, decrypt later, is their motto. Petra calls the situation we are in now the quantum squeeze. Others talk about Qday or even the Quantum Apocalypse, but it all comes down to the same thing: we have to do something before it's too late. And we have to act now.

We do not yet have quantum-safe cryptography, and the route to it has not yet been crystallized, says Petra. There are stopgap measures. Making keys longer, for example, so that even it will even take a quantum computer a while to figure them out. And – allow me to get specific for a moment – switching to TLS 1.3, because previous versions, which are still in full use, cannot handle hybrid algorithms (an accumulation of different algorithms). In addition, we can also be quantum annoying by frequently changing keys, so that the quantum computers choke in a tremendous workload. And if you as an organization purchase items, include quantum safety in your requirements. Ask your suppliers about their plans in this area.

Governments and science are serious about our safety, says Petra. Such as in the Dutch Quantum secure Cryptography Gov program. Next year, NIST (the American Standards Institute) will publish standards in this area, which are expected to be incorporated into commercial products three years later. According to Petra, it is generally overlooked that soon everyone will be able to work on quantum computers via some website, including criminals. Just as we can now all use artificial intelligence. It is not all doom and gloom: quantum computers, for example, will also help in the development of new medicines and batteries, it is expected. Let's fight to ensure that the positive use of this groundbreaking technology wins.

 

And in the big bad world...

This section contains a selection of news articles I came across in the past week. Because the original version of this blog post is aimed at readers in the Netherlands, it contains some links to articles in Dutch. Where no language is indicated, the article is in English.

• you don't always need a quantum computer to obtain crypto keys.
• the danger of hacked artificial intelligence lurks.
• Aviation over the Middle East is struggling with attacks on navigation systems.
• NameDrop shares your contact information (too) easily on your iPhone.
• Chinese spies have been snooping in the computers of a Dutch chip manufacturer for years.
• International police forces have busted a Ukrainian ransomware gang.
• the Dutch parliamentary elections were quite safe. [DUTCH]
• there is now a mattress with a privacy policy.