Books | Quantum and the Magic Decoder Ring

How cyber and emerging technologies will change society and warfare

The Fifth Domain: Defending Our Country, Our Companies,  our Ourselves in the Age of Cyber ThreatsWhat sparked governments’ interest in quantum computing was fear, or hope, of breaking secret codes. As they have learned more about it, other possibilities have drawn their attention. If you could easily break encryption, cybersecurity would be in much worse shape than it is today. Encryption is not just a tool that governments use to transmit secret messages to spies and soldiers. Encryption is ubiquitous, working behind the scenes in our web browsers, emails, databases, ATMs, and a lot more. Without encryption, it would be almost impossible to defend against hacking successfully. So, should we fear that quantum computing research will endanger cybersecurity?

If you thought quantum physics is complicated, the mathematics behind modern encryption can also quickly leave you in the dust. Again, we are going to simplify. Most encryption codes are based on a mathematical process called factoring: By what whole numbers can another, larger number be divided? So, for the number 12, the factors are 1, 2, 3, 4, 6, and 12. You can do that kind of factoring in your head, but it’s a lot harder when the number you are factoring is not just two digits (like the number 12) but, say, hundreds of digits.

Most encryption algorithms utilise factors (prime factors, to be precise of very large numbers as their basis. The assumption is that, even with a modern supercomputer trying out all the permutations, it could not correctly guess the factors that are being used as the basis for a particular encryption code without thousands of years of run time. If quantum computers can be made to work, thousands of years’ worth of conventional computing could be done in seconds and modern encryption could be cracked.

With that hope in mind, governments have been rumoured for years to be collecting and storing other nations’ encrypted messages that they now cannot crack. Someday, perhaps in the next few years, quantum computing might allow China, Russia, the U.K, or the U.S to read messages that they intercepted years ago, what you might think of as reading other people’s old mail or yesterday’s news. That may prove interesting and maybe even useful in the field of counterintelligence, tracking down spies and their sources. If and when this happens, don’t expect anyone to announce it. This is one aspect of the quantum computing race where no one is going to claim to be first across the finish line.

As for cracking encryption codes in use currently, remember that a functioning quantum computer, when it appears, will not be generally available any more than a supercomputer is today. No one would argue, however, that supercomputers are unimportant. Indeed, they are necessary for any number of important uses, including designing nuclear weapons. Quantum computers will be owned and operated only by governments and a few large companies. The governments that have them will be able to use them to revolutionize many aspects of science and technology, including cybersecurity. If you are not working in those governments of the few companies that will have a functioning quantum computer and you want to use one, you will have to access quantum machines in clouds operated by IBM, Google, Microsoft, and probably Rigetti. Sorry, but they are not going to let you rent time in their quantum cloud to decrypt Citibank’s codes.

Moreover, cryptologists, the mathematicians who live in the abstract world of codes, have seen the threat from quantum computing coming for years now. They have created quantum-resistant coding algorithms, systems of encryption that are more complex, some of which use entirely different approaches than long number factoring. It is a safe assumption that major governments have been using quantum-resistant encryption methods for some time.

In fact, the U.S government’s National Institute for Standards (NIST) has been openly and publicly working with leading academic cryptologists to create a new quantum-resistant encryption standard that could be used by banks and other commercial and private-sector organizations. NIST is hoping to have standard ready by 2024. Some people think that will be too late.

One of the new encryption methods being explored actually uses a form of quantum computing to transmit secure messages, using quantum to deal with quantum. Remember that at the quantum level, things change when you look at them? That quality may make it possible to transmit codes or even the messages themselves in a way that the recipient could be confident that the content was not cracked, observed, or copied (this is referred to as the no-cloning rule).

Companies, including Hewlett Packard, are trying to commercialize quantum key distribution (QKD), a way to send a ‘one-time pad,’ or single-use code, that both ends of a communication could use to encrypt and decrypt. Such symmetrical codes have in the past been risky because someone could intercept and copy the code book. With QKD, sending the pad as quantum photon-based messages eliminates that risk because by definition you know if someone has looked at a piece of quantum code. Unfortunately, thus far, the distance that QKD messages, which are made up of photons, can be transmitted is limited by the fact that the energy in a photon fades with time and distance.

In classical computing, messages made up of photons travel across the country on fiber-optic cables but the photons are ‘boosted’ or retransmitted repeatedly on their rapid journey. The method used to boost the photon signals on the internet backbone today observes and reproduces the photon, and would thus break the security of QKD. Solving that problem, being able to transmit quantum messages at a distance, is a high research priority, but not one to which experts are willing to assign a time frame. If someone succeeds at it, quantum computing, far from putting an end to encryption, might actually offer a highly secure method of communication.

In the meantime, banks and other commercial and private-sector organizations are going to have to shift from the encryption systems they use now to quantum-resistant systems. Whether that is two years away or ten is a matter of debate and conjecture, but there is a role for government to require that shift by a certain date through regulation and a new encryption standard.

Think of it as Y2K for encryption: a time when everyone is forced to update their software to ensure that a hacker with access to a quantum computer cannot someday become a problem. It is not a dire or immediate threat quite yet, but it will arrive sooner than most realize.


The Real Promise of Quantum Computing

So, assuming Chad Rigetti, his giant corporate competitors, or the Chinese can get a real quantum computer to operate as more than a science experiment, what will we do with it? Konstantinos Karagiannis of BT has been tracking how people are getting ready to use quantum computers by looking at what software they are writing and what quantum algorithms have been developed. “So far only two of the sixty quantum algorithms I know of are about encryption,” he told us. Many of the nonencryption algorithms are for machine learning, which as we’ve seen has significant implications for cybersecurity.

Karagiannis thinks that “for AI to go to the next step it may need quantum computing to integrate all of those little AI programs” that are doing single tasks on a computer network. Chad Rigetti is excited about the possibility. “There is a very deep connection between machine learning and quantum computing. They could work together in a beautiful and elegant way.”

What we discovered is that there is an enormous amount of academic work going on in anticipation of marrying quantum computing and machine learning. NASA, Stanford, and Google have come together to create QuAIL, the Quantum and AI Laboratory in Palo Alto. Even before there is a real operational quantum computer, teams at places such as MIT and the University of Toronto are busy writing machine learning applications in the new computer languages developed for quantum.

Now, think back to the previous chapter in which we said AI/ML was adding some nice single-function capabilities for network defense, but that no one had yet really done network orchestration and defense in real time without a human in the loop, using a Network Master AI/ML program. Instead, we suggested ML might already be in use as a tool for network attack today.

If, however, you were to combine a truly operational quantum computer with some specialized ML and orchestration applications for running and defending a classical computer network, it might just be possible to deal with the millions of actions that are simultaneously taking place on a network and its periphery, taking into account all of the data that is in storage about the network, factoring in information about what is happening in near real time elsewhere in cyberspace, and repairing or writing code on the fly. In short, you might be able to create the “one AI to rule them all” on a network. You might actually be able to defend a network successfully. Or attack one.

Here is where the so-called quantum arms race may be real. If an attack algorithm were written in new quantum code, taking advantage of an operational quantum computer’s computational capacity, it might be possible to develop a tool that would collect everything that is known about a network, simulate it, and find the best way to attack it. Indeed, it could be possible to design a series of optimized attacks for a host of networks and then launch them more or less simultaneously, bringing a target nation or group of nations to a pre-industrial era condition in seconds or minutes.

Such a crippling attack is probably too difficult for teams of humans to execute today, but an operational quantum computer with bespoke, optimized ML/quantum programming might be able to do it. Former University of Southern California president C.L. Max Nikias offered the prediction that “whoever gets this technology first will be able to cripple traditional defenses and power grids and manipulate the global economy.”

This may have been an overstatement, but given what we know of the tendencies of Russia, China, and the U.S militaries and intelligence services, once they realize what an operational quantum computer could do, it probably will not take them long to start thinking like that. Will they create quantum-powered network defense first? Unlikely. Militaries think first of offensive weapons. It’s in their DNA.

Assume for the sake of argument that a functional, operational 128 qubit quantum computer will be running by 2020, as Chad Rigetti predicts, and that dozens of ML and orchestration applications will be designed for it and running successfully by 2022. It should be possible by then to try a Network Master AI/ML system to defend a large, complicated network. Maybe that effort would, if funded properly, show progress by 2024, just five years from now.

In the meantime, people are putting processors in everything and connecting everything to networks at an amazing rate. Few of them are thinking about security, as we shall see in the next chapter.

The Fifth Domain: Defending Our Country, Our Companies,
our Ourselves in the Age of Cyber Threats
By Richard A. Clarke and Robert K. Knake
Penguin Press, Page 331, Rs 699


Call us