Inside the Fight to Protect Data from Quantum Computers - Ep 43

Show Notes

During this latest Reimagining Cyber podcast episode, Stan Wisseman and Rob Aragao talk to Terence Spies, CTO of CyberRes Voltage, about the future of quantum computers. Spies has had countless years of experience when it comes to working with cryptography engineering, encryption, and quantum computers. Spies actually architected the original Microsoft CryptoAPI and Certificate Server!
Spies started by providing a background about quantum computers and what we should expect to see in the years to come. Spies states, “the world is changing, and one of those changes that people are anticipating is that there’s going to be this fundamentally new kind of computer that’s going to alter the way that we have to think about cryptography in terms of throwing away whole classes of algorithms we use now.” These new developments will help us encrypt our data to new levels while helping prevent cyber-attacks and keep our data private.

Though these new quantum computers will be our future, that does not mean that attacks will disappear. There will still be quantum attacks. Spies goes into detail about how quantum attacks will fall into two categories, the good news and bad news kind of attacks. The good news is that a generalized search algorithm is being used and is highly counterintuitive. This allows you to search a list within the square root of the list’s length time. Spies says it is “a little mind-blowing because what it means is that (you) can search a list of any size without looking at all and things without having to take N steps to do it.” The bad news is the other algorithm that is being used, Shor’s algorithm. Sadly, this means we can’t make the key size big enough to make the attackers’ job hard anymore. Don’t get discouraged yet, though; the National Institute for Standards and Technology (NIST) has been spending the past six years working with cryptographers around the world to create a sort of quantum computers superhero league to find the algorithms that are not vulnerable to these attacks and will help solve this problem!

You may be alarmed by this, but Spies wants to assure you that he is not an alarmist. Spies points out that the current threats might be taken care of before quantum computers are even released to the public. NIST is showing much progress, and Spies advises organizations to “make sure that you’re not wielding in dependence on particular algorithms and have that sense of agility.” This episode just reaffirms that those in the cybersecurity space need to adapt to anything and everything happening now and in the future. 

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings.

Transcript

Welcome to the re-Imagining Cyber podcast, where we share short and to the point perspectives on the cyber landscape. It's all about engaging, yet casual conversations and what organizations are doing to reimagine their cyber programs while ensuring their business objectives are top priority. With my co-host, Stan Wiman, head of security strategist, I'm Rob Orgo.

[00:00:53] Chief Security strategist and this is Reimagining Cyber. So Stan, who do we have joining us for 

[00:01:01] Stan Wisseman: this episode? Brom. Our guest today is Terrence Spies, the CTO of Cyber as Voltage. I. Terrance is a veteran cryptographic engineer. He architected the original Microsoft Crypto API certificate server, and is a founding member of the voltage security capability and, and product.

[00:01:17] In addition to building cryptographic systems. He's a co-inventor of format preserving encryption. And has headed multiple standards groups. Terrence, is there anything else you'd like to add to your extensive background for our listeners? I know it's extensive. That's not So Say, say you're old. I'm just saying that you have done a lot.

[00:01:36] Terence Spies: Yeah. I've, uh, I, I told people I've, I've stopped doing the subtraction for how many years I've been, been fighting the crypto battle. It's, uh, it's been interesting. 

[00:01:45] Stan Wisseman: So Terrence, um, we're here to talk to you obviously about encryption and to, to most of us, you know, I mean, what encrypted data looks like is it's a, a random set of alphanumeric characters, right?

[00:01:57] And, and Christian algorithms, you know, follow logical rules and, and can be in some cases vulnerable to different types of attacks, right? And. Algorithms are inherently vulnerable to, you know, brute force attacks, given enough time and compute power in which, you know, all possible combinations of encryption keys can be tried.

[00:02:19] Um, there's general recognition that, you know, quantum computers are. Our, our being built and, and, and our, you know, there's a bunch of hype around that as far as the potential threat that quantum computing can pose to data we try to protect today with encryption. Perhaps a place to start is to explain what a crypto analytically relevant quantum computer or C-R-Q-C-I can't get it right.

[00:02:46] Um, is and how it can impact, you know, our potential of protecting data when a attacked. With somebody with this kind of capability. 

[00:02:55] Terence Spies: Yeah. Well, let me, let me set just a, a little bit of context by, by rewinding to one of the earlier things I said that you said, I think is, uh, is, is really relevant. The, the tragedy of security systems in general and, and cryptography specifically, is that unlike other areas of computer science or other areas of, of, of software that people might be buying, it's one of.

[00:03:22] You can't demonstrate the most important properties of those systems, right. As you the, like, I love what you said is like, you know, uh, encrypted data just looks like this, this bunch of gobbly book. And the problem, and, and this is relevant to the discussion today, is that that well encrypted data and badly encrypted data looks exactly the same.

[00:03:45] Right? You, you can't, there's, there's no way to demonstrate to somebody that this crypto analytic. Uh, algorithm is, is, is actually strong because you're, you're looking to demonstrate sort of a negative capability, right? If I come to you with a new graphics card or a new CPU or a new database sorting algorithm, I can demonstrate the things that you care about in terms of, Hey, this is faster.

[00:04:09] This consumes less power. The rest of it, the, the tricky business about cryptography is that what you're saying is, I'm gonna encrypt this data and there's a bunch of things that. Can't happen right in, in, in a whole universe of possibilities, right? That there is, there is no way to derive the key that's going to sort of unprotect or, or, or decrypt this data.

[00:04:33] And what that means is that. You need to be open to a whole universe of, of possible attacks, sort of, uh, known, known and unknown. Right? Uh, and this is one of the things that makes it interesting and also I think difficult for, uh, for people in the enterprise space, which is that they're being asked to, um, sort of bet part of their business or, you know, bet be the security of their data.

[00:04:58] On these statements often obscure and, uh, and, and subtle kinds of arguments about the, the strength of these protection mechanisms in a, in a way that can't be demonstrated. So the way that that fits into the, the discussion we're having today is that there is on the horizon, uh, potentially, uh, a bunch of discontinuous change in the way that people think about computing.

[00:05:22] And that's, that's quantum computers, right? So, um, there have. Lots of other discussions about how quantum computers, uh, work and what they can do. But the, with relevance to the crypto space, there are, there are two algorithms, um, that change fundamentally the way that people can do searches in, in, in two different spaces, um, that affect.

[00:05:46] The way that, um, that people are going to have to protect data with, uh, with cryptographic mechanisms. So if, if there comes to be a practical quantum computer that is to see something that could implement the a s algorithm or, um, something that could, uh, implement, uh, let's say RSA or elliptic curve, things like that, is that enough, enough qubits to express those algorithms?

[00:06:08] Then searches become quicker and not just quicker in a way where, uh. A traditional CPU gets faster, or you use a GPU for, for more computers. It's, uh, the, the algorithms move time from the exponent down to the bottom, which is to say it's, it's the difference between, you know, a bubble sort and a quick sort algorithm, which is, which is these, these differences are dramatic.

[00:06:36] Um, and for cryptography that's especially big because you, you need these search spaces to be big in terms of the cryptographic. Efficient encrypting data for the person that's actually using it, but the search space that the for the attacker has to remain really, really. Right, because you're, you're, you're relying on it now and in the future.

[00:06:58] So what's going on now, and with people looking at what's called post quantum cryptography algorithms is that they're saying, well, we have to start now. There are no, there are no quantum computers right now that can even get close to expressing these algorithms or attacking them. But if we hypothesize that there's a real.

[00:07:20] Of this happening in say, 20 or 30 years. We might have data now that. But we wanna keep private or we wanna, we want to, um, have some, uh, expectation of, of security of that data in the next, uh, 20 or 30 years. And also, historically, it has been, uh, a slow and arduous process to migrate from one cryptographic outlet to the other.

[00:07:46] So, you know, in, in the, in the payment space, there are still people using Triple de, which is actually a fine algorithm, but, um, that industry has been attempting to, uh. To move from Triple Des to a for, uh, for decades, and there's still some of this around. So to that, that was an awfully long answer to your question.

[00:08:07] Stan Wisseman: That's that's fine. That's fine. But the, uh, 

[00:08:09] Terence Spies: the, the, the short answer is that, that, um, the, the world is changing and one of those changes that people are anticipating is that there's gonna be this fundamentally new, uh, kind of computer that's going to alter the way that we have to think about cryptography in terms of throwing away whole classes of algorithm that we use now.

[00:08:27] Rob Aragao: So, so Terence, think about, um, the point you were just making as it relates to also kind of, I guess the type of data. So as an example, when we think about, um, whether it's transactional data or let's say legacy data, you have to hold onto it for many decades as you kinda refer to, as an example. Does, does it really make a difference as kind of the, you know, specific type of information or any type of data as far as it's resistance to CR QCs or not?

[00:08:52] Terence Spies: Um, not really. So in terms of resistance to, to quantum crypto analysis, it's fundamentally about the algorithm, not about the data. Where the type of the data becomes, uh, relevant and interesting to think about is that, um. You might have to start thinking about, do I have classes of data that the privacy of that data is gonna be relevant in, uh, a couple of decades?

[00:09:17] Right? So you're talking about a credit card transaction? Probably not. Um, if you are in the government space or you're protecting things that, um, that might realistically have privacy impacts in, in a couple of decades. Yeah. I mean, moving now is probably the case, but also for data. You know, outside of the data, the algorithmic thing is we, we know that moving those algorithms is going to be tough.

[00:09:42] So there's reasons to start thinking about it now in terms of doing, doing those migrations. So, so let's 

[00:09:48] Stan Wisseman: talk, let's talk about the algorithms then. I mean, so if you look at asymmetric versus symmetric encryption systems, I mean, you helped create format preserving encryption, which is a symmetric type of encryption.

[00:10:01] Are, are those more protected or are they more susceptible? Again, these kind of CRQC attacks, 

[00:10:09] Terence Spies: the quantum attacks fall into two categories, sort of the, the, the good news and the, the bad news kinds of attacks. Um, so there are, there are two algorithms that people care about, uh, in the quantum space, and one of them is a generalized search algorithm.

[00:10:26] And what it means is that, and this is, is that for a quantum computer, if you want give. Saying find this item in a list of length. N if you think about that with a traditional computer, that's a job where on average you're gonna have to look at n over two items. So you're just going to basically march through the list.

[00:10:50] Is this it? Is this it? Is this it? You know, down until you've completed the list. Quantum computer, because of the way that they're structured, there is a quantum algorithm that says, I can search that list in square root of end time. Now that's a little mind blowing because what it means is I can search a list of size n without looking at all n things without having to take n steps to do it.

[00:11:14] Um, but this algorithm, uh, affects essentially almost anything where you're searching for a key because searching for a key is equivalent to that searching through a list, right? Is it key number? Is it key number two? Is it key number three on down two? Is it key number two to the one 28th that has a, a primary effect on symmetric key, uh, cryptography because those key spaces are dense and they are essentially looking through lists, right?

[00:11:40] Which is to say, uh, 120 a bit AEs, like all 128 bit numbers are potential a s keys. So you have to, you have to search that whole space. There's no structure that you can, um, be, be, uh, skipping around it. The square root of n limit within the current theory of quantum computation is, is a hard limit, right?

[00:12:04] It's not gonna get faster than that, and we know how to solve that problem because square root of N says if I take, let's say 128, big key, the square root of two to the 1 28, 2 64. So we, we know the impact that a quantum computer is gonna have there in terms of reducing the size of your key space by half.

[00:12:25] Luckily, some people at NSA and other parts of the federal government were farsighted enough when they designed the a s standard to say we should have a 1 28. But hey, it's probably a good idea to have a S 2 56 because the consequence of having a 2 56 is that this, this square root attack, uh, takes a 2 56 and puts it back to one 20 bits of security, but nobody believes a 20 bits of security is insufficient for.

[00:12:53] Any particular job. So if you are in the position of using, uh, as 2 56, that attack vector is essentially closed off for quantum computers as we understand them now. Right. And in a very, very general sense. Um, and that's an easy change for most people to make. The bad news is the other algorithm, which is Shore's algorithm, is about the fundamental problems of taking something called a discreet algorithm, which is very related to, uh, another cryptographic problem that people have typically heard about, which is factorization of a large number.

[00:13:29] Right? So if I, if I take two primes, PQI together, how hard is. For a very, very large number n um, find a PRQ from from their multiplication. And this is where Shore's algorithm comes in. And Shore's algorithm uh, says that we can do these factorization or discreet algorithm problems, which are important for almost every key exchange algorithm that we have right now.

[00:13:54] Um, and perform much, much more efficiently. So it's not a, it's not a square root thing, it's a moving from a e to the n kind of problem to an a logarithmic in, in, in that, as opposed to an exponential. But what that means is that the, that we can't make the key sizes big enough to make the attacker's job hard anymore.

[00:14:14] And the bad news there is. Most systems, even if you use 256 bit AEs, you're at some point exchanging that key, using a key exchange algorithm that's in this other class of algorithms that's dependent on factorization or discreet algorithm in order to, um, maintain strength. And there. The job is not just moving to 2 56 bit a it is to find a new class of algorithms that are not vulnerable to quantum analysis.

[00:14:42] The silver lining to this cloud is that the folks at nist National Institute for Standards and Technology. Um, have spent the last six years working with cryptographers, basically around the planet on sort of, uh, bring the, the Justice League together, superheroes, assemble kinda kind of job to, uh, say, Hey, how do we, how do we find algorithms that are not vulnerable to, uh, to these kinds of attacks?

[00:15:09] Because things like elliptic Curve, RSA, um, that we're using right now are fatally wounded. In the quantum model to the point of like, can't. Make a bigger key size. It, it just, you're, the attacker's attacks are just too fast. 

[00:15:25] Stan Wisseman: And the, and the first set of these are, are slated to be released publicly right?

[00:15:29] In 2024? Is that right? I mean, they have, they have some that they posted out there for review. Yeah, they're, they're 

[00:15:34] Terence Spies: actually, so they had initially a, they started this, uh, a while ago. They had a number of candidates that have been whittled down, um, the first accepted algorithms in the geekiest fashion.

[00:15:47] Possible they're called, uh, crystals, Kyber, and Crystals di Lithium, um, thereby satisfying the Star Wars and the Star Trek, uh, fan communities. I thought that was a wise decision on their part. Um, but these are, uh, a signature and key exchange algorithms. Uh, that use a different form of mathematics that's not dependent on factorization or discreet logs.

[00:16:12] Um, instead uses these other, uh, sets of lattice problems, but they use a, a form of, uh, of mathematics that are not amenable to quantum encrypt analysis. And this has, uh, essentially said these are the candidates that we're moving forward with and standardization. Uh, the NSA actually came out with, I think it was last month.

[00:16:31] A recommendation saying, uh, defense agencies and other people outside of commercial sector, uh, should be moving in that direction. Also, in terms of, um, the, the crystals algorithms are the, uh, should be the basis for, for protecting data going forward. So, uh, it's been a huge effort, but I, I can't say enough good things about the quiet undercompensated, uh, underappreciated work that NIST does in terms of, uh, sorting out the cryptographic world for people that have to use these kinds of algorithms.

[00:17:00] Rob Aragao: It does seem to be a bit of an arms race right now going on between kind of, you know, role supremacy if you will, for kind of quantum computing, right? China's got some things going on, right? We in the US have seen that. Then the White House is coming out and saying, Hey, we, we want to be able to have a formal plan of, you know, being able to actually migrate many of our systems and national security, obviously as the umbrella over that, uh, concerns to kind of these quantum, um, resistant, if you will, type of, yeah.

[00:17:26] Cryptography, right? So, so if you think about that, they've kind of put it in an. A stake on the ground that says by 2035, we wanna be able to get to that point. Yeah. What are your thoughts realistically? Is that, is that achievable? 

[00:17:38] Terence Spies: Yeah, I think so. I mean, people seem to be pretty motivated by this and the fact that we have done a couple of changes right now in terms of moving from sort of the, the DES based schemes to a yes.

[00:17:51] Um, there are some things that will be, I think, quite. Straightforward to change. So for communication security, the standard right now is TLS. And, uh, the standard for the implementation of TLS are the, the open SSL libraries. I mean, there are some of, uh, others of them out there, but the majority of the world has sort of coalesced in terms of this is how we do communication, security, um, and, uh, the, these are the ways that we implement it using these libraries.

[00:18:25] One of the things that's happened over the past, uh, decade is that people have realized implementation of cryptographic algorithms and, and protocols is enormously tricky. You know, there have been this whole class of attacks around timing attacks and these sort of side effect things that happen when you don't have what's called constant time.

[00:18:43] Implementations of these algorithms. That is, that you can start in inferring keys on the basis of how long it took somebody to compute, um, a particular cryptographic operation. Um, the world has come a long way in terms of fixing those problems by, um, carefully implementing these algorithms. But it also means that people have sufficiently or close to sufficiently warned against implementing them themselves instead using these.

[00:19:09] Carefully vetted centralized kinds of, uh, implementations like open SSL. So I think we have plenty of time for communication security, for moving from today's algorithms to post quantum algorithms simply by using open SSL in a way where you say, basically I'm gonna, I'm gonna use a different key exchange algorithm at some point.

[00:19:31] In the future. Um, and he opened, SSL guys have been keeping up with this. And, um, I think the, the path there is, uh, it's pretty great. There's this, there's a second class of attacks in terms of, again, if I have communications that I'm performing now, um, that I'm worried about, uh, the, the security of, uh, number of decades down the line.

[00:19:51] There's this other more, uh, exotic form of attack in terms of, hey, maybe I as an attacker am recording that data. And I'm just gonna store it away until the capabilities to break the crypto that, uh, protect it, come along sometime farther down. The one. Um, I think the, you know, the number of people that have to particularly worry about that is somewhat small, but there are certainly those, those organizations in the world, um, and, uh.

[00:20:21] They may have to migrate, uh, much more quickly or, or come up with other mechanisms that are going to protect 'em in the face of these, these sort of attacks, uh, from, from the future. 

[00:20:32] Stan Wisseman: So in general, you're not an alarmist. You're seeing the, the progress that NIST and the algorithms, the crystal algorithms are making.

[00:20:40] Uh, you, you think there's enough time before a a, a adversary could take advantage of. Uh, A CQC computing capability and, you know, to, to actually launch tax in real time in general, your guidance to folks is to monitor the situation, to start a plan, to be transitioning over to these crystal algorithms, um, and be a little more agile in your, your systems, right?

[00:21:10] Terence Spies: So I, I, I would say for, for lots of mainstream use cases, um. Yeah, the, the, the path forward is exactly what you said. Basically like use of these libraries, um, monitoring the situation, making sure that you're not welding independence on particular algorithms and having that sense of agility where, where I think there, there may be, may be threats at some point in the future, is the same place that there are threats right now, which are systems that don't get updated.

[00:21:41] You know, for the computers that we use every day, that's. Things get tricky are embedded systems, SCD devices, um, things inside of vital parts of infrastructure that the software just sits there and kind of rots. Right. 

[00:22:00] Stan Wisseman: So it can be difficult to update. 

[00:22:02] Terence Spies: Exactly. So even and, and even outside of, uh, the, the quantum attacks, which are more speculative, there are, there are just concrete attacks that are gonna occur on those kinds of computing systems until we find better ways of.

[00:22:16] As you said, being agile of, of updating them, you know, even outside of algorithmic attacks, just in terms of other kinds of side channel and other kinds of attacks that are going to occur. Uh, I think as an industry we need to be better about moving things forward, um, and also just sort of examining assumptions that we have within the security community about how we do things.

[00:22:43] Rob Aragao: And I think, I think you just hit right there. It's, it's important to be able to adapt. Uh, these things are happening. They're moving rather quickly. Now, this again, we said kind of a more of a sense of urgency even on a national scale. Right? An international scale. Uh, but I think it's just a very interesting topic for our audience to, to, to understand kind of really what's happening in this space.

[00:23:01] A little bit of the history, but where we're going. My perspective from you is in sharing. That was was very helpful. So we really appreciate you coming on today, Terence. Thank you. Thank you. 

[00:23:09] Stan Wisseman: Hey, 

[00:23:10] Rob Aragao: thanks Terence. Thanks for listening to the re-Imagining Cyber podcast. We hope you enjoyed this episode. If you would like to have us cover a specific topic of interest.

[00:23:18] Feel free to reach out to us and you can find out how in the show notes. And don't forget to subscribe. This podcast was brought to you by Cyber Res, a micro focus line of business, where our mission is to deliver cyber resilience by engaging people, process, and technology to protect, detect, and evolve.