agsandrew - Fotolia

# The time to think about post-quantum cryptography is now

## Rob Clyde, chairman-elect of ISACA's board of directors, worries a lot about the world according to qubits. He explains why here -- and why post-quantum cryptography should matter to CIOs.

*Ask Rob Clyde what he sees as the biggest security threat to the information superhighway that connects the world, and he doesn't hesitate: "I would say quantum computing."*

*Indeed, Clyde, the chairman-elect of governance organization ISACA's board of directors and board director at data protection company Titus Inc., believes CIOs and CISOs need to do more than keep abreast of quantum computing developments; they should be preparing now for post-quantum cryptography -- that is, cryptographic algorithms that can withstand attack from quantum computing.*

*Here, Clyde explains the danger of **quantum computing**, how quantum computing is different from conventional computing and how the National Institute for Standards and Technology (**NIST**) is trying to get ahead of something called *quantum supremacy*.*

**Editor's note:*** This interview was edited for brevity and clarity.*

**Why should CIOs be paying attention to quantum computing**** and thinking about post-quantum cryptography?**

Rob Clyde: The security of the internet is based on a simple mathematical premise, which is behind RSA and most public key cryptography out there today. The mathematical premise is that factoring a large semiprime number into its two prime numbers is hard -- so hard that for today's computers, it is computationally impractical.

And that premise allows us to have a secure internet. That's how we do secure browsing, how we enter our credit card numbers and nobody can read those if they're monitoring our traffic, how we send secure e-mails.

What if, suddenly, that mathematical problem became rather straightforward to solve? There is already an algorithm in existence today that could do this. It's called Shor's algorithm. But it's a quantum factoring algorithm and so, to work, it requires a sufficiently powered quantum computer. Quantum computers exist today; they just don't have quite enough power to run Shor's algorithm.

If a large enough quantum computer appears and it could implement Shor's algorithm and a way to handle the large semiprimes we use today, the security of the internet and many other internet-related things suddenly become insecure.

**Can you explain how quantum computing is different from today's computing?**

Clyde: We are used to the world of Newtonian physics. In reality, the universe operates closer to something that is based on quantum physics. This is harder for us to understand, but, generally, quantum aspects, which are probabilistic -- and that's key -- are not recognizable until you get close to absolute zero -- think of the temperature of outer space. One of the first principles of quantum computers as we know them today is that you have to cool the computer down to almost absolute zero for them to run. That makes them expensive, because cooling something to that level is not cheap.

At the basis of quantum computing is something called a qubit. This is quite different from the bit, which is what we're used to in a digital computer. A bit can be either a zero or one. … In the quantum world, the bits are different. We call them qubits because they can be a zero or a one or -- now, here comes the mind-blowing part -- both at the same time and everything in between.

Trying to understand exactly how that works will require understanding quantum physics. But for the purposes of the reader, it's important to understand that a qubit is different than a bit and that qubits are the foundation of quantum effects.

On a conventional computer, we have billions of bits -- that's what gives it its power. On a quantum computer, hundreds of bits, maybe up to about a thousand, are what would be needed to break today's encryption. You don't need as many of these qubits as you do bits in a conventional environment because they are far more powerful and they operate on a quantum basis, if, in fact, you know how to program them.

**Could the average developer program them?**

Clyde: I've spoken to many individuals who build quantum computers and I've asked a simple question: In order to take advantage of the quantum power of a quantum computer and implement something like Shor's algorithm, do you have to be a quantum physicist? So far, the answer has been yes. So, unlike conventional computers where we can teach kids to program them, we are far from anyone other than a quantum physicist being able to, say, implement Shor's algorithm.

It speaks, by the way, to the future in terms of careers. Ten years from now, in order to be a world-class programmer, will you also have to understand quantum physics? That is very possible.

**So, we're talking more than speed when we talk about qubits?**

Clyde: Qubits give you new ways to implement things. You could simulate quantum on a conventional computer; it would just take thousands or millions of years for it to run. Practically speaking, it's not useful. With qubits, you get a 'quantum speed up.' When people talk about making a quantum leap, you're in the right range. Instead of thousands or millions of years, you're talking seconds to do the computation. The moment a quantum computer can solve any problem that today is computationally impractical or impossible for a conventional computer to do -- and, by the way, we have not yet hit this moment -- we call it quantum supremacy.

When we reach the point of quantum supremacy for RSA or for these computational issues related to the underlying security of the internet, we are in trouble. We're in further trouble because it is highly likely that the first organizations to have quantum computers will be well-funded organizations -- so, think top governments around the world. Will we even know when certain organizations have reached that point? That's one of the concerns.

And it's one of the reasons why you have NIST, for example, already working on what's called post-quantum algorithms or quantum resilient algorithms. NIST has been urging organizations to look at moving toward these algorithms, and, in particular, to start working on something that can replace RSA as we know it today or, in other words, to replace the factoring of large semiprimes as the basis for security on the internet.

**Where does the conversation on post-quantum cryptography stand?**

Clyde: It's making good progress. In November of 2017, NIST closed its call for papers or proposals on quantum-resilient algorithms or post-quantum cryptography, if you will. It held its first conference earlier in the spring, and a little over 60 presentations were made.

This is very encouraging because it means that there are some good proposals out there to replace what we're using today. My belief is that NIST is trying to get ahead of this because the experts believe we will hit that point of quantum supremacy related to RSA within nine or 10 years.

The idea is to come up with an algorithm that is publicly known, publicly understood just like RSA, have the best mathematicians, cryptographers and physicists review it, and then there will be recommendations as to what to adopt. And we will begin to see those algorithms replace what is currently used. If we can do that before quantum supremacy is reached relative to today's RSA encryption, we'll be OK. If not, we'll have a problem.