New Video Discusses Quantum Computing and Its Implications for Cybersecurity

In this video, Nathan Hamill, Senior Research Director at Kudelski Security, leads a discussion on quantum computers and their implications for cybersecurity. He is joined by JP Aumasson, cryptographer and co-founder of Taurus, Tommaso Gagliardoni, cryptographer at Kudelski Security, and Mark Carney, CTO of Quantum Village. The conversation focuses on the risks and benefits of quantum computers, as well as the measures to be taken to prepare for their arrival. Nathan Hamill begins by explaining that quantum computers are not simply faster versions of classical computers, but operate on different principles based on quantum mechanics. JP Aumasson points out that quantum computers use qubits, which behave very differently from classical bits, allowing them to solve specific problems that classical computers cannot handle efficiently. Tommaso Gagliardoni adds that these specific problems include factoring large numbers, which is the basis for the security of many current cryptographic systems like RSA. Mark Carney explains the terms "Quantum Supremacy" and "Quantum Advantage." "Quantum Supremacy" means that a quantum computer can solve a problem that a classical computer cannot, even if the problem has no immediate practical application. "Quantum Advantage" refers to using quantum algorithms to solve problems more efficiently than classical computers. Currently, quantum computers are in the NISQ (Noisy Intermediate-Scale Quantum) phase, where qubits are subject to errors and are not yet reliably corrected. Tommaso Gagliardoni discusses the risks associated with quantum computers, particularly their ability to break current cryptographic systems. He emphasizes that some organizations are more at risk than others, especially those using protocols like TLS, SSH, and IPCsec, which rely on public-key cryptography. Sensitive data with a long lifespan, such as genomic data, are particularly vulnerable as they can be collected and decrypted later by quantum computers. Mark Carney and JP Aumasson discuss quantum algorithms like Shor's and Grover's, which can break current cryptographic systems. Shor's algorithm is particularly effective for factoring large numbers, while Grover's algorithm can speed up searches in unstructured databases. However, to run these algorithms reliably, error-corrected logical qubits are needed, which is not yet achieved. The discussion then turns to post-quantum cryptography (PQC) solutions, designed to resist attacks from quantum computers. Tommaso Gagliardoni explains that these solutions can be deployed on current hardware but require larger keys, posing interoperability challenges. Mark Carney mentions that companies like Google and Cloudflare have already started deploying hybrid PQC solutions, where cryptographic signatures are performed with both classical and post-quantum algorithms for enhanced security. JP Aumasson emphasizes the importance of conducting a quantum risk assessment to identify areas where organizations need to prepare. Tommaso Gagliardoni adds that even though quantum computers are not yet available, it is crucial to start implementing countermeasures now, as it takes time and effort. Mark Carney suggests considering cryptography as part of asset management and starting to inventory current cryptographic systems to improve cryptographic agility. Finally, the experts discuss some quantum myths, such as the idea that quantum computers can solve all NP problems or communicate faster than light. They stress the importance of staying informed and consulting experts to evaluate the validity of research and articles on quantum computers. In conclusion, this video provides a comprehensive overview of quantum computers, their risks and benefits, and the measures to be taken to prepare for their arrival. The experts emphasize the importance of starting now to implement post-quantum cryptography solutions to protect sensitive data against future quantum threats.