Busting quantum security myths
Real Conversations podcast | S4 E15 | October 27, 2022
Ilyas founded CQ in 2014 and is the CEO of Quantinuum, the company created as a result of the merger of Honeywell Quantum Solutions and Cambridge Quantum.
Fears that quantum computers will run roughshod over cryptography are commonplace. But Quantinuum CEO, Ilyas Khan, explains what these computers will really mean for businesses and society and why companies should begin to leverage quantum technology now if they want to fight future bad actors.
Below is a transcript of this podcast. Some parts have been edited for clarity.
Michael Hainsworth: Quantum computers are coming for your top-secret files, to monitor your communications and to leverage the ones and zeros that zip around the internet at light speed. But according to Ilyas Khan, the CEO of Quantinuum, there are solutions. Telecom companies, web host providers, and eCommerce providers will all be protecting our bits with qubits. You don't need to have a theoretical physics degree to understand this. Ilyas breaks down the difference between your desktop PC today and the computer of the future.
Quantum computing is a completely different architecture from supercomputing and regular computing. We understand traditional computers are binary, either data is a one or a zero, an on or an off. But explain it to us. That's not how quantum computing works, is it?
Ilyas Khan: Not in the actual workings, no, that's right. A quantum computer is fundamentally different in two ways at a very abstract level. First of all, information in a classical computer, as you've rightly pointed out, is dependent on a binary system, which is embedded with these gates, the gates, the transistors, are either on or off, and therefore zero or one. But in a quantum computer, information or data is embedded in a physical thing, an actual thing, like a photon and an electron. And these have states, and these states can be multiple and varied and continuous until they can be, at any given time, anything between zero or one.
MH: And so, as I understand it anyway, you sort of have more than one of these little quantum bits. You figure out based upon a collection of them, what is more likely to be an on or an off, a one or a zero.
IK: Yes and no, but you're absolutely... No, no, you're in the right domain. That's actually pretty good. These are notoriously difficult things to explain because our language has limits. And so, it's neither your fault nor mine, it's just that our language has limits when it comes to describing these parts of nature. I would prefer to use a slightly different set of language.
Nature, at the quantum level, is probabilistic. And so, at any given time, there is a probability of something, a 50% probability or a 90% probability that something could be a one or a zero. And then when you measure that thing, and earlier I said an electron or a photon, and when you measure that thing, you find out with a probability, if you were at 80%, that eight times out of 10, it's a one. But what happens is that our algorithms are very, very smart so that this probabilistic nature doesn't get in the way of compute. I know our intuition is, "Oh my God, that means I might be wrong 20% of the time." That isn't actually the case. What happens is a good quantum computer, with an algorithm that is well developed, will avoid those problems.
MH: So then what makes this a good system for a computer if you don't know precisely what you're looking at?
IK: Well, you do know precisely because eventually we do measure. Measure is the same as compute, let's call it calculate. And at that point, there is no doubt. What makes it better is a different question, but I'll pause before I get onto answering that. But let me just say that in any classical computer, my MacBook for example, if I type something, I get a definitive answer. If I type, "Hello my darling, I love you," and send it, then the recipient will get, "Hello, I love you." If we were to do the equivalent in a quantum computer, you would get the same. The actual computing is definitive. There's no guesswork involved. But you asked a slightly different question. You said, "Why is it better?" But then you said, "If it is probabilistic and uncertain." But it's not the uncertainty. In fact, the uncertainties of strength, I'm happy to go into that if you wish.
MH: Yeah. Because aren't our existing computers perfectly functional for what we need them to do? Why do we need a quantum computer in the first place?
IK: Yet another set of questions. So let me agree with you. Our classical systems, our existing computers, are good for what we want them to do. Absolutely. What we want them to do though is only a subset of what we now know computers can do. There are many things that our computers cannot do. There are many things that they do that a quantum computer will not do well. Watch a YouTube video, just calculate things that are very mechanical. I don't know, play chess perhaps. But then there are a vast majority, and I use the word majority of things that we would want computers to do that they don't know how to do. And let's have one real example, and that is the mechanical creation of a new material if we knew what the new material is going to be used for.
Let's say that you asked me, "Hey Ilyas, I would like material that can effectively sequester carbon, because I'm worried about the state of our planet." Now, an existing computing system or all the systems in the world plugged in together, is literally incapable of working at the molecular level or the sub-molecular level needed to design new materials. A quantum computer can do that. And that is in fact one of the main reasons why for 40 years people have been excited about trying to overcome the engineering challenges to build these computers. I could give you other examples and then I'll just pause before we get onto the next item. The why. Why is that the case? Why can a classical computer not do that? And why can a quantum computer do that, is the second part of your question, but I'll just pause there.
MH: We've spoken in the past about the practical applications for quantum computers such as materials discovery, the cure for Alzheimer's, hydrogen batteries, and then shifting the boundaries of how efficient we can be in other areas like oil field analysis and logistics and things of that nature. But the big headline that gets a lot of attention is the idea that quantum computers are going to be able to crack cryptography, and therefore there's really not much of a point in any of this kind of cryptography that we're engaging in today, because when hackers hack a system, they're doing it to "hack and harvest", to grab technology, grab intellectual property, grab something that is encrypted, knowing that at some point they would be able to un-encrypt it. Let's sort of break down that whole idea. First of all, by starting with the reality that quantum computers are misunderstood to be faster, "it would take 1,000 years for a traditional CPU to crack that code. A quantum computer can do it in almost no time at all!"
IK: Well, in that particular instance, that is factually correct, but your intuition and your inference is correct. Quantum computers are not better because they are faster. It is just that they can do certain things those classical computers cannot. And when we talk about encryption, the well-known and often repeated example is correct. A fault tolerant quantum computer in the future, is it a year away, three years away, five years away, or whatever, we can debate. But there is no doubt that a fault tolerant quantum computer, meaning the equivalent of something we use classically, could find the prime factors of a very large digit, a number, let's say, with 2,000 digits, in a matter of seconds. And if we try to do that with an existing computer, it is practically not able to do that. When I say practically, it would take many, many years and of course the lifetime that you and I inhabit would have to be extended by thousands, for us to be able to extend usefulness out of that. It's intractable.
Now, of course, using the example of time, thousands of years versus some seconds, reduces it to a conversation about speed up. But as we were talking earlier, there are certain things such as looking at the structure of molecules and finding out how to create new materials with certain properties, that are not just intractable, it's not just that a classical computer would take a long time, it's just that it can't do it. Now, just coming back to encryption, the headline, should we say, and the reason why people have been so eager to talk about quantum computers, is really focused on two proven capabilities. One is material discovery, the other one is encryption. Material discovery tends to be quite esoteric, whereas encryption is easy to understand.
MH: Since we live in a world of "hack now, harvest later" in which bad actors believe they'll cache the data until a time when quantum computers can break cryptography easily, you are telling us, this doesn't really matter. Why not?
IK: Oh, no, I wasn't saying it doesn't matter. It does matter. But I think that the good news is that for the same reasons that we worry about a quantum computer attacking and harvesting our data, well a quantum computer is also the solution. One of the benefits of a quantum computer is that it can devise systems, and let's call these systems keys, cryptographic keys for a second. And remember, a cryptographic key is really only just a jumbled-up series of things that are very difficult to interpret. There might be an algorithm that jumbles up the code so that you and I can share that code and I can send you a key and you can then use it for something good.
As far as I'm concerned, and as increasingly the other people are concerned, the properties of a quantum computer that allow you to break that algorithm or crack that code, also allow you to generate perfect patternless randomness. Randomness from nature, which is unhackable. These keys, the ability to generate these keys is now with us, and this is very, very important so that we can, I won't say stop worrying, but cease worrying, to the same extent. Because remember, cybersecurity systems are complex things. First, you need the keys, then you need the locks, then you have other things around it like people's weaknesses, you and I might be bribed. But at least at the fundamental level, the key now can be made safe from the threat of quantum computers because it's not deterministic.
MH: Well, hang on. Back up, back up. If one of the reasons why we don't have to fear cryptography being cracked with quantum computers anytime soon is that it's going to take a very specific and wealthy bad actor to be able to get a quantum computer in the first place. If the solution to hacking quantum via quantum computers is having another quantum computer, I'm not going to be able to walk down to my nearest electronic store and pick up a quantum computer anytime soon so that I can engage in the new version of cryptography that protects me against quantum computers. How do we square that circle? How do we build in quantum level cryptography now?
IK: Well, you and I, every time we buy something from Amazon, don't go down to a store and buy a key. These are systemic projects that are built into the infrastructure that's global. So that's a very quick, I know that's not the main point, but we've never relied upon you or I, and I know that it's a figure of speech, you and I, but we're not talking about individual companies either. Two quick, broader answers, which I think should provide some comfort and confidence. First of all, quantum computing has become geopolitical. We've never known in the history of humanity, literally in the history of humanity, so many nation states have programs that are focused only on quantum computing. Germany, the United States, the United Kingdom, China. The points that you and I are talking about are extremely well understood and have been understood for a long time.
These projects and these geopolitical national state programs, where billions and billions of dollars have been committed to the development of machines, have in fact led to the engineering breakthroughs, which is one of the reasons you and I are talking, because we have machines that are now on the way to becoming usable. And then there are many, many, many, many companies, at least 200 if not more, who are building or have built a quantum computer ranging from Google and IBM and Quantinuum, which is a subsidiary of Honeywell, all the way through to startups. And so there, in my opinion, and not just my opinion, but the informed consensus, will not be a shortage of machines.
There is, of course... And so just on that, so if you were a large organization, let's just use a name. Let's say that you were ExxonMobil, even today, your cybersecurity systems are outsourced to various vendors, and a quantum solution would fit in neatly to the existing solutions you have, which is why in the US, the NIST, and here in the UK, the NCSC, have got white papers and guidance on how you and I can make sure that we are protected.
MH: So, this isn't software as a service, it's quantum as a service.
IK: Yes. With enough devices around, coming back to the fundamental point that you made earlier. There is still a race, don't get me wrong. Whoever gets there first will have an advantage, and we should be concerned that bad actors don't get a hold of devices first. But yes, essentially quantum as a service.
MH: Can we implement post quantum encryption tech today?
IK: Yes, we can. The combination of two essential ingredients, the key, the cyber security key, which is seeded with patternless randomness, so therefore it's not algorithmic, A. And then if you think of systems as needing a key and a lock, so if I've just described the key, then the lock itself would be the post quantum encryption standard. And there are a number of these now that have been approved by governments and, like all of these things, they're continually tested. A post quantum encryption algorithm that is seeded or not seeded, but which is paired with a key, which is seeded from patternless randomness, cannot be broken by a quantum computer.
MH: Why aren't people doing this now? How long is it going to take for us to, broadly speaking, wake up to cryptography the way we all woke up to Secure Socket Layer, SSL certificates with a little lock icon in the corner of our website address?
IK: Well, I think that this is... I just want to perhaps clarify a misconception. I don't know of any large meaningful organization that isn't already engaged in a thorough investigation of how and when they can start implementing post quantum encryption. The guidance from the NIST in the United States and the government is very clear and widely followed. How long will it take before people on the street notice? I'm not even sure that they will notice. When I started buying things on Amazon 20 odd years ago, I didn't think about the security system. To a certain extent, I trusted it, because you trust the brand and we do all kinds of things online. The conversation you and I are having now, trust that nobody's listening in. Organizations will implement this.
How long will it take? I'm of the view that the migration at the key level so that we have keys that are not hackable because they're not algorithmic, they're not deterministic. I think that is probably a two-to-three-year journey. I don't think it's that much longer. I think by the time we get to maybe 2025, 2026, these things will be commonplace and you and I won't even have noticed. And as far as the lock system is concerned, the post quantum encryption side of things, I think similarly, maybe a little bit longer, because remember, there's all kinds of different ways in which we use keys. But I think the race is on, and I think people are genuinely, their headspace is in the right place. And we have conversations, my company, for example, as conversations all the time with people who are keen to implement.
I think the large banks might be the place where this gets into the, apart from government, the large banks are going to be the place where this is maybe adopted earlier. Then the large online platforms, are the second place over the course of the next year or two.
MH: To come back and take that 10,000-foot view on this. If a quantum computer is not something that you're just going to walk into your local electronic store and pick up, the hackers who would be using this quantum-based technology in an attempt to break cryptography in the first place, I can't imagine would be your average hacker kid in the basement running scripts that they've downloaded off the internet to hack into systems.
IK: Oh, I wouldn't be... This is really interesting that you say this. I wouldn't be so sure.
IK: Well, I tell you for why, though you've really hit on a very, very good point. And I think it's worth maybe just a quick... Well, first of all, I think you're right. I think the resources that are needed... Let's give a good example. I think you and I talked about this before.
Back in the mid to late '80s when mobile telephony first made its sort of introduction and people like you, and I could go to the corner store and buy a phone and plug it into our car and call our mothers and girlfriends and fathers or whatever. That was novelty. It was something that we could do. And we went out and we didn't really know where it would end up today. Of course, 35 years has passed since then, but at least it was accessible. But that doesn't mean for the year or two or three or four before it became available, that people weren't spending lots of money and time and effort in designing the systems and building them. The day you went out and bought a phone, it had already been designed. I think that we're in that period now with quantum where it's not in the public domain. And you're absolutely right, the main focus for bad actors is in the form of organized, institutional, systemic approaches to the ways in which quantum might be used badly. Let's call it just badly.
MH: Rogue nation states, that sort of thing.
IK: Yes, yes. And I wouldn't put it past certain organizations as well. I mean, the world that you and I live in is full of organizations that are not in North Korea or in other rogue states, but they do things that you and I find appalling. The way in which our data is harvested is absolutely uncontrolled. Everything we do on our phones is bought and sold many, many times. We just don't pay attention to it. But coming back to quantum, one of the interesting things is the proliferation of software development kits for quantum, which are in the open source.
There are literally millions of people, some kid in, I don't know, Rio de Janeiro or I don't know where you are, Michael, but some kid 100 meters around the corner from where you are will have access. And we have seen over the course of history how some individual will actually have an insight and be able to use it. And whereas all the money in the world, you could have a room full of 100 PhDs and they might not have the same insight. We are at the very early stages. I think it's as possible that some young kid in Calcutta will find some usefulness and ability than it is that you and I. And the reason is, as I've said, unlike in previous technologies, these software development kits, which are quantum is counterintuitive and young kids are nothing if not counterintuitive. First order logic doesn't count in programming languages for quantum. So, I think that risk is out there.
MH: Great. It comes back to that whole point about quantum as a service. If you're going to create APIs that hook into a quantum as a service technology, then anyone would be able to leverage the power of a quantum computer at some point down the road. If there was one takeaway for those listening to this conversation today, for you, what would it be?
IK: I would say that whilst... The one takeaway is this, I think that we are all of us, privileged to be living through an industrial revolution. Quantum is not just another technology, it's actually an industrial revolution. And the definition of that, and the reason I say it, and many other people say it, and the reason why nation states are involved, is that it affects all aspects of life. Everything you and I take for granted, we should not. AI for example. We have opaque systems that are not accountable. They're not even AI. I mean, Noam Chomsky had this wonderful interview of a few weeks ago and he summed it up. He said, "We've gone precisely nowhere in 25 years." And we get that mixed up. We have these expensive server farms where we ask something like, Alexa what time it is, and we get very impressed when they get it right or some equivalent, but that's not intelligence.
And so, I would say that in 100- or 200-years’ time, Michael, people are going to look back and they're not going to be saying, "Oh my God, encryption was compromised." They're going to be saying, "Oh my God, we were able to avoid a global catastrophe because we can sequester carbon." Or "Oh my God, we can convert light into energy very easily and fast, and we don't have to raid the earth of fossil fuels." Or they might say, "Oh my God, we have language processing, which is real, where the machine actually understands us in the way that you and I understand each other when we speak." That would be my takeaway.
MH: What's your takeaway on the impact of quantum on cryptography?
IK: Oh, it's the biggest single impact since the lock and key and pigeon carriers. Any system that is algorithmic is at risk, and quantum computers are now here for real. We're not going to wish them away. So even if you think they're 10 years away, raid now and harvest later is relevant. If you think they're three or four years away, then actually that's the same as next week.
MH: How far away for ubiquitous quantum computers? You suggested two years, three years, five years, 10 years. How long is it in your mind?
IK: Oh, well, we now no longer have to guess. That's the great thing about the world that we live in. Let's take somebody very reputable and global, Google. Google have a roadmap. They have publicly stated that by 2029, they will have a fault tolerant universal quantum computer. So that is in the public domain. Then we may agree or disagree, but that is a marker and that's seven years. We also now have public roadmaps from IBM. IBM have suggested that quantum advantage could accrue as early as 2024. Now that's not universality, that's not ubiquitous, but it means there are certain things that quantum computers will do that literally cannot be done using classical computers. And that I think is your sort of bid offer, your start and finish, as far as the informed consensus is there.
My own personal view is that I think we're probably, I think that there are certain things that will become ubiquitous on quantum computers within four to five years. And remember, classical compute will still do many, many, many things better and efficiently for which quantum aren't needed. I don't think we're going to get to the point where everything we do is quantum. I don't believe that that will happen.