Yuval Boger interviews Michele Mosca, founder, President and CEO at EvolutionQ, a quantum-safe cybersecurity company is interviewed by Yuval Boger. Michele and Yuval talk about Post-quantum cryptography and quantum key distributions, the timeline for hardening a company’s infrastructure, standards organizations and much more.
Yuval Boger: Hello, Michele. And thanks for joining me today.
Michele Mosca: Hello, Yuval, it’s great to be here.
Yuval: So who are you and what do you do?
Michele: I’m Michele Mosca. I’m a mathematician by training. I lead the quantum-safe cybersecurity company evolutionQ. I’m involved in a number of other activities building up the quantum and quantum-safe ecosystem, and maintain an affiliation at the Institute for Quantum Computing of the University of Waterloo, which I helped found many years ago.
Yuval: So I think we all owe a big thanks to Professor Shor for his algorithm, because that raised the awareness of quantum and the risks that quantum has for cybersecurity. How does your company help address these risks, and in what timeframe?
Michele: Yeah, so our company started several years ago because there are several stages to getting your systems resilient to quantum-enabled attacks. We need that to be in place in order to reap all the positive benefits of quantum computing that your company and other companies around the world are working toward, helping everyone realize. But for that to really happen, without very serious collateral damage, to put up mildly, we must first get everyone or at least the major digital platforms to be sufficiently resilient to quantum attacks, but that’s not a one-step process.
So years ago we started off with the first stage, which is really awareness. And then the second stage we pioneered, what’s known as a quantum risk assessment. Tell people internalized, what does this really mean to us? How would this impact us? What are the high order terms? What are the most serious problems we need to start addressing and when? Then the third phase is starting to actually come up with a roadmap, a plan, engaging with the vendor ecosystem, testing solutions and so on and piloting things and preparing, so your last dress rehearsal before you’re in the final stage, which is now I’ve deployed quantum-safe solutions in my various digital platforms.
And so the first two to three stages are professional services. And what we discovered as we were doing these professional services for people over many years is we found a gap. And the gap was the following. So the first layer of defense is to protect against quantum enabled the attacks, is just “a plugin”. What we might at least conceptually look at as a plug-in replacement for the existing mathematical algorithms that enable HTTPS and secure browsing and all these other things. And that’s long and hard process that we’ve been actively engaged in for many years.
And that’s largely been a part of our services. In fact, I helped launch an open source platform to make it easier for people to benchmark and test these solutions in their system. So we can be ready for the day where really, really need to deploy these things. Because the attacks are really imminent or are actually happening, but we can’t just go back to the status quo. In the nineties. If public key cryptography was broken, it would’ve been a bad day. Understatement, but it wouldn’t have been an existential threat. The economy wouldn’t have collapsed. There wasn’t a massive safety issue associated with cryptography, but now there is. Now, it’s not just IT, but it’s also OT, cyber physical systems and so on and so on. And guess what? The dependency on digital platforms and their cybersecurity therefore is continuing to increase as we go to 5G, 6G, this machine to machine and so on.
The stakes just keep getting higher. So we can’t just accept the chance that these new codes could be broken. And at least two of the codes currently under consideration ended up being broken. Maybe there can be fixed, maybe they can’t, but if they’re deployed in production systems and they’re broken, you don’t get to hit the pause button. So there’s a lot we need to do to make our systems more resilient. A lot of that includes just more agility, make it faster, to switch from one code to another, put in some extra layers. But there’s also a role, especially for the most critical systems to have a key that isn’t dependent, that isn’t susceptible to mathematical crypto analysis. And that’s where quantum cryptography and quantum communication networks, which continue to improve. So I say QKD is a solution that ages really well, whereas technology advances, the advantage really goes to the defender in this case, because you can deploy better and better QKD systems.
What was missing when we were looking at this was easy way, easy scalable, convincing way to take QKD from sort of a point to point solution, a very hardware centered solution to one that is really something you could deploy across an enterprise and not worry about the details of the hardware. So we developed a vendor agnostic framework where you could interoperate many different vendors and do it in a very scalable way. So that’s what our product called Basejump. It’s a quantum delivery network. So we coin that term. Because the idea is it’s a framework, it’s a tool for delivering quantum safe keys, securely rapidly robustly to end points on demand. So they can have that extra layer of assurance against crypto analysis of the more conventional methods.
Yuval: So if I’m a CISO, Chief Information Security Officer, sounds like the assessment of my risk would take two minutes. Because you say, well, you’re using systems today that could be broken with a quantum attack. So you need to do something quickly for the systems that are at least for those that are most important for you. How long does it take to harden an organization to secure some of their systems? Is that a multiyear process? Is there a Band-Aid that you’re suggesting right now and a better one in two years?
Michele: Yeah. Great point. Because, that’s often the perception, is that well what’s there to assess? So the risk assessment looks at all the different ways. So first of all, it takes time to even find… People don’t have an inventory of what cryptography they’re using. So it actually is a pretty sophisticated process at the end of the day, where you have to see the vulnerabilities, figure out how they can actually be exploited, start ranking the vulnerabilities in terms of likelihood and impact, and then have a prioritized approach in terms of which systems you really need to protect against quantum enabled attack by when. So you do have to have a prioritized list. You really want this system protected by this year and this system by that year. And then there’s the nice to haves and the systems that’ll get secure when they get secure. But what are the high order terms?
Because, and the second part of your question really, is the critical point. It takes many years to migrate these things. So you do have to prioritize and you do have to get started in time. And how long it takes. Well, that can vary. I mean, in a test system you could do it in a matter of weeks, but in any real world system, it takes years to migrate for many different reasons. For one, there’s dependencies, right? Again, it really depends on the system, but most real world systems, it’s not where there’s one company, that’s the client and the server and where all the users use whatever operating system that they tell them to. So it’s complicated when you’re trying to take a legacy platform and migrate to a very new tool with different requirements. But it can take anywhere from 5 to 15 years to properly migrate a system.
Now people might say, well, can’t you just try harder and go faster? A little bit. But there is a fundamental speed limit at which you can change something so complicated with so many different stakeholders. In a secure way, you want it to be certifiable, and we don’t even have the certification framework set up. That alone will take years. You can’t just have everyone saying, Hey, we’ve quantum proofed it, trust me, we need those frameworks to be set up and we’re working on all these things in parallel at this point, because otherwise we won’t be ready, or at least we likely won’t be ready in time. So, that can take quite a number of years. And the essential thing is to get started.
I guess the one last point I wanted to make on this. If you try to break that fundamental speed limit, then what happens? There’ll be tremendous costs that do not require quantum attackers. So then even if the quantum attackers don’t come after you, first of all, your systems will crash simply because you rushed the migration. You didn’t give people time to do the upgrades they needed to do. You will make mistakes, systems go down because of a software update that didn’t go as planned. Imagine if you’re doing something as fundamental and ubiquitous as this in a rushed manner. So there’s no cyber attackers even, that’s just self-inflicted wounds because you created a crisis where that was avoidable.
But then there’s also additional cyber risk, in that, when you rush to the deployment of any software, but especially cryptography and cyber security tools, you are going to make mistakes in the design and the implementation, and cyber attackers love that. That’s their bread and butter. It’s not typically sophisticated crypto analytic attacks. It’s exploiting mistakes that have been made. And user mistakes and so on. So if we try to rush this migration, it’s a wonderful day for cyber criminals. And they’re already kind of winning the war. So the last thing we need to do is to give them yet another huge advantage.
Yuval: How does this work end to end? I mean, right now I’m using a Mac and let’s say I’m connecting to my bank. So I have sort of a regular encryption protocol in place. And then the bank may be connecting to some other bank and maybe in a couple years that will be a quantum secure link. But do you think I’ll get a quantum key on my Mac in a couple years or is it just the backbone that’s going to be more secure?
Michele: In the short term and even the medium term, we’re really talking about the backbone where there’s QKD keys delivered at the base level. But there are certainly enhancements we can do even at the last mile, to take it up a notch or two beyond sort of the vanilla flavored end to end post quantum. I’m a big believer in the vanilla flavored end to end post quantum. Because, at some level the best security is the security you use. Because remember, the cheapest and easiest thing is to do nothing. And in many of our communications, much of our communications, we don’t encrypt, we don’t authenticate, and we make a risk decision. But the next thing you want is what’s the easiest non-trivial defense I can deploy as ubiquitously and robustly as possible. So people don’t find it as a nuisance and aren’t working around it?
And post quantum cryptography plays a beautiful role there. It provides us some great protection, and it’s beautiful end to end. And then you’re going to go one layer down and protect even more. The whole point of a quantum delivery network is to make this higher level of assurance, this extra layer of assurance, easier to deploy and scale. But indeed, as you say, that’s going to connect certain basic nodes or hubs. And then you still have that last mile of protection, which if it’s just the last mile, then it’s a much easier proposition to deploy some of these higher assurance methods that don’t require quantum.
Yuval: And as it relates to your company, to the extent you’re willing to tell me, do you primarily sell services like the assessment or is the bulk of revenue coming from product, like the distribution network that you mentioned?
Michele: So we’re going to be transitioning now. So up until now, it’s been largely services. And the services part will grow. But the revenue from the Basejump licensing, will, over the next small number of years, overtake that. But we’re going to keep both, I mean, we’re going to keep helping with the services, but it’s the deployment of the solution that’s going to become the bigger part of our company.
Yuval: Recently, National Institute of Standards and Technology made an announcement about the four initial protocols that they want to use. My question to you is first, how close is it to a working standard? And two, does that become a global standard or is there going to be similar work that’s going to happen at the EU and other places before it becomes a worldwide secure network?
Michele: Well, they’re going to be a real standard by around 2024. How ready are they for real world showtime? I think we’re in the Goldilocks zone. So some people it’s too soon. It needs more time. Other people say we needed this few years ago, so there’s no perfect time. Because everyone has a different risk tolerance, different migration time. So there’s no perfect. So I think it’s going to be pretty robust, but that’s why at the end of the day, you need years of deployment in real world systems to further build up confidence in these systems. So the sooner you start, the sooner you’ll build up that confidence. And furthermore, there’s going to be the next phase of this confidence building when quantum computers are actually here. So, we can battle test the implementation, interoperability, and a lot of those real world issues. Now we can battle test resilience against classical attacks now, so again, the sooner we start, the sooner we can get that done and build up that confidence, but there’s still the confidence against quantum attacks that will remain until we’ve had large scale quantum computers for several years.
So what do we do in the meantime? Well, that’s partly why for one, why we continue to advocate to keep deploying the battle-tested, hardened, current methods for key agreement and signatures. And, of course, once quantum computers are mainstream, those provide limited protection. Because then it’s not going to be free to launch quantum attacks. So, they’re still making it a nuisance, but that’s why you want additional layer of defense such as what QKD can offer.
So, the fantasy is we have a code where have a guarantee that it’s secure and it’s cheap and it’s easy, but that’s just not the way the real world’s going to play out. But we’re still in a pretty good place where we have codes. We have pretty good confidence in, and we’re going to continue to build up confidence, and we have mechanisms for mitigating the residual risk. So we just need to be proactive as a society, internalize these risks, the cost and properly manage them. In terms of is every jurisdiction going to have its own standards. We generally hope not. And I think for most of the world, for much of the world, this has an open process and we tend to adopt the NIST algorithms, right?
But then there’s other standards built on top of that. Because that’s not like the NIST standards are completed and we’re done. Then there’s financial standards on top of that. And there’s standards for how you use the cryptography in all sorts of different systems. And that’s where ETSI and other standards organizations and ISO and so on, there’s going to be risk management standards. And there’s lots of other standards around the core cryptographic algorithms where again, NIST is I think the foremost authoritative body there. Again, it’s US-based, but many of the algorithms have come out of Belgium. So it’s definitely international in how it engages people.
That said, the German government has proceeded to standardize some algorithms before. Remember I said the Goldilocks zone, some people needed it sooner. Well, the German government felt it needed some algorithms, they needed something. It couldn’t wait. Just it’s risk tolerance. So it’s standardizing, now these are not out of left field. These are algorithms that were part of the NIST process, but aren’t necessarily on the NIST finalist list. That doesn’t mean they’ll never be standardized by NIST, but it just means in the short term, the German government is standardizing them. But it’s all I think done in a collegial collaborative way where all of society benefits.
Now there are parts of the world that may not want to adopt the NIST standards. But again, I hope as a global society, we get to a place where we can agree on a simple, and a secure way to send zeros and ones across the planet and compete at higher levels in the stack. But China’s pursuing its own process. The fundamental machinery is very similar, but it wouldn’t be surprising that they develop their own standards. And then there’s going to be a bit of extra work, getting all these different platforms to work in these different jurisdictions. But I’m not expecting a plethora of different jurisdictions. You might remember in the nineties, you’d travel around the world. You needed three chips to be able to make calls in Japan or in other parts of the world. So it’s not like this is a totally new thing. Well, this is actually a much simpler problem to solve. If at the end of the day, there’s two standards we need to manage. But, it’d be nice if we could agree on one or some common suite of standards.
Yuval: As we get closer to the end of our conversation today, you mentioned that to get these standards in place, I’m sure there needs to be collaboration between governments and private companies like yours. Do you think governments are doing too much or too little or just right to get to where we need to be?
Michele: So far, I would say they’re not doing too much. They could do more and maybe they will start to do more. Ultimately, they need to just be careful what you wish for. They need to help internalize the cyber risk that is just being accepted without due consideration. Because, ultimately we don’t have seat belts and cars because of the market forces. There was regulatory requirements that said, look, we’re going to save lives if you require seat belts. And so they were required, and speed limits, and driver’s licenses. It wasn’t market forces that created those. So with cybersecurity, there has to be a regulatory push to properly internalize the cost of not properly securing things, but the answer isn’t to be prescriptive. So that’s why maybe, you didn’t want governments to come in too soon and start prescribing to people what to do. There’s many reasons why that’s a bad idea. But we do need governments to start encouraging with this in a non-prescriptive way, accountability.
They do need to start requiring their critical infrastructures. The critical infrastructures we all depend on for our livelihood and our safety to have a proper plan to protect against this emerging threat. So I think governments do have a role to play in properly internalizing that. And they also have a role to play a little more subtle to make sure the global markets and cryptography and cybersecurity function property. So they can’t be too nationalistic to the point where you only market is your domestic market. Because, then there won’t be enough money in the system to develop the high grade products we need. So we do need an appropriate regime for using each other’s products and services. So we can have really high quality products protecting our digital platforms. Those are two examples of where they’re good in need to do more. I’m not saying it in the sense of, well, they’ve been slackers not doing their job, but now that the world’s evolving, that is kind of the next phase where we need governments around the world to step up.
Yuval: And my next to last question is, so if I’m a CISO of a large regional bank, what should I do today? What should I do tomorrow morning?
Michele: So if you haven’t already, and you really need to make sure that there is somebody in charge, and this is their number one job, not something they do in their spare time. This is their number one accountability. This is what their KPI should be based on. And it’s to make sure there’s a proper quantum readiness plant at your organization. It starts off with one person, but it probably needs to grow. And again, this needs to be their job and they need to be set up for success. Which means they need not just the CISO support, but they need cross functional support at the organization to make sure they get access to the risk managers and everyone else they need to talk to, to do their assessment, to start formulating their plan and then growing the team. And so getting the investments they need to properly transition the platform.
They’ll need to engage people outside of the bank, but it’s a balance. So you can’t outsource this kind of accountability. You need somebody on the inside who really understands the business, driving things, but you can’t also recreate everything that has been created on the outside. So you need to properly engage, but you need to know what questions to ask and how to interpret the answers and then know what to do next. So you need a core team, starts off as one, but quickly grows, driving this transition for your organization and is engaging more and more with the vendor ecosystem. So they know what tools and services to procure, to affect the necessary migration.
Yuval: So Michele, how can people get in touch with you to learn more about your work?
Michele: Probably the easiest way is just to find me on LinkedIn and send me a note there.
Yuval: That’s perfect. Well, thank you so much for joining me today.
Michele: It’s been a pleasure, Yuval. Take care.
Yuval Boger is a quantum computing executive. Known as the “Superposition Guy” as well as the original “Qubit Guy,” he most recently served as Chief Marketing Officer for Classiq. He can be reached on LinkedIn or at this email.
September 17, 2022