Could the cryptographic apocalypse be under five years away? Depends on whom you ask. But there are potential technologies like Interconnect that could speed up the race to 4,000 quality cubits.
Is there something you can do today to protect data with a long shelf life? Find out in this episode of The Post-Quantum World. I’m your host, Konstantinos Karagiannis. I lead quantum computing services at Protiviti, where we’re helping companies prepare for the benefits and threats of this exploding field. I hope you’ll join each episode as we explore the technology and business impacts of this post-quantum era.
Our guest today is involved in post-quantum cryptography, and as you guys know, when it comes to my view of what post-quantum means, it’s a proactive and a defensive kind of thing. We’re looking for quantum use cases all the time, but then there’s this idea of a quantum apocalypse: “Oh, no, all the encryption will break!” — that kind of thing. Our guest today is CTO of a company called Qrypt, and I know him from the Mid-Atlantic Quantum Exchange — we’re on a crypto group together — and I figured it would be great to have him come on and talk about what his company is doing and where post-quantum cryptography in general is going. With that, I’d like to welcome Denis Mandich. Thanks for coming on.
Thanks, Konstantinos, for inviting me. It’s great to have opportunities like this to chat with people who really get it and are looking forward to what we do about this coming quantum apocalypse. Probably five or six years ago, no one really knew anything about quantum computing, and certainly not about what we do about standards on which computing and cryptographic resources are based that will be made obsolete very quickly.
Fortunately, the government was thinking about that a long time ago — probably 10 years ago, when you probably got into the field. And it wasn’t until 2015 and 2016 when the NSA unilaterally announced that everyone should forget about transitioning to this current generation of crypto that we’re using and start thinking about post-quantum crypto. Then this competition began and a new set of algorithms was proposed, and many of those algorithms didn’t work through the first and second rounds — they weren’t fast enough, there were flaws found in them — and the surviving ones are the ones that we’re looking at today as being instrumental to this transition that will start next year.
That’s where Qrypt comes in. Qrypt has looked at this suite of algorithms that are available and built software around the best ones — the best-in-class that we found — and the systems that support those algorithms to make them usable in modern infrastructure and cloud infrastructure. One of the earliest pieces was starting with the premise that we need good-quality random numbers to do all crypto, never mind post-quantum crypto, which has obviously much larger key sizes. As data networks expand, they get bigger and bigger. We have to generate more and more keys. And there just isn’t enough entropy in modern servers and laptops — and certainly handheld devices — to generate high-quality keys.
Historically, this was an issue going back 80 years. The U.S. government made it a very big priority to harvest data that they could over airwaves or diplomatic channels and so on, knowing that they could break it one day by finding a flaw in either the implementation of the cryptography or the random way that they used to make the keys for their crypto to work, and that was called the Verona Project. It was not known until probably the ’80s or ’90s that that’s how the Manhattan Project spies, the Rosenbergs and so on, were discovered — through breaking that crypto, that harvest-and-decrypt-later model.
Today, it’s become so much easier, and when I worked for the government for two decades and saw the scale of IP theft in this country — getting commercialized elsewhere and putting American companies out of business — we looked at the problem: Why didn’t these companies just encrypt their data and make it meaningless that it was stolen because it can’t be decrypted? But one of the things we saw some of the nation-state actors doing was prioritizing the theft of encrypted data over the easy-to-get unencrypted data, knowing that it was likely more valuable. But if you did everything right, it would never be decrypted — not by regular computing systems.
But they were always looking ahead, a 50- or 100-year plan — that “This stuff might change the economy of the world one day if we can break it.” And with quantum computers, the earliest ones, only coming online back then — P-Wave and other systems — it was unlikely for that to happen for many years to come. But then Google, IonQ now and many other companies have surprised us, so we really need to prepare for that right now. It’s not a question of if; it’s when. The time scale keeps shrinking down from whatever it was 50 years ago. We talked about this 10, 15 years ago down to 20 years and then to 10, and now we’re in that three-to-five range, seeing IBM coming online with a thousand-qubit machine in the next few years.
Could the cryptographic apocalypse be under five years away? Depends on whom you ask. But there are potential technologies like Interconnect that could speed up the race to 4,000 quality cubits.
Is there something you can do today to protect data with a long shelf life? Find out in this episode of The Post-Quantum World. I’m your host, Konstantinos Karagiannis. I lead quantum computing services at Protiviti, where we’re helping companies prepare for the benefits and threats of this exploding field. I hope you’ll join each episode as we explore the technology and business impacts of this post-quantum era.
Our guest today is involved in post-quantum cryptography, and as you guys know, when it comes to my view of what post-quantum means, it’s a proactive and a defensive kind of thing. We’re looking for quantum use cases all the time, but then there’s this idea of a quantum apocalypse: “Oh, no, all the encryption will break!” — that kind of thing. Our guest today is CTO of a company called Qrypt, and I know him from the Mid-Atlantic Quantum Exchange — we’re on a crypto group together — and I figured it would be great to have him come on and talk about what his company is doing and where post-quantum cryptography in general is going. With that, I’d like to welcome Denis Mandich. Thanks for coming on.
Thanks, Konstantinos, for inviting me. It’s great to have opportunities like this to chat with people who really get it and are looking forward to what we do about this coming quantum apocalypse. Probably five or six years ago, no one really knew anything about quantum computing, and certainly not about what we do about standards on which computing and cryptographic resources are based that will be made obsolete very quickly.
Fortunately, the government was thinking about that a long time ago — probably 10 years ago, when you probably got into the field. And it wasn’t until 2015 and 2016 when the NSA unilaterally announced that everyone should forget about transitioning to this current generation of crypto that we’re using and start thinking about post-quantum crypto. Then this competition began and a new set of algorithms was proposed, and many of those algorithms didn’t work through the first and second rounds — they weren’t fast enough, there were flaws found in them — and the surviving ones are the ones that we’re looking at today as being instrumental to this transition that will start next year.
That’s where Qrypt comes in. Qrypt has looked at this suite of algorithms that are available and built software around the best ones — the best-in-class that we found — and the systems that support those algorithms to make them usable in modern infrastructure and cloud infrastructure. One of the earliest pieces was starting with the premise that we need good-quality random numbers to do all crypto, never mind post-quantum crypto, which has obviously much larger key sizes. As data networks expand, they get bigger and bigger. We have to generate more and more keys. And there just isn’t enough entropy in modern servers and laptops — and certainly handheld devices — to generate high-quality keys.
Historically, this was an issue going back 80 years. The U.S. government made it a very big priority to harvest data that they could over airwaves or diplomatic channels and so on, knowing that they could break it one day by finding a flaw in either the implementation of the cryptography or the random way that they used to make the keys for their crypto to work, and that was called the Verona Project. It was not known until probably the ’80s or ’90s that that’s how the Manhattan Project spies, the Rosenbergs and so on, were discovered — through breaking that crypto, that harvest-and-decrypt-later model.
Today, it’s become so much easier, and when I worked for the government for two decades and saw the scale of IP theft in this country — getting commercialized elsewhere and putting American companies out of business — we looked at the problem: Why didn’t these companies just encrypt their data and make it meaningless that it was stolen because it can’t be decrypted? But one of the things we saw some of the nation-state actors doing was prioritizing the theft of encrypted data over the easy-to-get unencrypted data, knowing that it was likely more valuable. But if you did everything right, it would never be decrypted — not by regular computing systems.
But they were always looking ahead, a 50- or 100-year plan — that “This stuff might change the economy of the world one day if we can break it.” And with quantum computers, the earliest ones, only coming online back then — P-Wave and other systems — it was unlikely for that to happen for many years to come. But then Google, IonQ now and many other companies have surprised us, so we really need to prepare for that right now. It’s not a question of if; it’s when. The time scale keeps shrinking down from whatever it was 50 years ago. We talked about this 10, 15 years ago down to 20 years and then to 10, and now we’re in that three-to-five range, seeing IBM coming online with a thousand-qubit machine in the next few years.
Could the cryptographic apocalypse be under five years away? Depends on whom you ask. But there are potential technologies like Interconnect that could speed up the race to 4,000 quality cubits.
Is there something you can do today to protect data with a long shelf life? Find out in this episode of The Post-Quantum World. I’m your host, Konstantinos Karagiannis. I lead quantum computing services at Protiviti, where we’re helping companies prepare for the benefits and threats of this exploding field. I hope you’ll join each episode as we explore the technology and business impacts of this post-quantum era.
Our guest today is involved in post-quantum cryptography, and as you guys know, when it comes to my view of what post-quantum means, it’s a proactive and a defensive kind of thing. We’re looking for quantum use cases all the time, but then there’s this idea of a quantum apocalypse: “Oh, no, all the encryption will break!” — that kind of thing. Our guest today is CTO of a company called Qrypt, and I know him from the Mid-Atlantic Quantum Exchange — we’re on a crypto group together — and I figured it would be great to have him come on and talk about what his company is doing and where post-quantum cryptography in general is going. With that, I’d like to welcome Denis Mandich. Thanks for coming on.
Thanks, Konstantinos, for inviting me. It’s great to have opportunities like this to chat with people who really get it and are looking forward to what we do about this coming quantum apocalypse. Probably five or six years ago, no one really knew anything about quantum computing, and certainly not about what we do about standards on which computing and cryptographic resources are based that will be made obsolete very quickly.
Fortunately, the government was thinking about that a long time ago — probably 10 years ago, when you probably got into the field. And it wasn’t until 2015 and 2016 when the NSA unilaterally announced that everyone should forget about transitioning to this current generation of crypto that we’re using and start thinking about post-quantum crypto. Then this competition began and a new set of algorithms was proposed, and many of those algorithms didn’t work through the first and second rounds — they weren’t fast enough, there were flaws found in them — and the surviving ones are the ones that we’re looking at today as being instrumental to this transition that will start next year.
That’s where Qrypt comes in. Qrypt has looked at this suite of algorithms that are available and built software around the best ones — the best-in-class that we found — and the systems that support those algorithms to make them usable in modern infrastructure and cloud infrastructure. One of the earliest pieces was starting with the premise that we need good-quality random numbers to do all crypto, never mind post-quantum crypto, which has obviously much larger key sizes. As data networks expand, they get bigger and bigger. We have to generate more and more keys. And there just isn’t enough entropy in modern servers and laptops — and certainly handheld devices — to generate high-quality keys.
Historically, this was an issue going back 80 years. The U.S. government made it a very big priority to harvest data that they could over airwaves or diplomatic channels and so on, knowing that they could break it one day by finding a flaw in either the implementation of the cryptography or the random way that they used to make the keys for their crypto to work, and that was called the Verona Project. It was not known until probably the ’80s or ’90s that that’s how the Manhattan Project spies, the Rosenbergs and so on, were discovered — through breaking that crypto, that harvest-and-decrypt-later model.
Today, it’s become so much easier, and when I worked for the government for two decades and saw the scale of IP theft in this country — getting commercialized elsewhere and putting American companies out of business — we looked at the problem: Why didn’t these companies just encrypt their data and make it meaningless that it was stolen because it can’t be decrypted? But one of the things we saw some of the nation-state actors doing was prioritizing the theft of encrypted data over the easy-to-get unencrypted data, knowing that it was likely more valuable. But if you did everything right, it would never be decrypted — not by regular computing systems.
But they were always looking ahead, a 50- or 100-year plan — that “This stuff might change the economy of the world one day if we can break it.” And with quantum computers, the earliest ones, only coming online back then — P-Wave and other systems — it was unlikely for that to happen for many years to come. But then Google, IonQ now and many other companies have surprised us, so we really need to prepare for that right now. It’s not a question of if; it’s when. The time scale keeps shrinking down from whatever it was 50 years ago. We talked about this 10, 15 years ago down to 20 years and then to 10, and now we’re in that three-to-five range, seeing IBM coming online with a thousand-qubit machine in the next few years.