Q&A with Janet Jones, M3AAWG Vice Chair Board of Directors / Senior Security Program Manager – Customer Security & Trust Engineering at Microsoft

Unlocking Quantum Computing will transform how we communicate, build new technologies and even develop medicines. Yet, with Quantum Computing comes the risk of exploitation, with modern encryption capabilities being a major vulnerability. Fortunately, this technology is years away from widespread implementation, providing businesses and organizations time to effectively prepare for and mitigate these risks. 

We recently asked Janet Jones, Vice Chair, Board of Directors and Data & Identity Protection Co-Chair at M3AAWG and Senior Security Program Manager, Customer Security & Trust Security Engineering, at Microsoft a few questions on the future of quantum computing, quantum encryption and the role international standards will play in their implementation. Read the full conversation below:

Is there a general timeline for when quantum computing might surpass current encryption technology?

We’re seeing rapid progression and innovation in Quantum Computing technology. However, we are not currently able to pinpoint a specific timeline for when quantum computing will defeat current encryption technology. In October 2019, M3AAWG began looking at this emerging and upcoming challenge at our meeting in Montreal as part of work we are doing in the Data & Identity Protection committee. 

We actually brought in Brain Neill, Senior Technical Associate at the University of Waterloo’s Institute for Quantum Computing, to share insights with the M3AAWG community. If you want to read more about that I’d recommend checking out this blog post for full details.  

What standards are being developed around quantum encryption? What role will they play in its development and implementation?

New cryptographic algorithms have been developed and are currently under review under NIST’s Post-Quantum Standardization Project. This project launched Nov 30, 2017 and research teams from around the world responded to the challenge. NIST and the crypto community are now engaged in cryptanalysis for the newly developed algorithms and they are expected to announce results in the coming years. Industry migrations to new cryptographic algorithms takes time and must be carefully orchestrated to minimize ecosystem disruptions.

As new cryptographic algorithms are being developed, standards organizations are busy working to understand potential upcoming impact focus areas and beginning to scope new protocols and evaluate existing protocols that may need to be revised. 

The Internet Research Task Force (IRTF) focuses on longer term research issues related to the Internet while the parallel organization, the Internet Engineering Task Force (IETF), focuses on the shorter term issues of engineering and standards making. The Crypto Forum Research Group (CFRG) that is part of the IRTF/IETF was created to discuss and review uses of cryptographic mechanisms. The CFRG is currently working on several Post Quantum Cryptography drafts, including “The Transition from Classical to Post-Quantum Cryptography”.

The European standards organization ETSI (European Telecommunications Standards Institute) has a Quantum-Safe Cryptography (QSC) working group that is focusing on practical implementations of quantum safe primitives. This includes performance considerations, implementation capabilities, protocols, benchmarking and practical architectural considerations for specific applications. They have published several related specifications for this effort and most recently focused on Quantum-Safe Identity Based Encryption.

M3AAWG will continue to monitor, participate in, and work alongside the standards organizations as new protocols are developed and existing protocols are revised to support the transition.

How far along is the development of quantum encryption technology?

Cryptographic algorithm migrations, like other technology migrations, go through phases and include parallel workstreams. The initial research and development process began several years ago for Quantum Computing cryptographic algorithms, followed by industry standards discussions. In the last couple of years we’ve seen pilot and prototype implementations for some of the new algorithm candidates. We learned about the Open Quantum Safe project led by the University of Waterloo and other industry and academic contributors to “support the development and prototyping of quantum-resistant cryptography.” The project is actively looking for other contributors and potential implementer pilot/prototype scenarios. While progress is being made on quantum-resistant cryptography, there are still actions that organizations can take today to help prepare for the arrival of quantum computing.

What threat does quantum computing present to today’s encryption technology? Are there steps that can be taken today to safeguard data in preparation for quantum computing?

Encryption is essential to protect data –– it’s used throughout the internet and supporting services. Future quantum computers are a threat today as data could be recorded now and exploited later with post-quantum cryptography advances. Therefore, we urged our community to get started today by following basic recommendations, including: 

• Inventory and understand where, what and why encryption is being used for existing platforms and services. 
• Determine how to build in crypto-agility into existing systems where possible and make crypto-agility a must-have feature of new systems, taking into consideration hybrid solutions. 
• Understand your existing data retention requirements and limit storing data where possible to minimize exposure to the record now and possible exploitation later.
• Seek areas to collaborate and contribute to industry, academic and government planning efforts and pilots.

Short answer, we cannot pinpoint a specific timeline for achieving quantum encryption, but there are actionable things we can start doing now versus waiting.

We already have quantum key distribution. What are its advantages and disadvantages compared to symmetric and asymmetric crypto?

For current systems, symmetric encryption uses one private key whereas asymmetric encryption uses two keys (private and public). With asymmetric encryption, the public key is shared whereas the private is kept secret and used for decryption. Quantum key distribution provides the ability for two parties to generate a unique shared random cryptographic key. It also introduces the ability to detect potential eavesdropping by a third party. Quantum key distribution is only used for generating keys between two parties which means the data is transmitted over existing communication channels. Key sizes for post-quantum cryptography are larger and that could introduce efficiency issues.

It’s important that businesses and industry leaders prepare for the post-quantum transition to ensure encryption capabilities will remain viable. By taking appropriate steps today, they can make the post-quantum transition more manageable when the technology is rolled out.