In this Digital CxO Leadership Insights video, Amanda Razani speaks with John Prisco, CEO and president of Safe Quantum, about the importance of quantum security.
Amanda Razani: Hello, I’m Amanda with Digital CxO. And I’m here today with John Prisco. He’s the president and CEO of Safe Quantum Inc. How are you doing today?
John Prisco: I’m doing very well. How are you?
Amanda Razani: Good. Well, I’m so glad to have you on the show. Can you share a little bit about your company and the services that you provide?
John Prisco: Yes. So Safe Quantum is a consulting company. And it started as a result of my being CEO of another quantum related company: Quantum Exchange. And today, I consult in the areas of quantum security and quantum networking. So, looking forward to the quantum internet, and looking forward to securing our current encryption standards.
Amanda Razani: Okay, so, quantum computers, for our audience who may not understand quantum computers versus supercomputers, can you share a little bit about the difference?
John Prisco: Sure, well, quantum computers don’t simply have on and off bits; they don’t just simply have ones and zeros. As supercomputers do, and as the computers we’re using to conduct this interview, you know, those computers can either be a one or a zero, whereas in a quantum computer, you can have a superposition of ones and zeros and something in between. So really, what it means is that the parallel processing capability of a quantum computer is enormous compared to a classical computer. And that’s why so many things can be done so quickly on a quantum computer. For example, all of our encryption today is based on public key cryptography. And the way in which that works is you have a very, very large number, which turns out to be the product of two prime numbers. And if you could actually factor that very large number into the two prime numbers, you could then break the encryption. So you know, a simple example is the number 15, the two primes are three and five. But if I gave you a number that was 4000, digits wide, it’d be very hard to factor that into its two prime numbers. A quantum computer can do that. And that’s what all the furor is around breaking encryption and no longer being able to keep secret information secret due to a quantum computer. But quantum computers do a lot of good things, too.
Amanda Razani: I know. So yeah, it seems on one side, quantum computers sound very scary, then, because of how fast and quickly they can break these problems. But at the same time, what are some areas that they’re doing a lot of good? And can you give some examples of how useful they’re being in certain sectors?
John Prisco: Sure. So one that we work with on a regular basis is the financial markets. And essentially, the ability to optimize investment portfolios, is something that a quantum computer is very good at. Perhaps down the road a bit, when quantum computers become more powerful than they are today, they’ll be able to synthesize pharmaceuticals much faster than we can today. And of course, that could come in very handy if we ever faced another pandemic situation. And then even problems that you might not realize are really hard to solve, like, the traveling salesman problem where you know, you say, “Okay, start in Tennessee, and decide how you’re going to call on these customers, all around the country.” That turns out to be a pretty hard problem for a computer, a classical computer. But a quantum computer can solve that. So you know, there are lots of things that we haven’t even explored some of the capabilities of quantum computers, but there’s certainly a lot of them. And it’s very much worthwhile to keep plugging away at making a quantum computer that has more than 1000 cubits which is, you know, sort of already well beyond where we are today. Where we are today is pretty much like in the days of the first transistor, which, you know, you couldn’t do much with one transistor now. We have billions of them on a chip. So we’ve got some work ahead of us, but I’m confident we’ll get there.
Amanda Razani: Okay, that answers another question I had, which was where are we in the process of quantum computers right now? So, what do you think is the timeline? How fast are we evolving in this area?
John Prisco: Well, you know, it’s interesting to watch companies that publicize their roadmap; like IBM does that. And, you know, over the next few years, IBM will get up to about 1000 cubits of processing power. But that’s not going to be nearly enough, you know, we’re going to have to see breakthroughs. And there are many companies, many, many private companies, many public companies and the government all working toward building a quantum computer that can actually do the sorts of work that we’d like them to do. But it’s going to take time, you know, really, everybody talks about, well, maybe by 2030, we’ll have a quantum computer that can break all of today’s encryption standards. So, you know, 2030 is probably a good time to be looking for a quantum computer that can really do some good work and, and do some scary security work.
Amanda Razani: Yes. So that is the question. While it is so beneficial, how are we going to protect ourselves, then, from a security standpoint?
John Prisco: Well, there are two tracks that the world is exploring now. The first is called post quantum cryptography algorithms. And NIST, the National Standards Agency in the United States, has been working over the past six years to come up with algorithms that are quantum resistant. And they’ve done a great job. They’ve just announced about a week or two weeks ago, four of the algorithms that they have anointed as working toward a standard. And because these are more complex than our two encryption techniques today, they probably will hold off quantum computers for a good while. The second approach is based on quantum science. And that’s called quantum key distribution. When you think about encryption, you think about a key that locks the information, and a key that unlocks the information. And the idea is to make sure that the way you handle that key is only between the two people meant to either send or receive the information. Quantum key is quite different. The key that we spoke of before as being a large number is a classical key. And that’s the one that is in danger of being broken. But a quantum key is made of light. So if I were to create a key with ones and zeros, and for example, I’d say, I’m going to encode individual photons, which you can do in quantum key distribution hardware. And, you know, let’s say a vertically polarized photon would be a one and a horizontally polarized photon would be a zero, I could make a string of ones and zeros that I can use to then encrypt secret information. And no one can really steal that, because of the laws of quantum mechanics, which say, if you try to even observe an optical photon or anything, in a quantum state, the mere act of observing will cause that state to change. So you may think you’re stealing a key, but you have affected in a in a profound way, so that it no longer would unlock the information. So we send these keys down optical fibers cybers that are in the ground today. And they can get from point A to point B and they can secure secret encrypted information forever. So you know, perfecting that approach takes a lot of worry out of someone actually breaking even the new algorithms because you know, given enough time, some brilliant person will find a way to break even the new algorithms. And if you look at the history of cryptography, at about every 20 years, what we use no longer works. And that’s happened from the 1970s till today. So in the 70s, we had Whitfield Diffie, coming up with public key cryptography, and now in the 2020s we’re coming up with quantum key distribution and post quantum cryptographic algorithms to protect secret information.
Amanda Razani: So for businesses that are in the process of digital transformation efforts, which is widespread right now, how should they be looking at the prospect of quantum computers and securing and protecting their business? As more and more goes to the cloud, what should they do to start protecting themselves now and for the future?
John Prisco: Lots of good questions in that last question. So while I’ll try to hit every part of it. So in terms of digital transformation, we are now going to be undergoing quite a digital transformation as all eight government agencies and commercial corporations are trying to adapt to the quantum cryptographic standards. In fact, it’s likely that it will take large corporations 10 to 15 years to completely convert from their current encryption standard to this new quantum standard. So there’ll be a lot of work and assessment going on. But something that is troubling is that many people say, well, we don’t have a quantum computer yet that can harm us. So we have time. So let’s look at you know, what, what’s the shelf life of our data? How important is it? How long will it take us to convert to this new standard? I believe that those are insignificant points to consider. Because when you add into the equation, the fact that our adversaries are simply stealing our data today, even though it’s encrypted, they they are stealing the data and the key that will decrypt the data. And they say, “Well, you know what, I can’t break that key today, because it’s too big. And I don’t have a powerful enough computer. But I can wait, you know, I’ll just take all this information and wait until I do have a quantum computer that can decrypt the key and therefore provide all that secret information to you.” So it’s really a mistake to think that you have all this luxury of time before you’re in trouble. We’re all in trouble now. And, you know, as long as people are able to hack into systems, and to siphon off data, we’ve got a problem that can’t be solved unless we convert to either PQC, the post quantum cryptographic standard, or the quantum key distribution method. And you mentioned the cloud as part of your question. So I will comment on that. I think that when you look at all the hyper scalers out there, like AWS and Azure, and Microsoft, and you know, the litany of them, it’s going to be very important that they provide a quantum solution, when they are taking people’s data from their data centers and into the hyperscale, or cloud. So you know, it’s not a happy day, when you’re transmitting all your, you know, personal information, if it’s medical in nature, or if it’s intellectual property or patents. You don’t want to be doing that unless you have a rock solid way to guarantee that it gets to the cloud, or when it gets to the cloud, it hasn’t gone somewhere else at the same time.
Amanda Razani: So cloud providers have a lot of responsibility.
John Prisco: They do and they need to upgrade the way they’re doing it. And not just 10 years from now, when a quantum computer can harm a corporation or a government. They need to do it now. Before someone makes a copy of the information and stores it in this so called harvesting attack.
Amanda Razani: Right. So real quick, again, thinking about how quick quantum computers can crack codes, how safe is cryptocurrency and things like blockchain?
John Prisco: Well, we’ve done some experiments with blockchain and with securing blockchain nodes with quantum key distribution, and that has worked really well. You know, in terms of an algorithmic or a mathematics approach, you never know when some brilliant mathematician like Shore or Grover, who have both come up with ways to weaken quantum algorithms. You never know when somebody else is going to come up with that. And, frankly, what’s even more frightening is if our adversaries already have a way to break our latest standards. They’re certainly not going to tell us about it. You know, we’re going to find out the hard way. So, you know, when when it’s mathematical in nature, it has a shelf life; when it’s quantum in nature, it’s quantum forever.
Amanda Razani: Yep. So just finding ways to stay one step ahead, hopefully and continuously adapt.
John Prisco: Yes, correct.
Amanda Razani: All right. Well, thank you so much, John, for coming on and sharing a little bit of your insight in this regard. And let’s hope that everyone steps up and gets secure really quickly.
John Prisco: Very good. I enjoyed it. Thanks very much. Thank you