This is security implications of quantum computing. A little bit of introduction since we've got it here. Let me see. I've got get the chat and see if I can do that. No. Okay. I'll have to pick it up. Where are we here? There we go. Okay. There's the details in the chat screen if you want to do pick up those things. But anyways, that's sort of the introduction to a set of blog postings that I did some years back. That was five years ago, so that's got a little extra detail and introduction to what this is doing, because quantum computing. Well, quantum mechanics, I think it was Niels Bohr who said that anybody who thinks they understand it and their brain doesn't hurt, doesn't understand. You know, quantum computing is really interesting stuff. We definitely do not have an awful lot of an idea of what it really means, but in terms of not to get into the quantum physics and quantum mechanics stuff, but flowing out of the basic concepts there, we have the idea of the qubit. Now, we have bits in computers. We deal with bits. Quantum computers deal with qubits. And a bit is either a one or a zero. A qubit can be one and zero at the same time until we determine what it's ultimately going to be. The determination is what goes into quantum programming. This gets a little bit hairy because it can not only be one and zero at the same time, but any value in between in certain situations. So we won't get into that right now. We'll just say that it can be one and zero at the same time. What this allows us to do with sufficiently many qubits is to set up a situation where we can run through all possible values at the same time and find out which ones fit. That's basically what we talk about. We have all kinds of weird things about quantum mechanics and quantum computing. There's the observer effect. Schrodinger's cat is both alive and dead at the same time, and Schrodinger's phone, until you look, it's both cracked and not cracked at the same time, and stuff like that. But there's also an issue called entanglement, and we're going to touch on that slightly in one of these things in terms of networking. But the entanglement of multiple qubits is what gives us the opportunity to perform the same function on a bunch of qubits. And again, as I say, sort of find out which answer it is that actually fits with one operation. And here's the bore quote that I has saying if someone says that he can think or talk about quantum physics without becoming dizzy, that shows only that he has not understood anything whatever about it. So we'll do that. Now, one of the aspects of quantum technology with computers is that we can have quantum technology to aid us in producing traditional computers. So we're making chips and elements on the chips smaller and faster, and we're getting into the quantum size range, where there are quantum effects in what we're doing with chips and traces, and that sort of know we need to address that. There's also the fact that one of the things that Turing figured out with his ideas of computing, starting us all off here, is that irreversible computations, that's in traditional computers, they have a sort of a minimum limit. We're reaching the limits in terms of how much we can reduce the power consumption with traditional computers. But with quantum operations, we can do reversible computations, and in that case, you can make the power arbitrarily small. Again, we can build a traditional computer with very low power consumption if we're using quantum technology properly. There's quantum cryptography, and quantum cryptography is a real thing, but it keeps on getting mixed up with the idea of using quantum computers for decryption, a sort of a universal decryption. And people are saying, oh, quantum computers are going to kill. Cryptography has. We know it, and that is not the case, and we'll talk about that in a second here. But quantum cryptography, I do want to mention and disentangle it from this quantum decryption thing. Quantum cryptography is not cryptography. It is basically just key exchange. And I have a demo that we could do, but it takes half an hour, and we don't have time tonight, so we won't do that. But it is being used. I mean, a bunch of swiss banks have been using it, and there are a bunch of commercial enterprises that will sell this quantum cryptography stuff, which, as I say, has nothing, well, has to do with cryptography, but only in terms of key exchange. And, I mean, basically, you need dedicated, single mode fiber optic cable to do this key exchange. And if you've got dedicated, single mode fiber optic cable, why do you need cryptography, for crying out loud? Anyways. But it is something that is, unfortunately, in here and gets mixed up with everything else. It's real, but actually a lot more limited than people. It's very elegant. It's a really elegant idea. It just doesn't work in the real world. As I say, it's always implementation in cryptography it's always the implementation that gets attacked, and there's all kinds of implementation attacks on quantum cryptography, unfortunately. But quantum decryption, that's just hypothesized. It's going to be a long time before we see it, and by that time, we'll have decent quantum computing proof algorithms for cryptography. Anyways, the thing is, with quantum computing, there's also, is it a real, true quantum computer? And there are various quantum computers, fairly small. I think the largest of them is only barely into the three orders of magnitude qubit range, just over 100 qubits. And that isn't enough to do an awful lot of really interesting stuff. So those are only sort of test beds for the moment. And then there's d wave over in Burnaby here. And d wave has got something, but it's more of a quantum, um, it's like an analog mean, you know, we know digital computers, but we have had analog know. What are analog computers? Well, there's the spaghetti computer, which does parallel sorting. You cut pieces of spaghetti to the numbers that you want to sort, and then in one application, bang, you sort them all, and it's done. It's a special purpose. It has a single application, but there it's very effective. Same thing with the slide rule. We do exact computations, but it's a little imprecise in terms of how we read it. The D wave computer is an adiabatic quantum computer. It looks for situation where it gets the least energy and therefore the best answer, least path, best comparison simulation. So the D wave Orion machines, they are not full quantum computers. They have some very interesting capabilities, but it is at best, sort of a quantum coprocessor. That's the general idea. So having provided some of that as a background, let's get into specific applications and what we can do with quantum computing in terms of security. And I've structured this by the domains of security to give it a little bit of format when we do it. But the general functions that we're going to be looking at here are the same ones that the D wave can do, and that is looking at least path calculations, doing simulations, doing pattern matching, and lease path problems. The big example that people use is the traveling salesman problem. And for example, there's like 28,000 cities and towns in Norway. And the traveling salesman problem, if you've only got two sites to visit, it's easier to see which is the shortest path. It's just the shortest distance between two points is a straight line, one straight line. But as you start adding different places to go, then what's the best path to get to all the places? That's the traveling salesman problem. And this is not something that can be done easily with a traditional computer. As I say, there's 28,000 towns in Norway. They did the traveling salesman problem. I believe that it took like ten or eleven years using multiple network, high speed computers to actually do this. Whereas you get a big enough quantum computer, you can do it. One operation type of thing, simulation. There's all kinds of things that we can run with simulation, climate models, weather maps, those types of things are a really good example. The thing is that when you're doing weather and climate simulations, you divide up the atmosphere into a whole bunch of cells, and you do calculations on each cell. And then because those calculations have changed the results in all of those cells, then you have to go back and redo the calculations based on the new information from the surrounding cells. For every cell type of thing, it's over and over again. There's an awful lot of cells, therefore, there's an awful lot of processing, and it just takes a lot of time. Again, with a quantum computer, you're able to do this big enough quantum computer, you're able to do this sort of one shot so you can get closer to real time stuff and much more accurate, and therefore longer range forecasts. The other thing that we are really good at, and traditional computers are not, is pattern recognition. Now, there's a picture there of airplanes. Immediately you as a person look at that, and without even fully concentrating on it, you probably immediately think airplanes, and then possibly even military airplanes and that sort of thing. Whereas it would take a computer a long time to figure that out. People are good at this. Computers are bad, but the quantum computers are going to be much better at recognition. That type of thing that we want computers to be able to do is going to be much easier with quantum computers. So into the domains of security and what we can do with them, risk management. And again, this is shortest path traveling salesman type of problem, because when we're doing risk management, the tools that we've got for risk management, we put in all the data, collect all the data on the risks, on the threats, the realities, the impacts, and then the efficacy of different types of controls that we're going to put in place to counter, to mitigate the risks. Once we've collected all that data, we can then put it into sort of a giant spreadsheet and we can start playing around. What if we put a little bit of more effort, more resources into this control and reduce it in that, because, of course, you've always got a fixed security budget. Does this give us a better outcome? Does that trade off, give us a better outcome? But we've got to do all the shuffling of increasing this and decreasing that and see if it gives us a better result. Now, what the quantum computers, and again, once we get big enough ones, will allow us to do is collect all that data, put it in, and the quantum computer will be able to do the least energy, shortest path type analysis and tell us what's the optimum arrangement, the optimum configuration, the most efficient, the most effective, the most cost effective, greatest benefit for the fixed cost, for our various controls, for all the different risks that we have. So again, it'll sort of be a one shot bang and you get your answer type of thing, which right now is just not possible. Information classification, pattern matching is going to help us there. The pattern matching capabilities of quantum computers. Risk assessment is not something that people look forward to, like we said, in the risk management area, but we're going to have to do some thought here. Is it going to be worth investing or not in quantum computing? And again, figuring out what it can do for us and what the benefits are is going to be part of that decision as to whether or not we're going to get into the field of quantum computing for those benefits. In terms of security architecture, the news here is probably all bad. This is going to give us new architectures. It's going to be much more complex. It's going to introduce new vulnerabilities, just a whole bunch of work that we need to do in regard to that, simply because somebody might want to put a quantum computer into our company. But it does give us simulation of vulnerabilities and protections, allowing us to sort of test out whether or not given protections or safeguards are going to help us in certain situations. Quantum devices are going to, they are subject, quite subject, unfortunately, to issues of noise. And that is going to be something that we're going to have to look at and address in a variety of different ways. Right now, the d wave they've tried to reduce noise has much as possible, but basically what they do with their systems is just sort of vote run multiple times and see if they get the same answer multiple times. There are new technologies in terms of quantum error correction, again, going back to the issue of entanglement, and that may give us some promise in terms of fault tolerant computing. So it's an area to be addressed there in the field of access control biometrics, really, in terms of biometrics. Up until this point, we're using just interesting forms of data representation, but we're losing an awful lot of the data. That has implications for our error rates for false positives and false negatives. In terms of biometrics. The pattern matching capability of quantum computing is going to allow us more freedom there and more ability to say, well, yeah, that sure looks like it's Verne's login or face or fingerprints or whatever it is, even though it's not quite so, that pattern matching capability is probably going to assist us there in terms of both the lease path and the simulation capabilities. Information flow, which is very time consuming right now, and covert channel analysis, which again is something that's hard to figure out, is probably much more possible with quantum computers. And again, in intrusion detection, we've got our intrusion detection systems. The pattern matching capabilities is probably going to make those a lot more effective. So cryptography now has, I say we've got all the things about the quantum computing, which really is only the key negotiation, key exchange. It's the BB 84 protocol. It's tremendously elegant, wonderful. It is able to detect eavesdropping for the first time. All of that is in terms of the theory, but in terms of the implementation, there's just been all kinds of ways to attack that. Unfortunately, the issue of being able to do sort of parallel decryption all in one step, do brute force attacks that just drop the right key out of the system. That is limited to the shore algorithm and others that may use mod functions. Right now, it's basically RSA is susceptible to that. And there are new algorithms that are being pursued to make sure that they have a high work factor, both when you're doing classical types of crypt analysis and the quantum crypt analysis as well. One of the really important things in cryptography, of course, is randomness. And quantum computers actually can help us there. On the one hand, because they are so subject to noise, we can just use the noise as a source of randomness. But there's also, for the first know, John said that anybody who thinks of arithmetic methods of generating randomness is in a state of sin. But the thing is that there are things we can do with quantum devices that can give us genuinely random answers and in a sense, tunably random. We can take something that has a random output and sort of tweak the bias on it. So if we've got another system that is generating random stuff, but it has a bit of a bias, we can tweak the bias in the other direction and sort of use these two together and come up with a balanced source of random data. Again, cryptography desperately needs random data all the time. Analysis of the implementation problems. Like I say, you always attack cryptography in implementation, and quantum computing simulations will probably be able to help us to identify those issues in physical. This is really interesting. Again, the noise, radio frequency interference, electromagnetic interference, all of that stuff is a problem and needs to be addressed. But the big one, possibly, depending on which technology eventually gets used in this regard, is temperature. The Orion computer, well, it's running at super cold temperatures. Room temperature is 100 times as hot as interstellar space. But when the Orion computer is operating, interstellar space is 1000 times as hot as the central core of the Orion device. That's how cold we have to get for some of these operations. That has implications. We have to keep the power considerations in some of the technologies to create qubits for quantum computing. If you lose power, you just lose whatever process you're working on right now. You actually lose your cpu because you've got lattices of photons or electrons bouncing around in channels, in laser guides and things like that. It's a nontrivial task sometimes to keep these things power, heat and cooling. All of these issues are going to have to be addressed for operating quantum computing. So there's going to be special costs, there's going to be special protections for devices, and you're probably going to want to deal with physical access control. Who's going to get access to this business impact analysis? I've got to admit, sorry, business impact analysis and business continuity planning. Disaster recovery planning. This is close to my heart because, of course, of all my work in emergency management and doing a business impact analysis, what's most crucial, what's your most crucial, what are your various critical business units and systems and that sort of thing? The least path analysis part of quantum computing capabilities is definitely going to assist us there. The simulation part will very much help us with the testing of business continuity plans and whether or not they're effective, whether or not we've missed anything out. But what really is interesting to me is the disaster management, again, like the risk management in a disaster, you want to direct resources to maximum effect and that it saves lives, it helps people to, well, it reduces the suffering. So there's all kinds of really good stuff that can happen if you do proper management in the middle of a disaster. And like I said, the risk management that can be done, that has to be done. The calculations are very complex and generally take time to perform with a traditional computer because there's so many different moving parts. Well, when you've got a simulation situation, you're able to do those calculations in real time. So while the hurricane is going on and when it hits land 20 miles away from where you thought it was going to hit land, you've got a whole bunch of things that are in the wrong place. But with quantum computing, you can correct that very quickly and also address issues of what do we do to move those resources, to redirect those resources to where they are going to be most needed as soon as possible. Again, the continuity of operations for these special devices is definitely going to be an issue. Talking about the power, talking about the cooling, what is going to happen if there's failures there? Now, in terms of application security testing of our increasingly complex applications is a nontrivial task and one where quantum computing will definitely be able to assist us and give us better information. Database analysis, again, the pattern matching capabilities will help us. And looking, as I talked about, in terms of the differential privacy, the cost of privacy versus the benefit of safety and some of those calculations, database aggregation, problem analysis, and again, the privacy budget, privacy accounting calculations that differential privacy is meant to address, um, will, you know, they're going to be very complex. And, and so quantum computers are probably going to be an area that will assist us in there learning artificial intelligence, machine learning, the pattern matching capabilities of quantum computing are probably going to be very useful, give us new insights in there. And the thing is that right now, when we're trying to check the output of a neural network, say, or of genetic computing operation, because those are systems that are going beyond what traditional computers are capable of, how do we have a check on what they're doing? Well, quantum computing gives us those same capabilities coming at it from a different. So again, as with the voting in the Orion systems, probably running a neural net, running a quantum computing assessment, and seeing whether or not they agree is at least a first attempt at trying to check some of these things that we want to know about. Again, as I say, we traditionally say check the output against what you expected. Well, with a lot of these artificial intelligence things, what did we expect? The reason that we're doing them is because we wanted to get results that we didn't expect. But when we get quantum computing in there and start looking at those results, how are we going to check them? You know, those things are, are things that we're going to be impossible to compute by classical methods. And so how are we going to test whether or not this is actually working, malware, botnet decryption, as per the intrusion detection, the pattern matching capabilities is going to allow us better analysis there. Also in terms of both malware looking at what family does this come from and therefore tying it back to what group, what possibly even the individual is the person who wrote this. But certainly in terms of botnets out on the Internet looking at the control and ownership of these large networks, it's a nontrivial task and quantum computers can help us there. There are going to be completely new paradigms in programming here. It's already hard for some of us old dinosaurs to. We're stuck in the procedural days. I've done a little bit of functional programming and that can turn your head, certainly object oriented. I think object oriented programming is basically lying to you because I want to know who's going to show me an object oriented cpu. It doesn't work, or rather it seems to work, but sort of how, it's kind of a trick. But anyways, what quantum computing, they're really going to change our outlook in terms of how we think about programming. How do we make sure that they work? Just being able to write a hello program is not going to mean that you understand how quantum computers actually do operate. So in terms of security, we are going to have limitations of classical and quantum devices and operations to increase the complexity of our systems that are already very complex. So the complexity there is going to create problems for us. On the other hand, quantum computers with simulation, with the pattern matching will probably provide tools for us for troubleshooting, which is a good thing because we will have to be troubleshooting where the problem lies in a system which contains both quantum and classical computers. So again, it's not going to be an easy thing to do. Insider attacks pattern matching capabilities of quantum computing may give us some tools for insider attack detection. That has been a very intractable problem. It's always been an issue and it's not easy to figure out who's going to deal with it. So it's an interesting situation and maybe we will get a tool that can help us there. Telecommunications and networking. Again, we've mentioned intrusion detection systems and the capabilities there, botnet detection and assessment and looking at the command and control, the ownership, particularly for fast flux systems, network attack analysis, all of these things are issues where the tools that quantum computers give us can help. We're coming to the limitations of our spam detection, even with bayesian analysis. Certainly a number of the systems that I work with regularly, it seems to be a problem. And the pattern matching capabilities that go along with quantum computing are probably areas where we'll get new spam decryption tools in there. Quantum encryption requires special channels, the quantum cryptography. Quantum devices, though, are likely to be remote access for the foreseeable future. We're going to start out with centralized systems with sort of like timesharing capabilities that you can sign on, you can get something from, pay rent for time on the computer. So it's going to be remote access. And again, dealing with telecommunications and networking for these situations, particularly as we're doing some computations with a quantum computer and some with classical, there's going to be data flying back and forth, and we need to protect that and perform authentication on who's available to do it. Interesting communications channels. The quantum entities that we use for transmission can provide for more than one bit per photon. For example, one test sent enough data for a small graphic image. I think it was around 128 bits in one photon. So there's also, as I say, the possibility of continuously variable entities. So we have an analog photon, which is really kind of bizarre because the whole point of quantum computing was that it was defining stepwise states in entities. So being able to send something in an analog situation is kind of mind blowing. Quantum networks, this is something that I came across recently. I'm not sure about this. I mean, they made it work and that sort of thing, but it's probably going to be more local connections in terms of distributed quantum computing rather than large scale networking, at least for the immediate future. So that's going to be an interesting field of research and law and investigation. We're going to have new forensic analysis tools. The pattern matching and simulation there could be very helpful. But the presentation and acceptance in court, as per the earlier discussion on presenting technical evidence in court, is definitely going to be problematic. So we're going to have to deal with that. And we managed to get through all the slides.