ISF congress post 3: The state of Quantum computing…

The state of Quantum computing…

… And the future of InfoSec

Presentation by Konstantinos Karagiannis from NT andJuniper Networks


Enough Quantum Mechanics to get by;

  • Richard Feynman “I think I can safely say that no one understands quantum physics”
  • Unlike macro objects, quantum ones exhibit weird behaviours that make amazing things possible
  • Max Planck proposed electromagnetic energy only emitted in discrete bundles or “quanta”: E=hf
  • Planck’s constant (h) and derivatives (Planck unit) may prove important in future information theory (one ‘bit of information = one planck unit..)
  • Light – made of waves (Thomas Young) made of photons, not waves (Einstein), Geoffrey Ingram Taylor – wave interference patterns even with one photon at a time – Particle wave duality!
  • Superposition – if you observe the light, the superposition is destroyed and it appears to work as you would expect.
  • This concept of decoherence is key to QC.
  • Entanglement – the key “mystery” of QM, and important for QC.
    • Created by a quantum event, entangled particles share a quality in superposition such as spin up or down.
    • If you observe the spin of one particle, the spin of the other is immediately known even if it is the other side of the galaxy.
    • No this doesn’t break the cosmic speed of light as it is effectively just random information.
    • This does have real applications in QC and quantum cryptography
  • QCs must maintain coherence / superposition in hundreds of particles e.g. via
    • Quantum optics
    • single atom silicon
    • Large artificial quits
    • NMR


Qubits and how a quantum computer (QC) will impact some areas;

  • Qubit
    • can be zero, one, or a superposition of both (with probabilities of each)
    • To over simplify: Qubits can perform certain functions with a percentage of effort of a classical computer
  • Public Key crypto, e.g. RSA;
    • Relies on classical computer’s difficulty in cracking certain mathematical functions
    • QC – Shor’s Algorithm – QC can easily reveal the factors of large prime numbers.
      • Shor’s algorithm puts quits through mathematical paces where likely answers interfere constructively, unlikely ones destructively.
      • Classical computers can’t so this in a timely manner.
    • Imagine the impact of being the first country with PKI-slicing capabilities!!
  • Grover’s Algorithm;
    • For searching databases / data;
    • Traditional DB – N/2 searches for N entries
    • QC Root of N searches for N entries..

Scanning with Quantum AI

  • Vulnerability scanners need to run and compare results quickly – Grover’s algorithm
  • Quantum algorithms may advance artificial intelligence – more useful for scanning web apps than networks
  • Traditional top-down AI approach fails – bottom-up may be easier to do with Quantum parallelism

Quantum networking

  • Routing quantum data is tricky – when you observe the quit, you destroy the data
    • create photon pair – one to observe, one to route

Quantum Teleportation

  • Entanglement allow for teleportation of quantum state – look up ‘Alice and Bob’ quantum entanglement example.
  • Teleport state of algorithms for distributed computing


Where are we now?

D-Wave claim to have a 512-qubit QC (with 439 operational qubits)  – There is currently some scepticism around this)

  • Google and NASA have teamed up on acquiring a D-Wave second generation machine (512-qubit)
  • Created the Quantum Artificial Intelligence Lab
  • University of waterloo has an advanced QC department
  • Lockheed Martin also using and developing a D-Wave QC


Moore’s Law;

  • QCs are not better than classical computers at everything
  • QCs still inevitable – we are getting to the single-particle level on transistors
  • No more miniaturisation possible to keep Moore’s Law going


Staying relevant – Encryption;

  • Shor’s algorithm only proven to work on PK, grover’s may help with
  • Toshiba developing quantum network with polarised photons, these provide encrypted, tamper evident networks.
  • We must stay relevant, new world of research and development coming – everything from the basics to security tool programming
  • Threat modelling
    • If AI improves scanning, hackers will have much better ways of finding application flaws

Closing thought;

  • Feynman’s first proposed QC was a universal quantum simulator
  • Seth lloyd showed a QC can perfectly simulate any quantum system in the universe
  • Turns out universe is a giant, 13.7-billion year old quantum computer
  • What will we be hacking one day?

This was a very thought proving and fast paced talk.  The above notes are very high level, but cover the main points of the talk and can be used to aid searches for more in depth reading.  This presentation really highlighted to me I need to read up more on this stuff.

We are not there yet, but Quantum Computers are coming and they will have huge ramifications for pretty much all areas of computing.  From a security standpoint, we will likely need a full overhaul of cryptography and threat modelling, along with application and system vulnerability scanning.  Of course not forgetting a whole new class of computers and networks to understand and secure!

Interesting times ahead, and I highly recommend further reading on this topic.



Been a while.. and 2013 plans

I realised it has been getting on for three months since my last blog post.. Getting back into writing posts has been on my mind for a few weeks, but things in life have been extremely hectic recently!  Briefly life has involved getting engaged, planning a rather cool wedding and honeymoon, redecorating an entire house, and not to mention starting a new job.

Work wise I am now a Senior Security Architect for WorldPay which is pretty much exactly the role I have been aiming to get for some time.  As with most roles the first few weeks have been a hectic time of getting to know the company, policies and processes, people as well as rapidly picking up constructive work.

I thought I’d start this years blogs with an overview of some of my plans relating to work and learning for 2013.  Obviously as it’s now nearly the end of February I am using ‘start’ or the year fairly loosely!

So looking ahead for the year, what are my plans / projects for 2013?

1. Complete my Masters project;  Due to everything that has been happening I requested as have been granted an extension until May of this year to complete my project.  I have completed and passed the rest of my Masters, so this is the final piece between me and being awarded the post graduate degree.  With continuing to get to grips with my new role and everything else that is going on, this will be a challenge, but something I need to complete.

2. Improve my knowledge of secure, always available multi-site data centre networking; Network security is one of my key focus areas, and this links nicely with the environment I am currently tasked with ensuring the security of.

3. Continue to lead and contribute to the Cloud Security Alliance Security as a Service working group.  This has become a major project for me that I have been leading for nearly a couple of years now.  This is another one that also ties in nicely with my WorldPay role as I will also be covering cloud security and strategy as one of my responsibilities.

4. Various smaller / side tasks including getting round to taking my TOGAF exam, attending various useful industry conferences such as RSA and Infosec (work budgets permitting of course), along with being successful in my new role and progressing at WorldPay.  This may of course lead to further projects this year depending on the tasks I need to achieve as part of my role, I’ll obviously keep you posted around any of these I can publicly discuss.

I’ll keep you all posted with my progress around these projects / tasks, along with other interesting things that happen during the year.  Hears to a productive and interesting 2013.