120 likes | 125 Views
Quantum Computing. Background Benefits & Concerns Cryptography Timing of Impacts Enhancement Methodology BPI/BITS Quantum Risk Calculator Sample High Level Strategy & Timeline. Agenda. pg. 1. Quantum computers are not like general-purpose or “classical” computers.
E N D
Background • Benefits & Concerns • Cryptography • Timing of Impacts • Enhancement Methodology • BPI/BITS Quantum Risk Calculator • Sample High Level Strategy & Timeline Agenda pg. 1
Quantum computers are not like general-purpose or “classical” computers. “Classical” computing uses a string of “0”s and “1”s or BITS. Quantum performance is achieved through the ability for QUBITS (Quantum BITS) to exist as both “0” and “1” at the same time, resulting in all the possible combinations of “0”s and “1”s being processed simultaneously. Quantum computers are projected to have performance gains over conventional computers in the billion-fold realm. Quantum computing is expected to be a “disruptive” technological advancement. Background pg. 1
Benefits & Concerns • Top Benefits • Search algorithms for big data - searching over a set of possible outcomes for complex pattern prediction and simulations. • Factoring large numbers and performing complex scientific calculations. • Top Concern • The computational power of quantum computing could be used to overcome current encryption algorithms used by virtually everyone. pg. 1
Organizations typically rely on these algorithms: Asymmetric encryption relies on a public key and private key that can only be broken through the factoring of very large prime numbers. Breaking the keys is so difficult that VPNs, Internet traffic (SSL/TLS) communication, online shopping, block-chain and banking all rely on this type of encryption. Symmetric encryption uses the same key to both encrypt and decrypt the data. In this form of encryption, outside of implementation errors, the only known way to break it is through a brute force attack that would take so long it would be infeasible. Cryptography • Quantum computers could crack these methods: • Researchers have found at least one known method (Shor’s Algorithm) for quantum computers to break asymmetric encryption in a reasonable time period. • Symmetric algorithms are considered to be “quantum-resistant”. pg. 1
Timing of Impacts Gartner’s Annual Hype Cycle Says Quantum Computing Will Reach a “Plateau of Productivity” Within 5 to 10 Years 2018 Gartner Hype Cycle for Emerging Technologies pg. 1
Timing of Impacts Gartner’s Annual Hype Cycle Says Quantum Computing Will Reach a “Plateau of Productivity” Within 5 to 10 Years Projected – 2025 thru 2028 Today Projected - 2023 pg. 1
Assumptions: • Data encryption using current • cryptographic standards will be • at risk once Quantum Computers • reach ~4000 qubits. • The confidentiality, integrity & • availability of non-”Quantum • Resistant” encrypted data will in • jeopardy. • It could take 2-4 years for organizations • to become Quantum Proof once new • standards become available. • Symmetric algorithms (shared key) of 265 • bits or larger are considered Quantum • Resistant and are considered safe for the • foreseeable future. • Asymmetric encryption algorithms of less • than 256 Bits are also at risk. Enhancement Methodology pg. 1
BPI/BITS Quantum Risk Calculator The Bank Policy Institute (BPI) BITS membership has been organizing response efforts regarding the quantum computing risk to cryptography issue since 2015. The “Quantum Risk Calculator” referenced below was recently released to the BPI/BITS membership to raise awareness on related risk factors – Sample Seven and Forty Year Risk Models from the Risk Calculator follow on the next page. • This tool is based on the U.S. National Institute of Standards and Technology created a Quantum Computing “When to Prepare Model” developed in 2016 • The calculation says that your organization should start making steps to prepare now if X + Y is greater than Z where: • X = How long does my encryption need to be secure (x years)? • Y = How long will it take to re-tool my existing infrastructure with a quantum-safe solution (y years)? • Z = How long will it be until a large-scale quantum computer is built (z years)? pg. 1
BPI/BITS Quantum Risk Calculator 40 Year Retention 7 Year Retention pg. 1
Steps to Prepare for Post-Quantum Computing: • Scope Assessment – Evaluate and inventory encryption technologies including internal, external and partner ecosystems. • Mitigation Strategy – Update and enforce encryption standards, increase symmetric/asymmetric key sizes and remove weak key ciphers from the environment. • Scale Infrastructure – Identify and scale infrastructure requiring increased computing power to support computational needs of advanced encryption. • Data Retention – Ensure policies and procedures are in place to manage and remove encrypted data when it is no longer required. • Quantum Proof Planning – Actively follow updates from NIST an Quantum Computing Industry leaders, update policies/procedures to support new and developing Quantum Computing requirements. • Quantum Proof Implementation – Implement new Quantum resistant products, technologies and methods. Sample High Level Strategy & Timeline pg. 1
Thank You! BANK POLICY INSTITUTE- BITSWashington, D.C.1001 Pennsylvania Ave, NWSuite #720 North TowerWashington, D.C. 20004 www.theclearinghouse.com