Mike Brown, CTO of ISARA Corporation Discusses ISARA’s offerings for Quantum Safe Computing. Learn why you need to plan for a quantum-safe transition now for your applications and some of the options that are available in this interview with ActiveCyber.
Back in September, wanting to learn more about quantum safe computing, I attended the 4th ETSI/IQC Workshop on Quantum-Safe Cryptography. Attendees learned how quantum computers are poised to disrupt the current security landscape, how government and industry organizations are approaching this threat, and the emerging solutions to help organizations protect their cyber systems and assets, now and into the future of quantum computing. One of the first persons I met at the conference was Mike Brown of ISARA Corporation. ISARA is located in the quantum computing hotbed area of Waterloo, Ontario and is an early provider of quantum safe technology and services. Mike was kind enough to accept my invitation for an interview to offer readers his perspectives on how quantum safe computing is maturing and why it is important to pay attention to this emerging area of interest.
Spotlight on Mike Brown, CTO of ISARA Corporation
November 1, 2016
Chris Daly, ActiveCyber: Please provide some background on your company ISARA and the technology you offer to the post-quantum crypto market.
Mr. Mike Brown, CTO ISARA: ISARA is a security solutions company that offers companies and government agencies quantum readiness planning and quantum computer-resistant products to make vulnerable hardware and software compliant with developing quantum safe standards. To our knowledge, we are the largest company working on complete quantum resistant cryptographic solutions for easy integration into existing security protocols and systems. Our first product release of ‘drop-in’ quantum resistant algorithms is commercially available today to replace or work in conjunction with currently used algorithms that quantum computers are expected to break. Our algorithms allow our customers to create security solutions that will protect conventional computers against quantum attack today and for the future. We also offer professional consulting services to meet the demand for quantum readiness assessments.
ActiveCyber: What were the key decision factors to enter the post quantum crypto market – why now? Are there other key events that must occur to increase market size and scope? What industry sectors do you expect to be the early adopters of this technology?
Mr. Brown: Similar to the Y2K crisis, the technology industry is now facing a ‘Y2Q’ (years to quantum) challenge that has a limited timeline and requires significant work to ensure systems and information are properly protected. The massive processing power that will be unlocked with the birth of quantum computers is such that much of the security encryption used today is vulnerable. Most experts now agree that Y2Q will be here by 2026 or sooner. There has been building investment and excitement surrounding advances in quantum computing, but we saw that the security impacts of quantum computers were being greatly overshadowed by focus on the transformational opportunities for this new technology. The industry needs someone to really push the security agenda to the forefront and bring together academic researchers, standards bodies, government agencies, security experts and highly specialized, professional developers to start building new commercial security solutions before quantum computers become a major threat. Technological progress on universal quantum computers naturally accelerates the need for quantum safe solutions. As awareness grows of the threat to global cybersecurity, that creates more urgency and interest in this market. But it’s important to recognize that we need to be innovating and releasing security solutions ahead of that progress, or it will be too late. The financial sector, healthcare, and governments will be the early adopters of this next-generation security, as it becomes available. They can’t afford to wait for other parties to decide what the best way forward will be. They need to be investing in these solutions now.
ActiveCyber: What advantages do you provide using the McEliece algorithm over other lattice-based approaches such as NTRU? What benefits does your implementation of QC-MDPC with McEliece provide as an RSA replacement?
Mr. Brown: In the world of quantum resistant algorithms, there are pros and cons to each solution. So some algorithms, such as hash based signatures, work very well in something like code signing but don’t work well in high volume web signing. McEliece is based off of error correcting codes and is used to create ways to encrypt small pieces of data, similar to how you use RSA for key transport. Using one of the compression mechanisms like QC-MDPC may be useful in cases where you need to encrypt an AES key, such as in setting up a TLS connection.
ActiveCyber: What hardness assumptions does your implementation of McEliece rely on and how do you mitigate associated issues such as structured algebraic attacks and code family indisguishability?
Mr. Brown: All of the quantum resistant algorithms rely on different hardness assumptions. McEliece in particular typically relies on the hardness of problems such as ‘Information Set Decoding.’ What’s more is that when you use these problems to create cryptosystems, then you also need to worry about cryptographic attacks, such as Chosen Ciphertext Attacks (CCA2). That’s why, when you use something like McEliece to encrypt data, you also need to use an associated CCA2 encoder to protect against those online styles of attacks.
ActiveCyber: Are there independent review processes for quantum resistant cryptography out there?
Mr. Brown: With classical cryptographic systems like RSA and ECC, there have already been independent certification programs established such as the FIPS 140 program. The quantum resistant cryptography field is still pretty young and is in the process of developing those as we speak. In fact, NIST is kicking off that process this fall. In addition, the European Telecommunication Standards Institute (ETSI), has a working group focused on building standards for this field. Through these efforts we will be able to build certification programs to vet the correctness of quantum resistant libraries.
ActiveCyber: Please describe your approach to quantum-safe digital signatures. How is your approach different from current methods for creating digital signatures?
Mr. Brown: With the first version of the ISARA Quantum Resistant Toolkit, we have included support for the Leighton-Micali Signature scheme (LMS) which is an example of Merkle Hash-Based Signatures. These are very efficient, quantum-resistant digital signatures that work very well in environments such as code signing or firmware signing, because of the stateful nature of the private keys.
ActiveCyber: Please describe your approach to key agreement. What factors led to your selection of New Hope as the foundation for your approach? How does your customization called LUKE improve the use of New Hope as a key agreement algorithm?
Mr. Brown: One of the most promising areas in quantum resistant cryptography right now is the use of Lattice based cryptography for key agreement. Relying upon the ‘Learning With Errors’ problem, a number of fascinating algorithms have been created. You may have heard of Google’s experimental use of their implementation of the New Hope algorithm, which is built on this problem, within Chrome Canary. Within our toolkit, we include the original New Hope algorithm, the Google variant, as well as our optimized version of it that we call LUKE (Lattice-based Unique Key Exchange). LUKE improves the performance of New Hope by 30% by focusing on ways to compress necessary information, as well as limiting time-consuming activities such as random number generation.
ActiveCyber: How do you envision the transition to quantum-safe crypto rolling out? What is a “hybrid approach” and do you believe a hybrid approach will be how organizations get started? What is the position and readiness of standards organizations in relation to supporting this transition?
Mr. Brown: The new generation of security solutions needs to be in the field, being tested, now. One of the easiest ways to move forward today is with a hybrid approach, whereby a customer is able to combine the use of an existing classical algorithm, such as ECC, along with a quantum resistant algorithm, such as LUKE. This provides, in some sense, a best-of-both-worlds outcome where you use an algorithm already trusted today along with an algorithm that is believed to protect against a quantum computer attack. In addition, if the “classical” algorithm is FIPS validated, then this creates a solution that continues to be FIPS validated which is important for some customers.
This is a reasonable way for organizations with large infrastructure to transition to quantum readiness. On the standards side, members of the European Telecommunications Standards Institute (ETSI) are already drafting and discussing potential options for quantum safe cryptography standards, and the US National Institute of Standards and Technology (NIST) is inviting proposals for its evaluation process. These organizations need the right people involved and engaged to bring these standards to market, but practicality and efficiency are certainly among their goals.
ActiveCyber: What are some of the impacts that organizations must be prepared to deal with throughout this transition period? What level of computer and memory capacity will be needed to efficiently support quantum-safe cryptography?
Mr. Brown: For large and small organizations, the transition to making their business quantum safe will involve a re-examination of what data they have in their network and how they currently use cryptography. Many businesses will rely on the OEM partners that produce their routers, firewalls and other Information and Communications Technology (ICT) equipment to ensure they include quantum-resistant solutions within them. So they need to put pressure on those partners today to begin including that on their roadmaps. In addition, any bespoke solutions that businesses have created will need to be reexamined, much like they did in the late 1990s as part of the Y2K process. Since some of the quantum-resistant algorithms have different characteristics than what we have today with RSA and ECC, then there will be a need for flexibility in some cases where custom protocols will need to be updated to support Lattice Key Exchange, for example. Ultimately, this will lead to a more secure ICT environment for business.
ActiveCyber: What is the impact on Internet of Things devices due to this transition to quantum-safe cryptography – especially given the long life span of these technologies? How does your offering help enable this transition for IoT?
Mr. Brown: IoT brings its own challenges due to the nature of having long-lived systems that may or may not have the ability to be updated in the field. This focuses the attention on good planning and design for IoT vendors to ensure they are protected, not just from current threats, but emerging ones as well. With the ISARA Quantum Resistant Toolkit, we make it easy for developers to include quantum-resistance within their products today so they will be protected well into the future.
Thanks Mike for informing me and the ActiveCyber followers on the many exciting efforts related to quantum safe computing. I hope that my readers take your advice and get started now with their transition planning efforts. It will be interesting to say the least when the first quantum computer appears on the market that can efficiently handle Shor’s and Grover’s algorithms.
And thanks for checking out ActiveCyber.net! Please give us your feedback because we’d love to know some topics you’d like to hear about in the area of active cyber defenses. Also, email email@example.com if you’re interested in interviewing or advertising with us at ActiveCyber.
About Mike Brown
As CTO and co-founder of ISARA Corporation, Mike is focused on the technical vision and direction for the company. Previous to ISARA, Mike was VP of Security Product Management & Research at BlackBerry, where he co-founded the product security practice and was responsible for its vision and execution. Mike has spoken at global security events such as RSA, CTIA, GTEC, Bloomberg, APECTEL and InfoSec Europe. He has a Master’s of Mathematics from the University of Waterloo focusing on Cryptography, and is also an active innovator with over 150 issued or filed patents.