EP164 Quantum Computing: Understanding the (very serious) Threat and Post-Quantum Cryptography

Guest:

• Jennifer Fernick, Senor Staff Security Engineer and UTL, Google

Topics:

• Since one of us (!) doesn't have a PhD in quantum mechanics, could you explain what a quantum computer is and how do we know they are on a credible path towards being real threats to cryptography? How soon do we need to worry about this one?

• We've heard that quantum computers are more of a threat to asymmetric/public key crypto than symmetric crypto. First off, why? And second, what does this difference mean for defenders?

• Why (how) are we sure this is coming? Are we mitigating a threat that is perennially 10 years ahead and then vanishes due to some other broad technology change?

• What is a post-quantum algorithm anyway? If we're baking new key exchange crypto into our systems, how confident are we that we are going to be resistant to both quantum and traditional cryptanalysis?

• Why does NIST think it's time to be doing the PQC thing now? Where is the rest of the industry on this evolution?

• How can a person tell the difference here between reality and snakeoil? I think Anton and I both responded to your initial email with a heavy dose of skepticism, and probably more skepticism than it deserved, so you get the rare on-air apology from both of us!

Resources:

• Securing tomorrow today: Why Google now protects its internal communications from quantum threats

• How Google is preparing for a post-quantum world

• NIST PQC standards

• PQ Crypto conferences

• "Quantum Computation & Quantum Information" by Nielsen & Chuang book

• "Quantum Computing Since Democritus" by Scott Aaronson book

• EP154 Mike Schiffman: from Blueboxing to LLMs via Network Security at Google