 Gweithio'r gweithio Chris Chaplin, ynghylch yn ymgyrch, ynghylch yn cyfathol cyllidol Cymru yn y UK. Rwy'n fawr i'n ddweud y ffordd y Lennu'n Gweithrebu, i'r ffordd yng Nghymru, effeithi'n gweithio'n gweithio'n gweithio gyda'r cyflugur ar Eisteddfodol yn Oeston, Llanelli, mae'n fawr i'n cael ei hollol. Mae fawr, mae'n rhan ydych chi'n gweithio'n gweithio, sy'n deall y trafodaeth na yn anonio ar gyfysgol ychydig nhw'n ddweud. Rydyn ni'n hi'n teimlo i'r gweithio'r gweithio'r adr空 yn y gwael hon. Rydyn ni'n drifiad o ddoch chi'r gweithio a'r adr gennu cysyllt ac hefyd yn anonio ar y gwneud shortened yma. Yn ni'n rhoi'r adrwyddo'r adrwyddo'r adrwyddo'r adrwyddo, gan y ffriddio chi'n rydyn ni, mae'r cyrraedd rhai gynoedd ym mai cypto. gynnwys. Come on, when we think about secure communications, really that's about protecting our data in some way and usually what we would use is encryption and authentication to protect our data and there's really things that we're trying to protect against. First of all, we're trying to protect our data against interception and the abuse that may follow from that. So for example, we don't want our communications between two secure end points to be in any way cyfnodiad o'r gwirthoedd, ac'r gwirthodd yn ychydig, fe yw peth yn gweithio'r informacon a'r cedlau amhlygau gwneud. Wyddech chi'n gweithio'n cefnod o'r parawd iawn, o'r adrodd y rhai, o'r cyfnod o'r cyfnod o'r adrodd mwynedd o'r cydlau amladau gwneud. Wyddech chi'n gweithio'r cyffredinol a mwyneddau, felly mae'r cydlau i bob yn eu bwysig i ôl a ymddangod hwn. O bwysig, yi'r enhygoel cyffsiadol, er oedd hyn yn gweithio ffordd, dweud'r data yn rheinsiadoedd ac yn cyffiwn gan ddiweddol i gaelodol am fynd ym hyd yn y ddiweddol i gaelodol a chyfrifio ar gyfer bod lle'r ipad hyn a'r ddiweddol i gaelodol i gaelodol i gaelodol i gaelodol. Rhaid, mae'n gweithio allan yn ddeud o'r unrhyw unrhyw gweithio ar y cyfnodol yw'r unrhyw trefiau ar gyfer y gwaith. Rydyn ni'n gweithio allan yn y web, mae'n gweithio allan yn ei gwirio unrhyw unrhyw htps-igol, oedd ydym ni'n gweithio allan, ond, dyma gwych yn ddechrau i'r unrhyw yma, yn y rhan o'r environment personal. We are moving on to the industrial environment We are seeing connected factories becoming far more common There is a big revolution that has been going on in the last few years on this As well, safety systems, machine automation, auditing and uptime These are all big requirements for the industrial communications and we use strong cryptography and state of the art authentication techniques to enable that Fi morua'i med Llwynt. You can imagine the amount of information that's available in medical environment so confidentiality of personal records and reports, the authentication of users and reliability of data is really important in those fields. And then in automotive as well, we're seeing, with the roll out of 5G, the connected vehicle becoming absolutely critical and the security around that is really important as well again. anti-theft tracking, safety systems, they all require a level of sophistication as far as authentication and encryption in order for those systems to work reliably. Now really there's a big challenge with anything to do with security and that's really keeping constant. Keeping constant is always a challenge and it's always a case that there's a natural conflict between the bad people and the good people as far as up-to-date software. We know that and we've seen that constantly across the industry. I think security is not something that you can say is ever done. It's a process that continues to happen. A system that's considered state-of-the-art and secure today may well in just a few months time be considered so badly vulnerable that it really can't be recommended for use and so we have this evolution of security that's constantly going and we can see that right the way back in time. I mean if you look at things such as Wi-Fi now Wi-Fi had an original encryption standard called WEP, wired equivalent privacy and the idea behind that was the privacy of that connection was so good that it was the equivalent of being a wired connection. Now of course we know today based on the research and intrusions that have happened in that time that WEP is completely broken and it's really trivial with today's tools in order to break that kind of encryption and so as I say it's a case of constantly needing to keep adapting and keeping up-to-date following what's happening in the industry and best practices to see exactly how we can ensure that this thing remains secure over the course of time. Now looking at the Linux kernel just in the libcrypto directory for example just taking a quick get log on here there's not loads of churn as we can see I mean there's not a great deal of active development going on at any particular moment in time but my point is that there is still change happening you know there's there's things that are being found you know maybe these aren't big things maybe these are more error checking and those kind of things but we're never quite done with security and so we need to take that into account when we're we're looking at security systems it's only as secure as someone keeping them up to date. Now when we're looking at cryptography one of the things that we can probably start with are the the different kinds of cryptography that we use and one of the most powerful things that's widely used is either public key cryptography or asymmetric cryptography. Now the great thing about public key asymmetric cryptography is that it relies on something that's mathematically very easy to do in one direction and very difficult to do in the opposite direction so for example in public key cryptography effectively you have two numbers we'll call them p and q these are large prime numbers that are calculated by a system and those are multiplied together to create a value the product of those terms n and so p and q the the prime numbers that that are multiplied together those are kept secret and those are known as the the private key and the the large number that's the result of multiplying the two together is given out as the public key and what's absolutely amazing I think about this particular technology is that we can give out the public key to anyone that we want and they have no mathematical way of of trivially being able to get back to the secret key so we can quite easily prove that we're the owner of a certain piece of information we can use this function to sign something and then someone at the other end can authenticate that that information indeed did come from us if they've got their their private uh their the public key that comes with that so as I say finding p and q um from n is very computationally difficult now when it comes to a very small number a very small prime then you can use a brute force method to to get this information and it can be quite straightforward but then um guessing you know up to bigger and bigger and much larger um prime numbers um very quickly that becomes pretty much impossible um with today's technology um in order to to derive that and to find that so finding n from p and q is very straightforward going the opposite direction is very difficult now one technology that that uses this uh is rsa um that's a very classic um technology for for public key crypto um and ecdsa um uses alternative approaches um using curves to to kind of link between public and and private keys but they'll work on a similar principle of of kind of one-way functions in order to get this um system up and running something that was really interesting was that the rsa that created the rsa asymmetric cryptography um algorithm they put together a factorising challenge now we know that smaller numbers um are easier to factorize um methodically than the larger numbers um and so they started in in 1991 um with a series of um of um outputs from the rsa algorithm and then they gave cash prizes for those people that could factorize them so as you can see on the on the table here they started off with the the smallest number uh rsa 100 not exactly small uh contained 330 binary digits 100 decimal digits and they're offering cash prizes that increased in in value depending on the the size of the rsa number so you can see the the different cash prizes that were offered um up to 200 000 dollars um for rsa 2048 so this um this started in 1991 and finished in 2007 and just looking through this list you can see um quite clearly that uh in 1991 and on April the first the the first um prime number was um or the first pair of prime numbers was successfully factorized um by by Lenz Trinco and you can see the same name is kind of working through some of these numbers throughout the the course of time and then you can see um as things progress as the numbers get bigger you know they can still be factorized but they take more and more time to do so now as you can see um the the cash prizes were were stopped in 2007 that hasn't stopped people continuing to work on this you can see uh dates in 2009 2010 2013 2018 um as we go up the um the factorizing um sizes for for different rsa keys and obviously that's because um it takes a lot more compute power uh it takes a lot more um energy to factorize these numbers and computers are increasing over time so our ability to uh to break these numbers continues to increase over time so looking at um this particular example um from Thorsten Kleining and and colleagues in 2009 they were able to break rsa 768 so 768 binary digit factorization now at that time in 2009 um their computation power was such that they were using a load of resources the equivalent of 2000 years of computing on a single 2.2 gigahertz AMD optoron um 2 to the 67 instructions to carry this out so even though it was possible to factorize rsa 768 um whenever that was 11 years ago um it took a lot of resources in order to do that now we are seeing Moore's law continuing to a certain extent maybe not at the rate it was before computer computing power and um the ability to do multicore processing does continue to a certain extent to rise over time but we can see that this is a problem that gets increasingly harder to do the larger the um the larger the number now taking into account the the rsa numbers here these 768 bit key for example now it's not the case that if you had a 1500 bit key um that that's twice as difficult to factorize no in actual fact every um every few bits or almost every bit of increase in the size of a factor increases the complexity by two so it's a binary representation so the larger the key gets the the exponentially larger almost exponentially larger it is as a challenge to factorize these things and so we can see over time um you know it used to be commonplace that people would have 1024 bit keys or maybe 512 bit keys a long time ago but really the the move is to to push up the the size because certainly these these keys are not considered you know the smaller keys are not considered to be safe at this time and that's what we see with cryptography we see um a constantly changing battlefield as new techniques come along as the increasing computing power becomes greater and it becomes more and more likely that these smaller key sizes are just not secure anymore now there is another way to factorize numbers back into their prime multiples and that is using an algorithm named after a mathematician Peter Shaw which he and his colleagues have come up with now the first part of this algorithm is a classical part it can be performed on a a pc on a server and that's really picking a random number computing a greatest common divisor and then checking to see if it's a non-trivial factor the the second part as well the the second step sorry the third step can also be performed on a classical computer checks to see if it was odd and does some other maths and then finds out whether the the answers are a non-trivial sorry um factors of n and so we're done on that but the middle piece of this is quite interesting and that uses um something called a quantum period finding subroutine and this requires a quantum computer in order to achieve this now the complexity of the quantum computer required in order to find this particular section of the the factorization it goes up in complexity deciding uh depending on the the size of the factor that it's trying to find so that kind of begs the question how are we doing with the factorization of prime numbers using quantum computers well that's um really um quite interesting and we'll look back in time first of all so in 2001 um a quantum computer was of yeah the the top quantum computer was able to factorize 15 into 3 times 5 so something that we would see see as pretty trivial on a um on a pc today or in fact at any time in 2012 um there was some progress made um the factorization 21 and 143 were also um achieved 2014 you can see the numbers are starting to get a tiny bit bigger still pretty trivial for today's machines 2016 again an important um improvement but something that's really rather a small number compared to the size of numbers that we're talking about with 1024 2048 bit keys so 2017 2018 ibm intel and google each reported testing quantum computers containing um up to 72 qubits and a qubit is a measure of the the sophistication and the capacity of a quantum computer now quantum computers aren't things where you can have two quantum computers side by side to double the the capacity this all needs to be in in one um one single unit and then 2019 um ibm launched a um another computer as well um for 20 qubits as well so at the moment we're quite a way away um from the the sophistication of something that could break a even 1024 bit key so 1024 bit key is predicted would take about 2000 qubits of um of quantum compute performance in order to be able to crack so compared to the the 72 qubits um from from google um there's still a way to go on that so when looking at this kind of challenge um the question is when would should we start to worry you know should we start to worry at all and there's different opinions on on this so as you would imagine dr mark jackson um a theoretical physicist suggested a few years ago now that we could be five years away um they've got the source for that as well what I found very interesting is the nsa in some of their documentation on um on quantum computing have suggested that they're moving away um from technologies that could be defeated by quantum computers and they suggest that this might arise within the couple of decades and so for their new technology that's coming in they put requirements on on their vendors to be able um to um be quantum secure now uh in ready for for a few decades time as you probably know military equipment as well as industrial equipment can be around for for several decades and so they're looking now at that being a potential risk okay so let's bound this a bit more so as you are aware there's different types of secret and there's different types of information that we're trying to protect so some data are only going to have short term value so for example a session cookie for an online banking session that's something that expires you know with a pretty short time window of maybe you're less than an hour for example yeah the password from a token generator again something that may only last a couple of minutes you know before um it's no longer able to be used um predictions for financial markets a daily rotated key all these kind of things may necessarily only have short term value so when we're looking at timescale such as five years or 20 years yeah maybe these are not the things that we really need to be concerned about now as far as um encryption being broken but then if we look at other things such as medical records yeah the credentials of bitcoin wallets that that may be encrypted and put somewhere maybe not quite safe enough um username and passwords social security numbers there is certain types of secret um that may will have um a lot more long term value yeah maybe some of these um these bits of of information may will have extremely long term value such as those that the NSA perhaps worried about protecting in the longer term as you can see here um private crypto keys as well as all other kinds of things so i think it is important to differentiate between the types of secret that we may wish to be protecting against so how seriously should we take the threat of quantum computing well certainly i've i've drawn a graph here to try and indicate my thoughts on this i've got the the lifespan of a product in in years and then the longevity of the the value of the data um in in years on the on the bottom graph here so if we've got a um a product that is going to be in the lifespan of the market for a long time 10 20 years maybe some industrial products and the longevity of the value of the data um is also um pretty high then we're really in a system where we should probably go to market with quantum secure cryptography there's an uncertainty period as you can see here um and then a device that's either very short in the market um or has data and has data that doesn't have any real longevity of value um that's something that we can certainly use traditional cryptography with confidence um as as it is today um and so depending on the kinds of data and the length that a product is in the market for we have different ideas as to how worried we need to potentially be depending on whether we believe the the five-year mark or the 20-year mark as far as uh quantum cryptography um goes so the question really becomes what do we do with products that are falling right in the middle of that range now two approaches can be taken so we can first of all implement post quantum algorithms today there's certainly a series of algorithms that will will briefly touch over and decide on the most likely algorithm yeah looking forwards um looking for the information that we have today which is the most likely algorithm to have longevity over the the lifetime of the product so that's something that you could certainly do there's lots of research going on into this area um and that's something that you would need to to look at if you're worried about quantum being a threat the other idea and probably something that happens more um more frequently is that you could go to the market with traditional security the security that we're all um familiar with um ecdsa for example with different curves and then the aim would be that if and when quantum does become a threat yeah maybe it does maybe it doesn't but in the future then we can use a field update um to update the product um you know cross that bridge when it comes to it as far as um quantum security requirements are concerned and become more tangible as an issue and the trouble with going to market with a quantum secure algorithm is really um one of time i think um now traditional cryptography is really well understood and it's really been um studied in great detail by mathematicians um over the years things have um evolved over time um such a diffie helmet key exchange rsa ecdsa with different curves these have all been um a very slow evolution that's been very carefully um controlled and looked at by researchers and so there are newer standards um that are considered to be quantum safe but really safety is only something that can be um defined over a period of time and as you know today we don't actually have quantum um computers that are of sufficient um sophistication to break um traditional cryptography and so there may will need to be some changes um made in in the future so really yeah taking back that original argument i had about um about security over time we don't know quite enough about these new standards to really um have them proven in use you know there could be potentially other things that we've not yet thought of um that could cause um you know these different kinds of cryptography to be um less secure than we we first expect so we should be really cautious as we should do with everything to do with security and um encryption just to make sure that these things have been extremely well tested and they are you know they're going through a lot of research and a lot of um standards are being developed as we speak and there's lots of standards that we can choose from as far as um post quantum secure cryptography are concerned another really important consideration is that of the the cpu performance as we know um symmetric cryptography functions such as as aes have been around for for quite a long time and so what's happened over the years is that the the vendors of different cpus across the the industry from from arm intel power spark amd you'll look at all of those architectures and the developers have created cryptographic extensions to the instruction set specifically to speed up these kinds of instructions and so within the instruction set of the devices we already have these building blocks now if we move to um a different kind of cryptography as we have with um with current cpu technology we wouldn't necessarily be able to use those same crypto building blocks in order to um accelerate those functions now this could be um a challenge when it comes to to some of these standards because we would take um effectively a a performance hit so this could be um an inability to uh at runtime have the same kind of bandwidth of encryption that we were expecting with um with previous traditional if you like um cryptography cryptographic functions or it could well be that the the cpu performance would be degraded and we wouldn't be able to do so many other things um at the same time simply because it would take um a proportion more of the cpu's performance in order to adapt to using these different um cryptographic techniques so how do we really cope um with deciding how algorithms should be implemented when the standards effectively could be changing over the lifetime of the product this is a challenge that um quite often happens you know standards are evolving we don't wait until all the standards are are set for for every aspect of design prior to needing to ship a product now as i said traditional cpu use are are fantastic at accelerating current cryptographic standards you know those standards have been around a while um a lot of them are based around matrix manipulation and so the the hardware features required to to really perform a good job um across those devices have been in dedicated hardware and there's there's compiler support for those um and that's been pretty mature over the years but if the device is in the field you know it's out in production it's out with with your customers and you need to move to a new standard you know be that um a quantum secure standard be that a change um based on a new vulnerabilities that found you could effectively come across a bit of a challenge um and it could well be that the existing acceleration the existing instruction sets which are absolutely essential to to run out speed and to continue the performance of your device they may no longer be used in this new change that you make to your system you know odds are good that they would be able to be used you know if you've got a a bug in the Linux kernel that is addressed based on a vulnerability then continue to use you know the standard crypto functions but thinking long term ahead you know what could the the challenges involve on there so how do you adapt to acceleration to tomorrow's needs when we're designing today i mean we don't know what tomorrow's going to bring really you know we've got a good idea but then looking further ahead standards evolve um accelerators may need to change you know especially if we'd make a big leap into a new form of cryptography sometime in the future now when it comes to an evolving standard when it comes to things changing that require hardware acceleration over time um quite often programmable logic can be an ideal solution we already have programmable CPUs yeah we can change the instruction set to the CPU or we can change the instructions given into the CPU by compiling new code programmable logic takes that a step further and that allows us to build accelerators that can change over the lifetime of the product as well so programmable logic can be very scalable there's there's lots of different places that can be used and a small um the small little rectangle here on a point one inch matrix board here is a discreet FPGA that could be integrated into a system to complement the processor that you got in your design so that could potentially take some some lightweight tasks uh offer the processor to to remove performance bottlenecks from that in addition to that um there are integrated devices from from all the major vendors that that provide FPGA designs some of these have got arm cortex cores for example in them um i think this device has got a dual cortex A9 there's also you know larger devices from from the the major vendors for FPGAs out there and the idea behind these devices is you have both um a programmable um logic device as well as a complete um SOC all in the same package and so the idea behind that is that when you take your accelerators for example a crypto accelerator you could start off using the AES engine in this this cortex A9 for example but should the performance requirements change over time maybe you're moving to a new crypto standard as as we've suggested and then you could potentially move that function into the programmable logic you know take a an an open cores core um offer the shelf for that at the time when the technology exists and then integrate that into your design you know give a new update to the design and move on with that and then when we're talking about the real heavy lifting the the data applications i'm working a lot with very high speed ethernet interfaces for example then there's scalable solutions again from all vendors out there that support FPGAs to provide PCI express connections to a server or so on to really have a high throughput of connection so for example if you're trying to encrypt data on a 10 gig or you know even faster ethernet link the likelihood is it will take up so much processing power on your on your server that yeah you'll need to offload that work and so we have and others have classes of FPGAs that would suit that kind of environment as well so the questions are often asked and rightly so what if we don't really believe that quantum computers are a tangible threat i mean we we see all the time press releases about um a new quantum computer coming out that has a certain level of sophistication we hear scare stories about quantum breaking crypto but it always seems to be you know no matter when you listen to to arguments and and researchers about quantum computers you know being a threat to crypto it's always five years away and it's been five years away for for many years now and so evidently and arguably the early predictions haven't necessarily come to become true so if in a situation that every year it's five years away you may be of the opinion rightly so that this is not something that you need to worry about and only time will tell really if that's the case so why don't we make a bit of a change here because i've been talking about um crypto based on um on quantum secureness but what if it's not the only scenario in which your crypto needs to change maybe in a fundamental way yeah we've been talking about the bad guys breaking crypto you know arguably some some state has got access to technology and your customers um are trying to protect their technology against there but why don't we get rid of talking about the bad guys and get rid of talking about breaking crypto then make some different changes see if that changes any of the concerns that we might have on on this system so what if i changed it to um a nation state instead of the bad guys now i'm not saying that nation states are bad guys you know far from it in many cases but what if the government decides and that they might want to ban the crypto that you're currently using your device you know maybe this is another technique that we need to to think about and mitigate throughout the lifetime um of our systems and what do you do in that situation you know what what are the mitigating techniques that we can have if we predict that that may will be a problem so this is a um North American conference let's take North America as an example first of all now William Barr is the the US Attorney General um and he um had a very interesting yeah was was part of a very interesting seminar on encryption technology and law enforcement uh in 2019 last year i do recommend that you take a look at this um this particular speech that he gave as it's really gives an insight as to the thinking and the the challenges that the governments across the world have and he was talking specifically about the the right to privacy um now we're we're very keen as as individuals to um to maintain the fourth amendment in the US and have a right to to privacy um and he's talking about the the interpretation of that according to the um to the US Attorney General and that really is about privacy not being absolute so the challenge that the US have along with other other governments around the world is that there's certain circumstances where yeah with due legal process and so on um the the law enforcement agencies require access um to information that is considered to be private and he says that the fourth amendment strikes this balance between the rights for conducting their affairs in private but also the ability for law enforcement to investigate criminal activity and he gives examples of um you know being able to gain a search warrant and then enter someone's home you know the home is a private place but there is the ability for with due process the the law to take over on this and be able to encroach on that privacy over time now you may wonder what this has got to do with encryption um the the interesting thing about encryption is that mathematics doesn't change depending on whether you have a search warrant or not and so really there's a challenge that the the governments around the world are seeing as far as the implementation of the technology that we have today and then their ability to to cause that to become circumvented in the future and yeah whilst we like that um from a privacy perspective you know we we have a feeling that privacy is absolute it's interesting to see the other side of the coins and see the challenges that law enforcements around the world are having on these so if we take this uh into the the worldwide stage there's been quite a lot of um of public press around facebook uh and facebook's um proposal to implement end-to-end encryption encryption across its mass messaging platform so obviously this is the use of a strong cryptography using current standards in order to do this and um there was a there's an open letter from Pretty Patel in the UK, William Barr who we've just spoken from the Attorney General, Kevin McCallan and Peter Dutton in Australia and they have put together an open letter to facebook from from the the UK, US and Australian governments proposing really that facebook don't implement this and this sounds really bizarre from a first thought that you wouldn't want to have strong encryption uh on personal messages to messages their argument is around the ability for for automated processes to to search for criminal activity they use examples um of child protection schemes and so on um that are using these automated techniques and really end-to-end encryption across facebook's messaging platforms will prevent um the um authorities from being able to perform this kind of encryption as I said it's great for the end user to have a knowledge that end-to-end encryption um is you know so robust that governments are concerned about it you know that that gives a certain sense of um of of happiness as far as you know knowing that our communications are private um but this does mean that policymakers and decision makers are really looking at ways of being able to mitigate this from a law enforcement perspective now it's not just the attorneys generals that are getting in on the action in making proposals and concerns as far as end-to-end encryption and unbreakable current encryption there's a very interesting paper um from Ian Levi and and Crispin Robinson um around encryption and these uh these people are from the the gchq in the uk the government communication headquarters and they were really talking about a proposal you know for further debate um of course it got um debunked um or or strongly opposed from from others um on proposal but they were talking about the the challenges around um messaging protocols you know end-to-end encrypted messaging such as as whatsapp and and how technology could be used uh and proposed by um law enforcement and governments in order to be able to um intercept and um understand what's going on in a completely encrypted trap chat channel um in the case that there's a uh a law a warrant uh for information and the suspicion that a crime is being committed and so they were recommending a protocol that's been coined the ghost protocol and the idea behind that is that with a warrant um law enforcement could um work with the service provider such as whatsapp or facebook messenger or so on and then silently add an additional party to a call or to a group chat and so there'd be this invisible additional member to the chat that's actually law enforcement and so um the way that group chat works is that um any member of the group can decrypt the conversation and so this would require changes to um the the user application and the the api and the encryption methods that are being used for these group chats but that would enable um end-to-end encryption um for bad guys if you like um on the outside being able to intercept over the isps the chat but also the ability for law enforcement agencies to um intercept when they have a search warrant to do that that's important to state that this only really works for um encrypted chat channels that um are actually owned and managed by a company such as whatsapp or facebook messenger this this doesn't in any way have an ability to intercept um complete open source end-to-end encryption um technologies that that don't rely on on a service provider and the governments are are well aware of this situation yeah the the horse has already bolted um the barn there's there's no way to to put control over cryptography you know people can use whichever encryption technique that they they want but when it comes to a commercial service there's certainly things that they can do and some of the arguments over this still being useful is around you know the protection of miners for example you know um a lot of kids are using commercial um messaging platforms such as the messaging in in tiktok or um facebook or you know various other groups like whatsapp and these are all commercial platforms and so if people or criminals are trying to um get hold of information on those platforms they don't have a choice you know they're using those platforms and the idea behind the government's requirements are to be able to intercept traffic you know on those platforms you know they they know that they will never be able to get 100 coverage of all systems but that doesn't stop them wanting and and proposing to try for for those that can be controlled by by policy and by law so maybe that's a bit of a deviation from the the quantum secure side of things um but it's kind of along the same lines if you think about it it's all about the uncertainty of crypto in the long term now we're all generating systems that we hope will be successful um in the market and hopefully be around for a long time and so going back going back to my my previous diagram of worry as as I put it um as far as the longevity of data and the lifespan of the product it really still does fit in you know based on you know what happens if there's um quantum secure um crypto um or is required to be to be retrofitted or indeed if policies change uh that require a change in standards based on on new legal frameworks so I'd ask you to question the importance of security of your customers not only in getting the product out the door um obviously that's the the first thing that we focus on we need to have a working product it needs to be working at performance but also look at the lifetime of your product um certainly your your product needs to be updatable uh in a software system uh that's usually the case even when it comes to firmware on products it's important to have an update mechanism in order to update your firmware once the product has been all um been launched but also the customer's data over the entire lifetime of your product data with a long term value needs to be protected more urgently if you've got someone that's going to be using your products with medical data social security numbers things that will hold long term value then really we we look at the longevity of the data value over years and really we're in a place where we need to be concerned about that longevity of data in the case of a quantum um you know future where we could potentially have nation states first of all um but also powerful individuals having access to this kind of technology potentially in the future data with shorter term value that may will be safe today i mean i'm not suggesting that you need to protect a a short term cookie that that has a you know a few tens of minutes of lifetime yeah with the same value of urgency as as longer term value but in the future um you may need to have um changes in the steps to your product in securing that um securing that data integrating devices that have programmable logic in them is devices such as FPGAs can help you have more capacity in the future to adapt to change now it could well be that um you may already need some um some hardware custom logic yeah based on the hardware side of your design but integrating that in such a way that you could potentially use that as an accelerator in the future that gives you a bit of flexibility yeah something that needs to be designed up front yeah sometimes it's not always possible and sometimes it will add cost to your product so that these are things that shouldn't be taken lightly but looking to have that um future flexibility to update in the future as standards change as new technologies come out that may will not be suitable um directly to be running on your cpu um using a technology such as an FPGA could potentially give you some slack in order to to be able to adapt in the future so i hope you found that useful um i'm going to switch screens now and have a look at any of the q&a that may have come in during the presentation so bear with me for a moment i'll just read through those and i'll see if there's any that i can address in the few minutes that we have remaining okay have a look at some of the questions now let's have a look here uh i guess a few logistical questions first of all so anju is asking about the the slides i will share them on the the shed so i'll get that sorted after this presentation um and victor was asking about um whether this is going to be on demand at some point i guess that's a question for the foundation uh previous years there have been um on demand versions um sometime after the event um so i know all of these are being recorded so my understanding is that that we are going to have that available uh looking through now um question from paolo paolo um what kind of encryption has the greatest strength to become the next post quantum encryption standard maybe lattice i think that's a an interesting question um as as i showed on the slide there's there's a number of different um standards out there that that are being looked at um lattice being one of them along with some others it's really hard to tell um which one's going to make it as the the standards or the the recommended standards for quantum secure um i think a lot of them have some potentials right now but as i said earlier in the presentation um it's not really until quite a lot of time has gone past that that we see certain vulnerabilities in some cases um i'm not suggesting that there are any i don't know um but it it could probably be that that um could take some out of the running or or not i was talking to a um a senior security architect as a a multinational um quite large multinational um late last week um asking a similar question you know when do we expect there to be standards for um for this kind of um technology and his thoughts were around 2025 you know that's when when they were planning on on having um an expectation that there'd be some real standards on on quantum secure so we're probably it seems like five years as a magic number but we seem to be five years out for for that kind of thing and so he was talking a lot about the ability to be crypto agile so crypto agility is important certainly in the next five years as they um as we move towards having a standard i've got a question here from loran do you think do you really think that we'll break cryptography in five years time i mean really um well it's hard to tell i mean as i say it's probably been at least five years since someone said um the crypto could be broken in five years time um we saw the nsa guidance of of one or two decades and maybe that's more um of a realistic number i'm not sure but i think it's quite telling not only hearing people in the press talking about this but looking at the requirements of customers that they build new designs and so talking about that nsa um scenario that i had in a previous slide looking at their contractor requirements uh as i mentioned that is now specifying some post quantum um secure algorithms and so if the nsa is asking their contractors to look at it then that's another data source that we can use to to suggest that um you know this this could be on the horizon at least for longer term got a question from victor about signal um i guess one of the i guess that's around the the messaging side of things so signal is a great example of the the horse having bolted the door um so signal is is open source it's available on all platforms and so you can have um true um cryptographically secure connections with open source behind that um and not really be at the beckon call of a particular government you know banning a commercial product um and so i think talking to the the gch cube papers as well as um some others there's an acknowledgement that certain scenarios exist where strong crypto will always be available um you know regardless of what policies a government has and let's face it a criminal is not going to um necessarily follow the law when it comes to you know banning of certain technologies you know that's that's not how they work but i think um a lot of the conversations that are going on right now are really about um policies and what can be done um and you know what do governments want to do and so signal would be ruled out of that kind of thing i mean i guess apple could ban it um under the duress of the government but certainly any ability to sideload or use it on the desktop pc you're never going to be able to stop that you know not without some major infrastructure changes at least thanks palo for the for the response back there um let's just see if there are any others um yeah i had Kate with a similar question how can governments change crypto when the software is already out hopefully i've covered that okay um yep i'll um i'll i'll be sure to um to join the slack channel as well um and i'll send the responses of the message out in there um so look forward to seeing you on the embedded Linux track um on slack thank you everyone for your time um i hope you enjoyed it um and looking forward to hopefully presenting with you again sometime soon thank you