 Thank you for coming to the last session I think of this room and happy to see all of you here. We're gonna try to give you a motivating talk on what you can do to protect yourself from a threat that is coming up and I think one of the things we need to do also is to kind of motivate the threat. So we have you 35 minutes with the best we can and there's a little bit of a demo also at some point. So quick introduction. So this is my colleague Paul Schreiber and Max. We're both at IBM. We're part of the open quantum team which I lead and we do more than quantum safe. So we also work actually Paul did a lot of work on quantum middleware which is a product that IBM released. We have team members that work on Qiskit and then of course we worked on quantum safe and I have various things that I do related to quantum safe so I'll mention them as we go along. I'm usually with a camera so I'm an avid photographer and I think what did you say you but yeah I was a history major at one point and used to play cards. Okay so don't play with him. He might beat you. You know so takes us hold them I think. Okay so the talk has really three parts to it. The first part is to try to explain quantum computing. It's not an easy task so I'll do the best that I can. It's complicated but it works and it's how nature works so I'll leave it at that and we'll get into it a little bit more detail. Then we'll try to motivate the quantum threat which is the important piece and what we're doing about that as a community as a world scientist and so on and then we'll get into Kubernetes not only the threat for Kubernetes but specifically giving you a use case of where in the big Kubernetes stack that we need to sort of address things. So three parts. I'll do the first two parts and then Paul will do the last but it's also where he's gonna do a demo and so on so I'll give you as much time as possible. Okay so let's get into it. So what is quantum computing? So instead of answering that question this way maybe a better thing to answer is to say that there are different models of computing. There's digital computing that we know today. There's even biological computing where you use biology to make some computation and then there's of course quantum computing and there could be more. And why do we need so many models? Well the digital computer worked extremely well. It's all based on a model of computing that is essentially a truing machine. If you go into the theory of it and without boring you and probably most of you know what ends up happening is that there are problems that digital computers are fantastic at and we all carry you know I guess Apple Steve Draw was famous to say that we all have a super computer in our pocket and it's very very powerful. But there are problems that computers just cannot solve you know and I guess in some ways you could say in more theoretical ways to say it is that there are problems where you can find efficient algorithm to solve and then there are problems where there is no known efficient algorithm. So these are like sort of the so-called NP hard problems and there's lots of theory behind this and we won't get into it. But the interesting thing is quantum computing because it's such a different type of computing the problems that are NP hard for instance some of them you can actually solve super efficiently with a quantum computer and there are various examples of this and we'll get into at least one specific one. So that's maybe the important thing is that a different style of computing means that you have now all of a sudden the ability to solve some problems much faster. And when we're talking faster we're not talking 2x we're talking orders of magnitude faster. So that's the important thing. So why is that? Why quantum computers have the ability to solve some problems so much better than other problems? What has to do in many ways with the fact that we're using the properties of you know the small quantum mechanics to create a computational model that is different and the classic way to understand this and I'll try to motivate it briefly for you is that in regular computing when you're building let's say I don't know how many people did computer engineering but when you start in computer engineering you build a adder you know so basically adding two numbers and you have a bit another bit and you can add them and you can build a circuit very easily to add. With that you can keep building and build a processor and then you can keep adding and so on. But fundamentally your entire computing system including these supercomputers in our pockets are dealing with bits. So every piece of your computation whether it's the processor or it's the instruction to the processor the data it's all included with zeros and ones so bits and the bits are either zeros or one. In a quantum world we deal with this thing called a qubit and that has direct it corresponds directly with how quantum mechanics or at least you know how nature works in the small where the qubit is sort of this both state of zero and one at the same time and you resolve that state by observing it. So you know in quantum mechanics they tell you tell me what you want to observe and I'll tell you what it is so you observe and then you get the response. Of course that would be okay if there wasn't other parts that were more interesting to it so you can imagine if you had you know a set of qubits and you were to build an adder just to give it simple then instead of adding two numbers at a time you'd be adding eight numbers at a time because you have two states. So when you start thinking of building a computer let's say in a classical way but let's say with qubits then you have the response to two to the number of qubits okay so briefly to kind of understand. Now if it was just that it would be interesting but you would have all kinds of other problems because in qubits at least when you know even the ones that we can build right now they tend to be noisy so you have issues with that. So in addition to super position you have issues with noise because they're not perfect but there's also another thing that qubits have that is kind of almost crazily you know to explain but I'll try to explain it to you. So I have my colleague here Alex who's a gambler he likes to to gamble a bit so if we imagine that we both had a qubit so I have a qubit Alex has a qubit obviously if we observe it mine could be zero and Alex observes his it could be one so that's a qubit so imagine it was a coin so we flip the coin look at the results zero one just by observing. Imagine if I do something else to those coins so those two qubit coins if I entangle them which is another property of quantum mechanics so you can actually entangle stuff and this is it's gonna sound weird but it works and people have tried this many times Einstein himself didn't believe in it but it's true it actually works that way so sorry professor Einstein. So if we entangled so Alex has a coin I have a coin and we entangle and we flip I observe tail it's guaranteed that Alex's coin will be tail as well and if I observe head it would be the same so entanglement forces qubits to be the same way so when you look at superposition and entanglement and the fact that you can actually entangle qubits the way you want so you can force certain results so that's where it becomes super interesting so in the middle piece we show you a circuit so this has been known for a while in terms of the theory behind it quantum information theory where people can actually start building computer computation engine with qubits with those three properties that I mentioned okay superposition entanglement and the fact that there's errors but you can correct some of these errors so over the past 30 years there's been tons of algorithms built with quantum computers even though we don't have quantum computers as big as necessary to run some of those algorithms so this is the important piece so there are small ones and IBM right now as 127 qubits that we sell there's a small startup I forgot where but they announced that they had a thousand qubit computer quantum computer Google has I think also a hundred qubits so these things are happening and they are moving quite fast so the projection for these quantum computers to have more and more qubits is is not exponentially going but it's going in a really interesting pace it's it's definitely not linear so why is that important well that's important because there are existing algorithms that were invented 30 years ago such as Shor's algorithm that solve problems that classical computers would take years millions of years to solve such as for instance breaking encryption and we'll get into how that works a little bit more at least a little bit more details about it and and also why it's a threat okay so that's a known algorithm that has that was created 30 years ago at Berkeley Shor was a graduate student there he gave a talk he's now a professor at MIT and he gave a talk recently less than a month ago and apparently some of his students found a way to even improve on his algorithm so you can get even closer to linear breaking of encryption so why is it breaking it we'll get into it a little bit more because I want to explain to you the quantum safe aspect so what are people doing to deal with this now the other thing I need to mention to you is that in addition to Shor's algorithms there's a lot more algorithms that it's been created since so for instance there is Grover's algorithm to actually make search you know essentially orders of magnitude faster if you have a set of data and you need to search so there's tons of algorithms being created daily to improve now all of them assume that you're building quantum circuit and you're executing it so that means that you have all those qubits available in theory you know you could do it but those actual computers don't necessarily exist there are things that people are doing also to try to solve these issues and we can get into it a little bit more so what's the quantum threat right so Shor's algorithm is definitely one one part of it but what is the threat so what is you know encryption I guess the primer if you may on modern encryption it out it all has to do with a very simple problem that you can I guess execute in one direction but it's extremely hard in another direction so pretty much all encryption are based on this so there's different kinds of encryption but the most common one that we use right now which is RSA or at least asymmetric keys encryption it's all fundamentally based on a part of math essentially number theory where you can find greatest common factors of numbers so imagine you have a very large number and I told you give me two numbers when you multiply those two numbers you'll find that first number turns out to be an extremely hard problem to solve no known algorithms in classical computers can solve especially when you have very large prime numbers in anything but exponential time so that's why for instance they tell you use 124 bit keys because these are the very large number that you're starting with and because you when you generate your RSA keys you get two to two known numbers they tell you keep one private keep them private but share the public one which is the multiplication of those two numbers it's because it's super hard for somebody with the public number to guess the first two almost impossible so p and q very hard to guess if you know the result the resulting number but with a quantum computer you can actually do this extremely fast the reason for this has to do and I won't get in too much detail but if you have questions we can try to get into it a little bit more it has to do with the fact that when you have any number you can find essentially you can make a guess of let's say another number and multiply it by itself so that same number and get to you know a resulting sequence of numbers that will actually repeat themselves okay so if you if you go deep into part of the math you'll see that there is some repetition and the magic of shore's algorithm is the fact that he was able to use and they invented this before the algorithm shores at Berkeley QFT which is essentially Fourier transforms but in quantum so QFT meaning quantum Fourier transforms so once you have repeating stuff you can apply Fourier transform to find part of the repeating sequences so that's kind of a intuition intuition maybe to to let you know so what are people have been doing so obviously we've known this problem for 30 years it's been proven that you know the algorithms correct but so what have we done so in the past I guess you know 10 years people have looked into solving these but why do we need to solve it what like why is it a threat because quantum computers maybe will come you know big enough to be able to run shores algorithm and let's say 10 years so why should you care today well you should care today because there are lots of probably bad actors I guess there is they exist all over the world probably in this womb that will harvest the data and decrypt later so the idea is that there is a huge amount of data that have life cycle that are longer than let's say today so think of like for instance a human being leaves maybe 80 years depending on which country and many reasons but your personal information like say your social security number in the US is extremely important information so if I share that with a website you'd hope that they would keep that data for a long time and they would encrypt it in such a way that nobody would have access to it except for you know a need to know and you can imagine government has secrets that they don't want to have public for years so this is the kind of data and banks for instance have that kind of information so it's information that you care not to share for a long period of time but if you know that you could decrypt it in two years then you can start harvesting all that data so that's the key threat okay so what have people been doing we've looked at different part of math to create new algorithms a lot of this has to do with something called lattice math it's abstract algebra it's actually not difficult to explain but I'll skip that explanation just to give Paul enough time but there's a whole set of algorithms that have been created and to give you a hint to give you maybe a concrete thing that you can do if you interested in this is we at IBM and I guess shameless plug we created a course this is part of my team it's free it's not open source but it's free in a sense that you can use it we're trying to make it open source so give us feedback if you want it open source and it goes into not only give you a primer of encryption but also these post quantum encryption including lattice algorithms and it's free so I would encourage you to check it out there's also tons of live examples and Python so if you if you like to write some codes you can just do it live on the course itself and we are working on a badge so we don't have a badge yet but we'll have a badge so so the government obviously us and I think government's across the world they've been worried about this problem for years and what they've done is to make a call to proposal of different new algorithms and this is part of the timeline that happened with NIST and you can see very recently the we the competition entered a final phase where the algorithms that were chosen the four that we listed here these are the the ones that I mentioned are based on lattice so for all of these there is actual implementations right now on the web I was at the in Washington DC last week and we were discussing some of those implementation including some from Amazon has a few and open source and so does sandbox a queue which came from Google and obviously at IBM we have that too and tons of other companies so there is a bunch of different efforts going on so this is for encrypting but also for digital signatures yes so very quickly other things that we're doing and Paul is gonna give you a live demo but we also have a effort going on to build a foundation for code that's gonna help Linux become quantum safe a big part of that is open quantum safe that actually came from the University of Waterloo in Canada professor Doug Stabila and his team have created and we've contributed to this also it's all open source to help you have common libraries where you can change things like SSH TLS and other tools and we're trying to build a foundation links foundation to include all of this so this is also coming another big piece of work that we've done is C bomb which is an extension to S bomb that will allow you as an enterprise or an organization to understand part of your infrastructure and your deployment where do you need to change things and then finally let me pass it to to Paul and we'll have some time at the end for questions so Paul will talk about how we can what we can do to protect Kubernetes but so how do we protect Kubernetes how do we make our application safe and the most basic the kind of question we need to ask is where we need to be secure so we're running an app in Kubernetes and it's pretty simple got a client it's gonna make a request to a server so we just secure that connection and we can do that today with TLS so we just need to use quantum safe algorithms we have those so what does that look like so we're just gonna run a curl connect to a server and what we're gonna see happen here is I put my mouse on the right screen there we go we looked we have our SSL connection here using the Kyber algorithm we use the lithium for our key signing that's a quantum safe connection easy enough right except it's not quite that simple because this is not what an app running in Kubernetes looks like there's a whole lot more parts we need to kind of talk about here a little bit first your client may not be correctly connecting directly to your server whoops helps to use the right oops well even if you're sorry if even if you were correcting directly how did we build a curl that can use quantum safe well first we had to build open SSL that could use these new algorithms today you can't do that no open SL it's coming but I think the next release it'll be there but it's not there yet so you have to build from source then you have to build live OQS that's the API interface to use these new algorithms then you build the provider then you build curl with a patched in way to use this new curve and then you can make your connection so that's a lot of work to just even a simple client server connection and as I was saying even a simple client server connection isn't necessarily a simple client server connection if we're using some kind of network service they were using a CDN like Akamai or Cloudflare well that's got to understand our quantum safe algorithms so we've got to make sure that that can read these algorithms our server you know we're not just this is kubernetes is kubecon right we're not just connecting to a VM or some server out in the cloud we're connecting to kubernetes which means we've got an ingress and a service and pods that have to understand all of these different pieces and this is the air of microservice we don't just have one service running we've got multiple ones so those have to be able to connect and we want to be really secure so we're going to use a service mesh like Istio that's got to do it and we're not just going to run in one cloud or one cluster we're multi-cloud we're hybrid cloud we're going to run on-prem so that connection's got to be secure and you know what maybe we want a VPN in place of it and maybe our cluster is running in a private network so that needs a VPN and this is just stuff in motion we got to encrypt at rest too right and we may not be using a database we might be using other services like object storage or s3 or a database as a service or multiple services and that's just the application what about kubernetes what about the control plane what about all the nodes that kubernetes runs on from the operating system the container run times all the way up that stack and then you know we probably should have a secure login as well so there's a whole lot of pieces that we have to make quantum safe so the question is where are we secured today I've got a helpful little graphic here I think there's green for where we're completely quantum safe and purple because of the weird color scheme in the templated deck for where we are partially quantum safe and the answer is not much there's been some work in some browsers to support these algorithms cloud flare has implemented the algorithms there's some work a little bit in the ingresses but in general we still have a lot of work to do so there's been some work done as I mentioned you know cloud flare has implemented these quantum safe algorithms the chrome browser has them there's been some work to get that implemented in go which we need for kubernetes open SSL open SSH and some of the operating systems have started to work that in but there's still a lot of work to do so what are our next steps here really three the first one is we need to discover where we're using cryptography you know I had a slide back there which was the best I could do after about a week of looking at it but I'm sure I missed stuff and please tell me where we missed it because we need to but we need inventory we need to know where we're using crypto what crypto we're using that's important that's that one has discovered then as any kind of good DevSecOps people we need to observe we have to stay informed about what's happening when a new vulnerabilities coming out what are the new standards so we need to observe we have to pay attention we have to know what's happening and then last we have to transform we have to be able to swap out our existing crypto for quantum safe crypto we have to be agile about it I like to use the example like y2k y2k you know we fixed that that was a whole lot of work we swapped out we went from two digits to four for years and we're good for you know ten thousand years but at a certain point we're gonna need some more digits there similar thing with cryptography when the next problem comes we can't assume there won't be a next one we don't want to have to do all of this work all over again so we need an agile way to be able to move across cryptography as new vulnerabilities arrives as new threats arise we need to be able to you know let's do the work once and make it easy to do it again as opposed to having to re go through this whole thing because as we saw it's quite a lot we got to do so with that you know please leave you back and I think we've got a little bit of time for questions yeah we have some time for questions oh thank you for coming yes well so first thing is that a lot of them you can actually use now for free to some extent so they are like IBM has I don't know like dozen all over the world and you can access them and part of the work that Paul did is quantum middle where you can access them in a serverless way so if you're interested in doing that for sure but of course there's some license where you know if you're making money you might have to get an agreement with IBM I think it's paid relatively cheap you know I don't want to say that the exact price if you want to buy one for yourself that's more expensive but if you just want to use time it's actually relatively cheap because at this point everybody's encouraging you know usage and and and you know most of the usage is research like students so it tends to be relatively cheap but buying one for you and there's some companies that we have that have you know like a you know a complete computer quantum computer at home in their side that's expensive and it's also expensive to run because to keep those qubits you have to keep them at a very low temperature almost close to absolute zero so that means you have cooling it's yeah it's expensive but there are there are startups that are doing you know in completely different approach and you don't need such expensive cooling so we'll see yeah yeah so I think yeah I believe the last estimate was you need about 10,000 qubits but it's really more whether or not the qubits are very error you know do they have a lot do they generate a lot of errors or are they like sort of pure qubits and because when when you have these qubits that potentially have a lot of errors then you need to do error correction which you know similar to Shannon's basic error correction for data so yeah sure yeah so it's thousands of logical qubits which you know would be ones would be error corrected but I think like the actual like the actual number you need including error mitigations like in the millions so it's quite a ways away I mean quite a ways meaning it's not happening tomorrow yeah but it by all assumptions it will happen soon but you have a number of qubits needed assuming that error correction doesn't get any better I think right now is in the millions but you know error corrections been getting better we've been able to make more qubits so those numbers are going to meet somewhere yeah I think the prediction is somewhere around 2030 2030 2030 from the current pace but then you know you get jumps right in in these so it used to be that you needed millions of qubits and then now it's more in the thousands so you know if it continues the other thing also to mention is that there's lots of other techniques that people have done to look at something called circuit split splitting and circuit splicing so let's say you needed a circuit that required you a hundred qubits but you don't have a hundred qubit computer you have let's say a 50 qubit computer you can split that circuit into multiple circuits and then execute that on smaller quantum computers so that's techniques that have been going on please I'm not sure exactly but I think it's in the thousands and you need to be able to entangle them yes because part of the way that shores algorithm work is that you basically have a set of in qubits and you entangle them to find those repeating numbers once you repeat notes you once you do this and you observe any of them you'll have the common factor that's repeating and then once you have that you're basically broken encryption and you know like I mentioned sure gave a talk at MIT literally like a month ago I think it's public MIT makes it public and you can look in there and then they mentioned that their students were improving on it already so you can imagine right tons of improvements yeah sure these new algorithms yeah yeah so last week I was at in Washington DC and the deputy director somewhere at NIST came to give us a talk and yeah there they have labs set up to to try these obviously like anything else there could be problems you know you can prove a negative you can't prove that it will solve every problem that it couldn't be broken that it's incorrect and so on but these algorithms have been checked by many many experts all over the world especially the lattice space algorithms they all based on the problems that's actually pretty straight forward call I think simple vector it's it's the idea of like if you if I have two vectors and I build a lattice then I can depending on the vector I have final point in the lattice by combination linear combination of the vector but if you didn't know those two vectors then it's very very hard to find that point guessing the vectors and you know in two dimension we are a lattice here right like all the points here so if I took a vector that came like this and there and we can do linear combination to find these but that's two dimension in actual lattice encryption we're talking about thousands of dimensions you know difficult to imagine but the math is the same right so so the problem is hard that's the key so well they're they're deploying it basically they're testing it in the lab they're in right now they're in I think public comment on the standards and the standard is supposed to be published as I understand next year sometime so but they're in basically I think the drafts are out and it's just people are commenting on them but testing it also that's a key living image back on what max said about you know is it could be broken next time again which kind of underscores that need for crypto agility like we can't prove that nothing in the future is ever gonna break these things because that's just we can't do that but knowing that you know now you know it was when RSA came out in 1978 sure source auger was 1994 so there's like a 15 ish year period there where okay we're great we don't do anything we're fine we can just forget about this now but now that we have the example of this is broken or going to be broken we need to be able to fix it so the next time we need to be agile we need that that crypto agility so that if something does come up we've got all improvements in the algorithms I mean they're gonna get better as well so because you have to implement the algorithms right so the implementation could have problems in itself too right that's usually most of the issues yes yeah yeah well we so a member of my team worked on you know with IBM research to have a provider for open SSL and that means you should be able to build a TLS to to have it and then use kyber and start testing it today next version of open SSL they have a blog post it it's gonna take me forever to get to it but there's a blog post linked in here that if I don't go too far but the blog post is linked there for open SSL basically says like the next release it's coming out which is 32 beta so basically version 32 of open SSL will have the ability to select a quantum-safe crypto curve to use the other thing just I think worth mentioning is that they do recommend using hybrid algorithms so just in case there is a problem with implementation if you're going to implement this you don't just you don't want to be any worse off than you were so you still use RSA you're still just as safe as you are today you just added extra protection on top of that it's worth it kind of pointing that out maybe one last question if you are no ah sure anything that's using you know that's based on you know factory numbers so any encryption based on that yeah nobody asked about performance that's an issue too but anyway we can talk about it later because you know you should be worried you're gonna swap your encryption is it gonna make things slower you know sure no but thank you for coming and we'll be here so feel free to ping us and you know we have a bunch of references in the slides we're testing yeah no people are there's actually in the at the MITRE discussion last week we talked about maybe doing the I think MITRE does a flag call you know what is it called call for flag or anyways there's a competition to yeah to capture the flag sorry and we're gonna have some some quantum safe problems you know it's essentially and then start getting people to test it it's gonna take probably a year or two to start deploying it and my dream and I think our team's dream is to at the same time this is happening to have repos to fix parts of Kubernetes or at least the stack where you can start adopting and start testing it and then hopefully with with agility so if we switch to a configuration based system for how you decide your crypto then then you could flip a switch so that's the goal and I think we're you know happy to work with the part of the reason we're here at SIG security is to work with the SIG security community to figure out how to get this stuff done yeah at least get a prototype and then see where it gets gets us