Post Quantum Cryptography

Rinat: 00:00

Hi everyone. Welcome to tech talk. A podcast where Amit and I talk about all things tech. We don't just talk about tech. We talk about how the tech impacts our society, our lives and everything related to it.

Rinat: 00:24

Today we're going to talk about post quantum cryptography. Thank you Amit for telling us about this topic and yeah, let's go. Let's jump right in.

Amit: 00:33

Thanks Rinat for that introduction. And yeah I recommended you this topic for our podcast today because I've been reading about it. I have a friend who's working on this and I thought, okay let's explore this topic. And it's actually not a very new topic, but I think it's now picking up speed because NIST, the National Institute of Standards and Technology has recently announced PQC algorithms that people can use to encrypt their data.

Amit: 01:01

So let's dive into what is Quantum computer. What does post quantum cryptography mean? Why people are talking about it and why NIST has created a standard. So let me ask you a question. What do you think is a quantum computer?

Rinat: 01:16

My expertise in quantum computing is limited. It's a new type of computer, the base calculation that happens at the moment is binary but quantum computers the very foundational calculation method is happening in quantum scale, once we are able to figure out a viable way to use quantum computing it will be a groundbreaking discovery. It will be able to do much more complex, bigger calculation in fraction of the time it takes right now. So it would be a giant leap forward in terms of computing power in terms of being able to handle complexity and a giant leap forward in terms of the speed in which it completes those calculations.

Rinat: 02:01

Once we figure out quantum computing in a way that is commercially viable. And it's possible to build in a small enough size and the temperature can be controlled. Right now, companies were able to create quantum computers. But for that to work, the temperature of the environment has to be so low that it's not really viable for people to have it as a desktop, for example, or even mid sized companies to have it on their on prem data center.

Rinat: 02:33

It's just too costly to keep that level of temperature controlled environment to for it to be viable. But once all of these challenges are resolved, and hopefully it is possible. Sometimes there are mathematical reasons where you can prove that this is just not possible. If everything can be possible, we would literally enter into a new era of computing and everything that we have right now, a lot of it would become obsolete. It's just so ahead of what we have currently.

Amit: 03:04

Yeah, but you still didn't answer the question. What is a quantum computer?

Rinat: 03:08

Yeah, I don't know, actually. Please tell me what is a quantum computer.

Amit: 03:12

So the name itself has Some explanation in it. So quantum computers are basically based on the principles of quantum mechanics and quantum mechanics is at the scale of atoms. And if you think about physics, I'll just step aside from technology to physics. In the world of physics, people are trying to figure out how to unify quantum mechanics and General theory of relativity.

Amit: 03:35

Relativity deals with objects which are very massive like stars, galaxies super clusters, et cetera. So they're massive objects in space, which bends the space time. And that results in gravity. That occurs at a very massive level. Quantum mechanics applies to things at a very small level, things which are broken down into the smallest unit or quanta. That's where you get the word. And in quantum mechanics there are certain principles. One is superposition and one is entanglement.

Amit: 04:06

Superpositions means that a particle can exist in multiple states at the same time. Think of a flipping coin. When the coin is flipping, it is in both heads and tails at the same time. till it stops spinning and then it falls and it lands into one state, either heads or tails. A flipping coin can exist in two states. or either of heads or tails, right? So that's superposition.

Amit: 04:35

Entanglement means that if two particles are entangled, then no matter how much the distance between them, they will both have the same state. So if say you take particle A and take it to the end of the , Not even our galaxy, some other galaxy, that state and the the state of the particle on earth will be always the same. And if you change the state of one particle, it will instantly change the state of the other particle, no matter how far the distance. So even if it is in a different galaxy, because the particles are entangled it'll change the state, instantaneously, it is faster than speed of light. And that is why physicists are struggling to unify quantum mechanics and general relativity, because these theories don't work together really well. And there are multiple theories coming about.

Amit: 05:24

Now, if you look at classical computers, we know about bits. zeros or ones. So the whole computing is based on zeros or ones. Everything is converted into zeros and ones, and that's how computers do all the calculation. But in a quantum computer, you also have a quantum bit called a qubit. So you have zero. You have one and you have zero or one, and that's your flipping coin. So the quantum computer can have multiple states at the same time or zero or one. So that means that suppose you have to do a mathematical calculation. If you use a normal computer, you will have to follow certain steps. What if you can calculate multiple steps at the same time? With a classical computer, you'll have to do one step, next step. You have to do all the calculations and because of the processing speed, the calculations are very quick, but it is still very slow for certain mathematical problems, but with a quantum computer, you can calculate a lot more because you can now exist in multiple states so you can calculate everything much faster.

Rinat: 07:43

I've heard about this before as well, and still it did not make sense to me, and I hope you can explain it a little bit more , because in the binary computing, you have yes or no, or, on and off with zero and one, and then with those, you can create various logic gates, and one logic gate would be yes and no, just that, and then, and gates or gates. And then once you combine all of these, you get more complex gates, which you can use to do various calculations, right? Underneath it all, it's all zeros and one, you are combining it, but they are doing, each of these smaller questions, yes or no, is being answered step by step. And then you're finding one output that you want. But if, In one step, multiple calculation can happen, I understand, but you still need to define your inputs. Having the ability to be zero and one together for example, in one point, which is one gate, logic gate, that doesn't really, solve the rest of the steps or how can you combine the rest of the steps in one place?

Amit: 07:59

So take two bits, for example. Okay. Two bits together. They can be the zero, zero; zero, one; one, zero or one, one. So basically with two bits, four states are possible, right? And you have to calculate each state individually, right?

Amit: 08:00

With a quantum computer, take two bits, so each bit can exist in 0, 1 or 0 \1. So each bit exists in three states. So basically now you can calculate a lot more using just two bits. and a quantum computer because you can calculate multiple states.

Amit: 08:19

So with two bit classical computers, you can calculate four states. With two bit quantum computer, you can calculate more than four states. That's the basic philosophy, not philosophy, but the scientific fact.

Rinat: 08:32

Okay. Yeah. I think I still need to read up a little bit more or maybe watch some visualized animation. Thank you for explaining what it is. And it's good to know that how the name comes from quant and, how it's related to the different physics theories. And it's like the most cutting edge you can be. It's the cutting edge of physics and computing together. We are at a, monumental place in human advancement not just technology or I. T. But just overall as a civilization.

Rinat: 09:05

There are like three or four really, cutting edge things that are being worked on and any one of them would literally change the world as we know it. For example artificial general intelligence will do one of those. And then being the neural link or having the mind and Computing connection. That would be another one. And this, quantum computing, that's another. And I think maybe I would put CRISPR or the ability to edit genes. I would put these four things as the the most cutting edge. And any one of them, once they are solved, it will just change our world permanently and completely overnight. So quantum computing being one of those, we definitely want to know about it excitedly and cautiously, and one of the things that we want to talk about as soon as you mentioned cryptography, I feel like this is the cautious part of what quantum computing will bring about and how can we be more cautious and look at that technology from that perspective.

Amit: 10:10

Let me just go a bit further and explain you the different states. I think I explained it, but maybe I can explain it better. So I said two bits, they can exist in four different states. If you have two bits plus a cubit, a quantum bit, which can exist in either 0 or 1.

Amit: 10:28

With a qubit, you can now, and if it's a 2 bit number, then it can exist 0, 0; 0, 1; 0, qubit; 1, 0; 1, 1; 1, qubit; qubit, 0; qubit, 1; qubit, qubit. So now with two bits and in a quantum computer you can calculate nine states instead of just four states.

Rinat: 10:52

So the, all the permutation and computation of two digits is four and for three

Amit: 10:57

quantum computers, it's nine. Even if you consider two digits, it's nine. So now you can do much more calculation and much faster calculation when you're using a quantum computer.

Rinat: 11:09

So that's the thing. That's where I get confused because you're still saying it's two, but for two it's nine, but nine comes from the third state, and if there was four states, it would have been 16 because the way you can do permutation and combination of all of these, right? And then if it was five, it would have been 25 is the square of the base number. But you still mentioned that, no, it's two bits and one qubit. Why aren't we connect counting that as the third bit?

Amit: 11:36

Zero is one bit. One is another bit and zero or one is another bit. Okay. Three bits. A two bit number means it will have two digits, but the digits could be zero to nine. So here the digits are zero, one or cubit. But and it is two digits. The length is two digits. So instead here, the length is two bits. So the if you say 00, what does it represent? Zero. If you take 01, it represents one. If you take 10, it represents two in decimals. And if you take 11, it represents three. But in the quantum world, you have three bits, but the number itself is two bit the length. Binary is two states. Yes. So if you take a two bit number, it can exist in how many states? Four states, right? That's what I was explaining. Zero or one is a state it's forget them as a number.

Amit: 12:29

Think of it as a state. Zero is off. One is on. Now imagine a third state, which is off and on at the same time. So if you take a two bit number, it can exist in nine different states.

Rinat: 12:44

yeah. On and off at the same time. I don't know in reality, what is that? Is it a dimmed light, which is, slightly.

Rinat: 12:51

So quantum mechanics basically means it can calculate a lot of things much quicker. But the moment you try to measure something, it can only exist in one state. Either on or off, but it can do calculations in multiple states at the same time. It's it's like the famous the cat in the box, right? Schrodinger's cat, right? The Schrodinger's cat can be dead or alive. inside the box because the moment you open the box, it can either be dead or alive. So it's the same thing. The calculation is happening and it can calculate many things, but as soon as you measure it, you can measure only one state.

Rinat: 13:32

Again, I don't want to drill down on it too much. But the thing is, obviously, as we are saying that, yes, it's Schrodinger's cat, it can calculate, but when it comes to existence, but what is the act of calculation without existing? If you're calculating, how are you don't exist and still calculating, you're saying that, okay,

Amit: 13:53

What is calculation? What is calculation at atomic level? You're thinking calculation as mathematical numbers and formulas, but when a computer calculates, how does it actually calculate? Think at that level.

Rinat: 14:07

Yes, let's see, it calculates you give it an on signal, and then after a few seconds, you can give it another on signal. And if it was to count, then number of on signals it received.

Amit: 14:19

Exactly. So say take two plus two. Okay. Two plus two is equal to four, but it has to convert two into a binary number. Two can be represented by two bits, one and zero, one zero is two, okay, two plus two is one zero plus one zero. Give you what? Four. So in order to get four, what should be the output? It's the output will become two power two power two. So it will be 1 0 0. So two bits plus two bits gives an answer of three bits. So 1 0 plus 1 0 gives you 1 0 0. That's in binary and computers can only calculate in binary. On and off state. How we get 1, 0, 1 0 to 100. That's maybe a different chapter, but now if you think, if you want to now calculate a very big number, you'll have to do a lot of calculations. Say take a prime number and I want to calculate the factors. Say 21. 21 is multiple of three and seven. If I want to do a mathematical calculation, I'll have to break it down. I'll have to see whether it can be divided by certain numbers and then I'll get the answer. Now I'll divide it 21 by one, two, three, four, five, six, seven. So now imagine if I represent 21 in binary or say in quantum computer, you represent that using qubits. Now you have to do all the calculations. Now instead of doing the calculation with just two bits, you can do it with three bits. And the third bit is a quantum bit. So now you can calculate more steps much faster. I think we're getting there, but you're still not convinced.

Rinat: 16:00

It's not a matter of being convinced. I know that the technology exists and it works. It's about me being able to understand. And obviously the traditional understanding of mathematics and the binary sort of computing ways, that's so ingrained within me that I'm just not seeing

Amit: 16:19

Let's go again. This is a final attempt. What is a bit?.

Rinat: 16:22

The smallest unit of data in a computing system, which just is a signal which tells yes or no.

Amit: 16:32

Yes. A bit can be zero or one and a quantum bit can be zero, one, and zero or one. I think that should explain. A bit can exist in either on and off state, but a quantum bit can exist in on and off and on and off together.

Rinat: 17:00

Yeah , so let's go back to math a little bit. So we usually , in life, we use the decimal system, which is the 10 base number, computers use binary and then there are hexadecimals, there are other base numbers if we wanted to use it. Now, as soon as you say that there is third state, my mind goes to that, is it a three base numbering system instead of binary?

Amit: 17:16

I confused you initially because I made the wrong statement. The correct statement should be a bit in classical computers represents either zero or one. A two bit number means there are two bits. First bit can be zero or one, second bit can be zero or one. Now if you take a quantum computer and you take two qubits, so you call two qubits. So two qubits, the first qubit can exist in zero. one or zero and one. Okay. The second qubit can exist in 0, 1, or 0 and 1 together. So a two qubit system can do nine calculations or nine possible states, but a two bit System can do four possible states or four calculations, right?

Rinat: 18:07

Okay. So for example I send a signal in a, in the qubit system. I, and I send it as two qubits, so I could have sent zero first and then one second, but instead of that, I've sent one qubit and then the second is also a qubit which means both of the digits are zero or one we don't know.

Amit: 18:28

I think don't think like this because in a processor, say a 16 bit or a 64 bit, say we have a 64 bit processor. It means it can take 64 bits at a time, right? Maximum.

Rinat: 18:39

Yeah and all of those 64 bits are zero or one but now in quantum computer it could be zero, one Or an unknown value, which is zero or one.

Rinat: 18:50

64 qubits, currently we are not nowhere near 64 qubits. We are maybe four to 10 qubits.

Amit: 19:04

If you don't know whether it's zero or one how would you add two qubits when the value of qubits, either they're zero or one, you don't know.

Amit: 19:04

But it means that I've done two, I've done two calculations with just two bits. So if it is zero or one, I calculate both states, right? Together. Because it can exist in those states. Say, if I have just one qubit, I can calculate 0, 1, or 0 and 1. With one qubit, I can calculate three states. 1, 0, or 1 and 0. It could be 1, 0, or 1 and 0. One or one and zero. So I can calculate three possible states.

Rinat: 19:32

it's a little bit clearer than before.

Amit: 19:34

I think let's not get into quantum computing at this level for this podcast, because I think the whole idea is that we just cover the basics because I think it'll get too technical and then it is outside the scope of this podcast because you'll need to explain mathematically. And it's very difficult to explain mathematically in a podcast. But that was an example for you.

Amit: 19:53

When we talk about post quantum cryptography, cryptography means encrypting data, protecting your data using some cryptic language. If I want to protect my data I use certain algorithms. Those algorithms will protect my data against hacking from a computer that can calculate a lot of things. Now, why do I need to protect my data? You have a financial records, your banking transactions, you message personal information when you're talking to someone, you want to communicate through a secure channel over the internet. So you have HTTPS protocol you want to encrypt the data on your computer. So in case your computer gets hacked or broken into or stolen, at least your data is still protected and no one can actually break into the data.

Amit: 20:37

So there are multiple reasons you want to protect your data. Plus, you also want to verify whether the data has come from the right source. So you have something called a digital signature that tells you whether the data has originated from the source from which it is supposed to come. So normally when you try to download a file, it will always have a digital signature and the computer will verify that digital signature to make sure that it is not tampered because the moment you modify, open or change it, the digital signature changes.

Amit: 20:45

So you can verify the source whether that through transmission, whether the data itself has changed or not. So in our computing world, you have all this scenarios where you want to protect your data and you use certain algorithms. Now, there are two ways to do it. One is symmetric and one is asymmetric. Symmetric means you use one key to encrypt the data and the same key to decrypt the data. Asymmetric means you use one key to encrypt the data and another key to decrypt the data. In symmetric you have the famous algorithm called AES, Advanced Encryption Standard and for asymmetric you have RSA RSA refers to the names of the people who actually founded the algorithm.

Rinat: 22:25

Now we'll not get into what the algorithm actually is, but you can understand symmetric and asymmetric. Asymmetric algorithms use public and private keys. You use a private key and then you have a public key with a public key, you can encrypt the data, but with a private key, you can open or access the data. You cannot access the data without the private key. So that's what public key cryptography is all about. When you create a SSH key, you give the public key and the private key is with you. If you lose the, if you lose the private key, someone can access your information. Public key encrypts the data, private key decrypts the data.

Rinat: 22:35

Sorry, just clarifying for myself? If you lose the private key, that doesn't mean that someone can access your data, but it just means that no one else ever can access your data, including you because you lost the private key.

Amit: 22:36

Yes. Private key normally has to be kept safe. With a public key, you can always encrypt the data. It's you can drop something in a letterbox by using a public key, but you cannot open the letterbox without the private key. It's basically that's the most simple example. So you have these two algorithms which are used to encrypt data, sign and transmit the data over the internet securely. Symmetric and asymmetric. And these are on classical computers. So classical algorithms to protect and encrypt your data in a classical computer.

Amit: 23:07

Now, what does post quantum cryptography mean and why we need it? So as I told you, quantum computers can do a lot of calculations much faster. In a scenario where you have both the AES or the RSA algorithms and they have encrypted your data and you want to basically hack those data, find out what information is behind that encryption.

Amit: 23:26

So what you would do, you would wait, till the quantum computers reach a stage where they can actually do the calculation to decrypt the data. Currently we are not there yet, but there will be a time. Maybe 10 or 20 years down the line where you would be able to decrypt the data. There is this concept in security world where is you harvest data now and decrypt it later, when the quantum computer is powerful enough to break the encryption.

Amit: 23:53

So you use a couple of algorithms to encrypt or protect your data. And if quantum computers become strong enough or powerful enough that someday they can break the current encryption.

Rinat: 24:06

As soon as quantum computer is powerful and usable enough, that means the whole cryptocurrency landscape will disappear straight away because it will be pointless after that,

Amit: 24:17

I'm not trying to think about cryptocurrency, but because that's based on blockchain, blockchain is again, calculations, maybe you can do a lot of calculations much faster. Yes, no doubt about that. Validation part can be done much faster using a quantum computer. But in cryptocurrencies, you protect your digital wallet using a key. You can hack the wallet using a key if you know what the key is, but if you don't know the key, you'll have to try multiple combinations or brute force using multiple keys.

Amit: 24:47

And if you can do a lot of calculations much faster, maybe you can then hack into the digital wallet and extract the coins from it. Maybe, but I'm, I'm not exploring that, maybe we can explore it in some other podcasts. I think this is about say you have a data that is encrypted, it could be cryptocurrency and you use AES but here we have used blockchain to store the data. And then you protect the digital wallet using some kind of encryption, maybe AES, maybe RSA. I don't know, but the existing algorithms can be broken by the quantum computers. And that's where you get PQC, post quantum cryptography. It means create an algorithm now that can encrypt your data now so that in future when a quantum computer becomes powerful, it is still not able to break this algorithm.

Amit: 25:42

And that is post quantum cryptography. Okay, so you have AES, RSA and few other standards that are used to encrypt or protect your data in current world. And you want to replace these algorithms with something else so that in future when you have a quantum computer, if your data is protected by AES or RSA, quantum computer will break it. But if your data is protected by another algorithm, quantum computer will not be able to break it. That is the concept behind PQC. So say there is A ES and there is RSA algorithms. A ES is symmetric algorithm. So one key to encrypt or decrypt data. There is a quantum algorithm to break this encryption and that quantum algorithm will only work on a quantum computer. So there is a mathematical algorithm right now called the Grover's algorithm That Grover's algorithm can break A ES. Right now, but it's not possible because it can only work on a quantum computer. Similarly for RSA, the algorithm that can break it is called Shor's algorithm. That algorithm can break RSA. But Shor's algorithm will work only on a quantum computer.

Amit: 27:00

Quantum computers exist, but they don't have that many qubits to do that much calculation right now. So they are not powerful enough to do that kind of calculation. When I say calculations, let's say, for example, you have a 20 digit prime number and you want to calculate the prime factors.

Amit: 27:18

Okay. So if you want to calculate the a prime number, 20 digit and you have to calculate the factors. If you give the problem to a computer, it has to do brute force. It has to go through all calculations one by one. Try to divide the number by one, divide by two, divide by three, divide by four, divide by five, and so on for 20 digits.

Amit: 27:38

20 digits is more than a trillion. A billion has nine zeros trillion is 12 zeros. So that's more than a trillion. And that's a lot of calculations for a classical computer. But for a quantum computer, that may not be the case. I'm just giving an example.

Amit: 27:53

Maybe quantum computer may not be able to brake a 20 digit algorithm, right? But this is just an example. So you have to think about the quantum computers that are there, but they are not powerful enough. It's something like we had computers in the time of world war, but they were not powerful enough to do computer aided drawing.

Amit: 28:14

They could maybe break simple encryption algorithms in those days. The Enigma machine everyone knows about. So you could break the algorithm using a computer, at that time. But now it can be broken in a few seconds with a powerful computer. So it's the same way with a quantum computer right now. We are at a stage where we have only few qubits. In the beginning of the podcast, you mentioned that quantum computers are very difficult because they need some certain kind of temperature. They need certain kind of environmental conditions. And because of that, we have very limited qubits. Because we have limited qubits, we can do limited calculation, but there will be a time when we'll have a lot of qubits. And with that many qubits, we can do far complex calculations, much faster. And that is why we have to start planning now. So in 20 years time, if we get a quantum computer powerful enough to use a quantum algorithm to break our existing encryption, then it means we need to start now thinking about how do we replace these algorithms, what will replace them with and then re encrypt the data with these algorithms.

Amit: 29:23

So if your data is encrypted with AES, replace that with, post quantum cryptography algorithm that protects this data from a quantum computing attack. And if it is protected by RSA, replace that algorithm and encrypt the data again. And then it gets protected by the quantum computer in the future.

Amit: 29:43

Bear in mind, it will also be protected against the classical computers. So it's not that you just replace the algorithm and it only protects you from quantum computers. No, if you replace the algorithm, it'll protect you from the current computers as well. But because of the level of advancement that we are making, if we don't start now, it will be too late because there are so many things we have to start thinking about how do we replace our end to end encryption standards, how do we replace our end Communication standards, how do we replace our encryption standards for storing data? How do we sign digital certificates that you have? How do we verify the authenticity? So all that has to be replaced. And that is billions of computers, billions of devices.

Rinat: 30:26

One good thing is that once you upgrade it, the classical computers would still be covered. So the algorithm would work on both. But my question is the other way around.

Rinat: 30:37

So if you replaced it now, would a classical decryption system be able to decrypt it? Because we don't have quantum computers in every desktop to decrypt it as the user. We can't really upgrade now because it would still be unusable.

Rinat: 30:56

But you have to think about all these standards. You cannot just replace the, you cannot just encrypt the data and And not have a methodology to decrypt as well. So you can encrypt the data and you can decrypt the data if you have the public key or the private key, but you have just used a different algorithm, which is very difficult for a classical computer to break or a quantum computer to break. So let me give you an example.

Rinat: 31:20

It's very difficult for it to break, but for a PQC algorithm to encrypt it by a classical computer, would it not have to do a really massive amount of calculation that only a quantum computer can do? And it will render the classical computer useless, because if you put the upgraded or the PQC algorithm, it has encrypted very well, but how the actual original user who is supposed to get that information, how will they have access to it? Because, there isn't a quantum computer on the other end.

Amit: 31:55

That's the, that's I think the gap in your understanding. So let me just correct that. So basically what you're saying is that if you have an algorithm that say encrypts your data on your hard disk, say where you have a lot of, Personal photographs, you want to protect it. So you encrypt that data using RSA.

Amit: 32:14

Okay. And you tell your wife that, okay, if you want to access this information, you have to use a key. And this private key I will give it to you and don't share it with anyone. And with this key, you should be able to decrypt the data and then able to access the photos, right? Public key, private key.

Amit: 32:32

Okay. Now, suppose I want to hack this information. I have the public key. I don't have the private key. I'll have to do all the mathematical calculations with a classical computer. That's the current scenario. Now, I will replace RSA and I will take a PQC algorithm. Okay. We have not come to that, but let's say we replace that with an algorithm that is very difficult for a quantum computer as well as a classical computer to break.

Amit: 32:57

So what will you do with that algorithm? You will first decrypt all your data with your private key for say RSA. Okay. And now you will encrypt the data using the PQC algorithm. Okay. With the PQC algorithm, you'll have again a public key as well as a private key. So now the private key will be able to unlock or decrypt the data and the public key will be able to only encrypt the data.

Amit: 33:25

So with the private key, you will be able to decrypt the data. Now the question is, if I lose the private key, can I break the algorithm? Can I decrypt the data using a classical computer or a quantum computer? And the answer is no, you cannot break it.

Rinat: 33:40

Thank you very much for clarifying this. This is really good with step by step and in detail because otherwise I wouldn't have gotten it. The act remains the same and it doesn't require a quantum computer to Encrypt it or decrypt it. It just needs the private key. But if you want to have unauthorized access to figure out what the private key would be, maybe through brute force or whatever calculation you need to do then you have to do this myriad level of calculation. And for that, you need a quantum computer and having a quantum computer proof algorithm if we call it that. Then even a quantum computer can't through brute force, if necessary, it won't be able to guess what the private key is. So that's what it is. The encryption or decryption, they don't need any, they can use the algorithm, which is quantum computer hack proof, if you'd like, but encrypting or decrypting doesn't need a lot of calculation.

Amit: 34:41

Now the question is what are the algorithms and how are they different so that quantum computers can't solve it? Take the RSA algorithm, we can't go through all the algorithms and all the principles, but I'll give you a couple of examples. One is, prime factors. So prime numbers have factors and prime numbers means they can be divisible by one and some other number, right? So three is divisible by one and three, five is divisible by five and one. One and the same number seven is divisible by one and seven. It's not divisible by four or two or et cetera. And prime numbers are always odd. You can't have even numbers because even numbers are always divisible by two. But two itself is a prime number because two is divisible by one and two, but four is not a prime number because four is divisible by two and one. So now you have a very big prime number and you have to calculate the prime factors or verify whether that prime number is correct or not. So you have to do a lot of calculation. Okay. You can do a lot of calculation and mathematically you can calculate it.

Rinat: 35:36

Whether it is a prime number

Amit: 35:37

whether it's a prime number, et cetera, et cetera. So you have to do a lot of calculation. Okay. You can do a lot of calculation and mathematically you can calculate it.

Amit: 35:45

So if you say that I can do with a 64 bit Intel processor, 3. 7 gigahertz, I can do 1 trillion calculations. So you can mathematically calculate if I can do one trillion calculations in one second or say one minute, then how many calculations do I need to do in order to break this or to calculate whether it's a prime number or not for a 20 digit prime number.

Amit: 36:08

You say it is a 200 trillion. Okay. I'm just giving a very big number. So now you know that it will take you 200. Trillion calculations, but with the current cal computer, you can do only one trillion calculations per minute. So now you can calculate how much time it has taken to break the algorithm, right?

Amit: 36:25

That's using a classical computer. And now if you can do those calculations much faster, you can calculate that. Okay. With a classical computer, it takes you a hundred years, but with a quantum computer, it'll take you only one year. So you can do it mathematically. You can calculate how much calculations are needed. And then you can figure out what's the most powerful computer, how much calculations it can do. And then based on that, you can calculate the time.

Amit: 36:49

Next way to do something is calculate a hash. A hash is a fixed length value. Say you have a 10 digit number and a 20 digit number or a 30 digit number. But when you calculate the hash, you'll get a fixed length, always a 12 digit number. So from the 12 digit, you cannot calculate back whether it was a 10 digit or a 12 digit or a 30 digit number, right? Think of it like this. You have oranges, you put it in a mixer, and then you get orange juice. But with the orange juice, you cannot get oranges back. So oranges are your original number. We don't know how many oranges were used to make the juice. We have the juice fixed quantity. Hash is something like that. So these are like a couple of methods what you can use to encrypt your data. And RSA, AES are based on these types of methods.

Amit: 37:38

Now think of a quantum algorithm or a post quantum PQC algorithm like this. Instead of calculating numbers, you now try to find a dot. Which is closest to another dot. So think of a lattice. A lattice is basically represented by two vectors, one horizontal, one vertical. And the angle between them could be 90 degrees or it could be less than 90 degrees or more than 90 degrees. But basically those two vectors will define the lattice and the lattice is basically a group of points on a two dimensional system. So if you have 10 10 dots in a column, and then you have another 10 dots for each of the columns, then you get a lattice structure. Okay. Now in this lattice structure, imagine you have 10 columns and 10 rows. So you have a hundred dots in this lattice. Imagine you randomly put a dot somewhere, okay, either on the dot or between the gaps of the dots.

Amit: 37:45

And then you try to figure out which is the closest dot from the dot you have put, right? That's the calculation. And you can represent the lattice using the vectors. And. This is just one of the algorithms. Basically the calculation is that find the closest dot on the lattice from the dot that you have picked and your dot is the private key. Okay. And this is how you can encrypt something. using a PQC algorithm that will protect it from quantum computers. Because in order to do this calculation, like figure out which dot is closest to the dot that you have placed in the lattice, is very difficult. And this is just two dimension. You can have a three dimensional lattice structure and you can have a lattice with a million points. So now even for a Quantum computer to calculate exactly which is the closest dot in the lattice to the dot you have placed is very difficult. And that is how you can protect your data. And this is just one of the algorithms.

Rinat: 39:36

In mathematics, you don't have to just be limited to three dimensions, it can be multi

Amit: 39:41

dimensions. Exactly.

Rinat: 39:43

Yeah, so there is no, no limit of how complex you can make

Amit: 39:48

Exactly. And that hits the nail because that is an algorithm that you want to use to protect your information from Possible hacking from a quantum computer.

Rinat: 40:00

Yeah, I'll tell you what I find really interesting is the fact that you can create a very complex structure from very simple things, right? You can create millions of color from just red, green and blue combining together. And then there are many examples of the base things are very limited and very simple, but just through permutation and combination, you can create such complex things. It's amazing. Just by combining. Interdisciplinary knowledge, you could come up with so many innovative ideas and products, et cetera. And that's a very good reason to broaden your knowledge in different kinds of disciplines as well, it's interesting to say the least, and impactful if you really use it.

Amit: 40:47

Yes. And I think these algorithms, they have taken a lot of time and they come from very simple mathematical principles, lattices dots in a grid. You can imagine like X or Y axis and you can have multiple dots in that grid like structure. And then you extrapolate that into multiple dimensions, as you mentioned, and then it becomes very difficult.

Amit: 41:08

Even for a quantum computer, and it's made of very simple things. But in order to create that lattice, you will need some vectors. If you have the vectors in a perpendicular line, in perpendicular angles, then it's easy to calculate the closest dot. But if you have them at a different angle, an angle which is less than, say, 45 degrees or 20 degrees, then it becomes extremely difficult for the quantum computer To calculate the closest dot on the lattice, right?

Amit: 41:38

So based on these principles, it's very difficult. And this is just one of the algorithms. NIST has recently approved of three different algorithms I think, and they are different standards. And these standards are now publicly available so people can start implementing. There is already an open source implementation of this. So our current browsers can't basically handle these algorithms. So there is a development version of Chrome, which can handle PQC algorithms. And you can check that because if you create a certificate or encrypted data using a PQC algorithm now, and you can open that in your browser, it means your browser can understand a PQC algorithm. And if you try to open the same data in a normal browser, it should not be able to open it. Because you the current browser doesn't support that algorithm. So this implementation is currently possible and people have already done it.

Rinat: 43:24

Wow, that's actually really good information . And I would also invite our audience if anyone is looking after their cyber security of their organization or influencing the implementation of more of a future proof technology, do reach out to us for some direction on which way to go in terms of implementing this kind of cutting edge technology, which will future proof your sensitive data for, multiple decades and centuries to come because quantum computing is coming and there is a need for us to be cautious and protect our sensitive data . And for that, direction is needed and Amit is well researched and well placed to give anyone that direction. So reach out and we could help you direct whichever way would be most appropriate for your organization to implement such technology.

Rinat: 43:44

That's actually really fun to know about all of these. I know I drilled down a little bit because I do want to have the basics right in my understanding, and I feel like I still need to go away and research a lot more, but I do have a better understanding, a better visual in my head, on how the whole thing works.

Rinat: 43:45

And even if I don't have the understanding that, the physicist would, or the serious, hardcore quantum computer engineers would, but I still understand more of an implications in real world.

Amit: 43:57

And I think the only reason I recommended this topic is because NIST has actually published standards. You publish standards for the community to adopt, it means that you are actually getting more cautious and you want to make sure that the world is getting prepared and you don't want to encrypt all sorts of information using these quantum safe algorithms. We call it post quantum cryptography. What would cryptography look like in a post quantum era, but these algorithms can be called as quantum safe algorithms. So they protect you from the quantum computers. And now when these standards are published, it takes a huge amount of time, resources and everything to protect your information, like decrypt all the current information and then re encrypt it.

Rinat: 45:25

And it's not just simple encryption. You have to also replace your existing communication protocols like HTTPS standards that currently use certain encryptions. You'll have to use replace the email encryption, the end to end encryption used on WhatsApp. And that's not like just a piece of cake. It'll take some time. So if the standards are released now, it'll take maybe five to six years or 10 years to adopt it worldwide to get rolled out. Because the standards will be tested, implemented, people will have different types of implementation, etc. Your browser should be able to deal with it. Your operating system should be able to deal with it. your smartphone should be able to deal with it. So it takes a lot of time. The AES and RSA standards took a lot of time, almost 10 to 20 years.

Amit: 45:30

We know for a fact that, unit testing is complete in terms of quantum computing, a smaller quantum computer already exists. That means it's possible. It's just figuring out how to scale up. And We can only know the ones that are visible to public, but we don't know in which country or which organizations behind the curtains are working away because the benefit of figuring this out is massive, it will change the game completely. So there very certainly are many heads working away, trying to resolve this. And we only know whatever progress we see in public domain.

Rinat: 46:05

It's really even more important to, adopt this kind of protective algorithm, which are going to future proof your systems aSAP, because, the main question that needed answering is whether it's possible or not. And we know it's possible because it exists.

Rinat: 46:21

So now it's only a matter of time and how long we don't know. It could even be tomorrow. Obviously not to be too pessimistic, but it's not Impossible because a lot of people are already researching and have invested already, and you never know which country, which organization will figure it out.

Amit: 46:40

Will urge anyone to at least be educated . From this podcast, you will have the basic understanding of what it is and then go and understand it a bit more. And then once you are, then look at implementing it to whichever organization that you influence or have a say. Definitely can reach out to us for a direction and we would be happy to help.

Amit: 47:04

I enjoyed the podcast because I think in the process of explaining certain concepts, you actually learn new things.

Rinat: 47:10

Yeah, absolutely. No, it's it's really fun, talking about these kind of cutting edge technologies. Thank you. Thank you everyone for listening. Hopefully you guys learned a lot as well and do let us know any feedback or any other aspects that we've missed out and we can talk more or any other cutting edge topic that you guys would like us to cover do let us know.

Amit: 47:31

Thank you so much. Bye.