Welcome to the KuppingerCole Analyst Chat. I'm your host. My name is Matthias Reinwarth. I'm an Analyst and Advisor with KuppingerCole Analysts. My guest today is Alexei Balaganski. He is a Lead Analyst with KuppingerCole and he's the CTO, the chief technology officer here at KuppingerCole. And maybe we will touch upon this as well. Hi Alexei, good to see you.
Hello, Matthias. Thanks for having me again.
Great to have you and we want to talk about a topic that we touched upon several times before, but we really want to dig a bit deeper into that. And the first time I heard about that topic, we're talking about quantum-safe cryptography or the cryptocalypse, how it's sometimes called. When I first heard about that, I thought, this is so far away. Yeah, it's interesting, but it's more academic. That is 10 years, 15 years in the future. But I think things have changed. I see large corporations, especially financial institutions that have specific teams around that topic that really already deal with that. So let's dig a bit deeper into post quantum readiness about the threats of quantum computing to encryption, to cybersecurity in general. I think that is really something that is much closer than we all might think. But let's start with definitions. What is this cryptocalypse? What are risks? What are the risks? And is it just about quantum computing? Maybe we start with that. Well, that's actually a really good question because I mean, obviously, cryptocalypse is just a conventional cryptography and apocalypse, right?
Well, Matthias, that's actually a really good question because, I mean, yeah, obviously, cryptocalypse is just a contraction of cryptography and apocalypse, right? So something terrible, which would suddenly happen with all of our encrypted data, which would basically ruin the entire world because of all the reasons we can dive into in a moment. The idea itself is not new. Definitely, we have heard about this for decades because basically cryptography and data encryption is one of the foundations of our entire world economy nowadays. As you probably all know, cryptography doesn't just refer to actual encrypting of some data on your hard drive, for example. It also means all the data exchange between businesses and private individuals around the world. The entirety of the internet depends on cryptography, the entirety of the digital economy and finance industry, everything around all the communications basically and all the identity management, remember that kind of your digital identity is inevitably based on a certificate or any other kind of cryptographical entity which represents you in the digital world. So if suddenly someone would manage to compromise all those technologies, yes, the world as we know probably if not cease to exist, but at least face a really major world wide catastrophe comparable to an asteroid hit maybe. But on the other hand, a lot of people tend to associate this whole scenario with only the advent of quantum computing. Well, it's probably not a good idea to limit this to only this scenario because as we all know, cryptography can be heard in many different ways. And some of those things have happened before on a much smaller scale. For example, we know that some of the encryption methods and hashing functions, for example, which were once considered practical and useful and secure, no longer are. Everyone probably knows about the SHA hash function, for example, which has been deprecated for years, or the old SSL/TLS encryption protocols in our browsers. I mean, they used to be good enough. They are not anymore simply because the computing power is growing. So it became much easier to crack those encryption methods. Those were basically retired or replaced with stronger ones. And the biggest question is basically what's so different about this cryptocalypse? Why cannot we prepare ourselves to that kind of apocalyptic great scenario as well?
Right, and you've mentioned that already. So just the availability of more capable of faster computers already rendered some of these mechanisms just unusable because crackable because computers were faster. Now we are entering an era where quantum computing is nothing theoretical. It is there. You can go to the cloud provider of your choice and have access to these new types of computing technology, which is from its basic paradigm completely different or at least fundamentally different from what we are used to thinking in bits and zero and one. But when we look at a realistic risk assessment, and this is what analysts typically do, how imminent is this threat actually? How imminent is the threat of this quantum computing to these mechanisms that we use right now? Which cryptographic algorithms might be the first to just to collapse? What do we need to expect? I know it's a look into the future and I know it's not yet there and we are not prophets. We are analysts, but maybe we can at least do a risk assessment.
Well, you're absolutely right. The biggest mistake a lot of companies and people are making is they're not thinking about it as a risk. And every risk in this world, it has basically two components, the probability and the impact. Like for example, a risk of a huge asteroid hitting the Earth. The probability is extremely tiny but the potential impact could be basically deadly for the entire humankind. So this is still a risk and maybe even a risk we have to realistically prepare us for, right? And a lot of people would claim that the cryptocalypse is the event, the potential event, the potential risk of at least approximately the same caliber. So yes, it is still, and I would probably side with people arguing that it's not very probable, maybe even completely impossible in the next 5 or 10 years, say almost impossible, but the potential outcome and the impact would be so huge that you still have to consider it a substantial risk just by multiplying the impact by the probability, the number is still pretty high. But you also have to think about other aspects. First of all, again, the very fact that, let's say, the event that a practical, usable quantum computer becomes available overnight. The biggest challenge is not that fact itself. You will probably never know that very day. It would be the world's best kept secret, maybe for months, maybe even for years. And the party who possess such a computer will be able to basically dominate the world intelligence and beat everybody else in that kind of political and financial business game. So this is a pretty big deal for a lot of involved parties. And even if we agree that yes, maybe this won't happen in the next decade or so, there are also other smaller aspects of the same problem, which might not manifest themselves as an apocalyptic event, but could have potentially the same kind of outcome for a lot of businesses involved. What if someone finds a major implementation vulnerability in an existing encryption? That actually happened before. You probably remember the Heartbleed, what was the name of OpenSSL vulnerability. There were other events. Of course, they ended up being probably less expensive in mitigation than we thought initially, but they were still, I mean, pretty, a pretty big deal and required a lot of investment for the industry around the world. Again, kind of this thing is a risk. And when we are dealing with risks, we have to think about it in the same way, in the same approach as we do with real physical world risks. So we have to research, we have to investigate, we have to prepare ourselves to have a plan, to have some mitigation control in place and probably invest some money into all of those activities.
Exactly. I think there are other threats that could be looked at in the same way. So if we consider an evil party trying to use all those fast modern LLMs in just training them to find reasons and ways to break encryption algorithms could also be a threat to encryption. So everybody's still talking about quantum computing. Why is this so much more special? What are the unique challenges that especially quantum computing poses to cybersecurity? Why is it so different from just having a zoo of LLMs trying to find breaking algorithms?
Well, in a nutshell, the whole reason why cryptography exists and is so successful and efficient nowadays is that we are dealing with a process which is pretty easy to implement in one direction, to encrypt the data, but extremely computationally difficult to actually break that encryption unless you actually have the secret key. And we all know that basically the modern encryption is divided into two major classes, symmetrical encryption and asymmetric encryption. The first one, basically you have the single key for both operations. You take the key, you take your text and you encrypt the text with the key. And then somehow you have to protect and secretly share the key to somebody else and they would use the same key to decrypt your data. This is what we call symmetric encryption. And it's actually considered safe from the quantum apocalypse, if you will, because we know mathematically that even those new quantum computers won't be able to significantly decrease the number of time, the amount of time needed to break that encryption. However, with the asymmetric encryption, where you have two keys, one public one, which you can give anybody and they would use it to encrypt the data and the second key, the secret one, which you actually need to decrypt the data. This is much more in danger because the very nature how those two keys are created. We have this mathematical problem called prime number factorization. If you have two extremely, well, those two keys are basically two extremely large prime numbers. And if you have the the product of multiplication of those numbers, somehow you have to figure out what those two numbers originally were. This is a well-known mathematical problem and it's been proven to be unsolvable on classical computing hardware. You would need billions of years to create those keys. And yet we know, again from mathematics, that there is an algorithm for quantum computers which could do it probably within seconds or hours, whatever, in a much shorter period of time. So we know in theory that if a working quantum computer emerges, it will be immediately able to break that asymmetric encryption, at least the modern standards. And this is why it is a risk. I mean, we all know that a working quantum computer probably does not exist yet, but as soon as it actually emerges, it would immediately be used to crack those existing keys. And we all know that a lot of intelligence agencies around the world, are sitting on heaps of encrypted data waiting to be cracked as soon as it becomes technologically possible. This is why, for example, there was a lot of talk about this approach called perfect forward secrecy. Meaning that your encrypted communications have to be implemented in a way that even if they cannot be cracked now, it should also be impossible to be correct in the future when someone manages to compromise a future key. They should not be able to go back in time, replay, for example, the recordings of your past communications and correct those too. Again, it kind of has probably nothing to do with quantum computing on its own. Just show that there is always more than one way to compromise your encryption.
Yeah, that's interesting because if you look at what you just said, are agencies that have tons of encrypted information and we may or may not in the future have a mechanism that is able to break this encryption. Could we still distinguish between different categories of encrypted information that is more at stake, smaller ones, more critical ones say a fully encrypted hard disk of gigabytes or terabytes of stuff that still would be difficult to crack just because of the amount of time. So is there different types of information, different types of sensitive data that is more at stake once that is available?
First of all, have to all understand that the sensibility of information is not directly related to any specific technology or hardware or anything. Some data can only be useful for days, hours, or even seconds if we are talking, for example, about the trade transactions on a stock exchange. There, milliseconds count, not even seconds. And if your information is too old, it's of no interest to anyone. And there is, course, a lot of information which is still relevant and extremely sensitive, even years after it has been generated or stored. Of course, we are talking about PII, personal identified information. It is sensitive just because the state says it's sensitive. So if you lose that information, you will be fined for noncompliance. There is, of course, intellectual property basically when your entire business... if your entire business depends on a secret Coca-Cola recipe and someone suddenly steals that recipe. Of course your entire business is probably ruined overnight. But again, it's not directly kind of related to how you store that information but of course as we just kind of discussed you have different algorithms which are vulnerable in a different way, so asymmetrical keys, for example, are much easier to crack on a quantum computer. Symmetrical ones not so. But again, we know, for example, that some methods are known for the implementation vulnerabilities. So the mathematics is OK. But for example, the random number generator isn't working correctly. Or you are not clearing some intermediate bits in your formula quickly enough and they leak into some later step of the process and it makes the whole encryption easier to correct. There are so many different tiny details. And this is basically why there is kind of a mantra in the industry. You should never try to reinvent encryption on your own. Never use homebrew encryption. Always rely on proven and formally validated industry standards. This is, for example, what the American NIST Institute is doing now. They are running a competition for quantum safe replacement for those ciphers, for those encryption algorithms. And it's been going on for years because it's a really complicated and sophisticated process. You should not just be able to come up with a new method and then prove that it's mathematically quantum resistant enough and then you should do tons of different checks and validations and verifications. We are almost there, if I remember correctly, the final candidates are already established, so we just have to wait a little bit more for the results to be officially announced, but we already know which new methods will become standards and which will basically everyone at least governed by the American regulations have to implement. And this is one of the major aspects we have to discuss every time we talk about any kind of cryptocalypse or anything. How quickly can you adapt to those changes?
Right, and actually this, I think this is really fascinating that although this technology is not yet available slash widely available, we know already what categories of encryption mechanisms are breakable and we can construct some mechanisms that won't be breakable, by this new upcoming technology. But we are always talking about the challenges of quantum computing in terms of cryptography because it can break things. Once it is available, wouldn't it also be of huge benefit potentially to provide mechanisms that are on the one hand, of course, quantum safe, and on the other hand, provide a new level of security by providing mechanisms that are safe to all known methods of computation?
Well, that's an interesting question on its own because people tend sometimes to mix quantum cryptography and post quantum cryptography. What we've been talking about up to now is actually post quantum cryptography or quantum safe cryptography. But of course, those technologies, the consequences of quantum physics applications, they can be used for cryptographic purposes as well. We know, for example, that there are already existing implementations of quantum key exchange. Basically, we all know that one kind of peculiar aspect of quantum mechanics is that if you observe a state of a quantum entangled particle, for example, it's quantum state collapses just by the fact that you have observed the state. It sounds crazy kind of for a kind of micro world, but really like it's like the Schrodinger's cat and you open the box and you immediately see if the cat is dead or not. Well, basically it applies to cryptography as well. You can create an encrypted channel for securely exchanging cryptography called keys, which would be impossible to eavesdrop upon because every time someone tries to basically steal your key from this kind of quantum wire or cable, if you will, you would immediately know that it's been compromised. Again, it sounds like some kind of dark magic, but it really works that way. And there are existing solutions. The only problem, of course, is they are limited in scale and I guess distance, if you have several underground bunkers for controlling your nuclear missiles, you might probably want to implement quantum key exchange to securely connect them together if their distances are measured in miles and not thousands of miles. So there is a lot of interesting potential implementation here as well. Probably not every business and not every industry would benefit from those. And of course there is a lot of kind of completely unrelated benefits of those computers, new drugs, energy optimization algorithms, agriculture. You hear a lot of interesting kind of potential implementations. People can't wait to actually put their hands upon working quantum computers. It's not just all about cracking your financial transactions or whatever. There is a lot of positive potential to expect from that technology, but we have no idea whether it would happen overnight or not. Again, probably the day when the first practical and working quantum computer appears would be the best kept secret in the world.
True, absolutely. now that this has not yet happened, or at least we don't know about it, so what can we, going back to this risk-based approach, to this traditional analyst analysis, what would you recommend organizations have to do to begin transitioning or to begin preparing for this, if they have not yet done anything like that? Where should one start, especially if you're really relying on cryptography because of dealing with critical data, with the safety of people, security of transactions, where to start? Where do organizations start right now?
Well, first of all, it's not even a question of if. Like you just said, if you are relying on cryptography, you are relying on cryptography, even if you don't know that yet. So first of all, I guess the first recommendation is that you go out and educate yourself a little bit about the potential and existing applications of cryptography, because it is everywhere. It's not just in encryption as protecting your data directly. It's everywhere. It's identity management and cybersecurity and communications and finance and cryptocurrencies are all based on the same thing as well. So your money, your personal data, your identity, everything is there already. It's in your best interest to actually invest a little bit more effort and understanding and money into protecting those. But on the other hand, you should probably not think about kind of catastrophes and cryptocalypses. You can keep that word for an impressive presentation for your board to get some more money for your cybersecurity, probably. But the actual risk management and planning should, I guess, revolve around more mundane and easier things to implement. And the key term here is crypto agility. Cryptographic agility is how quickly can you update your existing infrastructure and data and clouds and whatever to support those new algorithms. Because it only sounds easy on paper. There is a lot of technical debt. There is a lot of legacy systems. There's a lot of pain, kind of obstacles on that way. Some are purely technological. Some are more process and workflow oriented, some are probably not even dependent on your own business, but on your partners and stuff. But you have to investigate this entire digital encryption chain, if you will. Starting from the lowest level, how exactly are your disks encrypted in your servers and how quickly can they be re-encrypted with a different algorithm? And whether you need to talk to your storage provider, for example to get a firmware update or something like that. All the way up to how do you actually communicate? How do you design your modern applications? Because modern applications are basically microservices and loosely coupled components, and they all talk to each other over encrypted channels. How modern are those technologies in your application stack, for example? Can you afford enforcing TLS 1.3, which is the current recommended version? Or do you still have legacy components which do not support that, for example? What are the technologies you are using for physical access? Are you still relying on smart cards? Do those smart cards support updating for the newest cryptography algorithms? Or do you have to throw them all and, I don't know, rush to buy a whole bunch of YubiKeys, for example? And speaking of YubiKeys, how well are you planning on supporting standards like FIDO, for example, for online authentication. Tons of questions, probably filling a huge spreadsheet. But more spreadsheet basically is how you do your risk management. So you definitely need another one for your crypto agility management as well.
Is it fair to say that, or is it okay if I say I have a bit of a doubt when I think back of how long it took many organizations just to fix that Heartbleed thing that you've mentioned, how long it took many organizations just to move away from unsafe TLS to a more safe version and how long it took software vendors to implement that. What you just described is a complete overhaul of cryptography infrastructure if required. This sounds like a huge effort and that sounds like we are not yet well prepared, are we?
This only means that we are not sufficiently crypto agile. And again, crypto agility is not about being able to achieve all that overnight. Crypto agility is kind of one step before that. It's becoming flexible enough to respond to the change. So in a way, it's like incident response. Yes, you might be hit by a ransomware attack tomorrow, but it doesn't have you start... you only start dealing with ransomware tomorrow. You have to start dealing with it today, ideally even earlier than that. So you have to become prepared for a cryptocalypse in the same way you have to become prepared for a potential ransomware attack. You kind of cross your fingers and pray that it never happens, but you still have to be prepared. You still have to be ready and tested and trained and whatnot. And the same applies to cryptography as well. And it's up to you to basically weigh which risk is more important for your specific industry. A lot of people still think ransomware is the number one risk. Well, I guess there is a lot of industries where it might not necessarily be the case. There might be cryptocalypse, however improbable it is. It's still something worth looking into.
Thank you. Maybe a final thought before we close down. You've mentioned ransomware. When we talk about fighting ransomware, the human factor, the people that are working in IT, but every user needs to be trained to not fall victim to a ransomware attack. How important is it to train our staff, our people, our users with regards to learning more about what is going on in that area towards quantum safe cybersecurity, how important is a skilled workforce and what should organizations do to get there?
Well, I would argue that cryptography on its own is a crazily complicated science, if you will. You do not need to be a mathematician to understand the importance of cryptography. Absolutely not. But you probably don't need to dive that deep into the technicalities and implementation. Basically, you have to teach your workforce to encrypt your data always and only stick to the tools and methods approved by the company, by your security policy. This is the only thing that really counts because you cannot expect every line of business worker to know how quantum physics works or how to manage all those keys. You just have to know that they are using the right tools for the right tasks. And of course, you probably need some kind of a governance process to actually monitor and measure that compliance. Other than that, it's basically something which you have to manage on a much higher level, the CISO and the IT people and whatnot. And of course, this is something which you cannot solve without working directly with your vendors. Again, if you are working with storage vendors or computing vendors or cloud providers, those have to somehow be able to provide proof that their solutions are quantum safe, agile enough and ready for the future challenges as well. In a way, it's one of those aspects of software supply chain security. In this way, it's also hardware supply chain security as well.
Right. And now the final question. You are CTO, you are an analyst. How important is that question when you work with vendors, with technology partners as an analyst? How important do you or how highly do you rate crypto agility in their solution when you look at products? And on the other hand, CTO for KuppingerCole, how important is this aspect in our daily work?
Well, we are on the one hand lucky that we are a pretty small company. So for us, kind of downtime over a few hours to re-encrypt a database, it's probably not as critical as it would be for a large bank, for example. So in this way, we could probably afford to be a little bit more relaxed than a typical large business. But of course, we will never do that exactly because we are analysts. And I am also kind of a mathematician with a degree and a cryptography enthusiast myself, if you will. So of course, this is something we are always looking as deep as possible when talking to any vendor claims to be providing cryptography solutions. And there are some really fascinating developments recently in all those areas, including, for example, also encryption in use, like homomorphic encryption and stuff. And this is something which not a lot of companies even talk about with regards to quantum resistance and stuff like that. There are so many untapped dark areas in this market still remaining to be opened and analyzed and highlighted by people like us essentially and the real experts. So you'll probably need a lot more time to discuss all those details sometime in the future.
Great, thank you. Alexei, was as always a pleasure to have you here for this topic and it's really something between philosophy, mathematics and business. So this is really an interesting thing. We will follow up on that and let's wait and see when quantum computing is just around the corner. And it's something that we have to react to like all the other events that we had to deal with in the recent years. Thanks again. Looking forward to meeting you there.
Yeah, absolutely, that would be fun.
Absolutely. See you there. Thanks. And if you have questions, if you have comments, please leave it below that video on YouTube. Drop us a mail. Drop us topics to cover in that podcast. We will be happy to do so. with that, thank you very much and up until next time. See you.
Bye.