Building a Quantum Secure Future – The official blog of Microsoft

Man and woman working at computers

As innovation has progressed across radios, the Internet, Wi-Fi, smartphones, and the Internet of Things, we’ve consistently faced security issues with every technological breakthrough. Every new and disruptive technology presents both opportunities and challenges.

With AI, we are heeding this lesson from the past and proactively addressing the security challenges that will inevitably arise.

However, while the AI ​​revolution looks like the biggest breakthrough in a generation, quantum computing at scale is set to disrupt many aspects of technology again, and we need to prepare now.

Large-scale quantum computing has the potential to help solve many of the world’s most complex and pressing problems. Whether it’s tackling food sustainability, developing better batteries or mitigating climate change through carbon capture, scientists will have unprecedented computing power at their disposal. This transformative computing power capable of driving so much good for society could also be used by bad actors looking to cause disruption and harm. By enhancing our security capabilities to meet this moment, individuals and organizations can reap the profound benefits of quantum computing without succumbing to these threats.

Microsoft took the quantum road more than 20 years ago and is in a unique position to contribute to a secure quantum future. The investments we have made in this emerging field help us understand the new risks it could introduce and how to mitigate them in a timely and effective manner.

How quantum computing could upend cryptography

Today, most security systems in existing IT environments are based on public key cryptography, used almost everywhere from messaging to transactions to protecting data at rest. These cryptographic systems are based on mathematical problems that are difficult and time-consuming for classical computers, but will be much easier and faster for quantum computers to solve.

The strength of current cryptographic systems lies in the complexity of certain mathematical problems, one of which is finding the factor of extraordinarily large numbers, a task that would take millions of years to solve by traditional computers. This is the principle behind the RSA algorithm that has been around since the 1970s. Systems using RSA today range from hardware devices such as smart cards and routers, to software applications such as web browsers and email clients. RSA is also used throughout the supply chain of these systems, from manufacturing components to distributing software updates.

However, the emergence of quantum computers has the potential to dramatically upset this balance. Using Shors’ algorithm, a quantum computer may be able to unravel these factors of large numbers in minutes, making RSA and similar asymmetric algorithms vulnerable. As we progress, algorithmic agility, resiliency, and flexibility will be required to easily switch or combine cryptographic approaches—a process that will require significant financial investment, changes to existing infrastructure, and timely planning, execution, and coordination across chains. supply and ecosystems.

Scale quantum machines are on the way

A quantum machine capable of executing Shors’ algorithm will likely need more than a million stable qubits, thousands of times more than today’s quantum computers. These powerful scale machines are on the way, and responsible companies will ensure that these quantum systems are not used by bad actors.

At Microsoft, our quantum machine will be delivered as a cloud service via Azure. Just as we do with other technologies, Microsoft will implement technical and operational controls to ensure that our quantum machine is not used maliciously.

But not all quantum machines in the future will be protected this way. Immediate risks, such as Harvest Now scenarios, Decrypt Later, and the potential obsolescence of non-upgradeable IoT devices, already require our attention. For these reasons, we need to start preparing and taking action now, because the transition to becoming quantum secure for most organizations will take time. That’s why we recommend organizations get ready today, as we’ll explain in more detail below. The risk posed by quantum computers is neither imminent nor insurmountable, but the transition to quantum security will be a significant undertaking for most organizations.

A little over two decades ago, the Y2K challenge wasn’t insurmountable or unsolvable, but it took a huge industry-wide effort to prepare for change. Today, cryptographic systems are widespread around the world, and the distributed and interconnected services, products and platforms that manage these systems mean that there is a huge threat surface that needs to be prepared and updated to become quantum resistant.

The global community is mobilizing around quantum readiness

The security industry is preparing for quantum computers and the risks associated with classical cryptography. Governments and the private sector are investing in the research, development and standardization of secure quantum approaches such as post-quantum encryption (PQC) algorithms and potential quantum technologies to strengthen security. As a first step toward PQC adoption, the U.S. National Institute for Standards and Technology (NIST) has been engaged for years in an effort to solicit, evaluate, and standardize robust quantum algorithms for wider adoption.

In Europe, the European Telecommunications Standards Institute (ETSI) is evaluating secure quantum cryptographic protocols and standards and their practical implementation. The International Organization for Standardization (ISO) is evaluating PQC algorithms and has established a technical committee to build collaboration on international standards for PQC.

Microsoft has invested in PQC research, development, testing, and collaborations since 2014, playing a role in the emergence of PQC and public standards globally. We are participating in the SC27/WG2 international standards efforts and have been in close collaboration with NIST, supporting and contributing to their National Cybersecurity Center of Excellence project on migration to post-quantum cryptography, whose goal is to prepare organizations for the transition PQC extension.

Microsoft is a lead member and supporter of the Open Quantum Safe (OQS) project and we are leading the PQC working group for SAFECode, a global industry forum for business leaders and technical experts to promote industry standards and help organizations prepare for the PQC transition. We have also focused on quantum technologies and their impact on security with research and development of dedicated tools.

As the ecosystem progresses, we continue to encourage industry and government to invest in the global adoption of harmonized cryptographic standards and additional quantum security measures to facilitate secure global commerce in the future.

Quantum safe in the Microsoft ecosystem

Given Microsoft’s unique position and broad perspective in hardware and software development, coupled with our experience of past efforts in moving to new cryptographic algorithms, we know the journey to achieve quantum security will be a significant undertaking.

This will be an iterative and collaborative process and we are committed to being a trusted partner in industry and government. Transparency and clarity will be the key to success, and as we continue to make progress, we will share the learnings and recommendations with the wider community.

One of the best ways for an organization to accelerate quantum security readiness is to move to the hyperscale cloud, but not all of our customers and partners use the cloud. With this in mind, we are taking a global approach across our platforms and systems.

Today we are taking the necessary steps in our portfolio and ecosystem to ensure that our products and services remain protected against the potential risks that technology continues to develop.

We have assembled a panel of experts from across the company to focus on this issue with ongoing input from regulators, industry partners, vendors, legal experts and research teams. We have also initiated efforts to build, test, and implement practical cryptographic solutions that can withstand the potential threats posed by quantum computers. We are deepening our understanding of quantum security algorithms and mitigation options for various use cases, considering hybrid cryptographic schemes to accommodate adaptive upgrades in cryptographic algorithms, building a cryptographic inventory to identify vulnerable cryptography in our platforms and services and developing a multi-stage roadmap to fill gaps and prioritize critical areas.

From the cloud to on-premises environments, we’re evaluating every piece of technology that connects to Microsoft. Our goal is to make this journey as easy and manageable as possible for both us and our customers and partners.

It’s time to get ready, and Microsoft is here to help

It will take some time to implement such sweeping changes, but the sooner you start, the safer you will be. It is essential to raise awareness and deepen our understanding of the risks and start now.

If you’re wondering where to start, building an inventory of critical data and encryption technologies can reveal areas where encryption is implemented incorrectly or in a way that is unsuitable for its intended purpose. It is imperative to identify internal standards and processes and evaluate all options for updating these cryptographic protocols and libraries to mitigate potential risks.

Based on those inventories and assessments, we recommend that you prioritize your systems and services based on criteria such as criticality, dependencies, and cost. From there, develop a transition roadmap.

We are already helping several customers and partners, especially those in risk-sensitive industries, in their quantum security quest by providing resources and transition strategies. However, the urgency for all organizations to embark on this journey cannot be overstated. We encourage customers and partners to act now, and we’re here to support them.

As quantum technology continues to advance and change the world, our commitment to the safety of our products and our customers has never been stronger. We are committed to minimizing the efforts required by our customers and partners to become quantum secure, using our world-leading research and engineering teams to keep our products and services secure.

Related link:
Learn more about how we build security into everything we build and deliver at Microsoft.

Tags: Azure, Cloud, quantum computing, Security

#Building #Quantum #Secure #Future #official #blog #Microsoft

Previous articleSnapchat rolls out a new generative AI feature, “My AI Snaps,” for paid subscribers
Next articleWWDC is next week: iOS 17, Apple’s VR headset and everything else we’ve come to expect


Please enter your comment!
Please enter your name here